Skip to main content

Git Workflow For Multiple Repositories

Introduction


Imagine a situation where you have to work off multiple repositories hosted on multiple hosts. Let us say there are two hosts - ALM and Cloudlab. These repositories on these hosts are managed by two separate teams - ALM and Policy respectively. By setting up a Git workflow across Cloudlab and ALM instances, we can create a development environment for Policy developers working on ATS. This allows them to make changes to the step files and approve them within Policy team. Both teams - Policy and ALM, can work independently. All development and code review is done in the Cloudlab instance. Once changes pass the team's quality assurance review, they are deployed to ALM instance as desired. 

This article describes the method for

  1. Setting up a Git workflow among multiple repositories across Cloudlab and ALM
  2. How to keep those repositories in sync
  3. How to use another repo within a given repo

Developer Workflow


The overall process is as follows:

  1. Create a local Git repo that is a clone of Cloudlab ocng_test repo.

    > git clone ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git
    > git remote -v
    origin  ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git (fetch)
    origin  ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git (push)

  2. Add the ocng_test ALM repo as a second remote.

    > git remote add upstream ssh://randhir.singh%40petshop.com@alm.petshopcorp.com:2222/cgbu_ocdsr-automation_17573/ocng_test.git
    > git remote -v
    origin  ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git (fetch)
    origin  ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git (push)
    upstream        ssh://randhir.singh%40petshop.com@alm.petshopcorp.com:2222/cgbu_ocdsr-automation_17573/ocng_test.git (fetch)
    upstream        ssh://randhir.singh%40petshop.com@alm.petshopcorp.com:2222/cgbu_ocdsr-automation_17573/ocng_test.git (push)

  3. Fetch all there is in both the repositories.

    > git fetch --all
    Fetching origin
    Fetching upstream


  4. Checkout the branch you want to work with. Commit your changes. 

    > git checkout development
    > git checkout -b <feature-branch> # branch off from development

  5. Merge the changes from origin/development and/or upstream/development into your local development branch. Resolve conflicts, if any.

    > git merge origin/development
    > git merge upstream/development

  6. Push changes to remotes.

    > git push origin <feature-branch>
    > git push upstream <feature-branch>

Once the branch is pushed to the remote, the usual Git workflow to integrate changes follows, i.e., by creating a merge request for the target branch and triggering reviews.

Keeping Repositories in-sync

The Cloudlab ocng_test repo will periodically pull changes from ALM ocng_repo in master and development branches.  Both manual and automated synchronizations are supported through the Cloudlab pipeline. The script to do this is shown below

git clone ssh://randhir.singh%40petshop.com@alm.petshopcorp.com:2222/cgbu_ocdsr-automation_17573/ocng_test.git
cd ocng_test/
git remote add upstream ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git
git pull --all
git checkout --track origin/development
git push upstream development:development-sync
git checkout master
git push upstream master:master

 and illustrated in the below pic.

The merge from development-sync to development branch in Cloudlab ocng_test repo will be manual to account for any merge conflicts.

Using NF Test Cases Repo

The ocng_test repo contains the framework code only. It does not contain the NF specific test cases. The test cases are stored in separate repositories of the NF. If we commit the test cases repository files into Cloudlab instance of ocng_test repo, it will cause problems when merging the changes back to ALM instance of ocng_test repo.

Git provides a few options to use another repo within a given repo.

  1. Git Subtree. Git subtree allows you to insert any repository as a sub-directory of another one. To add PCF ATS repo as a subtree in ocng_test repo -

    > git clone ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git
    > cd ocng_test/
    > git subtree add --prefix ocnftest/ocpcf ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ats.git master --squash

    The ATS repo will be added as a subdirectory under ocnftest folder in ocng_test repo. The main drawback is that pushing ocng_test repo to remote pushes sub-tree's files.

  2. Git Submodule. Submodules allow foreign repositories to be embedded within a dedicated subdirectory of the source tree, always pointed at a particular commit. To add PCF ATS repo as a submodule in ocng_test repo - 

    > git clone ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git
    > cd ocng_test/
    > git submodule add ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ats.git ocnftest/ocpcf

    The ATS repo will be added as a subdirectory under ocnftest folder in ocng_test repo. The advantage over Git subtree is that pushing ocng_test repo to a remote doesn't push sub-module's files. It will, however, create a .gitmodules file under root folder with following content -

    [submodule "ocnftest/ocpcf"]
            path = ocnftest/ocpcf
            url = ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ats.git

  3. As a Subdirectory. Another option is to put ATS repo as a subdirectory in the ocng_test local repo. Add the subfolder to .gitignore in your main repo. 

    > git clone ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ocng_test.git
    > cd ocng_test/ocnftest/
    > git clone ssh://git@cloudlab.us.petshop.com:2222/ocpm5G/ats.git ocpcf

    The ATS repo will be added as a subdirectory under ocnftest folder in ocng_test repo. Add ocnftest/ocpcf/* in .gitignore to avoid the contents of ocpcf directory to be pushed to the ocng_test remote.


Labels:

Comments

Post a Comment

Popular posts from this blog

Supporting OpenTracing jaeger in spring boot applications

This page describes code changes in a typical spring-boot based application to support OpenTracing and jaeger. Instrumenting a tracer If you are creating a simple spring boot application that uses  spring-boot-starter-web , by default, the application does not support writing traces to jaeger. To support jaeger tracing, the first thing is to modify the build.gradle to add dependency of jaeger: dependencies {      implementation  'org.springframework.boot:spring-boot-starter-web'      implementation  'io.opentracing.contrib:opentracing-spring-web-starter:3.0.1'      // support opentracing jaeger      implementation  'io.opentracing.contrib:opentracing-spring-jaeger-starter:3.1.2'      testImplementation( 'org.springframework.boot:spring-boot-starter-test' ) {          exclude group:  'org.junit.vintage' , module:  'junit...
Post a Comment
Read more

HOWTO on implementing scanning into a CI Pipeline

Introduction As a part of the Software Security Assurance guidelines, we are required to perform various types of security scanning.  Security scanning is a specialized kind of testing that attempts to identify potential software bugs that could make a deployed application vulnerable to attack and compromise.  As with any testing, the tests can be manual or automatic, and they wan be performed at various points in the development cycle.   We can classify security scanning into three general categories: Static Application Security Testing (SAST)   - performed against source code / configuration data a static scan looks for common logic errors that might lead to system compromise. Dy namic Application Security Testing  (DAST)  - Performed against a running system, a dynamic scan looks for vulnerable software / configurations that might lead to system compromise. Security Monitoring  - Deployed as a part of the system, a security monitor co...
Post a Comment
Read more

CIS Benchmark Kubernetes - PodSecurityPolicies

CIS Benchmark Kubernetes - PSP The  CIS  document provides prescriptive guidance for establishing a secure configuration posture for Kubernetes. The Pod Security Policies (PSP) enable fine-grained authorization of pod creation and updates.  In this article, we'll review the CIS benchmark items for  Pod Security Policies  and provide implementation details on how to enforce them on Kubernetes cluster. Let us first review the CIS benchmark guidance for Pod Security Policies.  CIS Benchmark Overview The following items are checked for this benchmark item: 1.7 PodSecurityPolicies 1.7.1 Do not admit privileged containers  1.7.2 Do not admit containers wishing to share the host process ID namespace  1.7.3 Do not admit containers wishing to share the host IPC namespace  1.7.4 Do not admit containers wishing to share the host network namespace  1.7.5 Do not admit containers with allowPrivilegeEscalation  1.7.6 Do not admit root containers...
Post a Comment
Read more