views:

67

answers:

3

I'm an avid git user; I use git in development; in staging, but not in production.

Are there any good reasons not to use git below the web root (/var/www/) in a production environment? I've been considering either using the master branch as the production branch, or creating a production branch.

push production master sounds so nice...

+2  A: 

so nice... and yet so wrong somehow.

In production environment, you need to be concerned with:

  • access security (how do you copy/deploy a delivery)
  • stopping the right process of your app
  • deploying a new version
  • starting the right processes (in the right order)
  • monitoring
  • reporting

Version Control is not part of that picture: any extra tool you might want to install in a production environment is an extra potential failure point (and need administration and monitoring of its own).
Unless it has a direct link with the application you are deploying ("direct link" as in "your app won't work without that extra tool"), it shouldn't be on a production platform.

Make a git archive from your master branch as a nice tar archive, with a "version.txt" in it to identify the repo/SHA1 from which that archive has been done, and sftp/srsynch it to the production platform.
From there, no more Git needed.

VonC
A: 

Hi,

Apart from the obvious aesthetic reason, permissions can often be a problem when you have a repository in /var/www.

On my production server, I have a bare repository in a private directory on branch production and a detached worktree in /var/www (see the core.worktree setting). Additionally, I have a post-receive hook to run git checkout -f, so all I have to do from my local computer is push to the production branch, and the rest is automatically taken care of.

Ramkumar Ramachandra
+1  A: 

If you want to use git in production, you need to make sure .git is not accessible through the webserver. You can do this by either placing .git outside of the web root and setting the GIT_DIR environment variable, or by configuring your webserver accordingly.

One possibility under apache would be the following rewrite rule:

RewriteRule ^(.*/)?\.git/ - [F,L]
igorw
The rewrite engine tends to be slow, how about:<Directory /websrv/*/.git> Order deny,allow Deny from all</Directory>
Marcin