So we took on some vendors to help us out. I wanted to provide these individuals authenticated, read-only access to our git repos so they could stay current with the project, but not commit code directly (they’ll have their own repo). Google yielded these excellent results pages.
When read altogether, I had a few options.
git://) protocol. This provides read-only access, but it provides it to the whole world. Not a solution.
git-shell. Each user gets a regular SSH account on the server, but each user gets a
git-shellinstead of a regular login shell like
git-shellrestricts the user to git operations. Write permissions are restricted using standard Linux permissions on the repo itself.
So #3 was what I needed. I created an SSH login for each user that needed access to the repo. I set the login shell for each user to
/usr/bin/git-shell. I put each user in a group that had read-only file system permissions to the repo. Testing it out worked well. Users could git clone and pull, but pushing failed and attempting to SSH directly failed.
One last note: as the man page mentions, you can create a directory called
git-shell-commands in home directories of
git-shell users will be able to run any command in this directory. If there is a help program in the directory, it is run when a
git-shell user logs in. More details on
git-shell-commands here, including the location of sample
git-shell commands on your server.
Well, it only took me 18 months, but I finally got around to cleaning up and publishing the Phing filters we use to automatically transform a static site into one that implements many of Yahoo’s Exceptional Performance Rules. These filters, together with the Apache configurations in the README, implement the process outlined in this talk from php|works 2008:
To see it in action, first create an
VirtualHost pointing to the
mysite directory in the project as the web root. Then run:
% phing optimize
which creates a parallel site in a
build directory. Point your
VirtualHost to the new
build directory to see the same site with the performance transformations.
You could run this Phing task in a continuous integration process as part of deployment. You could run it at production deployment time, but it’s probably a good idea to run it at staging time in case it flubs on some CSS or HTML syntax that it is not expecting.
Note that there are other miscellaneous Phing tasks in that github project. I threw these in there in case they could be of use to other Phing users.