TYPO3.CMS.BaseDistribution icon indicating copy to clipboard operation
TYPO3.CMS.BaseDistribution copied to clipboard
verified publisher icon TYPO3

.gitignore too agressive resulting in a broken site

Open unn opened this issue 6 years ago • 8 comments

I am new to Typo3 but not to the PHP/CMS world.

I followed the documentation and ran composer create-project typo3/cms-base-distribution typo3 which produced a nice and tidy typo3 10.1.0 site for me to play around with in ddev.

I ran a quick git init in the typo3 directory and committed everything.

The site works great in ddev, however, when I try to move it to a host provider via git repo there are problems. It seems to stem from an overly aggressive .gitignore that excludes the public directory.

$ git status --ignored
## master
?? .ddev/
!! .ddev/ #and various ddev related ignores removed for readability
!! public/fileadmin/
!! public/index.php
!! public/typo3/
!! public/typo3conf/.gitignore
!! public/typo3conf/AdditionalConfiguration.php
!! public/typo3conf/PackageStates.php
!! public/typo3conf/ext/
!! public/typo3temp/
!! var/
!! vendor/

My gut says that I need most of these files in the repo. I don't know best practices for which directories and files are safe to commit so that I don't pollute my repo with secrets. And it seems like some paths, public/fileadmin/ and public/index.php, shouldn't be ignored in the first place.

unn avatar Oct 03 '19 10:10 unn

Hey @unn

Looks not so bad. The fileadmin folder you normally never commit, so fine here. The only thing I see is public/typo3conf/, where you normally commit the LocalConfiguration.php and perhaps PackageStates.php and AdditionalConfiguration.php. The public/typo3conf/.gitignore is created by DDEV btw which additionally ignores the AdditionalConfiguration.php.

Final conclusion: it's not a bad start and you always can adapt the .gitignore to your needs!

gilbertsoft avatar Dec 13 '19 19:12 gilbertsoft

@unn Are you ok with closing this issue or do you still think something has to be changed?

gilbertsoft avatar Sep 10 '20 04:09 gilbertsoft

I think something needs to be changed, not sure exactly what though. With a mind towards the new user experience, deploying directly via git, I would assume that this distro should result in a functional site. It does not. And I can't find great docs on how to unwind the .gitignore to suit this use case well. Otherwise, I would have submitted a PR.

unn avatar Sep 10 '20 07:09 unn

Well, deploying directly with git is not option imho as you always have to run composer install --no-dev during your deployment. Ok one could say using git hooks for this but you will be happier using a professional deployment tool like TYPO3 Surf, Deployer, Magallanes etc. etc. As already said public/fileadmin will never ever be commited to a repo as it can contain terra bytes of binary data which makes absolutely no sense to put it in revisioning. The second mentioned one the index.php is created by the cms-composer-installers package during composer install / update and does also not need to be commited. I guess you also look for a best practise for DDEV Live? Maybe we better continue the discussion at Slack in #ddev or #ddev-live...

gilbertsoft avatar Sep 10 '20 08:09 gilbertsoft

I am new to Typo3 but not to the PHP/CMS world.

Welcome to TYPO3 👍

My gut says that I need most of these files in the repo.

Actually, the current .gitignore exactly reflects which files should be committed and which ones should not.

I don't know best practices for which directories and files are safe to commit so that I don't pollute my repo with secrets.

Unfortunately there is no canonical way to pull in secrets into TYPO3 configuration. The most accepted (and also most simple way I guess) is using env vars and pulling in the env vars in typo3conf/AdditionalConfiguration.php. For a very simple way to set your env vars, helhum/dotenv-connector is recommended.

And it seems like some paths, public/fileadmin/ and public/index.php, shouldn't be ignored in the first place.

That is wrong. public/fileadmin is the folder in which TYPO3 editors add files. This folder absolutely does not belong in version control. public/index.php is generated automatically, thus also does not belong in version control.

@gilbertsoft

The public/typo3conf/.gitignore is created by DDEV btw which additionally ignores the AdditionalConfiguration.php.

That basically conflicts with the main .gitignore of this dist. Not sure how this can be resolved cleanly and consistently, because this file is required 99% of the time to be committed for production. But that rather is a question for TYPO3 (introducing canonical way of handling secrets) and ddev (using the new feature)

@unn Do you have further questions? Then, as Simon already wrote, you're welcome to join Slack, which might allow an easier way of direct communication.

helhum avatar Dec 26 '20 14:12 helhum

You shouldn't commit LocalConfiguration.php. It contains secret information and environment specific settings.

You should commit AdditionalConfiguration.php because it's where you'd add your custom configuration functionality that can't / shouldn't be added to LocalConfiguration.php.

I argue that this line need to be removed: https://github.com/TYPO3/TYPO3.CMS.BaseDistribution/blob/5a37398dc765d7b31436e4a0c110e5250fce1075/.gitignore#L11

https://github.com/TYPO3/TYPO3.CMS.BaseDistribution/pull/36

benabbottnz avatar Dec 28 '20 09:12 benabbottnz

@benabbottnz

You shouldn't commit LocalConfiguration.php. It contains secret information and environment specific settings.

As already stated above, there are several ways to not include the secret and environment specific data in LocalConfiguration.php:

I am currently not sure, what the "official recommendation" is, I think that might be a good idea to sort that out and add the information to the official "Installation guide". Apart from that, anything that @helhum says is already pretty much official for me - especially for the topics Composer and base distribution.

I generally agree - some things should be made easier for new users - but it is not always to figure out how.

The topic deployment is currently underdocumented. I would expect a minimal documentation for that, also in the "Installation Guide".

sypets avatar Dec 28 '20 10:12 sypets

The public/typo3conf/.gitignore is created by DDEV btw which additionally ignores the AdditionalConfiguration.php.

That basically conflicts with the main .gitignore of this dist. Not sure how this can be resolved cleanly and consistently, because this file is required 99% of the time to be committed for production. But that rather is a question for TYPO3 (introducing canonical way of handling secrets) and ddev (using the new feature)

There are multiple ways. DDEV tries to set some sane defaults to get a project running out-of-the-box. Once the project is correctly setup I'd suggest to set disable_settings_management to true in the .ddev/config.yaml see https://ddev.readthedocs.io/en/stable/users/extend/config_yaml/. Then the .gitignore will not longer be created by DDEV and you can properly manage the AdditionalConfiguration.php on your own. Just copy the DDEV's presets and modify the file to your needs.

gilbertsoft avatar Mar 08 '22 09:03 gilbertsoft

@gilbertsoft thanks for linking this issues.

Please, give me hard reasons why i should put LocalConfiguration in git.

Please, this is a strong issue for me. I collected 6 daily issues against (https://github.com/TYPO3/TYPO3.CMS.BaseDistribution/issues/49).

The only pro reasons, I know, are:

  1. everyone does that
  2. it's the .gitignore from typo3
  3. I want to save 1 minute livetime when checking out an old project

If there are more - let me know.

mxsteini avatar May 10 '22 08:05 mxsteini