源文件:
04-cicd-and-sudoers.md# 04. CI/CD and Sudoers
# Goal
Allow the cicd user to deploy and roll back Node sites without broad root access.
# Live sudoers file
/etc/sudoers.d/cicd-web-deploy
Validated with:
sudo visudo -c
# Current permissions granted to cicd
# Existing PHP-related capabilities
- git/composer/phpXX as user
git - reload/restart selected PHP-FPM services
- reload nginx
# Node-related capabilities added
/usr/local/bin/deploy-node-release/usr/local/bin/node-with-fnm/usr/local/bin/cicd-deploy-node-site/usr/local/bin/init-node-shared-env/usr/local/bin/publish-docs-site/usr/local/bin/rollback-node-releasesystemctl restart node-site@*.servicesystemctl status node-site@*.servicesystemctl reload nginx
# Why this model is used
This avoids giving cicd unrestricted root, while still allowing:
- deployments
- rollback to a previous release
- service restart/status
- environment initialization
- docs republish
- Nginx reloads when needed
# Example CI deploy command
sudo -n /usr/local/bin/cicd-deploy-node-site --domain app.example.com
# Example rollback command
sudo -n /usr/local/bin/rollback-node-release --domain app.example.com
# Example env initialization in CI/bootstrap
sudo -n /usr/local/bin/init-node-shared-env \
--domain app.example.com \
--file .env.local \
--set APP_SECRET=change-me
# Safety notes
- the wrappers only read site metadata from
/etc/node-sites/<domain>.env - deployments use local repo paths, defaulting to
/srv/git/<domain> - rollbacks only target already-existing release directories under
releases/ - healthchecks are local to
127.0.0.1:<port>by default - rollback automatically reverts
currentif the rollback target fails healthcheck
# Recommended CI pipeline shape
checkout/update repo
-> sync repo to /srv/git/<domain> (or pull in place)
-> sudo -n /usr/local/bin/cicd-deploy-node-site --domain <domain>
-> optional external probe after deploy
-> optional sudo -n /usr/local/bin/rollback-node-release --domain <domain> on operator decision
# When to extend sudoers
Extend it only if you truly need extra capabilities such as:
- creating new sites automatically
- reissuing certificates
- adding semanage port rules from CI
- deleting old releases automatically
Those actions are intentionally not part of the default CI deploy wrapper.
目录
- 04. CI/CD and Sudoers
- Goal
- Live sudoers file
- Current permissions granted to `cicd`
- Existing PHP-related capabilities
- Node-related capabilities added
- Why this model is used
- Example CI deploy command
- Example rollback command
- Example env initialization in CI/bootstrap
- Safety notes
- Recommended CI pipeline shape
- When to extend sudoers