Git Deployment¶
New
Subcommands introduced in 0.12.0
git:allow-host <host> # Adds a host to known_hosts
git:auth <host> [<username> <password>] # Configures netrc authentication for a given git server
git:from-archive [--archive-type ARCHIVE_TYPE] <app> <archive-url> [<git-username> <git-email>] # Updates an app's git repository with a given archive file
git:from-image [--build-dir DIRECTORY] <app> <docker-image> [<git-username> <git-email>] # Updates an app's git repository with a given docker image
git:load-image [--build-dir DIRECTORY] <app> <docker-image> [<git-username> <git-email>] # Updates an app's git repository with a docker image loaded from stdin
git:sync [--build] <app> <repository> [<git-ref>] # Clone or fetch an app from remote git repo
git:initialize <app> # Initialize a git repository for an app
git:public-key # Outputs the dokku public deploy key
git:report [<app>] [<flag>] # Displays a git report for one or more apps
git:set <app> <key> (<value>) # Set or clear a git property for an app
git:status <app> # Show the working tree status for an app
git:unlock <app> [--force] # Removes previous git clone folder for new deployment
Git-based deployment has been the traditional method of deploying applications in Dokku. As of v0.12.0, Dokku introduces a few ways to customize the experience of deploying via git push
. A Git-based deployment currently supports building applications via:
Usage¶
Warning
Pushing from a shallow clone is not currently supported and may have undefined behavior. Please unshallow your local repository before pushing to a Dokku app to avoid potential errors in the deployment process.
Initializing an application¶
When an application is created via git push
, Dokku will create the proper pre-receive
hook in order to execute the build pipeline. In certain cases - such as when fronting deploys with the git-http-backend
- this may not be correctly created. As an alternative, the git:initialize
command can be used to trigger this creation:
In order for the above command to succeed, the application must already exist.
Warning
If the pre-receive
hook was customized in any way, this will overwrite that hook with the current defaults for Dokku.
Changing the deploy branch¶
By default, Dokku will deploy code pushed to the master
branch. In order to quickly deploy a different local branch, the following Git command can be used:
# on the local machine
# where `SOME_BRANCH_NAME` is the name of the branch
git push dokku SOME_BRANCH_NAME:master
In 0.12.0
, the correct way to change the deploy branch is to use the git:set
Dokku command.
# on the Dokku host
# override for all applications
dokku git:set --global deploy-branch SOME_BRANCH_NAME
# override for a specific app
# where `SOME_BRANCH_NAME` is the name of the branch
dokku git:set node-js-app deploy-branch SOME_BRANCH_NAME
As of 0.22.1, Dokku will also respect the first pushed branch as the primary branch, and automatically set the deploy-branch
value at that time.
Pushing multiple branches can also be supported by creating a receive-branch plugin trigger in a custom plugin.
Configuring the GIT_REV
environment variable¶
New
Introduced in 0.12.0
Application deployments will include a special GIT_REV
environment variable containing the current deployment sha being deployed. For rebuilds, this SHA will remain the same.
To configure the name of the GIT_REV
environment variable, run the git:set
command as follows:
# on the Dokku host
# override for a specific app
dokku git:set node-js-app rev-env-var DOKKU_GIT_REV
This behavior can be disabled entirely on a per-app basis by setting the rev-env-var
value to an empty string:
Keeping the .git
directory¶
By default, Dokku will remove the contents of the .git
before triggering a build for a given app. This is generally a safe default as shipping the entire source code history of your app in the deployed image artifact is unnecessary as it increases bloat and potentially can leak information if there are any security issues with your app code.
To enable the .git
directory, run the git:set
command as follows:
# on the Dokku host
# keep the .git directory during builds
dokku git:set node-js-app keep-git-dir true
The default behavior is to delete this directory and it's contents. To revert to the default behavior, the keep-git-dir
value can be set to either an empty string or false
.
# on the Dokku host
# delete the .git directory during builds (default)
dokku git:set node-js-app keep-git-dir false
# delete the .git directory during builds (default)
dokku git:set node-js-app keep-git-dir ""
Please keep in mind that setting keep-git-dir
to true
may result in unstaged changes shown within the built container due to the build process generating application changes within the built app directory.
