| GIT-FTP(1) | GIT-FTP(1) |
This is the manual for version 1.6.0-UNRELEASED. Please consider the changelog (../CHANGELOG.md) or select your version from the Branch > Tags select above to see the manual for another version.
Git-ftp - Git powered FTP client written as shell script.
git-ftp <action> [<options>] [<url>]
Git-ftp is an FTP client using Git (http://git-scm.org) to determine which local files to upload or which files to delete on the remote host.
It saves the deployed state by uploading the SHA1 hash in the .git-ftp.log file. There is no need for Git to be installed on the remote host.
Even if you play with different branches, git-ftp knows which files are different and handles only those files. That saves time and bandwidth.
The scheme of an URL is what you would expect
protocol://host.domain.tld:port/path
Below a full featured URL to host.example.com on port 2121 to path mypath using protocol ftp:
ftp://host.example.com:2121/mypath
But, there is not just FTP. Supported protocols are:
Upload your files to an FTP server the first time:
$ git ftp init -u "john" -P "ftp://example.com/public_html"
It will authenticate with the username john and ask for the password. By default, it tries to transfer data in EPSV mode. Depending on the network and server configuration, that may fail. You can try to add the --disable-epsv option to use the IPv4 passive FTP connection (PASV). In rare circumstances, you can use --active for the original FTP transfer mode. These options do not apply to SFTP.
You are less likely to face connection problems with SFTP. But be aware of the different handling of relative and absolute paths. If the directory public_html is in the home directory on the server, then upload like this:
$ git ftp init -u "john" --key "$HOME/.ssh/id_rsa" "sftp://example.com/~/public_html"
Otherwise it will use an absolute path, for example:
$ git ftp init -u "john" --key "$HOME/.ssh/id_rsa" "sftp://example.com/var/www"
On some systems Git-ftp fails to verify the server’s fingerprint. You can then use the --insecure option to skip the verification. That will leave you vulnerable to man-in-the-middle attacks, but is still more secure than plain FTP.
Git-ftp guesses the path of the public key file corresponding to your private key file. If you just have a private key, for example a .pem file, you need Git-ftp version 1.3.4 and Curl version 7.39.0 or newer. If you have an older version of Git-ftp or Curl, you can create the public key with the ssh-keygen command:
$ ssh-keygen -y -f key.pem > key.pem.pub
Many people already uploaded their files to the server. If you want to mark the uploaded version as the same as your local branch:
$ git ftp catchup
This example omits options like --user, --password and url. See DEFAULTS below to learn how to store your configuration so that you don’t need to repeat it.
After you stored the commit id of the uploaded commit via init or catchup, you can then upload any new commits:
$ git ftp push
If you discovered a bug in the last uploaded version and you want to go back by three commits:
$ git checkout HEAD~3
$ git ftp push
Or maybe some files got changed on the server and you want to upload all changes between branch master and branch develop:
$ git checkout develop # This is the version which is uploaded.
$ git ftp push --commit master # Upload changes compared to master.
Don’t repeat yourself. Setting config defaults for git-ftp in .git/config
$ git config git-ftp.<(url|user|password|syncroot|cacert|keychain|...)> <value>
Everyone likes examples:
$ git config git-ftp.user john
$ git config git-ftp.url ftp.example.com
$ git config git-ftp.password secr3t
$ git config git-ftp.syncroot path/dir
$ git config git-ftp.cacert caCertStore
$ git config git-ftp.deployedsha1file mySHA1File
$ git config git-ftp.insecure 1
$ git config git-ftp.key ~/.ssh/id_rsa
$ git config git-ftp.keychain user@example.com
$ git config git-ftp.remote-root htdocs
$ git config git-ftp.disable-epsv 1
$ git config git-ftp.no-commit 1
After setting those defaults, push to john@ftp.example.com is as simple as
$ git ftp push
If you run into issues with setting up your password please check this note.
Need different config defaults per each system or environment? Use the so called scope feature.
Useful if you use multi environment development. Like a development, testing and a production environment.
$ git config git-ftp.<scope>.<(url|user|password|syncroot|cacert)> <value>
So in the case below you would set a testing scope and a production scope.
