Search code examples
phpgitversion-control

Which directory of my PHP webapp should I publish on git?

I am working on a PHP webapp. I have to publish it on a distributed version control system (git) but I am not sure wether if to publish the root directory of the project or the public_html folder.

The root folder contains composer-related files and configuration files.

Also, what are the best practices to include the config files, which have to be omitted/obscured from the version control?

The project is structured as follows:

+ root
|_ (...)
|_ config.php
|_ composer.json
|_ composer.lock
|_ public_html
    |_ index.php
    |_ (...) // The rest of the project
Solution

  • git isn't primarily about "publishing" anything, it's about tracking the changes to something, and having somewhere to retrieve particular versions.

    It's probably easier to think about what not to put into version control:

    • Data and application state. You don't want to update your git repository every time someone makes a new comment on your blog, or changes the price of a product on your store.
    • Large objects. Git is optimised for small text files; you can put some images in there, like logos and buttons, but probably don't want full-resolution desktop backgrounds, or installers for some piece of software to download. There are solutions like git-lfs if you need them, but most of the time such "assets" belong somewhere else, like AWS S3 (which has its own versioning).
    • Sensitive data. Anyone who has access to the repo has access not just to the current version of the files, but every previous version; so you want to be careful to never store any passwords or secret keys there.
    • Per-deployment configuration. This one gets more fuzzy - some configuration is useful to have versioned, so that you can re-deploy the application without lots of manual setup; but other things should be generated by a setup script. It's hard to answer whether config.php should be committed without knowing what's in it - possibly it should be, but some of the things in it should be moved elsewhere.

    To not commit something, just list it in .gitignore. (Note that this isn't a security measure, just convenience: it doesn't remove already committed files, even them from future revisions, nor does it prevent you adding them accidentally in future; it just makes most commands not default to adding them. You still have to pay attention to what you're committing.)

    Everything else probably belongs in git, including composer.lock.