Skill: Git Workflow
Overview
All code changes go through Git using a branch-based workflow. DEV never
commits directly to main. Every change lives on a feature branch, goes
through a pull request, and gets reviewed by CQ before merging. This skill
covers the full workflow from cloning to PR creation.
Configuration
| Variable | Description |
|---|---|
REPO_URL | Git remote URL for the repository |
Git authentication is handled via SSH keys pre-configured in the container.
GitHub CLI (gh) is pre-installed and authenticated.
Workflow Steps
1. Clone the Repository
On first setup, clone the project repository into the workspace.
git clone ${REPO_URL} /home/agent/workspace/repo
cd /home/agent/workspace/repo
If the repo is already cloned, make sure you are up to date:
cd /home/agent/workspace/repo git checkout main git pull origin main
2. Create a Feature Branch
Every ticket gets its own branch. Create it from an up-to-date main.
git checkout main git pull origin main git checkout -b feature/TICKET-42-user-authentication
Branch naming convention:
feature/{TICKET-ID}-{brief-description}
Rules:
- •Always prefix with
feature/ - •Include the full ticket ID (e.g.,
TICKET-42) - •Add a brief, hyphenated description (2-5 words)
- •Use lowercase only
- •Use hyphens, not underscores
Examples:
- •
feature/TICKET-42-user-authentication - •
feature/TICKET-17-fix-cart-total - •
feature/TICKET-103-add-rate-limiting - •
feature/TICKET-8-refactor-db-queries
Never branch from another feature branch. Always branch from main.
3. Make Changes and Commit
Write your code, then stage and commit in logical, atomic units. Each commit should represent one coherent change.
# Stage specific files (preferred over git add .) git add src/auth/middleware.js src/auth/middleware.test.js # Commit with conventional commit format git commit -m "feat(TICKET-42): add JWT authentication middleware"
Conventional commit format:
{type}({TICKET-ID}): {description}
{optional body}
{optional footer}
Commit types:
| Type | When to Use |
|---|---|
feat | A new feature or capability |
fix | A bug fix |
refactor | Code change that neither fixes a bug nor adds a feature |
test | Adding or updating tests only |
docs | Documentation changes only |
chore | Build process, tooling, or dependency changes |
style | Formatting, whitespace, semicolons (no logic change) |
perf | Performance improvement |
Commit message rules:
- •The description (first line) must be under 72 characters
- •Use imperative mood: "add feature" not "added feature" or "adds feature"
- •Do not end the description with a period
- •The ticket ID must always be in the scope parentheses
- •The body (optional) explains why, not what (the diff shows what)
Examples of good commits:
feat(TICKET-42): add JWT authentication middleware Implements token verification for all protected routes. Uses RS256 signing with rotating keys from the auth service.
fix(TICKET-42): handle expired token gracefully Previously returned a 500 error. Now returns 401 with a clear message telling the client to refresh their token.
test(TICKET-42): add integration tests for auth flow Covers login, registration, token refresh, and invalid credential scenarios.
refactor(TICKET-42): extract token validation into helper Reduces complexity in the middleware by moving validation logic to a dedicated module. Addresses CQ feedback on function length.
Examples of bad commits:
# Too vague fix(TICKET-42): fix bug # No ticket ID feat: add authentication # Past tense feat(TICKET-42): added authentication # Too long feat(TICKET-42): add JWT authentication middleware with RS256 signing and rotating keys from auth service with graceful error handling
4. Push the Branch
Push your feature branch to the remote. Use -u on the first push to set
the upstream tracking reference.
# First push git push -u origin feature/TICKET-42-user-authentication # Subsequent pushes git push
If the push is rejected because main has moved ahead, rebase:
git fetch origin git rebase origin/main # Resolve any conflicts git push --force-with-lease
Use --force-with-lease instead of --force. It prevents you from
accidentally overwriting someone else's changes.
