Versi terupdate dari postingan yang ini. Alasan harus update karena di versi sebelumnya masih memanfaatkan git-ftp, dan juga jika tanpa git-ftp masih dengan asumsi di server tujuan adalah git repository, problemnya jika menggunakan ini, ketika ada file baru yang tidak di-tracking akan menjadi dirty repo. di versi ini, ada proses penapisan file yang berubah saja yang diunggah, lalu menjalankan composer install. Selain itu juga, karena servernya berbasis CWP, untuk lebih aman menggunakan fitur jailkit sehingga user hanya bisa mengakses lingkungannya sendiri saja. Berikut ini langkah-langkahnya:

  1. install jailkit ke server dan edit /etc/jailkit/jk_init.ini
    this section probably needs adjustment on 64bit systems
    or non-Linux systems
    comment = common files for all jails that need user/group information
    paths = /lib/, /lib64/, /lib/, /lib64/, /lib/i386-linux-gnu/, /lib/i386-linux-gnu/, /lib/x86_64-linux-gnu/, /lib/x86_64-linux-gnu/, /lib/arm-linux-gnueabihf/, /lib/arm-linux-gnueabihf/*, /etc/nsswitch.conf, /etc/
    Solaris needs
    paths = /etc/default/nss, /lib/, /usr/lib/nss_*.so.1, /etc/nsswitch.conf
    comment = common files for all jails that need any internet connectivity
    paths = /lib/, /lib64/, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services
    on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure
    comment = timezone information and log sockets
    paths = /etc/localtime
    need_logsocket = 1
    Solaris does not need logsocket
    but needs
    devices = /dev/log, /dev/conslog
    comment = Jailkit limited shell
    paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
    users = root
    groups = root
    includesections = uidbasics, logbasics
    comment = alias for jk_lsh
    includesections = jk_lsh
    comment = Concurrent Versions System
    paths = cvs
    devices = /dev/null
    comment = Fast Version Control System
    paths = /usr/bin/git*, /usr/lib/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager
    includesections = editors, perl
    comment = ssh secure copy
    paths = scp
    includesections = netbasics, uidbasics
    devices = /dev/urandom, /dev/null
    comment = ssh secure ftp
    paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server
    includesections = netbasics, uidbasics
    devices = /dev/urandom, /dev/null
    on solaris
    paths = /usr/lib/ssh/sftp-server
    comment = ssh secure shell
    paths = ssh
    includesections = netbasics, uidbasics
    devices = /dev/urandom, /dev/tty, /dev/null
    paths = rsync
    includesections = netbasics, uidbasics
    comment = procmail mail delivery
    paths = procmail, /bin/sh
    devices = /dev/null
    comment = bash based shell with several basic utilities
    paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, 7z, unzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
    users = root
    groups = root
    includesections = uidbasics
    comment = for ssh access to a full shell
    includesections = uidbasics, basicshell, terminfo, editors, extendedshell
    comment = Midnight Commander
    paths = mc, mcedit, mcview, /usr/share/mc
    includesections = basicshell, terminfo
    comment = bash shell including things like awk, bzip, tail, less
    paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
    includesections = basicshell, midnightcommander, editors
    comment = terminfo databases, required for example for ncurses or vim
    paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo
    comment = vim, joe and nano
    includesections = terminfo
    paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim
    comment = several internet utilities like wget, ftp, rsync, scp, ssh
    paths = wget, lynx, ftp, host, rsync, smbclient
    includesections = netbasics, ssh, sftp, scp
    comment = htpasswd utility
    paths = htpasswd
    comment = alias for extendedshell + netutils + apacheutils
    includesections = extendedshell, netutils, apacheutils
    comment = jail for the openvpn daemon
    paths = /usr/sbin/openvpn
    users = root,nobody
    groups = root,nogroup
    includesections = netbasics
    devices = /dev/urandom, /dev/random, /dev/net/tun
    includesections = netbasics, uidbasics
    need_logsocket = 1
    comment = the apache webserver, very basic setup, probably too limited for you
    paths = /usr/sbin/apache
    users = root, www-data
    groups = root, www-data
    includesections = netbasics, uidbasics
    comment = the perl interpreter and libraries
    paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
    comment = getting X authentication to work
    paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/
    comment = minimal files for X clients
    paths = /usr/X11R6/lib/X11/rgb.txt
    includesections = xauth
    comment = the VNC server program
    paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
    includesections = xclients
    comment = Ping program
    paths_w_setuid = /bin/ping
    comment = xterm
    paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo
    devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
    comment = the php interpreter and libraries
    executables = /usr/bin/php,/usr/bin/php5.6,/usr/bin/php7.0,/usr/bin/php7.1
    directories = /usr/lib/php, /usr/share/php, /usr/share/php5, /etc/php, /usr/share/php-geshi, /usr/share/zoneinfo, /etc/snmp, /usr/share/snmp
    includesections = env
    comment = environment variables
    executables = /usr/bin/env
    comment = mysql client
    executables = /usr/bin/mysql, /usr/bin/mysqldump
    paths = /usr/lib/
    comment = drush (drupal command line)
    executables = /usr/local/bin/drush
    includesections = php, mysql-client, uidbasics, netbasics
    directories = /etc/ssl/certs, /usr/share/ca-certificates
    comment = composer
    executables = /usr/local/bin/composer
    includesections = php, uidbasics, netbasics
  2. Jalankan jk_init -j /home/jail/USER basicshell netutils editors composer php
  3. Desain gitlab-ci.yaml yang untung sekali dibantu dengan chatGPT
  - deploy

