best practices & tips using git · 2019. 10. 1. · best practices & tips using git randy...
TRANSCRIPT
Best Practices & Tips using Git
Randy Pagels
Azure Specialist - Application Development
US Great Lakes Region
Unlimited private Git repo hosting and support for
TFVC that scales from a hobby project to the
world’s largest Git repositories
Azure Repos
https://azure.com/devops➔
Works with your Git clientSecurely connect with and push code into your Git repos from any IDE, editor, or Git client.
Web hooks and API integrationAdd validations and extensions from the marketplace or build your own using web hooks and REST APIs.
Semantic code searchQuickly find what you’re looking for with code-aware search that understands classes and variables.
1.1B in 2018
33M
100M
5M vulnerability alerts in 2018
Home to the most
important and popular
open source projects
on the planet
▪
▪
refs/pull/*/head refs/remotes/origin/pr/*'
refs/pull/*/merge refs/remotes/origin/pr/*'
Azure Pipelines
Microsoft Security Code Analysis
Sonarqube IntegrationAnalyze the quality of your source code to detect bugs, vulnerabilities and code smells throughout the
development process.
The Microsoft Security Code Analysis extension easily integrating the running of static analysis tools
in your Azure DevOps pipelines.
Simple Configuration and Execution
✓ Adding security static analysis tools to your build is as simple as
adding new build tasks.
✓ The tasks run as part of your DevOps pipeline and produce logs with
results of any findings.
Keep Your Builds Clean
✓ Configure the extension to introduce a build break should any new
issues being introduced and detected.
✓ Configure continuous integration builds, to run on every pull request.
Auto-Update
✓ The Azure DevOps build tasks and tools can be set to stay up-to-date.
✓ If there is an updated version of the tool, there is no need to download
and install it; this extension takes care of that for you.
https://secdevtools.azurewebsites.net/
SourceManage your open source usage and security in your pipeline
Detection
✓ Automatically detect all open
source components in your code,
while running your build
Selection
✓ Discover the best open source
components for your needs, while
you search online
Alerting
✓ Get real time alerts on security
risks, policy pitfalls, and software
bugs
Reporting
✓ Generate comprehensive, always
up to date reports on your open
source usage, in one click
blob d65b79a... image.png 83MB
commit 03ce18e...
commit 69a846f...
blob af5626b... image.png 78MB
commit 7fbc67a...
blob 43e6ac7... image.png 75MB
commit 12177ab...
blob 0819cba... image.png 68MB
blob d65b79a... image.png 83MB
commit 03ce18e...
commit 69a846f...
blob af5626b... image.png 78MB
commit 7fbc67a...
blob 43e6ac7... image.png 75MB
commit 12177ab...
blob 0819cba... image.png 68MB
blob d65b79a... image.png 128B
commit 03ce18e...
commit 69a846f...
blob af5626b... image.png 128B
commit 7fbc67a...
blob 43e6ac7... image.png 128MB
commit 12177ab...
blob 0819cba... image.png 128B
▪
▪
▪
Organizations tend to produce branching structures that copy the organization chart.
Old way - Composing Isolation Mechanisms
Fixes Hotfixes
Release Service Pack
MainIntegration
Team A
Team B
Team C
Feature 1
Feature 2
Release
Trunk-Based Branching Strategy
master
bugfix
feature
topic
topic
topic
topic
topic
Github Flow & Release Flow
master
bugfix
feature
topic
topic
topic
topic
topic
Release v.120
Release v.121
Ways to improve trunk-based development
• Develop in small batches and commit often.
• Perform synchronous code review.
• Implement comprehensive automated testing.
• Have a fast build.
• Create a core group of advocates and mentors.
• Release from Master.