We have a commit that have made it to "prod" branch with no trace of a merge commit to "prod" (and among with other branches), directly or indirectly (through other branches first).
Branching model is enabled by default to maintain naming conventions but auto marge isn't.
Unfortunately this has happened more than once.
Any ideas ? could branch modeling be merging commits ?
Branching model configuration:
Please note that in the branch modeling configurations "prod" branch isn't selected and development branch is a deprecated branch that is no longer used.
Tracing the merge commit:
We searched the entire prod commit log using the tortoise GUI and tried this
https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit
Edit: no branch permissions, only repository permissions used.
Do you use branch permissions?
Okay, so that explains why you have a commit on prod that was not a result of a merge commit. If you are not using branch permissions anyone that have access to the repository can commit on any branch. The branching model only defines the branching workflow, it does not prevent you from committing on certain branches.
If you want to limit the commits on prod to only merge commits you need to use branch permissions. Have a look at the documentation for it, https://confluence.atlassian.com/bitbucketserver/using-branch-permissions-776639807.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
But point taken, it certainly needs to be enforced but is there is no other way ?
The commit is a merge commit, a commit resulting from merging branch dev_a into dev_b it can't have been on prod, must be a commit on branch dev_b right ? then it follows that there should be branch merge into prod, either dev_b itself or a branch it was merged into.
I traced all dev_b merges and none is to a branch that ended up merged to prod.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Okay, so my guess it that someone may have done a reset on their local prod branch to the merge commit from dev_a to dev_b, and then pushed that up.
Without enabling branch permissions or add git hooks you will not be able to prevent this from happening. I would recommend to use branch permissions and and enable at least enable Prevent deletion, Prevent rewriting history and Prevent changes without pull request.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.