Question 1: Where's the CI/CD pipeline?
Question 2: Why can one person change production alone without peer review (outside of an emergency)?
You don't have a job, you have a ticking time bomb.
this post was submitted on 10 Jul 2025
425 points (96.3% liked)
memes
16151 readers
2864 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
Rolling, rolling, rolling back nothing I love more than communicating why we had to roll back again (ノಠ益ಠ)ノ
It's internal development (Portugal) developing something for an internal department (Germany). There's nothing professional going on here so we are far from any ci/cd pipeline. One person can change everything, because it's just two developers (1 frontend, 1 backend).
Plus things are busy and we (team in Germany) are way more interested in this thing working well than they (team in Portugal) are since they have higher priority tasks..
Of course I can say fuck it and live with the poor quality caused by circumstances that were partially caused by poor management decisions of the company but I'm not able to care little enough.
Pre-commit hooks don't require a pipeline nor any money. In most cases it's one line of code to make the tests run every commit
Even better: use pre-commit. It supports all kinds of stuff without a lot of config. This gets you (and GP) a lot of the features of a full-blown CI pipeline, but it all runs locally before anyone breaks anything.
Stop me from committing my work and I will hunt you down to the ends of the earth.
Fix your shit and it won't stop you from committing.
It's also usually only on certain branches, so you can make a branch where you break things and then fix them before you merge to testing/main/whatever.
TIL precommit hooks can be set per branch. I was being facetious to begin with but this sounds pretty good actually.
Nah, at our place it's applied on all branches...
What do you do if you have code that isn't complete enough to work? Do you have to just leave it untracked?
I don't know what others do, but I personally whip out git commit -n and bypass the hooks in this situation.
If you have code that is not complete it is not qualified to be deployed. Cut work items into smaller chunks but never deploy not fully, 100% working and tested stuff. Not even on dev.
Every branch you have deploys on commit? You have to fully QA all of your code before it goes into any sort of source control?
Not quite.
- Every commit is just a local commit
- Every push runs pre-hooks which execute bunch of checks, for example linters, style checkers, etc. and prevent a push if something is not perfect
- After every push the CI/CD pipeline runs on origin
- Every run of the pipeline executes again checks with linters but also securoty checks for CVEs on dependencies and runtime
- Every pipeline run also executes all tests such as unit tests, scenario tests, integration tests
- If any of the above fails, the pipeline fails and stops
- Only if everything is okay, one can deploy on dev, the first stage
- Only if this is okay, the artifact gets pushed to the central artifact store
- Only if this suceesa a prod deployment can run, which pulls the artifact from the store
- Runners for dev and prod are distinct and don't have rights the other has, the only common contact point is the artifact store
That's an extremely very basic overview with many steps and concepts omitted but you get the idea.
That seems reasonable to perform on protected branches, but I'm not a fan of protecting all branches. That could leave valuable code with a single copy on a dev machine. I'd rather have it pushed to an unprotected branch and then be checked on merge instead of push.
Only main is protected, you can force push on feature branches.
So, what if I want to push some debug or preliminary code to a topic branch, would this system prevent this if all tests don't pass?
No, it does not prevent pushing (as long as the pre-hooks work) but you cannot deploy from a failed pipeline/branch because you have defective software, as proven by failed tests.
That is reasonable
Take down prod while I’m on call and seeing my kid and I shall return the favor
I get that a lot
Getting threats over one line of code is called senior development
Don't worry I'm too lazy to hunt you down farther than the coffee shop next to me.
I agree. I absolutely hate when some pesky git hook rejects some debug code I wrote that I want to commit. Mind you, commit, not integrate. This is the situation where I whip out git commit -n.
I demand CI/CD for my scripts. If it runs in prod or against prod or anywhere near prod, it gets a pipeline.
Technical maturity isn't just for big companies and important things. It's a practice. Why half-ass something when you could whole ass it?
If you have tests you have to automate them and have a pipeline which stops any deployments when these tests fail. You definitely have a mindset issue and not a management or tool issue. I am not sorry but as a DevOps Engineer I can only say you guys are a lousy hack and should probably seek a different job.
It doesn't have to be that way, if you have a CI/CD process that prevents it.
Why kind of psychos are merging with failing tests?
The kinds of psychos that work at companies that measure performance by number of commits and PRs, successful or not.
That explains why vibe coding is so popular… just commit after every iteration the LLM spits out
the real question is why doesn't the CI/CD prevent merging with failing tests in the first place. i have not worked in any company that allowed that for at least 15 years.
Rn I'm in a project where everyone that has access to the code is given the role of owner of the group so we have permissions to skip any and all measures since owners don't care.
I'm so happy that tomorrow is my last day. So happy.
haha, i can imagine :)
The kind of psychos that have “nice to have” tests. If it’s red, it’s not critical, but still worthy of attention… sometime.
because they know better than your tests obv.
You guys get to test?
Proper procedure would have been the dev updating the uts so that they pass. If all they updated was adding ignore or commenting out code in the ut, even better!