SbD Boost | Code Management

Appearance

DevOps and CI/CD

Version Control, Reviews, and Integrating Changes

Version Control

Proper version control is paramount is modern software development. And a well kept version history will help provide key insights, when maintaining or fixing bugs.

It is also provides a clearer system for code reviews and CI/CD to build on.

  • Ability to rollback
  • Coordination
  • Track what version is actually running/used

Git

When using git as your version control system, you can also you some powerful tools in bug fixing, such as git-blame for finding which commit introduced the given line, or git-bisect to automatic binary search through the commit that introduced a given issue, based on test failure or other automatic check.

  • git-blame to highlight what and who introduced a given line
  • git-bisect to automatically find a given commit that causes a test to fail
  • git-hooks automatically run things on commit, push, etc.

CI/CD Pipeline

Avoid regressions

  • Automatic compiling
  • Automatic linting
  • Automatic formatting (check)
  • Automatic tests

A lot of the tools previously presented have to be run as part of process, either while editing/programming, when pushing and committing or more ad hoc.

It would be convenient if we could guarantee to always run these as part of the development process. While we could use git-hooks, it would be inconvenient to bog down the git commands with long running processes as compiling and testing, formatting is usually fast enough.

Secondly we can't ensure that the individual developer will have set these hooks up. We can instead run them as part of our CI/CD pipeline.

Dependency Checking

Protecting the Software Supply Chain

Automatically check dependencies for known vulnerabilities.

  • cargo audit
  • npm audit
  • GitHub dependabot
  • OWASP dependency checker
  • ...

Automatic checking that the versions of dependencies you use doesn't contain any vulnerabilities.

Code Reviews

or How to do version control and pull requests

TODO: Describe good review practices.

  • Be kind

  • Proper wording of comments

  • Don't bike shed

  • Have a described process

  • Ask questions without sounding demeaning

  • Small pull-requests

Clear Defined Responsibility (Name Pending)

  • Who owns the code?
  • Who is responsible for updating and maintaining it?

Copyright © 2025 Alexandra Instittutet