Initializing an app repository from a docker image¶
New
Introduced in 0.24.0
A Dokku app repository can be initialized or updated from a Docker image via the git:from-image
command. This command will either initialize the app repository or update it to include the specified Docker image via a FROM
stanza. This is an excellent way of tracking changes when deploying only a given docker image, especially if deploying an image from a remote CI/CD pipeline.
In the above example, Dokku will build the app as if the repository contained only a Dockerfile
with the following content:
If the specified image already exists on the Dokku host, it will not be pulled again, though this behavior may be changed using build phase docker-options.
Triggering a build with the same arguments multiple times will result in Dokku exiting 0
early as there will be no changes detected. If the image tag is reused but the underlying image is different, it is recommended to use the image digest instead of the tag. This can be retrieved via the following command:
# for images pushed to a remote registry
docker inspect --format='{{index .RepoDigests 0}}' $IMAGE_NAME
# for images built locally and not pushed to a registry
# use when the previous command output is empty
docker images --no-trunc --quiet $IMAGE_NAME
The resulting git:from-image
call would then be:
# where the image sha is: sha256:9d187c3025d03c033dcc71e3a284fee53be88cc4c0356a19242758bc80cab673
dokku git:from-image node-js-app dokku/node-js-getting-started@sha256:9d187c3025d03c033dcc71e3a284fee53be88cc4c0356a19242758bc80cab673
The git:from-image
command can optionally take a git user.name
and user.email
argument (in that order) to customize the author. If the arguments are left empty, they will fallback to Dokku
and automated@dokku.sh
, respectively.
If the image is a private image that requires a docker login to access, the registry:login
command should be used to log into the registry. See the registry documentation for more details on this process.
Finally, certain images may require a custom build context in order for ONBUILD ADD
and ONBUILD COPY
statements to succeed. A custom build context can be specified via the --build-dir
flag. All files in the specified build-dir
will be copied into the repository for use within the docker build
process. The build context must be specified on each deploy, and is not otherwise persisted between builds.
dokku git:from-image --build-dir path/to/build node-js-app dokku/node-js-getting-started:latest "Camila" "camila@example.com"
See the dockerfile documentation to learn about the different ways to configure Dockerfile-based deploys.
Initializing an app repository from an archive file¶
New
Introduced in 0.24.0
A Dokku app repository can be initialized or updated from the contents of an archive file via the git:from-archive
command. This is an excellent way of tracking changes when deploying pre-built binary archives, such as java jars or go binaries. This can also be useful when deploying directly from a GitHub repository at a specific commit.
dokku git:from-archive node-js-app https://github.com/dokku/smoke-test-app/releases/download/2.0.0/smoke-test-app.tar
In the above example, Dokku will build the app as if the repository contained the extracted contents of the specified archive file.
Triggering a build with the same archive file multiple times will result in Dokku exiting 0
early as there will be no changes detected.
The git:from-archive
command can optionally take a git user.name
and user.email
argument (in that order) to customize the author. If the arguments are left empty, they will fallback to Dokku
and automated@dokku.sh
, respectively.
dokku git:from-archive node-js-app https://github.com/dokku/smoke-test-app/releases/download/2.0.0/smoke-test-app.tar "Camila" "camila@example.com"
The default archive type is always set to .tar
. To use a different archive type, specify the --archive-type
flag. Failure to do so will result in a failure to extract the archive.
dokku git:from-archive --archive-type zip node-js-app https://github.com/dokku/smoke-test-app/archive/2.0.0.zip "Camila" "camila@example.com"
Finally, if the archive url is specified as --
, the archive will be fetched from stdin.
curl -sSL https://github.com/dokku/smoke-test-app/releases/download/2.0.0/smoke-test-app.tar | dokku git:from-archive node-js-app --
Initializing an app repository from a remote image without a registry¶
New
Introduced in 0.30.0
A Dokku app repository can be initialized or updated from the contents of an image archive tar file via the git:load-image
command. This method can be used when a Docker Registry is unavailable to act as an intermediary for storing an image, such as when building an image in CI and deploying directly from that image.