Here we set the params for the scope “testing”
$ git config git-ftp.testing.url ftp.testing.com:8080/foobar-path
$ git config git-ftp.testing.password simp3l
Here we set the params for the scope “production”
$ git config git-ftp.production.user manager
$ git config git-ftp.production.url live.example.com
$ git config git-ftp.production.password n0tThatSimp3l
Pushing to scope testing alias john@ftp.testing.com:8080/foobar-path using password simp3l
$ git ftp push -s testing
Note: The SCOPE feature can be mixed with the DEFAULTS feature. Because we didn’t set the user for this scope, git-ftp uses john as user as set before in DEFAULTS.
Pushing to scope production alias manager@live.example.com using password n0tThatSimp3l
$ git ftp push -s production
Hint: If your scope name is identical with your branch name. You can skip the scope argument, e.g. if your current branch is “production”:
$ git ftp push -s
You can also create scopes using the add-scope action. All settings can be defined in the URL. Here we create the production scope using add-scope
$ git ftp add-scope production ftp://manager:n0tThatSimp3l@live.example.com/foobar-path
Deleting scopes is easy using the remove-scope action.
$ git ftp remove-scope production
Add patterns to .git-ftp-ignore and all matching file names will be ignored. The patterns are interpreted as shell glob patterns since version 1.1.0. Before version 1.1.0, patterns were interpreted as regular expressions. Here are some glob pattern examples:
Ignoring everything in a directory named config:
config/*
Ignoring all files having extension .txt:
*.txt
Ignoring a single file called foobar.txt:
foobar.txt
Ignoring Git related files:
.gitignore
*/.gitignore # ignore files in sub directories
*/.gitkeep
.git-ftp-ignore
.git-ftp-include
.gitlab-ci.yml
The .git-ftp-include file specifies intentionally untracked files that Git-ftp should upload. If you have a file that should always be uploaded, add a line beginning with ! followed by the file’s name. For example, if you have a file called VERSION.txt then add the following line:
!VERSION.txt
If you have a file that should be uploaded whenever a tracked file changes, add a line beginning with the untracked file’s name followed by a colon and the tracked file’s name. For example, if you have a CSS file compiled from an SCSS file then add the following line:
css/style.css:scss/style.scss
If you have multiple source files, you can add multiple lines for each of them. Whenever one of the tracked files changes, the upload of the paired untracked file will be triggered.
css/style.css:scss/style.scss
css/style.css:scss/mixins.scss
If a local untracked file is deleted, any change of a paired tracked file will trigger the deletion of the remote file on the server.
All paths are usually relative to the Git working directory. When using the --syncroot option, paths of tracked files (right side of the colon) are relative to the set syncroot. Example:
# upload "html/style.css" triggered by html/style.scss
# with syncroot "html"
html/style.css:style.scss
If your source file is outside the syncroot, prefix it with a / and define a path relative to the Git working directory. For example:
# upload "dist/style.css" with syncroot "dist"
dist/style.css:/src/style.scss
It is also possible to upload whole directories. For example, if you use a package manager like composer, you can upload all vendor packages when the file composer.lock changes:
vendor/:composer.lock
But keep in mind that this will upload all files in the vendor folder, even those that are on the server already. And it will not delete files from that directory if local files are deleted.
WARNING: It can delete local untracked files that are not listed in your .git-ftp-ignore file.
You can use git-ftp to download from the remote host into your repository. You will need to install the lftp command line tool for that.
git ftp download
It uses lftp’s mirror command to download all files that are different on the remote host. You can inspect the changes with git-diff. But if you have some local commits that have not been uploaded to the remote host, you may not compare to the right version. You need to compare the downloaded files to the commit that was uploaded last. This magic is done automatically by
git ftp pull
It does the following steps for you:
git checkout <remote-commit>
git ftp download
git add --all
git commit -m '[git-ftp] remotely untracked modifications'
git ftp catchup
git checkout <my-branch>
git merge <new-remote-commit>
If you want to inspect the downloaded changes before merging them into your current branch, add the option --no-commit. It will stop during the merge at the end of the pull action. You can inspect the merge result first and can then decide to continue or abort.
git ftp pull --no-commit
# inspect the result and commit them
git commit
# or abort the merge
git merge --abort
If you abort the merge, the downloaded changes will stay in an unreferenced commit until the Git garbage collector is run. The commit id will be printed so that you can tag it or create a new branch.
This feature is experimental. The interface may change.
Git-ftp supports client-side hook scripts during the init and the push action.
pre-ftp-push is called just before the upload to the server starts, but after the changeset of files was generated. It can be bypassed with the –no-verify option.
The hook is called with four parameters. The first is the used scope or the host name if no scope is used. The second parameter is the destination URL. The third is the local commit id which is going to be uploaded and the fourth is the remote commit id on the server which is going to be updated.