  PROJECT_PATH: "/path/to/project"

  stage: deploy
    - 'which ssh-agent || (apk add --update openssh-client git git-ftp)' # Install dependencies jika perlu
    - eval $(ssh-agent -s) # Start SSH agent
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - # Tambah private key
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan -H "$SSH_HOST" >> ~/.ssh/known_hosts # Hindari prompt fingerprint
    - chmod 644 ~/.ssh/known_hosts

  - echo "Fetching last deployed commit..."
  - ssh "$SSH_USER@$SSH_HOST" "cat $PROJECT_PATH/.git-ftp.log || echo '0000000000000000000000000000000000000000'" > last_commit.txt
  - LAST_DEPLOYED=$(cat last_commit.txt)
  - CURRENT_COMMIT=$(git rev-parse HEAD)
  - echo "Last deployed:" $LAST_DEPLOYED
  - echo "Current commit:" $CURRENT_COMMIT
  - CHANGED_FILES=$(git diff --name-status $LAST_DEPLOYED $CURRENT_COMMIT || echo "")
  - echo "Changed files:"
  - echo "$CHANGED_FILES"
  - |
    if [ -n "$CHANGED_FILES" ]; then
      echo "Uploading changed files..."
      # Set IFS to newline to ensure each line is processed separately
      for line in $CHANGED_FILES; do
        echo "Processing line: $line"
        STATUS=$(echo "$line" | awk '{print $1}')
        FILE=$(echo "$line" | awk '{print $2}')
        NEW_FILE=$(echo "$line" | awk '{print $3}')
        case "$STATUS" in
            DIR_PATH=$(dirname "$FILE")
            echo "Ensuring directory exists: $PROJECT_PATH/$DIR_PATH"
            ssh "$SSH_USER@$SSH_HOST" "mkdir -p $PROJECT_PATH/$DIR_PATH"
            echo "Uploading $FILE..."
            echo "Deleting $FILE..."
            ssh "$SSH_USER@$SSH_HOST" "rm -rf $PROJECT_PATH/$FILE"
            OLD_DIR_PATH=$(dirname "$FILE")
            NEW_DIR_PATH=$(dirname "$NEW_FILE")
            echo "Ensuring directory exists: $PROJECT_PATH/$NEW_DIR_PATH"
            ssh "$SSH_USER@$SSH_HOST" "mkdir -p $PROJECT_PATH/$NEW_DIR_PATH"
            echo "Moving $FILE to $NEW_FILE..."
            echo "Unknown status: $STATUS for file: $FILE"
      echo "No changes to upload."
  - echo $CURRENT_COMMIT | ssh "$SSH_USER@$SSH_HOST" "cat > $PROJECT_PATH/.git-ftp.log"
  - ssh "$SSH_USER@$SSH_HOST" "cd $PROJECT_PATH && composer install --no-dev --optimize-autoloader"
    - main

