Hostityourself

History

Claude cb0795617f feat: git push deploy (roadmap step 2) Full self-contained git push flow — no GitHub required: git remote add hiy ssh://hiy@myserver/myapp git push hiy main What was added: - Bare git repo per app (HIY_DATA_DIR/repos/<app-id>.git) Initialised automatically on app create; removed on app delete. post-receive hook is written into each repo and calls the internal API to queue a build using the same pipeline as webhook deploys. - SSH key management New ssh_keys DB table. Admin UI (/admin/users) now shows SSH keys per user with add/remove. New API routes: GET/POST /api/users/:id/ssh-keys DELETE /api/ssh-keys/:key_id On every change, HIY rewrites HIY_SSH_AUTHORIZED_KEYS with command= restricted entries pointing at hiy-git-shell. - scripts/git-shell SSH command= override installed at HIY_GIT_SHELL (default /usr/local/bin/hiy-git-shell). Validates the push via GET /internal/git/auth, then exec's git-receive-pack on the correct bare repo. - Internal API routes (authenticated by shared internal_token) GET /internal/git/auth -- git-shell permission check POST /internal/git/:app_id/push -- post-receive build trigger - Builder: git-push deploys use file:// path to the local bare repo instead of the app's remote repo_url. - internal_token persists across restarts in HIY_DATA_DIR/internal-token. New env vars: HIY_SSH_AUTHORIZED_KEYS path to the authorized_keys file to manage HIY_GIT_SHELL path to the git-shell script on the host Both webhook and git-push deploys feed the same build queue. https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH	2026-03-23 08:54:55 +00:00
..
src	feat: git push deploy (roadmap step 2)	2026-03-23 08:54:55 +00:00
Cargo.toml	Add multi-user security service with per-app authorization	2026-03-20 14:22:57 +00:00

Full self-contained git push flow — no GitHub required:

  git remote add hiy ssh://hiy@myserver/myapp
  git push hiy main

What was added:

- Bare git repo per app (HIY_DATA_DIR/repos/<app-id>.git)
  Initialised automatically on app create; removed on app delete.
  post-receive hook is written into each repo and calls the internal
  API to queue a build using the same pipeline as webhook deploys.

- SSH key management
  New ssh_keys DB table. Admin UI (/admin/users) now shows SSH keys
  per user with add/remove. New API routes:
    GET/POST /api/users/:id/ssh-keys
    DELETE   /api/ssh-keys/:key_id
  On every change, HIY rewrites HIY_SSH_AUTHORIZED_KEYS with
  command= restricted entries pointing at hiy-git-shell.

- scripts/git-shell
  SSH command= override installed at HIY_GIT_SHELL (default
  /usr/local/bin/hiy-git-shell). Validates the push via
  GET /internal/git/auth, then exec's git-receive-pack on the
  correct bare repo.

- Internal API routes (authenticated by shared internal_token)
    GET  /internal/git/auth          -- git-shell permission check
    POST /internal/git/:app_id/push  -- post-receive build trigger

- Builder: git-push deploys use file:// path to the local bare repo
  instead of the app's remote repo_url.

- internal_token persists across restarts in HIY_DATA_DIR/internal-token.

New env vars:
  HIY_SSH_AUTHORIZED_KEYS  path to the authorized_keys file to manage
  HIY_GIT_SHELL            path to the git-shell script on the host

Both webhook and git-push deploys feed the same build queue.

https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH

2026-03-23 08:54:55 +00:00

src

feat: git push deploy (roadmap step 2)

2026-03-23 08:54:55 +00:00

Cargo.toml

Add multi-user security service with per-app authorization

2026-03-20 14:22:57 +00:00