Bedrock's "Allow File Mods" & production environments


#1

Hello!

Just wanted to get some input from others in the Bedrock community.

We’re currently using Bedrock & Sage for all of our builds. We manage the plugins with Composer. It’s fantastic.

The problems come up after deploying to Production environments. At this point, we’re allowing the client to install plugins and update the site software themselves.

This means that the composer-based dependency management is somewhat thrown out the window after the site launches. Clients need to be able to update their software for new features & security. Since the clients can install their own updates, it also resulted in us downgrading some plugins during deployments and things of that nature.

So we dropped composer dependency installation on production deployments. That’s where we’re currently at.

I’m just curious if anyone else has a different solution to this problem? Or any other input? I mean I would love to continue managing the site’s plugins via composer. It would be nice if plugin installations/updates triggered an update to the composer file. That way we could at least download it, run composer update & commit it.

Would love to hear from the community on this topic.


What happens to the site dot Git directory on production deploy
#2

I’m currently scouring forums and GitHub issues to find a solution to this. Clients need to be able to update their plugins in case of security issues and what not. Maybe they also need a plugin or so.

Do you have any update on this compromise? @joshbourke