I’m currently using gitlab-runner to deploy a Drupal site. In the interests of security in depth, I configured the vm so that the gitlab-runner user could change the file and directory permissions of the site to the recommended settings. I set very explicit nopasswd sudoers rules in /etc/sudoers.d.
First I chown the directory so that gitlab-runner can rsync the files over. Then, after the rsync, I run a script I found in Drupal’s documentation to set the file and group permissions. The script can be found here: https://www.drupal.org/node/244924#script-based-on-guidelines-given-above
This all takes about 15 seconds.
My developer has discovered that he sometimes runs into php errors, right after he pushes to the repository. That’s not something we can allow on our production instance. Which means he has to wait until off hours to deploy to production.
Since it used to be “instant” when we just used a webhook to make a script run and git pull the changes in, I’d like to speed it up.
Does anyone have any suggestions?
My .gitlab-ci.yml looks similar to:
deploy_master: stage: deploy_master script: - sudo chown -R gitlab-runner:gitlab-runner /var/www/projectname - | /usr/bin/rsync \ --progress \ -avz \ --delete \ --exclude=".git/" \ --exclude=".gitignore" \ --exclude=".gitlab-ci.yml" \ --exclude="sites/default/settings.php" \ --exclude="sites/default/files" \ --exclude="sites/default/private" \ docroot/ /var/www/projectname/docroot - sudo /usr/local/bin/fix-drupal-permissions --drupal_path=/var/www/projectname/docroot --drupal_user=root --httpd_group=www-data only: - master tags: - deploy_master