Git tools
When working with git for sometime you might encounter some challenges. From making mistakes to growing needs for strategies of branching and merging to monitor the history of accidental committing of secrets.
Learning
There are some resource to learn git - here is a guide you can use to teach someone a bit more about git
Making mistakes
Be careful what you are doing because you are altering the past, it can have unforeseen consequences for the present and future!
Branching and merging
The obvious one is git-flow. Personally I have not used it in any team so far because the "overhead" was just not worth investing time in. The branching model that worked for me best so far:
Having
- master branch -> CI/CD -> to production / pre production
- develop branch -> CI/CD -> to dev stage
- feature branches -> CI/CD -> to verify dependencies are up-to-date, linting, unit|e2e tests are passing
Merging is always done from feature to develop to master branch. You can gather multiple features in develop and at the end of the sprint / development period merge to master.
This allows you to do hot fixes in production at anytime. Later you can than decide if you merge / cherrypick the hotfix to develop or anything else that works for you.
Monitoring your history
There have been some reports of people pushing private keys to public repositories. To check your repositories history for common security relevant filenames and extensions the UK Home Office has published a repo-security-scanner than can be configured to look for certain things in the history.
Be aware that this is only a post commit measurement, so stuff has already been committed and maybe pushed.