signed-commit remote shell (see also https://github.com/dyne/scorsh)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
KatolaZ 9d60b3d95d fixed -- correct execution order of scorsh commands 7 years ago
examples fixed -- correct execution order of scorsh commands 7 years ago
hooks check_hash implemented (sha256) 8 years ago
sandpit obsolete tests 8 years ago
.gitignore
LICENSE.md Added Licence. Amended Makefile: scorsh -> scorshd. getting closer. 8 years ago
Makefile corrected dependency 8 years ago
README.md Small changes to the README.md. Added copyright 8 years ago
commits.go fixed -- correct execution order of scorsh commands 7 years ago
config.go Renaming: "tags" -> "commands"; "commands" -> "actions" 7 years ago
exec.go fixed -- correct execution order of scorsh commands 7 years ago
notes.txt
scorsh.cfg pipeline from spool to worker is done -- added examples 8 years ago
scorsh.sh completed refactoring from tags to commands 7 years ago
scorshd.go Renaming: "tags" -> "commands"; "commands" -> "actions" 7 years ago
spooler.go Renaming: "tags" -> "commands"; "commands" -> "actions" 7 years ago
types.go fixed -- correct execution order of scorsh commands 7 years ago
worker_config.cfg
workers.go Renaming: "tags" -> "commands"; "commands" -> "actions" 7 years ago

README.md

scorsh

Signed-Commit Remote Shell

scorsh lets you trigger commands on a remote git server through signed git commits.

scorsh is written in Go.

WTF

...if you have ever felt that git hooks fall too short to your standards...

...because you would like each specific push event to trigger something different on the git repo...

...and you want only authorised users to be able to trigger that something...

...then scorsh might be what you have been looking for.

scorsh is a simple system to execute commands on a remote host by using GPG-signed commits containing customisable commands (scorsh-tags). scorsh consists of two components:

  • a post-receive git hook

  • the scorsh binary itself

For each new push event, the post-receive hook creates a file in a configurable spool directory, containing information about the repo, branch, and commits of the push.

The scorsh binary processes inotify events from the spool, parses each new file there, walks through the new commits looking for signed ones, checks if the message of a signed commit contains a recognised scorsh-tag, verifies that the user who signed the message is allowed to use that scorsh-tag, and executes the commands associated to the scorsh-tag. Or, well, this is what scorsh should be able to do when it's finished ;-)

The set of scorsh-tags accepted on a repo/branch is configurable, and each scorsh-tag can be associated to a list of commands. Commands are just URLs, at the moment restricted to two possible types:

  • file://path/to/file - in this case scorsh tries to execute the corresponding file (useful to execute scripts)

  • http://myserver.com/where/you/like - in this case scorsh makes an HTTP request to the specified URL (useful to trigger other actions, e.g., Jenkins or Travis builds...)

Build notes

scorsh depends from the availability of a native build of libgit2 version 0.25 or greater on the native system where *scorsh is built. This dependencies is easily satisfied on various operating systems by using their respective package manager. For instance in Devuan ASCII one can simply do:

sudo apt install libgit2-dev

In Devuan Jessie unfortunately libgit2 is older than 0.25 so one should first build git2go from its repository, in which libgit2 is a submodule to be built from scratch.

git clone https://github.com/libgit2/git2go
cd git2go
git submodule init
git submodule update
cd libgit2
cmake .
make
sudo make install

Then proceed installing dependencies for scorsh:

make deps

And finally build its binary:

make

License

scorsh is Copyright (2017) by Vincenzo "KatolaZ" Nicosia.

scorsh is free software. You can use, modify, and redistribute it under the terms of the GNU Affero General Public Licence, version 3 of the Licence or, at your option, any later version. Please see LICENSE.md for details.