To elaborate on dolinsky and the article, if your web server is doing a "git pull", it means it has ssh access into your workstation. If someone breaks into your web server, this means that they have ssh access into your workstation as well by simply using the keys on your web server. This is bad, very bad.
If you push to your web server, only your public key is exposed if your web server is compromised.
Not necessarily. If you run an ssh-agent locally and configure ForwardAgent to 'yes' for connections to your web server you can ssh to your server and use ssh from it without actually putting your private key on it.
I don't know if he meant that he git pulls from his workstation. I git push out to a bare repository on my server, and then I ssh in and git pull from the local bare repository into the project's working directory on my server. This doesn't leave the keys for my workstation on the server, but I still have to log in and git pull in the wd.
Good / bad are relative terms. Neither situation would be recommended for a site with a code base that pulls from multiple resources / pushes to multiple servers on every release, but for a single server environment this could suffice.
As for the difference b/w your method and the OPs, he defines it here :
> This is more convenient than defining your workstation as a remote on the server, and running "git pull" by hand or from a cron job, and it doesn't require your workstation to be accessible by ssh.
One advantage of the article's method is that it works if your workstation doesn't have a public IP address or is behind NAT / a firewall. It also works if you move around. With the article's method, you could have your laptop at home update your website, then go down to the local coffee shop and update your website from there.
I use Fabric with mercurial to achieve a similar effect typing "fab prod deploy" - see Steve Losh's blog posts or bitbucket.org/kevinburke/goodmorningcmc
You can do the same with Capistrano. However for a very basic static site it does sound simpler to just use a post-receive hook rather than having a script ssh in and do a pull.
Yep, same here. I wonder why more people don't do it, my fabric scripts basically push to production and then fabric logs in and updates, restarts services, etc.
It's probably worth checking out NestaCSM (http://effectif.com/nesta) if you're interested in doing this.
Sinatra in front, but all your posts are managed by Git and can be Markdown/Textile/HAML (or anything supported by Tilt iirc). Push it to Heroku if you want easy/free hosting.
Takes care of publishing an RSS feed, tags/categorisation, and a bunch of other nifty things beyond just generating a static site.
I've been using Joe Maller's write-up[1] as a guide for a while.
I see this strategy removes the need for a second repo on the server. Other than removing a layer which would save space and lower the likelihood of errors in general are their significant pros/cons to either method.
but what you want in code and what you want in the DB will vary from page to page and feature to feature so often just manually redo stuff (in dev env and then again in production) because deploying changes by code is more effort then its worth.
Managing the codebase is straightforward -- that's what git's designed for. My question was more about the actual site contents, which will reside in the database. Can you use git for tracking changes to the contents?
not always, often stuff is stored in the db that we want to work on in dev then deploy to production.
but it would be nice to be able to export a selection of nodes to code and preserve there id's, content and metadata. maybe you'll find a features contrib mod http://drupal.org/taxonomy/term/11478 but i've never heard of one.
No, git will not track database changes. Features however can handle much of the configuration (that is typically contained in the database) in code, which can then be managed with git.
If you want to create content on your dev or staging site and push it to production, check out the deploy module:
http://drupal.org/project/deploy
Probably not. You're better off logging your MySQL queries and filtering out the UPDATE, INSERT, and DELETE queries for the tables you're interested in.
I would advise against that. There are too many places in he mess of tables of data configuration that might refer to specific auto-increment id columns were things will get out of sync. Basically you are trying to do MySQL replication on specific tables only, but there are too many relationships among all the tables.
If it is a small amount of content, such as a handful of pages for a brochure site, putting them in a feature might be best.
If it is a site where customers or visitors generate content on the site, then periodically re-initialize your dev and staging environments with copies of the live DB, running it through a script to anonymize all the user info and change passwords and etc.
If you want to create content on your dev and move it live, then doing a full database copy and moving it live, with settings that are particular to live overridden in settings.php, is probably the best way. I advise against this, basically you are re-launching the site for every change.
If you are truely desiring to be able to create content in multiple different places and move it to live, then probably the best thing to do explicitly program and configure for that, by specifying feeds of the content and setting up the different sites to ingest each other's feeds.
That's similar to my private website (soultcer.com). I use git to create and store the content, and a wiki as content management system. It's nice to work on your website, and all you need is a git push for deploy. If I make a mistake or someone vandalizes the wiki, reverting is easy.
The general approach of putting together your website on one machine, the coding machine, and publishing it to your server is one I use, although I prefer a complex build on my design machine and then rsync it with the server.
I wanted to teach myself Ruby and I figured this was a great way to maintain a site, as I'm terrible with both SQL and security. Git solves security and DataMapper solves the SQL, and my Ruby lubricates the rest.
You could use git directly for metadata instead of relying on some JSON file. Git will tell you when an article was created and by whom. It will also tell you when and by whom each edit was made.
True. But my metadata needs exceed simply who wrote the article, I also have things like tags, pubdate, update, etc.
My system actually allows for the metadata to be embedded in the main article file, but it ended up being simpler for me to split the files most of the time (the editing app I wrote does this for me, so I mostly forget about it now).
I've played with this - in the end I ended up using custom scripts and/or Capistrano scripts (along with git of course) to handle actual deployments. It provided more control and more features, while still letting me leverage git.
Yeah, sounds familiar. I've been cooking up a way to manage a locally mastered static html website hosted in Amazon CloudFront. I may well use it as an opportunity to learn git (over SNV)...
Have a question. This is nice for simple HTML. How about deploying site were you have to migrate the database etc. This approach wouldn't work. I use fabric with git right now, works well.
Performance would be nightmarish. Git is super elegant and great, but not very performant. Imagine having to deltify a terabyte of data? Good luck with that!
Nice to hear I am not alone on this. The advantage I find is that it makes my deployments more explicit, and my pushes too and from the repository are as often as I feel.
With GIT thats a moot point in the linked article so long as you are using branches for everything and remembering to push them as well, but sometimes I just want to fix something quickly and do so without a branch. I dont care what people say when you start storing a lot of stuff in GIT a branch can take some time to process.
