DEV Community

Cover image for GitLab Flow Best Practices
GitProtect Team for GitProtect

Posted on • Edited on • Originally published at gitprotect.io

GitLab Flow Best Practices

Computer science is a field that undoubtedly belongs to the fastest-growing areas of science in the history of humankind. Five years ago, creating a simple website or application often did not require much programming effort. Currently, a lot has changed, and with even the most straightforward website, you have to remember that it must be adequately displayed on computers, smartphones, and other devices. You cannot forget about the security aspect and of course the backup of the source code. This means that even the most straightforward projects require a group of highly skilled people for the software development process.

You may be surprised, but this is not a bad thing. Generally, the level of people’s awareness is increasing – IT specialists and users alike. The stronger attention to data security is a great example of this shift. The IT world is agile and it adapts to changes. After all, we have Dev(Sec)Ops and its best practices developed over time.

GitLab Flow, for what?

The speed and massive demand for new applications or new features in a given project mean that, for example, software development teams are so heavily loaded that they may not be able to notice a critical vulnerability or a code error. By implementing best practices in this regard it is possible to prevent most of the bugs and security glitches from even occurring.

Descriptions within the code

The most crucial one is also the most neglected – every developer should describe the changes made in the code in a clear and simple way. Even while working on the most basic application on the develop branch without a clear understanding of what a given component is responsible for could mean some real problems for the software team and – which is no surprise – business executives alike. Failure to describe even the most minor change may quickly escalate to a severe problem. Not to mention the fact that I don’t know a programmer who, after a few days, would be able to remember what he changed in the code on a given day and for what reason. Each of us has been in such a situation at last once before – we simply have to come to terms with the fact that memory is fleeting and fails us with time.

Managing branches

How many different branches can your project have? Five: two of which are primary branches in Git flow:

  • a master branch (or as it called in GitHub flow – main branch) is the branch where all the changes to the project eventually get merged back into,
  • and a separate develop branch, which is a branch created from the main one that serves as an integration branch for some features.

And also there are three types of supporting branches, which have absolutely different intended purposes – feature, hotfix and release branches.

  • feature branch is a copy of the main codebase the developers create to work on a new feature till it’s complete.
  • release branch is the one created from the develop branch and once DevOps has created one or a few release branches, they should be sure to apply only the major bug fixes to it.
  • hotfix branch or a maintenance branch is used by developers to quickly patch production releases.

Now, let’s take a closer look into the management of created git branches. First, we should always avoid changes to an already pushed branch because it may lead to a situation in which the branch [and code] that started with a specific purpose will do something completely different after a while – don’t create merge conflicts. Therefore, each significant change in a given branch should be pushed to our project as a new branch. Such a habit makes our code clean, semantic with readable history and description. It will also contribute to faster and more accurate documentation of the project itself. In addition, if we need to return to a given project after some time, we will not have to spend additional hours on the analysis when this change has been made…

The use of feature branches

Another important practice worth implementing is the use of so-called feature branches, which is nothing more than creating a new branch for each new feature. It is quite challenging to predict what even the slightly minor change in the code could cause and how the entire application will react. And if you encounter some problems at a later software development stage it will be much easier to pinpoint the time when the problem initially appeared.

The Main is the King

The main branch is the most important in our git workflow, and you should never forget about this. But errors happen all the time. In some cases, creating merge commits to the main branch with fully tested and revised changes will cause the application to stop working properly. Sometimes it’s caused by the fact that the main fix for our feature was introduced by a teammate, not within the main branch, but in his feature branch.

Most of such situations can be avoided by learning good practices related to our workflow. Each fix should first be carried out on the main branch, and each feature or even a minor change should be done with the idea of merging with the main branch as soon as possible. Of course, after the previous phases of testing, security check, and potential manual reviews.

Testing, testing, and testing one more time

Probably everyone will agree that testing is one of the most critical factors of every successful and secure project. Still, not everyone remembers to test everything, even the most minor change, in the main branch and every new branch, even the test branch of a new feature. For example, building tests at the pipeline stage in CI/CD will ensure that our trials will always be carried out. An important aspect should also be focusing on the tests themselves and checking now and then whether the tests functions themselves are up to date and checking what we care about a given project. Each commit should be tested, but also the entirety of the project should be reviewed at the agreed time. In addition, you can also conduct an external audit or even penetration tests from time to time. It all depends on what project we’re working on and what our final project is designed for. This is an important issue because a mobile application should be tested differently than a health service solution, i.e., confidential patient data.

GitLab Flow and CI/CD

It’s not a secret that today to have a fully automated CI/CD (continuous integration/continuous delivery) pipeline that can convert any commit to a new production deployment is considered a must in DevOps. A well-configured GitLab continuous integration and continuous delivery can allow teams to accelerate a given project and ensure that it will be produced following best practices. After all, it is the points configured in the CI/CD pipeline using the .gitlab-ci.yml configuration file that will make code, for example, tested and, if necessary, deployed with runners at every slightest change. The key is that a pipeline is well configured and the automation is based on the tags configured by a DevOps specialist.

This is not the end because we can also automate checking changes in terms of security or even insert a manual point in which a product manager or compliance officer will have to perform a backup. Here, of course, GitProtect.io will be of great help and will provide automated repositories and metadata GitHub, Bitbucket, and GitLab backup. The entire deployment should also be carried out automatically and based on a pipeline. Thanks to that we will avoid a situation where every person responsible for deployment will do it based on a different environment. Such a deployment should be found on the tags already mentioned, or the application should be built with each new branch and merged with the main branch.

Summarizing

Mastering the best practices and thus learning to automate key processes allows us to improve and accelerate work on projects, but that’s not all. The most critical issue is the point regarding the backup. Each version, and even the slightest change, should not only be well tested but also secured in the form of repository and metadata backup. This way we will avoid problems related to the readability of changes within code, appearing erroneous merge, etc.

✍️ Subscribe to GitProtect DevSecOps X-Ray Newsletter – your guide to the latest DevOps & security insights

🚀 Ensure compliant DevOps backup and recovery with a 14-day free trial

📅 Let’s discuss your needs and see a live product tour

Top comments (1)

Collapse
 
bcouetil profile image
Benoit COUETIL 💫

Sorry, did you describe the GitLab Flow somewhere ?