At mur.at we need a different (actually additional) solution to deploy static website on or server(s). Many users have their own domains, websites run in docker containers, have their own logfiles and much more. This is what we came up with.

Shell runner

We run a gitlab-runner using the shell executor on hosts that server websites via docker containers. The runner runs as user gitlab-runner which has one sudo privilege: call a certain script. From .gitlab-ci.yml we call one script which in turn uses sudo to run the actual script used to deploy a website.

Privileges

The script called from deploy runs with root privileges initially but uses $GITLAB_USER_LOGIN to copy artifacts to the final destination ($CI_PROJECT_TITLE).