5. Create a Pull Request
Use the GitHub CLI to create a PR. The PR title should include the ticket ID, and the body should follow the template below.
gh pr create \ --title "TICKET-42: Implement user authentication flow" \ --body "## Summary Implements JWT-based user authentication per the requirements in TICKET-42. ## Changes - Added JWT authentication middleware for protected routes - Created login endpoint with email/password validation - Created registration endpoint with input sanitization - Added rate limiting (5 attempts per minute per IP) - Added comprehensive test suite (unit + integration) ## Acceptance Criteria - [x] Users can register with email and password - [x] Users can log in and receive a JWT - [x] Protected routes reject unauthenticated requests - [x] Rate limiting prevents brute force attacks - [x] All error responses follow the standard format ## Testing - Unit tests: 24 passing - Integration tests: 8 passing - Docker build and test: passing - Manual verification: login, register, token refresh all working ## Ticket Resolves TICKET-42"
PR template breakdown:
| Section | Purpose |
|---|---|
| Summary | 1-2 sentences explaining what and why |
| Changes | Bulleted list of what was changed |
| Acceptance Criteria | Checklist from the ticket, checked off |
| Testing | What tests were run, what was verified |
| Ticket | Reference to the ticket using "Resolves TICKET-X" |
6. After PR Creation
Once the PR is created:
- •Start the app running inside your container for QA access
- •Add a ticket comment with the PR link and test URL (under "How to Test")
- •Move the ticket to
in-reviewon the planning board - •Post the PR link on the Meeting Board #review channel
- •Keep the app running until QA renders a verdict
If CQ requests changes:
- •Make the changes on the same feature branch
- •Commit with a clear message referencing the feedback
- •Push to the same branch (the PR updates automatically)
- •Restart the app if the changes affect it
- •Comment on the PR explaining what changed
- •Post an update on the Meeting Board #review channel
7. Merge After QA Pass
When QA passes the ticket and moves it to completed, you merge the PR to main:
- •
Check out main and pull latest:
bashgit checkout main git pull origin main
- •
Merge the PR using GitHub CLI:
bashgh pr merge {pr_number} --merge --delete-branchUse
--merge(not squash, not rebase) unless the project specifies otherwise. The--delete-branchflag cleans up the remote feature branch. - •
Verify the merge:
bashgit pull origin main git log --oneline -3
- •
Stop the running test instance (QA is done with it):
bashkill %1 # or kill the app process
- •
Move the ticket to
rfpon the planning board - •
Add a comment: "PR merged to main. Feature branch cleaned up. Moving to rfp."
- •
Post on Meeting Board #review channel
Merging completed work is your FIRST priority in every heartbeat. Check
the completed column before fixing bugs or picking up new work.
Common Scenarios
Rebasing After Main Moves Ahead
git fetch origin git rebase origin/main # If conflicts arise: # 1. Edit the conflicting files to resolve # 2. Stage the resolved files git add <resolved-files> # 3. Continue the rebase git rebase --continue # Push the rebased branch git push --force-with-lease
Squashing Commits Before Review
If you have many small commits that should be one logical change, squash them before requesting review. Use interactive rebase with care:
# Squash the last 3 commits into one git rebase -i HEAD~3 # In the editor: mark the commits to squash with 's' # Write a clean, combined commit message git push --force-with-lease
Checking PR Status
# View your open PRs gh pr list --author @me # View a specific PR with details gh pr view 18 # Check CI/review status gh pr checks 18
Updating PR Description
gh pr edit 18 --body "updated description here"
Rules
- •Never commit directly to main. All changes go through feature branches and PRs.
- •You merge your own PRs — but only after QA passes. CQ reviews, QA tests, then you merge when the ticket reaches
completed. - •Always reference the ticket ID in branch names, commit messages, and PR descriptions.
- •Keep PRs focused. One ticket, one PR. Do not bundle unrelated changes.
- •Test before pushing. If tests fail, fix them before creating the PR.
- •Use force-with-lease, never force. Protect against accidentally overwriting shared work.
- •Write meaningful commit messages. Future you and your teammates will thank you.
- •Keep your branch up to date. Rebase on main regularly to avoid large merge conflicts.
- •Merge completed work first. Always check
completedcolumn before starting new work.