I was exploring options for deploying my ASP.NET web app by creating a publish profile when I noticed that .pubxml files are included in this .gitignore file (which I had been using):
https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
Searching around, the reasoning seems to be that either references to the publish profile or references in the publish profile contain absolute paths or other information that may only be valid on the local dev machine at the time.
Can anyone confirm the reasoning behind this exclusion?
It's stored in the . pubxml. user file. Because this file can store sensitive information, it shouldn't be checked into source control.
Publish profile files are named <profilename>. pubxml and are located in the PublishProfiles folder. The PublishProfiles folder is under Properties in a C# web application project, under My Project in a VB web application project, or under App_Data in a web site project.
Import the publish settings in Visual Studio and deployClick New or Create new profile. Select the option to import a profile. In the Publish dialog box, click Import Profile. Navigate to the location of the publish settings file that you created in the previous section.
How does Publish in Visual Studio Work? In simple terms, Publishing creates the set of files that are needed to run your application, and you can deploy the files by copying them to a target machine.
From Microsoft documentation (for ASP.NET Core 2.2 and up)-
When publishing to an Azure target, the .pubxml file contains your Azure subscription identifier. With that target type, adding this file to source control is discouraged. When publishing to a non-Azure target, it's safe to check in the .pubxml file.
Sensitive information (like the publish password) is encrypted on a per user/machine level. It's stored in the .pubxml.user file. Because this file can store sensitive information, it shouldn't be checked into source control.
I cannot confirm the reasoning but I can tell you what we do. I include the .pubxml files in source control due to the fact that any of us can publish to our DEV or TEST environments. I even checked the files themselves and did not see any local paths. But consider that we use web deploy, so long as we all have access to the same server to deploy to, then there is no problem.
So it really, IMO, depends on what deployment settings you use and if all of your team have access to the same servers.
No credentials and no local paths are stored in our .pubxml files.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With