# CI Package Server A sattelite system of the CI server to deliver built packages in other networks. The file access is protected with a dynamic authorization to prevent public access. An example client was coded in Bash (using curl) SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg ## License GNU GPL 3.0 ## Requirements * Webserver with xsentfile module * Set filepath to [approot]/packages * Rewrite rule for [ur]/packages/ * an account to receive packages from ci server with ssh ## Installation on server ### Xsentfile module On Apache Webserver install xentfile module. i.e. on CentOS `yum install mod_xsendfile` ### Configuration of vhost In the Apache vhost for cipkg server set the XSendFilePath - it is an absolute path on your websever. Redirect all requests to /packages/[whatever] to /packages/index.php Ecample snippet ```text XSendFile On XSendFilePath "/var/www/cipkg.example.com/packages/" <Location "/packages"> <Location "/packages"> RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php [QSA,L] </Location> ``` ### Configuration of secret on server if [approot]/public_html/ copy inc_config.php.dist to inc_config.php.dist. set a secret behind key apikey. ```php return array( 'apikey'=>'our-package-server-secret', 'cutfromrequest'=>'^/packages', 'packagedir'=>dirname(__DIR__).'/packages', ); ``` ### Prepare receive of packages * Create an deployment account package server that can be used to be connected via SSH by the ci server * add the public key of www-data of the ci server into /home/deployment/.ssh/authorized keys * Set permissions that the deployment user can write into /var/www/cipkg.example.com/packages/ and the user of the webeservice can read it `chown deployment:apache /var/www/cipkg.example.com/packages/` and `chmod 750 /var/www/cipkg.example.com/packages/` ## Ci server: add a sync target TODO ## Installation of a client This repo comes with a bash script. It is not a must to use it. The communication is via https. Have a look to the source to see the creation of the authorization string. It can be adapted in other clients too. On a target system with your application you need a bash shell and curl. Copy the files from [approot]/shellscripts/ somewhere in a project related directory. Copy getfile.sh.cfg.dist to getfile.sh.cfg and setup values: ```text IMLCI_PKG_SECRET=our-package-server-secret IMLCI_URL=https://cipkg.example.com IMLCI_PHASE=preview IMLCI_PROJECT=myproject-id ``` Remark: using the cfg file is optional. It countains default values. all values can be set by command line parameters. Usage of getfile.sh: ``` SYNTAX: getfile.sh [OPTIONS] OPTIONS: -d enable debug infos -e PHASE phase; overrides env variable IMLCI_PHASE -f FILE filename to get (without path); overrides env variable IMLCI_FILE -o OUTFILE optional output file -p PROJECT ci project id; overrides env variable IMLCI_PROJECT -s SECRET override secret in IMLCI_PKG_SECRET -u URL URL of iml ci server without trailing /; overrides env variable IMLCI_URL VALUES: PHASE is a phase of the ci server; one of preview|stage|live FILE is a filename without path that was created by ci server. OUTFILE Output file. It can countain a path. If none is given the filename will be taken from FILE and stored in current directory PROJECT project id of the ci server SECRET secret to access project data on package server. Your given secret must match the secret on package server to get access to any url. DEFAULTS: You don't need to set all values by command line. Use a config to set defaults /home/axel/data/htdocs/dev.cipkg.iml.unibe.ch/shellscripts/getfile.sh.cfg EXAMPLES: If url, secret, project and phase are set in the config you can operate by setting the filename to request. getfile.sh -f FILE downloads FILE to the current dir. getfile.sh -f FILE -o my-own-filename.tgz downloads FILE as my-own-filename.tgz getfile.sh -f ALL there is a special file ALL; it fetches all filenames by executing a directory listing and then downloads all remote files with their original name getfile.sh -f '' empty file = directory listing of all your project files getfile.sh -p '' empty project = directory listing of all projects with current phase Remark: The directory listing can be turned off on the package server and results in a 403 status. ```