Website Releases via Subversion (SVN)

Posted At : July 5, 2006 9:54 PM | Posted By : Mark
Related Categories: General

One of the best uses that we have put subversion to is a way to handle code releases to live web servers. It has a number of major benefits over other methods of releasing web sites.

For example, when using FTP you have the option to copy over the site each time which leaves lots of old files hanging around if you remove files from you website.

Alternatively you can upload a complete new copy of you code, which can take a considerable amount of time for a large code base, and you then have to switch the running to the new code.

Using subversion gives the following benefits:

  • Simple and fast to do a site release
  • Can always check that the versions of files on the server are what you think they are
  • Automatically removes files from live servers that are no longer used and have been removed in the subversion repository
  • Can show you if any files have been changes or added to live site
  • Easily move back and forward between releases
  • Simple to keep multiple servers (cluster) in sync.
Potential issues:
  • Security considerations
  • Conflicts in code-base if people edit on live (which is a big No, No)

The main security consideration is that a working copy of a subversion repository contains a duplicate copy of the current version in .svn directories which allows for quicker compares as it is a local file compare not a network operation.

However, this would allow a crafty hacker to browse to www.example.com/.svn/ and potentially get access to view the code of the pages that run your website which is always a bad thing.

We can manage this issue however thanks to the very customisable security in apache (assuming you are using it) to disallow access to all directories with .svn in it.

#Remove access to all .svn directories
<Directory ~ "\.svn">
   Order allow,deny
   Deny from all
</Directory>

Note: It may be possible to do the same with IIS, so please let me know if it is.

To check out a project/website into the current directory use:

svn co http://www.example.com/svn/repos/projectname/tags/1.0 .

Then when it comes around to doing a release to the next version you use

svn switch http://www.example.com/svn/repos/projectname/tags/1.1

Easy as that!

Comments (14) | Print | del.icio.us | Linking Blogs | 5046 Views
Comments
[Add Comment]
Brendan's Gravatar Would you need access to the command line on the live server?

Have you looked at anthill and cruise control automated build and release tools?
# Posted By Brendan | 7/6/06 12:06 AM
Mark's Gravatar Hi Brendan, Yes, you do need access to the command line in the live server. So it's not really suitable for shared hosting.

I haven't come across anthill or cruise control, I'll add them to my list of software to evaluate. Do you have any experience with these? Any recommendations?

Cheers,
Mark
# Posted By Mark | 7/6/06 10:46 PM
Brendan's Gravatar Hi Mark, have tried both, but could only get anthill to work succesfully, probably more to do with me than cruise control.

Definitely both worth evaluating, think they would fit nicely into to how you are working already. i.e building sites directly from subversion.
# Posted By Brendan | 7/7/06 12:51 AM
Brendan's Gravatar Forgot to say, I used apache & tomcat servet container for anthill and deployed from the war file
# Posted By Brendan | 7/7/06 12:59 AM
pan69's Gravatar A very good practice to do a checkout of svn for a live server for all the reasons you describe. Unfortunatly, this only works well for you own server. If you must work a clients server this scheme will probably not work.
# Posted By pan69 | 7/7/06 9:23 AM
Dave Carabetta's Gravatar Have you looked into rsync? It does all you have listed and more. It's such an incredible job of diff-ing between the source and target directories, with full functionality to exclude files/directories of your choice. I have used it in our cluster setup for a few years now and it's a breeze to use.
# Posted By Dave Carabetta | 7/8/06 12:22 AM
Mark's Gravatar Pan69 - I'm not sure what you mean by 'work a clients server this will probably not work'. If you have command line access there is no reason not to. Granted many clients may not give you that level of access.

Dave - I'm looked into rsync briefly and it does do pretty much everything I'm doing, except that it does not do a direct checkout from subversion - so going the Rsync route would actually add another step to the process. It may be that it will be a useful step down the track so I'll keep it in mind.

Cheers,
Mark
# Posted By Mark | 7/10/06 9:23 AM
Jamie Jackson's Gravatar Rsync's *great* in theory, and it is probably a top-notch solution for normal-sized sites, since you can automatically exclude SVN admin directories, make it delete orphans on the destination, etc..

However, I have a 1.2 GB site, and using rsync for it is very slow. I'm probably going to have to keep working copies on the live server, and update those (as is outlined in the blog).

Unfortunately, I haven't figured out yet how to deny access to .svn directories in IIS.
# Posted By Jamie Jackson | 8/31/06 2:29 AM
Joshua Curtiss's Gravatar If someone can figure out how to remotely do an SVN "checkout" or "switch" command via FTP to a server, we shared hosting folks would be in business. I have yet to figure out how to make the deployment process for my shared hosting FTP-only access sites as seamless as my sites that are on my own server that I have command-line access to.
# Posted By Joshua Curtiss | 9/5/06 2:41 PM
Brook's Gravatar Is there any way to selectivly release code. Like a directory, or a set of files - as opposed to publishing the entire site.

Also, any way to restrict files. Like for example, if you have multiple servers in a cluster, and a config file that has server specific paths, how do you control releasing these files between servers in the cluster?
# Posted By Brook | 6/25/07 5:01 AM
David Lakein's Gravatar I haven't tried this yet, but there's also Java client libraries for SVN; either JavaHL or SVNKit.

Some examples of using SVNKit in CF:

http://code.google.com/p/cfdiff

http://www.skweegee.com/
# Posted By David Lakein | 8/3/07 12:57 AM
Guilherme Krycek's Gravatar If someone knows how to do a checkout or update command via FTP to a server, like Joshua Curtiss says, let me know. I guess to do that some kind of tool will be necessary.

I have no access to ssh in my webserver, so I tryed mounting my ftp account in my local filesystem using fusefs-curlftpfs but it didnt work :(

I'm searching about it for a while and i can't find a good solution for it.

There is also a piece of code named ftpsync that aims to sync local folders with ftp folders. But I couldn't figure out how to set exclude folders and files to it.

Any ideas will be welcome.

:)
# Posted By Guilherme Krycek | 8/17/07 10:40 PM
Mark's Gravatar Re denying access on IIS. From http://www.geeksxmlkit.crisp-studio.com/quickstart...

Protecting files
You can use standard ASP.NET 2.0 content protection techniques. For example, you can deny access to all .xsl files by adding this snippet to <httpHandlers /> section in Web.config:

<add path="*.xsl" verb="*" type="System.Web.HttpForbiddenHandler" />
Alternatively, you can protect any folder by placing this Web.config file in it:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>

So i guess the first method would work. I have not been able to test this effectively however as I can't work out how to access the .svn files anyway. Perhaps down to the mime types not being recognised? Or user permissions? So it may not be an issue but if anyone else has further input I would be interested to hear.
# Posted By Mark | 2/1/08 9:31 PM
Bryce Fischer's Gravatar My two cents.. Instead of doing a "checkout" do an "export". That way, you don't get the .svn folders.
# Posted By Bryce Fischer | 4/20/08 6:06 AM
[Add Comment]