-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add documentation on hotfixing in GovPress #1469
Merged
+42
−1
Merged
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| --- | ||
| title: Hotfixing code in GovPress | ||
| last_reviewed_at: "" | ||
| --- | ||
|
|
||
| GovPress site repositories follow this pattern: | ||
|
|
||
| 1. A `develop` branch is protected and will deploy to a staging site on merge. | ||
| 1. A `main` branch is protected and will deploy to a production site on merge. | ||
|
|
||
| _Hotfixing_ in our context means creating a PR from a branch off `main` and merging into `main`, skipping `develop` altogether. | ||
|
|
||
| This is a risky operation because: | ||
|
|
||
| 1. We have no way of testing the new code in a deployed environment. The code will be checked in the CI/CD pipeline but not against a database of content that is "like" production. | ||
| 1. The staging and production sites will now be out of sync, and so staging will no longer be an accurate test for code we wish to deploy to production. | ||
| 1. We risk creating a merge conflict between the `develop` and `main` branches which will block future production deploys. | ||
|
|
||
| For these reasons, we have a bias towards avoiding hotfix merges as far as possible and we try to keep `develop` branches in a state where they are always deployable. | ||
|
|
||
| ## Reducing the likelihood of hotfixes | ||
|
|
||
| Sometimes we start a long-running piece of development work, for example a redesign of an active theme, which is likely to hold up production deploys. | ||
|
|
||
| In this case, we should first consider factoring our code to avoid hotfixes. For example, can new features be designed as a new plugin, which can be deactivated by default? Can a theme rebuild be placed in a new theme? | ||
|
|
||
| An alternative to a new plugin or theme is to guard the new feature with a feature flag which can be set to activate the feature in staging but not in production. This is something that is much easier to implement if your code is well factored, according to the [SOLID principles of OOP](https://en.wikipedia.org/wiki/SOLID). | ||
|
|
||
| We usually implement feature flags as a environment variables. If you are not sure how to use environment variables in our PAAS please ask a Tech Lead or Ops Engineer. | ||
|
|
||
| ## But I really, _really_ need to hotfix... what should I do? | ||
|
|
||
| Occasionally, we may need to apply a security patch to a dependency or merge some other urgent fix whilst we have work on staging which cannot be deployed. If you think you are in this situation there are several things you can do to reduce the risk of hotfixing. | ||
|
|
||
| ### Dealing with supply chain vulnerabilities | ||
|
|
||
| If you need to change a lockfile to patch a dependency (such as a WordPress plugin or PHP library) please create _two_ PRs, one to merge into `develop` and one for `main`. This way the lockfile will be identical on both branches, which will avoid creating a merge conflict. | ||
|
|
||
| ### Dealing with other urgent fixes | ||
|
|
||
| If you think there is a bug that is so serious that it should be hotfixed, please [start an incident](/tech/incidents/dealing-with-an-incident/). This will ensure that we record the bug and our response to it and encourage us to reflect on how we can avoid hotfixing in future. It will also ensure that there is a Tech Lead available to offer advice and someone should be available to talk to the relevant client. | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non-blocking suggestion: would it be useful to include a link to an explainer about feature flags here? (e.g. https://blog.jetbrains.com/space/2022/06/16/feature-flags/). Some members of the team might not be familiar with the concept.