docker image save dokku/node-js-getting-started:latest | ssh dokku@dokku.me git:load-image node-js-app dokku/node-js-getting-started:latest
In the above example, we are saving the image to a tar file via docker image save
, streaming that to the Dokku host, and then running git:load-image
on the incoming stream. Dokku will build the app as if the repository contained only a Dockerfile
with the following content:
When deploying an app via git:load-image
, it is highly recommended to use a unique image tag when building the image. Not doing so will result in Dokku exiting 0
early as there will be no changes detected. If the image tag is reused but the underlying image is different, it is recommended to use the image digest instead of the tag. This can be retrieved via the following command:
# for images pushed to a remote registry
docker inspect --format='{{index .RepoDigests 0}}' $IMAGE_NAME
# for images built locally and not pushed to a registry
# use when the previous command output is empty
docker images --no-trunc --quiet $IMAGE_NAME
The resulting git:load-image
call would then be:
# where the image sha is: sha256:9d187c3025d03c033dcc71e3a284fee53be88cc4c0356a19242758bc80cab673
docker image save dokku/node-js-getting-started:latest | ssh dokku@dokku.me git:load-image node-js-app dokku/node-js-getting-started@sha256:9d187c3025d03c033dcc71e3a284fee53be88cc4c0356a19242758bc80cab673
The git:load-image
command can optionally take a git user.name
and user.email
argument (in that order) to customize the author. If the arguments are left empty, they will fallback to Dokku
and automated@dokku.sh
, respectively.
docker image save dokku/node-js-getting-started:latest | ssh dokku@dokku.me git:load-image node-js-app dokku/node-js-getting-started:latest "Camila" "camila@example.com"
Finally, certain images may require a custom build context in order for ONBUILD ADD
and ONBUILD COPY
statements to succeed. A custom build context can be specified via the --build-dir
flag. All files in the specified build-dir
will be copied into the repository for use within the docker build
process. The build context must be specified on each deploy, and is not otherwise persisted between builds.
docker image save dokku/node-js-getting-started:latest | ssh dokku@dokku.me git:load-image --build-dir path/to/build node-js-app dokku/node-js-getting-started:latest "Camila" "camila@example.com"
See the dockerfile documentation to learn about the different ways to configure Dockerfile-based deploys.
Initializing an app repository from a remote repository¶
New
Introduced in 0.23.0
A Dokku app repository can be initialized or updated from a remote git repository via the git:sync
command. This command will either clone or fetch updates from a remote repository and has undefined behavior if the history cannot be fast-fowarded to the referenced repository reference. Any repository that can be cloned by the dokku
user can be specified.
Info
The application must exist before the repository can be initialized
The git:sync
command optionally takes an optional third parameter containing a git reference, which may be a branch, tag, or specific commit.
# specify a branch
dokku git:sync node-js-app https://github.com/heroku/node-js-getting-started.git main
# specify a tag
dokku git:sync node-js-app https://github.com/heroku/node-js-getting-started.git 1
# specify a commit
dokku git:sync node-js-app https://github.com/heroku/node-js-getting-started.git 97e6c72491c7531507bfc5413903e0e00e31e1b0
By default, this command does not trigger an application build. To do so during a git:sync
, specify the --build
flag.
Initializing from private repositories¶
New
Introduced in 0.24.0
Initializing from a private repository requires one of the following:
- A Public SSH Key (
id_rsa.pub
file) configured on the remote server, with the associated private key (id_rsa
) in the Dokku server's/home/dokku/.ssh/
directory. - A configured
.netrc
entry.
Dokku provides the git:auth
command which can be used to configure a netrc
entry for the remote server. This command can be used to add or remove configuration for any remote server.
# add credentials for github.com
dokku git:auth github.com username personal-access-token
# remove credentials for github.com
dokku git:auth github.com
For syncing to a private repository stored on a remote Git product such as GitHub or GitLab, Dokku's recommendation is to use a personal access token on a bot user where possible. Please see your service's documentation for information regarding the recommended best practices.
Allowing remote repository hosts¶
By default, the Dokku host may not have access to a server containing the remote repository. This can be initialized via the git:allow-host
command.
Note that this command is currently not idempotent and may add duplicate entries to the ~dokku/.ssh/known_hosts
file.
Verifying the cloning public key¶
In order to clone a remote repository, the remote server should have the Dokku host's public key configured. This plugin does not currently create this key, but if there is one available, it can be shown via the git:public-key
command.
If there is no key, an error message is shown that displays the command that can be run on the Dokku server to generate a new public/private ssh key pair.