Hello, sorry if my terminology isn't accurate, I'm used to using SVN and still learning Bitbucket.
We use in-house and outsourced developers. The in-house developers currently have read/write access to the trunk (master branch?). I would like to know the best way to allow our outsourced developers to read/write to our repository, while protecting ourselves against bad code being committed. My first thought was to give them read access to the trunk so they could always pull down the latest code, and create a new branch for them to commit to. Then, I could review their branch commits and merge them into the trunk.
Would that be an ideal approach, or is there a better option? Thanks!
That is the correct approach, but to boil it down to the very essentials, the primary goal here will be preventing un-reviewed code from being pushed to specific branch(es), and that part is actually really straightforward.
The post at https://blog.bitbucket.org/2013/09/16/take-control-with-branch-restrictions/ provide an introduction to the Branch Restrictions feature, that will prevent unauthorized changes to branches. Use this to ensure that only trusted people can merge changes.
Next, ask your outside developers to do all work on new branches, creating a different new branch for each topic of work, such as a specific bug or feature. When they feel their work is complete and ready to merge, they would file a Pull Request and add reviewers that are trusted to modify the protected branches. When the reviewers are satisfied that the changes are consistent with your code guidelines, they can "approve" to signal that this is confirmed, or "merge" to introduce it to another branch. If there are concerns, the reviewers can make comments directly against the pull request, or against individual lines in the "diff" to guide the submitter to make changes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.