-
Notifications
You must be signed in to change notification settings - Fork 0
2.4. Standards: Repository Access and Branch Protection Policy
This policy establishes a structured and secure workflow for code changes, defining distinct roles for the Layer Release Team, Contributors, and CodeOwners (typically architects). It utilises the GitFlow branching model to maintain code quality and control releases, with CodeOwners playing a key role in planning and release cadence.
This project employs a layered architecture where the image assembly is divided into distinct functional components, each potentially managed by an independent layer release teams. Each component team is responsible for the development, testing, and release of their specific component.
Where common functionality exists, the component team proposing a change will request review from the CODEOWNERS
, once approved they will merge the change in accordance with an agreed process. CODEOWNERS
will then perform the release process.
-
Image Layers:
- Vendor Layer: Contains vendor specific implementation and configurations.
- Middleware Layer: Provides core common services and functionality.
- Application Layer: Implements the applications.
-
Independent Release Teams:
- Autonomy: Each team maintains a high degree of autonomy over their layer, allowing independent release cadence.
- Coordination: Teams collaborate and synchronise when changes affect shared functionalities or dependencies.
-
Contributors Team (Engineers):
-
Responsibilities:
- Develop new features and bug fixes.
- Create feature branches from
develop
.- Can use the UI to create branches.
- Use CLI
git-flow feature start "branch name"
- Submit pull requests (PRs) for code review.
- Merge from feature branches to
develop
- Can use the UI to merge
- Use CLI
git-flow feature finish
-
Permissions:
- Write access to feature branches.
- Write access to
develop
for approved feature branches. - Read access to
main
- No direct merge access to
main
.
-
Responsibilities:
-
CodeOwners Team (Architects):
-
Responsibilities:
- Review and approve PRs.
- Plan milestones and determine release cadence.
- Release authority (decide when to merge to
main
). - Note: May not directly make code changes.
-
Permissions:
- Write access to
develop
for approved feature branches. - Read access to all branches.
- Write access to
-
Configuration:
- Defined in the
./github/CODEOWNERS
file.
- Defined in the
-
Responsibilities:
-
Layer Release Team:
-
Responsibilities:
- Release Content: Determine the specific versions of previously released components to be incorporated into the new layer release.
- Update Configuration: Modify configuration files to reference the selected component versions.
- Create the layer release branch from
develop
- Merge code from
release branch
tomain
. - Tag are created on
main
caused bygit-flow
- Merge from
main
todevelop
caused bygit-flow
- Push changes to
main
anddevelop
, includingtags
.
-
Permissions:
- Write access to
main
&develop
. - Read access to all branches.
- Write access to
-
Responsibilities:
-
main:
- Strictly protected.
- Only the Release Team can merge.
- Tags used to mark releases.
- Maintains a history of feature releases.
-
develop:
- Protected.
- Requires a pull request from a feature branch with approval from CodeOwners to merge.
- Release team bypass this requirement
- Contributors and CodeOwners can merge.
- Maintains a history of feature integrations.
- Planning: CodeOwners plan milestones and determine the release cadence.
-
Branching: Contributors create feature branches from
develop
. - Development: Contributors work on their feature branches.
- Pull Request: Contributors submit PRs for review, automatically assigning CodeOwners.
- Code Review: CodeOwners (architects) review code and provide feedback.
- Approval: CodeOwners approve PRs that meet quality standards.
-
Merge to develop: Approved PRs are merged into
develop
(by Contributors or CodeOwners). - Release: CodeOwners determine the release cadence.
-
Release Team:: Create a release via a
release
branch and merges tomain
anddevelop
.