The Solution - A professional Git based deployment system; like that you find on GitHub, Heroku, and other leading cloud services. This solution goes a step further by providing the ability to deploy to Windows servers using Windows domain authentication and WinRM.
The Benefits - Lightning fast, easy to use, secure, reliable, and accurate; no opportunities for accidental installation errors; and with perfect history, easy to snap-back to previous deployments.
How It Works
- User checks-out the desired deployment branch of their local repository(dev for development enviro, test for test enviro, etc.)
- User copies the deployment files to their local repository
- User enters a descriptive message regarding this deployment and commits their changes
- User pushes their changes to the remote repository
- Git hook in the remote repository examines branch being updated and determines the destination server
- Git hook issues windows remote command to execute installation script on the destination server(issues SSH remote command for Linux servers)
- Installation script on the destination server retrieves the latest deployment files from the remote repository using Git
- Installation script installs the files
- Installation script emails the results which include the user’s identity and commit message
Technologies and their Roles
- Git - Deployment engine, file transport, and version control
- Cygwin - Deployment hub, SSH server, and Linux / Windows authentication integration
- WinRM - Secure shell services for Windows
- OpenSSH - Secure shell services for Linux
- Python - Installation scripts that are easy to read / maintain / extend
Architecture Notes
- Made extraordinary effort to keep setup simple as possible with minimal customization - focus on leveraging core strengths of existing proven products
- One shared repository per application, with separate branches for each environment
- Developer workstations use a default install of Git
- Developer workstations access remote repository on Deployment Server using SSH keys for a special deployment user - password is never shared
- Deployment server uses default Cygwin install with the OpenSSH server and Git packages
- Deployment server setup to run OpenSSH server as the special deployment user(see Cygwin reference below)
- Deployment server configured to disallow shell access / constrain developers to Git commands only(see Pro Git reference below)
- Deployment server’s remote repository includes simple post-update hook(see sample included with the IIS Web Deployer script)
- Special deployment user is given administrator authority on destination server
- Destination servers use the OS’s built-in remote services technology, using their defaults
- Destination servers use a default install of Git
- Destination servers require installation script for the application being deployed(see IIS Web Deployer script)
References
- IIS Web Deployer - Python script to perform Git based deployment of a website in IIS with sample hook
- Setting up a Cygwin OpenSSH Server for Windows Domains (backup)- The critical binding between Linux / Windows that allows you to securely use a Windows domain user to perform installations
- Pro Git Chapter 4.4 - Setting up a secure Git server
- Official Git man pages - For understanding Git hooks, this reference combined with the sample hooks in your repositories are the best sources of information
- A web-focused Git workflow - The inspiration for this automatic deployment system
Updates since original posting:
2013.11.06 - Corrected reference for Cygwin OpenSSH setup and added backup copy
2013.10.31 - Improved post-update Git hook example to show IP of the deployer
2013.08.22 - Improved interaction with Git remote repository
2013.11.06 - Corrected reference for Cygwin OpenSSH setup and added backup copy
2013.10.31 - Improved post-update Git hook example to show IP of the deployer
2013.08.22 - Improved interaction with Git remote repository
