How to run a script to build Satis on a server using url

Question

I have a server example.com. I need to run command to build Satis. I added file index.php, where I wrote <?php echo (' <command for satis build> ');.

When I execute this command on the server, I enter the login and password for GitLab. And I do it under my user (user-example). But when I open example.com in web browser, I see an error:

Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

This happened because the script runs under the user www-data.

So, for my user user-example I can create ssh-keys and use it for GitLab, but can I create ssh-keys for user www-data? Is it security or not? If I shouldn't do this, how can I update Satis using web browser (using URL)?

Answer 1

You could put a simple script on the Satis host that will accept Push Event webhooks from Gitlab (but the satis host will have to be accessible from gitlab, if you don't run your own gitlab server).

You can set up the webhook from your project's Settings page (/settings/integrations). Fill out the host/port and secret info, and select whichever events you want to receive (for this Push Events should be enough). Unless you have a ssl cert for this, make sure to uncheck "Enable SSL verification" otherwise the webhook will timeout. Make sure that in your script you are looking for the X-Gitlab-Token header and validate the value to the secret you put into the integration when creating it.

You don't really need to care about the content in the push once validated, since all you're doing is triggering a Satis build.

One thing to note is that with Gitlab older than version 10.6, by default webhook access to the local network was disabled. You can read why, and how to re-enable local access here.