It can be a potential security risk to use a Git workspace as the website directory. Because a Git workspace (the "work tree") contains the .git
directory, and if you make a configuration mistake, or the website gets hacked, the .git
directory might get exposed or leaked.
A safer way is to separate the Git repository and the working tree, for example like this:
git clone your_remote_repo_url /path/to/repo
mkdir /path/to/deployment
cd /path/to/repo
git checkout --work-tree /path/to/deployment -f
In this setup, /path/to/deployment
is a regular directory, without a .git
folder. The risk of the .git
folder ever getting exposed is smaller this way. You can still perform Git operations on the deployment directory using the --work-tree
flag as in the checkout
example above.
I do this way only on production sites, on DEV sites I use regular clones.