- Remove chance of undetected malicious or accidental mutations of code in VCS
- The VCS and review tool servers as well as their maintainers must never be trusted.
- We must be able to cryptographically prove
- Who authored all commits
- Who on engineering team signed the release candidate tag on a ref
- Who on release team signed the release tag for a ref
Branch | Usage |
---|---|
production | HEAD is always the current tag running in production |
staging | HEAD is always the current RC tag in staging environment |
master | All commits have passed code review by peer of the author |
* | Feature branches, for WIP code. Normally contain ticket numbers |
- Author
- makes feature branch
- makes one or more commits to feature branch
- signs all commits with personal HSM
- Optional: Squashes and re-signs sets of commits as desired
- Submits code to peer for review
- Reviewer
- Collaborates on changes with author until satisfied.
- Merges reviewed branch into master branch
- Preferred:
- review/merge is done on local system with signed merge commit
- this offers cryptographic stamp of code review
- Alternatively: attach a signed review in git-notes on the ref
- Team Lead
- Merges all code that should go into the next release into 'staging' branch
- Locally reviews complete diff of staging and master for critical issues
- Adds a new Release Candidate tag on HEAD signed with personal HSM
- Release Engineer
- Verifies all policies have been met for latest Relase Candidate tag
- Deploys to staging environment
- Confirms features are validated to work as expected by QA process
- Merges Release Candidate tag to production
- Adds a new Release tag on HEAD signed with personal HSM
- Deploys same artifact(s) generated for Release Candidate tag to production
- Author
- Branches from currently deployed tag
- Makes signed commit with fix
- Informs team lead of the hotfix commit hash
- Team Lead
- Reviews hotfix commit locally
- Adds a new Hotfix Candidate tag on hotfix commit with personal HSM
- Release Engineer
- Optional: Deploys Hotfix Candidate tag to staging environment
- Optional: Confirms features are validated to deploy and pass health checks
- Merges Release Candidate tag to master
- Adds a new Release tag on HEAD signed with personal HSM
- Deploys same artifact(s) generated for Hotfix Candidate tag to production