Check out best practices

[Steve Finkelstein <sf...@stevefink.net>]

Hi all,

I'm currently stuck in a situation where developers like to check out
directly to a development Document Root with a PHP script.

The major problem with this is the fact that the document root needs
to give the Apache user full permissions to write to the directory --
and that's begging for trouble.

Does anyone have any best practices they use that they can share to
allow web developers to update web directories with repository stored
code? Anything besides giving them root on the servers would work for
me.

Thanks for any solid implementation ideas.

/sf

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Check out best practices

[John Peacock <jo...@havurah-software.org>]

Steve Finkelstein wrote:
> Does anyone have any best practices they use that they can share to
> allow web developers to update web directories with repository stored
> code? Anything besides giving them root on the servers would work for
> me.

I can't tell from your description exactly what your use case is.  However, I 
wrote SVN::Notify::Mirror[1] specifically to handle keeping multiple web servers 
up to date with repository changes.

The workflow we used specifically was this:

1) All normal work was performed on trunk and all trunk commits were immediately 
synced to a test web server using a post-commit script;

2) Large-scale reorg changes were done on a branch, and the test server was 
switched to the branch for the duration of that development process;

3) When code was ready to go to the production website, the developer would 
merely make a tag of trunk and the production server would switch to the new tag 
(which had to match a predefined regex).

This has worked extremely well at my previous job (I escaped) for the last 
several years with very little manual intervention.  The working copies on the 
test and production server do not need to be accessible by the developers at 
all, since the post-commit can use an SSH key to transfer files to the web user 
account.

John

1) http://search.cpan.org/search?query=SVN::Notify::Mirror

You'll also want to use SVN::Notify::Config for compact post-commit files (where 
the post-commit literally *is* the configuration data for the hook:

http://search.cpan.org/search?query=SVN::Notify::Config

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Check out best practices

[Matt imMute Sickler <im...@msk4.ath.cx>]

Steve Finkelstein wrote:
> Hi all,
> 
> I'm currently stuck in a situation where developers like to check out
> directly to a development Document Root with a PHP script.
> 
> The major problem with this is the fact that the document root needs
> to give the Apache user full permissions to write to the directory --
> and that's begging for trouble.
> 
> Does anyone have any best practices they use that they can share to
> allow web developers to update web directories with repository stored
> code? Anything besides giving them root on the servers would work for
> me.

Use a set-user-id script that does the update on behalf of the server.
Make the script run as the user who has write access already.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org