I am encountering a problem that I am not able to deploy my private project on github if the server I am deploying to do not have the access to the repo.

Say I have a private repo https://github.com/myname/project . I create a deployment event, then github notify heaven which already has my ssh private key that can access to the private repo and also the server I want to deploy to. Then heaven execute command like this fab -R staging deploy:branch_name=master.

My fabfile.py is something like this:

from fabric.api import env
from fabric.context_managers import cd
from fabric.operations import run

env.shell = '/bin/bash -l -c'
env.user = 'username'
env.roledefs.update({
    'staging': ['staging.mydomain.com']
})

def deploy(branch_name):
        # pull project from github, BUT ACCESS DENIED
        run('git clone -b %s --single-branch git@github.com:myname/project.git .' % branch_name)
        # Do something after pulling the project from github

So my question is, how can deploy like this, without the need to generate ssh keys in every single deploy server and then add those keys to github?

I really appreciate if someone can help me out of this. I think I misunderstood how heaven or fabric works. Thank you!

@atmos Can you please help?

Hi @gogames. Actually, you don't need to run git clone in your Fabric since it is Heaven's responsibility to checkout (a.k.a. clone) your repository. Heaven mainly does three things:

1. Listen to GitHub, waiting for deployment event
2. When it receives such an event, it clones the repository
3. Once cloned, it goes into this repository and applies the configured strategy (Fabric in your case)

So, what you should do in your deploy method is not to clone the repo, but the actual deployment process (like compiling assets, pushing the build to a server, etc.)

@willdurand Thank you!

How can I send the repository to remote server and then compile the project on that server? The point is I do not want to do compilation on Heaven and then push the executable file to remote server.

That would be perfect if I can have a sample fabfile.py file.

Thank you so much!

I don't use Fabric anymore unfortunately. Yet, IMO Heaven's main use case is to create a build (or artifact or executable), hence it should do compilation.

What I would do in your case would be to:

1. git archive the current state of your repo (what Heaven cloned)
2. Push the archive to your remote server
3. Do compilation

Based on what you wrote here, it should work with no extra credentials, since Heaven knows how to git clone, and your Fabric should know how to ssh your remote server.

According to document of providers, heaven simply execute a command fab -R %{environment} %{task}:branch_name=%{ref} which means I do not have the chance to ask heaven to push the archive to remote server and do the rest.

Please correct me if I misunderstand the document.

The problem is simplified: how to push the archive to remote servers?.

Thanks @willdurand for help.

Well, this is your job to write the fabfile, so you can put everything you want. Here is what might work:

def deploy(branch_name):
    local('git archive --format=tar --output=/tmp/archive.tar --prefix=dist/ %s' % branch_name)
    run('scp /tmp/archive.tar user@remove_server:~/') # see also `put()`, which might be better
    run('tar xf ~/archive.tar')

    with cd('~/dist/')
        run('compile')

Awesome it should work! Let me close the issue now. Thank you!