1

We make a deploy to client's folder at client's server using Jenkins via VPN of several git repos. I've set the "Check out to a sub-directory option" and "Sparse checkout".

We need to deploy only some files of one common repository (other files are private). But if the .git folder is inside, it is not hard to view other files.

For git it is possible to place .git file into repo folder and specify in this file the place to .git folder, e.g.:

my-repo-folder$ cat .git
gitdir: /home/user1/another-my-repo-folder.git

(see more here about gitdir)

Is it possible to set another place of .git folder for git Jenkins plugin like above?

Upd. Here is the deploy configuration of the described above: Deploy configuration (sparse checkout)

Mikhail V.
  • 75
  • 8
  • 1
    How about simply deleting the `.git` folder post-deployment? – Technext Aug 19 '20 at 09:43
  • @Technext, thanks, just did so. But this is not too elegant, because Jenkins in this case pull all data from server at each deploy, instead of pull only few new commits. – Mikhail V. Aug 19 '20 at 09:50
  • How do you have your Jenkins build configured? You can have Jenkins blow away the workspace directory each time, or tell it not to. – Greg Burghardt Aug 19 '20 at 12:02
  • @GregBurghardt I've attached the image. Blowing the workspace is not a solution, because there is necessary to blow .git folder how Technext proposed, or to place .git folder to another place. – Mikhail V. Aug 21 '20 at 07:36

2 Answers2

1

Another suggestion :

git is not a deployment tool (not a good one anyway).

If you need to select some files from your repo, and copy only that to the server, you can :

  • write a script (possibly executed by Jenkins), which will run on a build server, which builds an archive with the files you want
  • copy this archive to the production server in the client's infrastructure
LeGEC
  • 46,477
  • 5
  • 57
  • 104
  • Thanks @LeGEC, but this this is not an answer to the question. We use git for manual deploy several years. Git is better then copying of files, because you are **sure**, that in deploy directory files are exactly equal that you have in necessary branch. You can easily check this by ether git status etc. In case of copy somebody can modify file in deploy directory and for check this you have to copy all files to git repo and check if there are some modifications. – Mikhail V. Aug 21 '20 at 07:23
  • @MikhailV.: I have to agree with LeGEC here. Git is good at version control. It's OK as a deployment tool, but judging by your question you clearly have outgrown Git's ability to deploy. The best thing you can do is use the right tool for the job. Using a Bash shell script is also a good way to ensure you get *only* the files from the exact branch that you want. Shell scripts are great at doing the same thing over and over again, which is basically what a deployment is, and it gives you more intelligence than Git alone. – Greg Burghardt Aug 21 '20 at 11:30
  • @MikhailV : if I understand your requirements correctly : you want to hide a part of your repo from the end user. This requirement is quite incompatible with running `git clone / git pull` on a machine owned by the end user, or even having any credentials which allow to acces your repo deployed on this machine. – LeGEC Aug 21 '20 at 12:17
  • To clearly identifiy what commit/branch was deployed, you can add a file in the resulting archive, with the branch that was used when building, the hash of the commit that was used, a changelog that would list issues and/or commits included in this release ... – LeGEC Aug 21 '20 at 12:20
  • @LeGEC, you've understood the case correctly. But as I described in question, it is *possible* to solve the case with git if you do not place .git *folder* inside deploy path, but place the .git *file*, that only points to a .git folder. If you mount client's deploy folder to your machine, then client will view only .git file and will not be able to call any git command (log, pull, checkout etc.), but you *will be able*, because you will have access both to deploy folder and .git folder. So thanks for your and Greg's answers, I'll be grateful to find the answer to the origilan question. – Mikhail V. Aug 24 '20 at 06:41
0

I've found the workaround: I've created post-checkout script (howto) in local repo, and checkout to a different workspace inside them (howto) and write .git file inside them. As a result Jenkins pull and do sparse checkout by git plugin in local repo, and post-checkout script do the rest.

The post-checkout script:

#!/bin/sh
if [[ "$GIT_POST_CHECKOUT_SCRIPT_CALL" -ne 1 ]]
then
    GIT_WORK_TREE=S:/clients-repo-path/ # remote share should be connected as a drive for Windows
    GIT_POST_CHECKOUT_SCRIPT_CALL=1 # prevent infinite loop
    export GIT_POST_CHECKOUT_SCRIPT_CALL
    CUR_DIR=`pwd`
    CUR_DIR="${CUR_DIR:1:1}:${CUR_DIR:2}" # translate nix path to git for Windows. Remove for linux
    echo "gitdir: $CUR_DIR/.git" > "$GIT_WORK_TREE/.git" # now may run git commands in clients repo
    export GIT_WORK_TREE # git option for checkout
    git checkout -f # checkout to client's path
fi
Mikhail V.
  • 75
  • 8