Skip to content

Instantly share code, notes, and snippets.

@lrvick

lrvick/distributed_trust_git_flow.md

Last active February 20, 2019 00:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lrvick/d7eeeede1019d83d1b16cf65549e6815 to your computer and use it in GitHub Desktop.
Save lrvick/d7eeeede1019d83d1b16cf65549e6815 to your computer and use it in GitHub Desktop.
Download ZIP
An opinionated git workflow optimized for a strong resistance to tampering by any single party.
Raw
distributed_trust_git_flow.md

Distributed Trust Git Flow

Goals

  • Remove chance of undetected malicious or accidental mutations of code in VCS
  • The VCS and review tool servers as well as their maintainers must never be trusted.
  • We must be able to cryptographically prove
    • Who authored all commits
    • Who on engineering team signed the release candidate tag on a ref
    • Who on release team signed the release tag for a ref

Implementation

Branches

Branch Usage
production HEAD is always the current tag running in production
staging HEAD is always the current RC tag in staging environment
master All commits have passed code review by peer of the author
* Feature branches, for WIP code. Normally contain ticket numbers

Normal Workflow

  • Author
    • makes feature branch
    • makes one or more commits to feature branch
    • signs all commits with personal HSM
    • Optional: Squashes and re-signs sets of commits as desired
    • Submits code to peer for review
  • Reviewer
    • Collaborates on changes with author until satisfied.
    • Merges reviewed branch into master branch
    • Preferred:
      • review/merge is done on local system with signed merge commit
      • this offers cryptographic stamp of code review
      • Alternatively: attach a signed review in git-notes on the ref
  • Team Lead
    • Merges all code that should go into the next release into 'staging' branch
    • Locally reviews complete diff of staging and master for critical issues
    • Adds a new Release Candidate tag on HEAD signed with personal HSM
  • Release Engineer
    • Verifies all policies have been met for latest Relase Candidate tag
    • Deploys to staging environment
    • Confirms features are validated to work as expected by QA process
    • Merges Release Candidate tag to production
    • Adds a new Release tag on HEAD signed with personal HSM
    • Deploys same artifact(s) generated for Release Candidate tag to production

Hotfix workflow

  • Author
    • Branches from currently deployed tag
    • Makes signed commit with fix
    • Informs team lead of the hotfix commit hash
  • Team Lead
    • Reviews hotfix commit locally
    • Adds a new Hotfix Candidate tag on hotfix commit with personal HSM
  • Release Engineer
    • Optional: Deploys Hotfix Candidate tag to staging environment
    • Optional: Confirms features are validated to deploy and pass health checks
    • Merges Release Candidate tag to master
    • Adds a new Release tag on HEAD signed with personal HSM
    • Deploys same artifact(s) generated for Hotfix Candidate tag to production
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment