Web Development – How Safe is Using Git for Deployment on Production Server?

gitweb-development

I started with sftp, then switched to WebDAV and I'm currently using rsync through ssh to deploy any updates/upgrades from my development server into my production server.

I'm still not very happy using this system and think using git to deploy may be better, mainly because of the possibility of rolling back any changes instantly with just one command.

Appart from using ssh tunnel to pull and push to the production server (leaving the git service behind the firewall), I've also realized I have to edit .htaccess to deny web access to .git folder.

Is this the correct approach, should I check anything else, do something in a different way, or should I go in a totally different direction?

Best Answer

That depends on your exact way of doing it. Right now it seems to me you have a git repo in your httpdocs that you deploy to, basically using HEAD as your actual website - that is NOT the correct way. I'm not sure how you are able to push to this configuration at all?

What you want to do is use a bare repo somewhere outside the httpdocs-folder, and checkout the files to httpdocs after pushing. While this sounds complicated, its pretty easy to do, here is a step-by-step tutorial: http://caiustheory.com/automatically-deploying-website-from-remote-git-repository

If your webserver needs access to some files, such as a wordpress installation, you need to add chmod and chgrp commands to the post-receive hook, otherwise your files belong to the wrong user (the one you used to push the commit, not the webserver).

Simply make a new script to change ownership that you call from the post_receive hook via sudo scriptname.sh (name it change_own.sh or whatever) :

chown -R wwwrun /path/to/httpdocs
chgrp -R www /path/to/httpdocs

and allow the script to be run without password via visudo by adding gituser ALL=(ALL) NOPASSWD: /path/to/change_owner.sh at the end.

Assumptions made: wwwrun - webserver user; www - webserver group; gituser - user to push commits

Addendum: A friend used this method and complained about how he had to update Wordpress over and over again. The obvious reason is that if the Webapplication updates itself, und thus replaces its code, these changes will not be transferred back into the repository, because the hook only works one way. Thus after each commit, the hook overrode all changes the Wordpress-Installation made through updates. The imho quickest workaround is to run the updates on the developer machine, then commit to deploy.

Related Solutions

Web-development – Best practices for managing deployment of code from dev to production servers

All this can be done by a batch file. The following are the basic steps need to happen in batch file:

Get current date time in a variable.
Make copies of the production directory into folders with the current date time. Zip the folder if you want.
Replicate the build dropping folder to production directories. You can also skip some files you don't want to overwrite (like web.config). Both xcopy and robocopy allow skipping files.

Except the first step, the other two steps are very basic command line operations. Regarding the first one, the following code shows how to get a directory with date time:

for /f "tokens=1-3 delims=/ " %%A in ("%DATE%") DO (
  set DATESTR=%%C%%A%%B
)

for /f "tokens=1-3 delims=:." %%F in ("%TIME%") DO (
  set TIMESTR=%%F%%G%%H
)

set CURRENTDT=%DATESTR%T%TIMESTR%

:: now you can use the date time in a folder name:
xcopy /e \\production1\site1 \\backup\site1\backup-%CURRENTDT%\

Git – How to Maintain Different Variations for Deployment Using Git

This is not a Git-specific answer, but it should work regardless of the VCS system you use.

I would start with several different repositories

One for each client, containing the client-specific files and a configuration file stating which options the client has purchased
One or more repositories with the development code

Then I would use a make_release script (written in your favourite scripting language) that does the following:

Given the name of the client, checkout that client's repository to a temporary location
Based on the purchased options, checkout or copy (from an existing checkout) the application and modules to the same location
Remove all files/directories that are not relevant for the client (especially those that contain data meant for the VCS system)
Package the release in a convenient format (e.g. zip or tar.gz)

Then deployment should be as simple as copying the release to the client's server, unpacking it and running whatever scripts that are needed to finish the installation/upgrade.

Best Answer

Related Solutions

Web-development – Best practices for managing deployment of code from dev to production servers

Git – How to Maintain Different Variations for Deployment Using Git

Related Topic