Repeat after me: git, is, not, a, deployment, tool

jedberg · 2024-06-09T23:13:20 1717974800

Why? Not?

taberiand · 2024-06-10T00:53:56 1717980836

I think the main reason is it's sensible to pass the source code through a process that organises and optimises it for release to a specific environment. My first assumption seeing a git repo used in this way would be that someone was cutting corners and probably doing bad things like committing secrets to the repo, things like that.

If the person setting it up is aware of the potential pitfalls and has a good explanation for the process - particularly if there is no build step involved and secrets are managed appropriately, then it can be fine.

jedberg · 2024-06-10T00:56:51 1717981011

You can do all that with a pre-commit or post-commit hook.

taberiand · 2024-06-10T02:31:19 1717986679

It goes further than that, those were just examples. The principle of least knowledge, and the principle of least privilege, guide deployment to a process that does not include the source code on a production server. But like I said, there are ways for it to be a reasonable approach if properly justified

ec109685 · 2024-06-10T02:49:15 1717987755

Then you’re checking in artifacts generated from source code (for this method that relies on git push to work).