Git Best Practice with Coldbox

Communities ColdBox HMVC
1

Does anybody have any views about using Git with coldbox…

Running git using the standard .gitignore seems to mean that if you upgrade/change modules or versions you can’t get back to a working system.

However, zipping the whole directory means you can revert if necessary - this implies that the whole directory should be under git ie not using gitignore at all…

Any thoughts?

TIA

Tony

2

Why not? There’s no reasonable cause for your ColdBox installation to be unrecoverable simply because you don’t have packages tracked in source control. Do you track npm packages (the node_modules directory) in source control? It’s HUGE. There are enormous downsides to tracking 100 MB (or, shoot, 1 GB) of dependencies in version control, and there’s simply no reason to in the first place.

You talk about tracking the modules/ directory in version control, but never mention your box.json which is the source of truth for your dependencies.

Here’s how your development process should be:

  1. Write code.
  2. Add dependencies as needed - for example, box install cbsecurity. These requirements are noted in box.json which must be tracked in source control.
  3. “Pin” your dependencies to a specific version. i.e. install cbsecurity@3.0.0 instead of install cbsecurity.
  4. On development machine set up or CI build, etc. run git clone && box install and you are all set.

Your box.json 's dependencies should look something like this:

    "dependencies":{
        "coldbox":"6.0.0",
        "cbsecurity":"3.0.0"
    },

When running box install, you will get the exact versions of the exact dependencies you asked for.

This is far preferable to git tracking a huge amount of source code over which you have zero control. Your editor will be slower (file search auto-excludes directories ignored via .gitignore), your builds will be slower, and your git push commands will certainly be much slower.

2 Likes
3

With that said… If you have specific reasons why you can’t auto-install dependencies from Forgebox, then we can have that discussion. (For example, if you are a government entity who needs the ability to deploy offline with no Forgebox connection.)

So far, I haven’t seen any good reason to bundle the modules/ directory, but it may depend on your specific use case.

1 Like
4

Hi Michael

Yes - I overlooked that. Just running box install with the old box.json should bring back everything.

That was the step I missed - damm newbies!

Thanks

Tony

2 Likes
5

No worries! Being a “newbie” is the first step on the road to being a pro. :slight_smile: