Rolling, rolling, rolling back nothing I love more than communicating why we had to roll back again (⁠ノ⁠ಠ⁠益⁠ಠ⁠)⁠ノ

  • kkj@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 day ago

    Fix your shit and it won’t stop you from committing.

    It’s also usually only on certain branches, so you can make a branch where you break things and then fix them before you merge to testing/main/whatever.

    • SandmanXC@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 day ago

      TIL precommit hooks can be set per branch. I was being facetious to begin with but this sounds pretty good actually.

      • kkj@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 day ago

        What do you do if you have code that isn’t complete enough to work? Do you have to just leave it untracked?

        • chellomere@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 day ago

          I don’t know what others do, but I personally whip out git commit -n and bypass the hooks in this situation.

        • neonred@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 day ago

          If you have code that is not complete it is not qualified to be deployed. Cut work items into smaller chunks but never deploy not fully, 100% working and tested stuff. Not even on dev.

          • kkj@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 day ago

            Every branch you have deploys on commit? You have to fully QA all of your code before it goes into any sort of source control?

            • neonred@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 day ago

              Not quite.

              • Every commit is just a local commit
              • Every push runs pre-hooks which execute bunch of checks, for example linters, style checkers, etc. and prevent a push if something is not perfect
              • After every push the CI/CD pipeline runs on origin
              • Every run of the pipeline executes again checks with linters but also securoty checks for CVEs on dependencies and runtime
              • Every pipeline run also executes all tests such as unit tests, scenario tests, integration tests
              • If any of the above fails, the pipeline fails and stops
              • Only if everything is okay, one can deploy on dev, the first stage
              • Only if this is okay, the artifact gets pushed to the central artifact store
              • Only if this suceesa a prod deployment can run, which pulls the artifact from the store
              • Runners for dev and prod are distinct and don’t have rights the other has, the only common contact point is the artifact store

              That’s an extremely very basic overview with many steps and concepts omitted but you get the idea.

              • kkj@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 day ago

                That seems reasonable to perform on protected branches, but I’m not a fan of protecting all branches. That could leave valuable code with a single copy on a dev machine. I’d rather have it pushed to an unprotected branch and then be checked on merge instead of push.

              • chellomere@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 day ago

                So, what if I want to push some debug or preliminary code to a topic branch, would this system prevent this if all tests don’t pass?

                • neonred@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 day ago

                  No, it does not prevent pushing (as long as the pre-hooks work) but you cannot deploy from a failed pipeline/branch because you have defective software, as proven by failed tests.