The standard input is a list of all filenames to sync. Each file is preceeded by A or D followed by a space. A means that this file is scheduled for upload, D means it’s scheduled for deletion. All entries are separated by the NUL byte. This list is different to git diff, because it has been changed by the rules of the .git-ftp-include file and the .git-ftp-ignore file.
Exiting with non-zero status from this script causes Git-ftp to abort and exit with status 9.
An example script is:
#!/bin/bash
#
# An example hook script to verify what is about to be uploaded.
#
# Called by "git ftp push" after it has checked the remote status, but before
# anything has been pushed. If this script exits with a non-zero status nothing
# will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Scope name if set or host name of the remote
# $2 -- URL to which the upload is being done
# $3 -- Local commit id which is being uploaded
# $4 -- Remote commit id which is on the server
#
# Information about the files which are being uploaded or deleted is supplied
# as NUL separated entries to the standard input in the form:
#
# <status> <path>
#
# The status is either A for upload or D for delete. The path contains the
# path to the local file. It contains the syncroot if set.
#
# This sample shows how to prevent upload of files containing the word TODO.
remote="$1"
url="$2"
local_sha="$3"
remote_sha="$4"
while read -r -d '' status file
do
if [ "$status" = "A" ]
then
if grep 'TODO' "$file"; then
echo "TODO found in file $file, not uploading."
exit 1
fi
fi
done
exit 0
post-ftp-push is called after the transfer has been finished. The standard input is empty, but the parameters are the same as given to the pre-ftp-push hook. This hook is not bypassed by the –no-verify option. It is meant primarily for notification and its exit status does not have any effect.
If your password contains special characters you have to take it with care. In most cases it is a good idea to quote passwords with single quotes:
--passwd '#my$fancy!secret'
Mostly --ask-passwd works even if --passwd does not work. So maybe you can give this a try.
If your password starts with a hyphen/dash (-) even quoting might fail. This is by design (https://github.com/git-ftp/git-ftp/issues/468) and will not be fixed. In this case you can use one of the other options to set your password: the defaults feature using git config, --ask-passwd or ~/.netrc.
Quoting also works if a default is set with git config:
$ git config git-ftp.password '#my$fancy!secret'
In the backend, Git-ftp uses curl. This means ~/.netrc could be used beside the other options of Git-ftp to authenticate.
$ editor ~/.netrc
machine ftp.example.com
login john
password SECRET
With git-ftp the credentials stored in this file are used if no username is set. For example, if you set up your .netrc file like this you can just call
git ftp init ftp.example.com
Of course this can be combined with the defaults feature to set config defaults for other options as well.
On macOS you can use the built in keychain to store and get your passwords.
You can use this feature by using the option --keychain in your command:
$ git ftp init --keychain account@host ftpes://host
You can omit the value for this option. Then git-ftp will guess the account and hostname from user and url.
Or you can set a config for this, so you don’t need to repeat yourself (see defaults for details):
$ git config git-ftp.keychain account@host
You can omit the hostname here. If there is no @ in the config value git-ftp will guess the hostname from url.
If you run a command using the keychain feature, the system might ask you if git-ftp is allowed to access the keychain entry. If the keychain is locked you have to enter the keychain password (not the value of the entry), sometimes twice.
If your password is not in your keychain yet it is recommended adding it using the following command:
$ security add-internet-password -a account -r "ftp " -s host -w secr3t
The options are: - -a: user account - -r: protocol; has to be exactly 4 characters long, so if you use FTP it should be "ftp ", for FTPS and FTPES use ftps and for SSH with password auth you can use "ftp " as well. - -s: your host name; includes subdomains but no paths - -w: password
You can omit the option -r and everything will work fine, but the Keychain Access Utility will not show the server in the field “Where:”. This is only shown if -r and -s are set both.
If you create a keychain entry with the Keychain Access Utility it creates a generic password and not an internet password. Therefore, unfortunately, this will not work.
Please not that the keychain entry can not be used for password protected private keys in SSH.
There are a bunch of different error codes and their corresponding error messages that may appear during bad conditions. At the time of this writing, the exit codes are:
The upstream BTS can be found at <https://github.com/git-ftp/git-ftp/issues>.
Git-ftp was started by Rene Moser and is currently maintained by Maikel Linke. Numerous contributions have come from GitHub users. See the AUTHORS file for an incomplete list of contributors.
| 2020-02-03 | Git-ftp 1.6.0 |