Skip to main content
Software Engineering

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

6
  • Thanks for the useful answer. You said: "The contents of your repository on commit x and merge commit y will be identical". This is true, but a build is not just the code. If you build the same code in two different moments, you can have different results (for example, the most recent build might break because some external dependencies introduced breaking changes between commit x and y). That's why I'd rather build and deploy the last commit on the release branch, rather than the merge commit from main. I would say that this applies to containerized applications as well. Commented Dec 18, 2023 at 14:45
  • A question regarding dropping the main branch: how would you then use the release branches? I guess you branch off develop to create a new feature branch and then you merge the feature branch back into develop (as you would do with the main branch in Github flow). When do the release branches come into play, and for what purpose? Commented Dec 18, 2023 at 14:50
  • @KurtBourbaki External dependencies are not a concern of the branching model. When teams need to ensure tighter control over external dependencies, they should mirror those external dependencies into an artifact repository that they control. This can be beneficial to protect against missing dependencies or supply chain attacks, as well. By pulling build dependencies from a more trusted source, you can be sure that your builds will be identical as time passes. Commented Dec 18, 2023 at 14:52
  • @KurtBourbaki Without main, the release branches are used exactly as you describe. They come into play when teams need to support multiple releases at once. Perhaps v1.2, v1.3, and v2.0 are all supported and may need patches. You would be able to appropriately patch all the versions for security fixes or critical defects until the version is no longer supported. Depending on the changes, you can branch from the release branch or cherry-pick into the release branch to product 1.2.x, 1.3.x, and 2.0.x versions as needed. Commented Dec 18, 2023 at 14:54
  • your suggestion regarding external dependencies is cool, however, I've never seen it applied before (doesn't mean it's not good!). Usually, you would have a requirements.txt file (or whatever you use) that will be used to manage dependencies of a docker image at build time. If you build twice, dependencies will be resolved twice (in two different moments). Your suggestion is interesting though: do you know some open source project that uses this approach? Thanks again! Commented Dec 18, 2023 at 15:06