diff options
| author | KatolaZ <katolaz@freaknet.org> | 2017-07-06 22:32:19 +0100 |
|---|---|---|
| committer | KatolaZ <katolaz@freaknet.org> | 2017-07-06 22:32:19 +0100 |
| commit | c3f29e8540cc135286c8a9abc33aac8df8005389 (patch) | |
| tree | a35ff4d82c679be5799aec042021762a842e87b9 | |
| parent | a678af8e1ca8982d550ee0fd034ad98ebaaa7747 (diff) | |
Added more details to the README
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | README.md | 51 |
2 files changed, 50 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ce39376 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/scorsh @@ -2,10 +2,57 @@ Signed-Commit Remote Shell -`scorh` lets you trigger commands on a remote git server through +**scorsh** lets you trigger commands on a remote git server through signed git commits. -**This is still work-in-progress** +**scorsh** is written in Go. + +**This is still work-in-progress, not ready to be used yet** + +# WTF + +...if you have ever felt that git hooks fall too short to your standards... + +...because you would like each specific push event to trigger _something +different_ on the git repo... + +...and you want only authorised users to be able to trigger that +_something__.... + +..then **scorsh** might be what you have been looking for. + +**scorsh** is a simple system to execute commands on a remote host by +using GPG-signed commits containing customisable commands +(scorsh-tags). **scorsh** consists of two components: + +* a `post-receive` git hook + +* the `scorsh` binary itself + +For each new push event, the `post-receive` hook creates a file in a +configurable spool directory, containing information about the repo, +branch, and commits of the push. + +The `scorsh` binary processes inotify events from the spool, parses +each new file there, walks through the new commits looking for signed +ones, checks if the message of a signed commit contains a recognised +scorsh-tag, verifies that the user who signed the message is allowed +to use that scorsh-tag, and executes the commands associated to the +scorsh-tag. Or, well, this is what `scorsh` will do when it's ready. + +The set of scorsh-tags accepted on a repo/branch is configurable, and +each scorsh-tag can be associated to a list of commands. Commands are +just URLs, at the moment restricted to two possible types: + +* file://path/to/file - in this case `scorsh` tries to execute the + corresponding file (useful to execute scripts) + +* http://myserver.com/where/you/like - in this case `scorsh` makes an + HTTP request to the specified URL (useful to trigger other actions, + e.g., Jenkins or Travis builds...) + + + |