icon

Use Source Control When Hiring Freelance Developers!

I see this too often - a directory on a server full of files like …

1
2
3
4
5
main.js
main.js.5.4.2017
main.js.bak
main-old-code.js.bak
previous_site_from_2016/

This is a sign that the developer was scared of thier changes… and they weren’t using any sort of source control system to let them revert their change. A source control system like “git” keeps track of every single line-by-line changes to every file in a project and allows multiple developers to make changes concurrently to the same project.

When I restarted my freelance business I hoped client expectations had moved up to the point where every customer asked for this. I didn’t think clients would still allow a developer to just log directly into their server with SSH or FTP and start pushing files up or editing directly.

Don’t Let Just Anyone SFTP Files Onto Your Server

  • What happens when your web host crashes or has extended downtime? How are you going to deploy your code to another server?
  • What happens if you are hacked? How will you get your site back to a known good clean state?
  • How will you roll back and fix any mistakes or malicious changes?

Doing It Right (It’s Called DevOps)

  1. Go sign up for git hosting at bitbucket or gitlab or pay for a private repo at github.
  2. Then hook it into a continuous deployment system pointed at your web hosting dev site - so that every time code get’s pushed to the master branch that code is deployed to your dev server and it can be reviewed there.
    • Azure Websites has a great hosting setup UI and Continous Integration support from popular Source Control Systems (even dropbox!)

If you’re hiring a freelancer for development, you can probably also find a freelancer to set up the source control repository and continuous deployment if the other developer isn’t comfortable getting it set up.

That way no code can make it onto your server without being stored in a private git repository.

Bonus points: make the developer use environment variables for any api keys or environment specific usernames passwords that the site uses. This way the dev can use dev keys and you keep your production keys private, and they don’t get leaked in the source control system.