BLeg

I created this account specifically to post this because it's very important: @marlonZA Is correct. It WILL catch up to you eventually; please stop the violence and don't commit binaries and vendors.

I worked at a shop where our VCS was very ad-hoc and had people committing binaries, NuGet packages (C#'s version of Composer), logs etc... Our 15-project repository was ~120GB in 2-3 years. Backups took 6-8 hours because of the sheer number of files to be backed up, no one knew where anything was and training 6-8 people on "Don't commit vendors and binaries" was an absolute nightmare. Don't do it!

Elenktik

@larsnieuwenhuizen it is actually good practice to use git for deployment (see https://security.stackexchange.com/a/45467/108639 and https://stackoverflow.com/a/30846552/2311074).

@tobia But still, one should not upload the vendor folder for deployment. You can create a git hook for an automatic pull request on the server and automatically run composer. Installing composer on your server should not be an obstacle since you only need to upload a file to the server.

gavo

Why vendor is in gitignore as default? When you run composer update on local machine and after commit changes remote/production goes down, becouse dependencies is missing. Isnt better way to stay safe with auto deploy (via pipelines ..) with vendor folder on git?

I try add to my post-recieve hook and i see what happens on next push

composer update
/usr/bin/php artisan view:clear
/usr/bin/php artisan cache:clear

It seems that it works perfectly! Thank you.

Please sign in or create an account to participate in this conversation.