TL;DR
As encoding becomes a regular part of your development cycle, you may start to wonder how you can automate the process and make it part of your continuous delivery model. This article explains how to automate code obfuscation as part of your continuous delivery model.
What?
As a release manager or developer I would like to have the source code encoded when a new version is released without having to do it manually.
Why?
We used to have a machine in our office dedicated to run the ionCube software. Whenever a new version was released, someone had to manually execute a step-by-step sequence to create an encoded version thereof. The ionCube software allows you to do it very easily. However, if you have to do this frequently, the repetitive nature of it would drive you insane.
It was during this insanity that we decided to automate it. The idea is very simple: move it to a cloud server and trigger it remotely. This extended into adopting it in our deployment pipeline, making it completely automated.
How?
The developer pushes a tag (or a branch) to the remote repository. Bitbucket’s pipelines catches the new tag (or updated branch) and executes a script. This script connects to the remote machine via ssh and executes the ionCube encoder.
Pros
- Guaranteed compatibility of source code against the version of PHP
- Reverse engineering attempts require more effort
- Mitigate license manipulation/abuse
Cons
- Setup time
- Adds some time to your CD (depends on the size of your project)
This article was also published here.
Hello World
Step-by-step walkthrough to help you get started. You should be able to adapt this into your CI/CD flow regardless of what technology you are using.
Preparation
- Sign up for the ionCube Encoder trial and copy the download link (will be emailed to your inbox)
- Set up public key authentication to the remote server
Let’s go
- Copy git repo on local machineme@local:/my-working-dir
git clone git@github.com:HendrikPrinsZA/ssh-ioncube.git && cd ssh-ioncube
- Copy git repo on remote machine administrator@devops.example.com:/var/www/html (ssh)
git clone git@github.com:HendrikPrinsZA/ssh-ioncube.git && cd ssh-ioncube
- Install ionCube PHP Encoder on remote machine administrator@devops.example.com:/home/administrator (ssh)
wget http://downloads3.ioncube.com/eval_download_packages/ioncube_encoder/linux_i686/en/ioncube_encoder_evaluation.tar.gz
tar -zxvf ioncube_encoder_evaluation.tar.gz - Trigger encoding from local machine me@local:/my-working-dir/ssh-ioncube
./local.sh --host="devops.example.com" \
--user="administrator" \
--exec="/var/www/html/ssh-ioncube/remote.sh" \
--source="/var/www/html/ssh-ioncube/raw" \
--target="/var/www/html/ssh-ioncube/encoded" \
--dir="example-app" \
--encoder="/home/administrator/ioncube_encoder_evaluation/ioncube_encoder.sh" \
--verbose