Branching Strategy
Branching strategy is a methodology for a team to version control their application development lifecycle. Version control systems (Git in our case) are used alongside automated testing, code reviewing, vulnerability detection, and other CI/CD tools to help a team roll out features quickly and safely.
GoGov currently uses Gitflow as a branching strategy.
On a weekly basis (during maintenance, this interval can be longer), we fork a release-x.xx branch off of develop, where x.xx is the new version number of the application. Creating the branch starts the next release cycle, so no new features can be added after this point. Only bug fixes, documentation generation, and other release-oriented tasks go in this branch. At the same time, we also push the develop branch to the edge branch to build and push to our staging environment for tests.
During release, the release-<version_number> branch is merged into release, which is configured to build and push to our production environment. In addition, it should be merged back into develop to incorporate the documentation changes.
Only once it's proven stable, the release-<version_number> branch is merged into master so that master always reflects a production-ready state.
The diagram below shows a Gitflow setup similar to the one described above. (TODO: update with more accurate diagram)
Using a dedicated branch to prepare releases makes it possible for one developer to polish the current release while another developer continues working on features for the next release.
We use GitHub Actions to manage our CI/ CD.
Both unit and end-to-end tests currently run on every pull request within the virtual environment.
We have vulnerability detection tools, Dependabot, Synk,and CodeQL running on our repository. CodeQL runs on every pull request to analyse the repository to verify that no vulnerable code is introduced, whereas both Dependabot and Synk focus on finding vulnerabilities in the external dependencies used by the repository.
The develop, release, and master branches are all protected branches. PRs made to these branches require at least one approval (as well as all the tests to pass) before merge.
The edge branch is unprotected, and any pushes to edge will automatically build and deploy the application to our staging environment. If a developer wants to test out a new feature/ infrastructure/ migration or share any changes with designers/PM, they should test their changes out on staging environment by pushing to the edge branch.
The edge and release branches are configured to deploy automatically to our staging and production environments respectively.
The edge branch deploys to our staging environment, not staging. We sometimes regret this choice of terminology too.
As mentioned above, master always reflects a production-ready state, so we do not put our releases into master until they have proven stable.