Executing git commands via PHP

Question

How can git commands like git add . and git commit -m be executed using php?

It is for a project that creates a centralized repository faci

Answer 1

It is definetly possible. I implemented it in one of my projects. However you should be careful about permissions.

On linux, usually, the exec command will execute using the www-data user. So you should allow www-data to write and read on your work directory.

One quick and dirty way to do it is : chmod o+rw -R git_directory

Answer 2

I found a pretty simple solutions to 2 problems here

1) Git pull from a secured remote without using password

• create a ssh key pairs , using ssh-keygen
• upload public key to ur git remote host

• configure ~/.ssh/config file to add instruct to use this generated private key by git

  host gitlab.com
   HostName gitlab.com
   IdentityFile ~/.ssh/private_key
   User git
  

  That's all now any git command will use this private_key to connect to remote

2) Running git command from www-data user

• update sudoers file to allow www-data user to run git commands, to edit run following command

  $ sudo visudo
  

  add folowing line under user preferences

  www-data    ALL=(raaghu) NOPASSWD: /usr/bin/git
  

  meaning www-data user from ALL terminals acting as raaghu can run /usr/bin/git with NOPASSWD

  Please Note: Don't try this method if you don't understand the sudoers file , otherwise this may create security hole

• Create git-pull.sh file to run git commands

  cd /var/www/my-repo
  sudo -u raaghu git pull origin
  

• run this git-pull.sh file from php

  exec("/bin/bash /var/www/git-pull.sh");
  

Answer 3

I first run a test against my bitbucket server instance to get any error messages output on screen:

echo shell_exec("cd /website/root/htdocs && git status 2>&1");

this threw an error that it could not find git command hence had to provide a full path to git's binary:

'which git'

returned (further called YOU_FULL_GIT_BINARY_PATH_HERE):

/usr/local/git/bin/git

A full path e.g. '/usr/local/git/bin/git status' now runs git commands nicely.

This doesn't overcome git password required to use 'git pull' command for a set in .git/config git user. Running below command in git repo:

git config credential.helper store

[command][1] will prompt for password and let you store it locally unencrypted (protected only by file system e.g. in /root/.git-credentials). This will allow to run 'git pull' without prompting for password. Alternatively (probably better) is to generate ssh keys for your web server such as apached then add them to your bitbucket user dedicated account or repo keys.

All my folders have been set to be owned by apache user (Centos 6.8 other releases might be www-data:www-data etc.):

chown -R apache:apache YOUR_WEB_FODLER

I did not have to use the dirty trick 'chmod o+rw -R' to get all working.

Answer 4

There is another solution, which is to simply use php backticks like so

$message = `git log -1 --pretty=%B`; // get commit message

or

$deploy_tag = `git describe --tags`; // get commit tags

or

$hash = `git log -1 --pretty=%h`; // get the hash