User Folder in Git Repo

Archive
1

Hi all! I’m just starting up a grav blog and was wondering the best way to use git with grav. I’ve created the basics of a custom theme, added the admin plugin, added a user, etc locally. I’m going to create a git and use this to pull on my server the latest theme changes etc. This also will save all my blog posts etc. I want to only upload the user folder so I don’t have to worry about my version being behind/ahead etc. I’m wondering if I can safely upload the user/accounts folder to a public repo (for future employers to view my work etc) or any other folders I should avoid.

My current gitignore is this:

# Grav Specific
.sass-cache
composer.lock
cache/*
assets/*
logs/*
images/*
user/data/*

# All but user folder
.htaccess
CHANGELOG.md
CONTRIBUTING.md
LICENSE.txt
README.md
backup/
bin/  
composer.json
index.php
robots.txt
system/
tmp/
vendor/
webserver-configs/

but I haven’t done any commits yet until I have you guys weigh in. Thanks!

2

I would think the only folders you’d want are user/themes and user/pages. Config would be nice, but it can contain sensitive info. Ignore everything else. Alternatively, create two repositories, one for theme and one for content.

3

if i don’t have user/config then I have to update that on my remote each time if it changes (site description etc). I think the only sensitive one is security.yaml yes?

4

Depends on your plugins. Numerous plugins (e.g., recaptchacontact, loginoauth, iplocate) require API keys that you wouldn’t want to expose. Site and system.yaml should be fine.

5

cool. i’ll exclude those from my repo :slight_smile:

6

Alternatively, you can use https://bitbucket.org/
Bitbucket Cloud is free for small teams of 5 members and you can use private repositories

7

i have private repos on github, that’s not the issue. just wondering if i can host it on a public one and if i can what i should hide etc. thanks!

8

The user-folder is in essence safe to version with Git, even in a public repo, given that you’re comfortable with the personal details often found in site.yaml: Commonly an email address.

As site.yaml and system.yaml is often considered sensitive, not for personal data, but for server configuration, I would just exclude those two specifically.

On a recent project I synced the user-folder entirely, barring these two files, including themes, plugins, pages, and plugin-configs. None of these contain personal data, as the email addresses used in the FrontMatter of pages were masked.

9

I would recommend .gitignore-ing user/data/ and user/accounts/