Git push to deploy without Github

22 March 2025

I have been experimenting with different ways to deploy projects. I am trying to find a simple way for my simple projects. My regular method have been ssh -A, git pull, npm build and pm2 restart. I have already replaced pm2 with systemd in the last project. Let's push the git repo directly to a server without using Github in between. I will be using Bun in this project because it has built-in support for SQLite and Argon2 password hashing. This is the first project in which I am using bun, and I think I will use it for all my future projects.

Using SSH this is easy, just have to add a git remote with ssh url. Then we can use a hook to run the rest of the commands. Git 2.3 and 2.4 added push to deploy features. This would make it very easy for a static site. Just have to set git config receive.denyCurrentBranch to updateInstead. Then git will automatically check out the branch after every push. On remote:
git init project --initial-branch=main --shared=600
git config receive.denyCurrentBranch updateInstead
On local:
git remote add deploy [email protected]:project
git push deploy
You can use --shared to set git directory permission to not allow other users. So even if you host the worktree on http root, it won't allow access to files in .git repo.

Git 2.4 added a push-to-checkout hook, but this hook executes before new changes pushed to the remote git repo. So I found it useless for my use case, where I have to run build commands after the push. So I will be using old post-receive hook instead.

We will also use systemd to run the server. Also, we will use a different user to manage the project and services and another different user to run each app. My current project's name is islego.
For the initial setup as root user: Setup users We will set the app user home directory to the project root directory. Because bun is installed the user's home directory. We need to give access to it to the the app user. On Debain systems, we can add the user to adm group to give it access to journalctl to view logs.
The systemd service unit file: systemd service unit file Again as root user, setup the app specific directories and files: Setup project Will need to use root user to change the owner of the files, setup systemd and sudo. We will give the project user access to manage the app service from systemctl. For SQLite, the app user needs write access to the directory, not just the file.
The post-receive hook: git post-receive hook You can customize the APP variable and branch name. I spent a while debugging this script as git hooks run inside .git directory. Also had to manually set the git work tree directory. You should run pre-build commands like database migrations here.

Finally, manually run the hook to build and start the app for the first time: cd .git
hooks/post-receive <<< "- - refs/heads/main" After this you can just run git push deploy from you local machine to push and deploy the app everytime. Here is a link to a gist will all the code.

There is one more technique I used to simplify this project even further. I avoided using Nginx and redirect port 3000 from Cloudflare instead. Here are the rules I used to optimize this app in Cloudflare: Cloudflare page rules If your SSL mode is strict, you will need to bypass that rule for this app and use SSL mode flexible instead, as app itself will be serving only HTTP. By default Cloudflare wont cache anything unless you turn on cache everything rule, set it's “Edge TTL” to “Use cache-control header if present, bypass cache if not”. To cache static files, add one more rule with "Cache Default File Extensions" and set its “Edge TTL” to “Use cache-control header if present, cache request with Cloudflare's default TTL for the response status if not”.