Visual Studio Publish Profiles - Why not track in source control?

Question

I was exploring options for deploying my ASP.NET web app by creating a publish profile when I noticed that .pubxml files are included in this .gitignore file (which I had been using):

https://github.com/github/gitignore/blob/master/VisualStudio.gitignore

Searching around, the reasoning seems to be that either references to the publish profile or references in the publish profile contain absolute paths or other information that may only be valid on the local dev machine at the time.

Can anyone confirm the reasoning behind this exclusion?

Answer 1

From Microsoft documentation (for ASP.NET Core 2.2 and up)-

When publishing to an Azure target, the .pubxml file contains your Azure subscription identifier. With that target type, adding this file to source control is discouraged. When publishing to a non-Azure target, it's safe to check in the .pubxml file.

Sensitive information (like the publish password) is encrypted on a per user/machine level. It's stored in the .pubxml.user file. Because this file can store sensitive information, it shouldn't be checked into source control.

Answer 2

I cannot confirm the reasoning but I can tell you what we do. I include the .pubxml files in source control due to the fact that any of us can publish to our DEV or TEST environments. I even checked the files themselves and did not see any local paths. But consider that we use web deploy, so long as we all have access to the same server to deploy to, then there is no problem.

So it really, IMO, depends on what deployment settings you use and if all of your team have access to the same servers.

No credentials and no local paths are stored in our .pubxml files.