tags:

views:

254

answers:

3
+1  Q: 

Using hg repository as web site

This is somewhat related to my security question here. Is it a bad idea to use an hg / mercurial repository for a live website? If so, why?

Furthermore, we have dev, test and production installations of our website, like dev.example.com, test.example.com and www.example.com. If it's a bad idea to use a repository for a live/production website, would it be OK to use an hg repository for the dev and test sites?

I'm also concerned about ease of deployment. We have technical and less technical co-workers who will be working with the site. The technical guys (software engineers) won't have any problem working with the command line or TortoiseHG. I'm more concerned about the less technical guys (web designers). They won't be comfortable working on the command line, and may even find TortoiseHG daunting. These guys mostly upload .css files and images to the server. I'd like for these files (at least the .css files) to be under version control, but I want this to be as transparent as possible for the non technical guys.

What's the best way to achieve this?

Edit: Our 'site' is actually a multi-site CMS setup with a main repository and several subrepositories. Mock-up of the repository structure:

/root [main repository containing core files and subrepositories]
    /modules [modules subrepository]
    /sites/global [subrepository for global .css and .php files]
    /sites/site1 [site1 subrepository]
    ...
    /sites/siteN [siteN subrepository]

Software engineers would work in the root, modules and sites/global repositories. Less technical guys (web designers) would work only in the site1 ... siteN subrepositories.

+3  A: 

Yes, it is a bad idea.

Do not have your repository as your website. It means that things checked in, but unworking, will immediately be available. And it means that accidental checkins (it happens) will be reflected live as well (i.e. documents that don't belong there, etc).

I actually address this "concept" however (source control as deployment) with a tool I've written (a few other companies are addressing this topic now, as well, so you'll see it more). Mine is for SVN (at the moment) so it's not particularly relevant; I mention it only to show that I've considered this previously (not on a Repository though; a working copy, in that scenario the answer is the same: better to have a non-versioned "free" are as the website directory, and automate (via user action) the copying of the 'versioned' data to that directory).

Noon Silk  2010-03-02 08:29:50
I had planned to allow most users to `push` to the `dev` site, but only allow a few admins to push to the `test` and `live` sites. Does this change your answer at all?
Tex  2010-03-02 08:41:07
@Tex: No, not really. Consider this: You're effectively making your source control more "risky" to use. People need to think 'okay, not only is this ready for commit, but is it ready for dev deployment? It's relevant in places where more than one 'dev' may be testing, and other similar scenarios. I'd stick with the thought that you want your source control to be 'easy' to use, and that deployment is a 'separate' action (maybe I'm biased here, because it's something that I specifically work on). My views, FWIW.
Noon Silk  2010-03-02 08:44:39
@silky: Thanks for talking this through with me. I'd considered some of these points. I've also considered setting up a sandbox/developer-testing site for each developer on our web server (again, with each site being an hg repository). Then I could allow each developer/designer to `push` to his sandbox site for testing and only allow admins to push to `dev`, `test` and `live`. I'm having a difficult time coming up with a workflow that non technical guys can easily follow.
Tex  2010-03-02 08:51:55
@Tex: No problem. Indeed, with my system I'm working on a similar approach (you deploy changes through a progression: commit, build, deploy (to where you wish, typically "test"), then test is upgraded to staging, and staging is upgraded to live. Other intricacies on the way. I don't use HG, so I don't quite know if a 'push' is different from a 'commit' (I think it might be, but I'm not sure). All I'd want to be sure of is: 1) `commit` is easy, and doesn't need to "work", 2) deployment is (typically) done separately and "manually" (configurable to automatic or manual). 3) Accidental deployments
Noon Silk  2010-03-02 08:55:40
... can easily be reversed. Assuming your system is setup like so, then it sounds "reasonable" to me. But I'm not sure how easy/possible it is to do that in HG. And certainly, with SVN, you wouldn't want to point a website at the *repository*, because there are lots of strange files in there. With HG it may not be the case.
Noon Silk  2010-03-02 08:56:53
+2  A: 

Many folks keep their sites in repositories, and so long as you don't have people live-editing the live-site you're fine. Have a staging/dev area where your non-revision control folks make their changes and then have someone more RCS-friendly do the commit-pull-merge-push cycle periodically.

So long as it's the conscious action of a judging human doing the staging-area -> production-repo push you're fine. You can even put a hook into the production clone that automatically does a 'hg update' of the working directory within that production clone, so that 'push' is all it takes to deploy.

That said, I think you're underestimating either your web team or tortoiseHg; they can get this.

Ry4an  2010-03-02 14:55:54
A: 

me personally (i'm a team of 1) and i quite like the idea of using src control as a live website. more so with hg, then with svn.

the way i see it, you can load an entire site, (add/remove files) with a single cmd much easier then ftp/ssh this, delete that etc

if you are using apache (and probably iis as well) you can make a simple .htaccess file that will block all .hg files (or .svn if you are using svn)

my preferred structure is development site is on local machine running directly out of a repository (no security is really required here, do what you like commit as required)

staging/test machine is a separate box or vm running a recent copy of the live database (i have a script to push committed changes to staging server and run tests)

live machine (open ssh connection, push changes to live server, test again, can all be scripted reasonably easily, google for examples)

because of push/pull nature of hg, it means you can commit changes and test without the danger of pushing a broken build to the live website. like you say in your comments, only specific people should have permission to push a version to the live site. (if it fails, you should easily be able to revert to the previous version, via src control)

bumperbox  2010-04-12 07:49:16

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?