best practices & tips using git · 2019. 10. 1. · best practices & tips using git randy...

Best Practices & Tips using Git

Randy Pagels

Azure Specialist - Application Development

US Great Lakes Region

Unlimited private Git repo hosting and support for

TFVC that scales from a hobby project to the

world’s largest Git repositories

Azure Repos

https://azure.com/devops➔

Works with your Git clientSecurely connect with and push code into your Git repos from any IDE, editor, or Git client.

Web hooks and API integrationAdd validations and extensions from the marketplace or build your own using web hooks and REST APIs.

Semantic code searchQuickly find what you’re looking for with code-aware search that understands classes and variables.

1.1B in 2018

33M

100M

5M vulnerability alerts in 2018

Home to the most

important and popular

open source projects

on the planet

▪

▪

refs/pull/*/head refs/remotes/origin/pr/*'

refs/pull/*/merge refs/remotes/origin/pr/*'

Azure Pipelines

Microsoft Security Code Analysis

Sonarqube IntegrationAnalyze the quality of your source code to detect bugs, vulnerabilities and code smells throughout the

development process.

The Microsoft Security Code Analysis extension easily integrating the running of static analysis tools

in your Azure DevOps pipelines.

Simple Configuration and Execution

✓ Adding security static analysis tools to your build is as simple as

adding new build tasks.

✓ The tasks run as part of your DevOps pipeline and produce logs with

results of any findings.

Keep Your Builds Clean

✓ Configure the extension to introduce a build break should any new

issues being introduced and detected.

✓ Configure continuous integration builds, to run on every pull request.

Auto-Update

✓ The Azure DevOps build tasks and tools can be set to stay up-to-date.

✓ If there is an updated version of the tool, there is no need to download

and install it; this extension takes care of that for you.

https://secdevtools.azurewebsites.net/

SourceManage your open source usage and security in your pipeline

Detection

✓ Automatically detect all open

source components in your code,

while running your build

Selection

✓ Discover the best open source

components for your needs, while

you search online

Alerting

✓ Get real time alerts on security

risks, policy pitfalls, and software

bugs

Reporting

✓ Generate comprehensive, always

up to date reports on your open

source usage, in one click

blob d65b79a... image.png 83MB

commit 03ce18e...

commit 69a846f...

blob af5626b... image.png 78MB

commit 7fbc67a...

blob 43e6ac7... image.png 75MB

commit 12177ab...

blob 0819cba... image.png 68MB

blob d65b79a... image.png 83MB

commit 03ce18e...

commit 69a846f...

blob af5626b... image.png 78MB

commit 7fbc67a...

blob 43e6ac7... image.png 75MB

commit 12177ab...

blob 0819cba... image.png 68MB

blob d65b79a... image.png 128B

commit 03ce18e...

commit 69a846f...

blob af5626b... image.png 128B

commit 7fbc67a...

blob 43e6ac7... image.png 128MB

commit 12177ab...

blob 0819cba... image.png 128B

▪

▪

▪

Organizations tend to produce branching structures that copy the organization chart.

Old way - Composing Isolation Mechanisms

Fixes Hotfixes

Release Service Pack

MainIntegration

Team A

Team B

Team C

Feature 1

Feature 2

Release

Trunk-Based Branching Strategy

master

bugfix

feature

topic

topic

topic

topic

topic

Github Flow & Release Flow

master

bugfix

feature

topic

topic

topic

topic

topic

Release v.120

Release v.121

Ways to improve trunk-based development

• Develop in small batches and commit often.

• Perform synchronous code review.

• Implement comprehensive automated testing.

• Have a fast build.

• Create a core group of advocates and mentors.

• Release from Master.