Disclaimer: I am personally quite sceptical of using Git as a deployment tool. A real build / deployment tool will offer many things Git does not do: versioning rules, compilation/preprocessing, managing file permissions etc.. If you "deploy" using Git, these steps usually have to be manual, which sucks. However, you seem to be satisfied with your deployment process in principle, so I'll stop arguing with that.
To address your questions:
Question: Should I be running/checking out the master branch or the
tagged version of master on the production box?
Both can work, but I'd prefer using a tagged version. The files pulled down will be exactly the same, so no difference there. However, using a tagged version is safer in some cases:
- If someone should push to master in the time between tagging and deployment, you still get the right version.
- If someone were to later just run
git pull
on production, with default settings and master
checked out Git would fetch the latest state of master
(whatever that is). If a tag is checked out, nothing will change.
I'm aware that running with a tagged version will do so in a detached
state but I don't really see an issue with that, except for when
needing to do a hotfix?
I really hope you are not implying that you intend to commit (and possibly even develop) hotfixes on production? If yes, then please don't :-).
Anyway: Yes, the detached HEAD state should not be a problem. I'd actually see it as a benefit, as it makes it clear you are not supposed to commit things on production. If you really, really feel you must, you can always create and checkout a branch later when you need to (but please don't).
Finally, a word of advice:
Then, on the production box, we fetch and merge the latest version of
master (by running git pull origin master)
Even if you insist on using Git for deployment, it is not a good idea to use git pull
, because git pull
will automatically perform a merge if the wrong branch was checked out before (or if you even have local commits, which you hopefully don't). The merge will cause you to have an (untested) mix of data from different branches. Rather, I'd recommend you use:
git fetch
git checkout MY_VERSION_TAG
That way, you'll get exactly the files from MY_VERSION_TAG
. In addition to that, I'd strongly recommend you check for local modifications using git status
before the deployment. If any are found, investigate them before deploying.