https://doc.heinfricke.team/index.php?action=history&feed=atom&title=Talk%3A06_Version_Control_and_Source_Code_ManagementTalk:06 Version Control and Source Code Management - Revision history2026-04-14T23:14:04ZRevision history for this page on the wikiMediaWiki 1.43.0https://doc.heinfricke.team/index.php?title=Talk:06_Version_Control_and_Source_Code_Management&diff=965&oldid=prevArtha.kadamb@heinfricke.team: Created page with "== 1. Purpose == This procedure defines the processes for version control and source code management to ensure the integrity, availability, and confidentiality of source code and related artifacts. == 2. Scope == This procedure applies to all source code, configuration files, build scripts, and documentation related to software products developed, maintained, or managed by Hein+Fricke. == 3. Responsibilities == * Development Team: Responsible for following version c..."2025-12-22T10:38:25Z<p>Created page with "== 1. Purpose == This procedure defines the processes for version control and source code management to ensure the integrity, availability, and confidentiality of source code and related artifacts. == 2. Scope == This procedure applies to all source code, configuration files, build scripts, and documentation related to software products developed, maintained, or managed by Hein+Fricke. == 3. Responsibilities == * Development Team: Responsible for following version c..."</p>
<p><b>New page</b></p><div>== 1. Purpose ==<br />
This procedure defines the processes for version control and source code management to ensure the integrity, availability, and confidentiality of source code and related artifacts. <br />
<br />
== 2. Scope ==<br />
This procedure applies to all source code, configuration files, build scripts, and documentation related to software products developed, maintained, or managed by Hein+Fricke. <br />
<br />
== 3. Responsibilities ==<br />
<br />
* Development Team: Responsible for following version control practices. <br />
* IT Team: Responsible for access control and repository backups. <br />
* Project Managers: Ensure adherence to this procedure within projects. <br />
<br />
== 4. Definitions ==<br />
<br />
* VCS (Version Control System): A system that records changes to files (e.g., Git).<br />
* Repository: A storage location for software source code.<br />
* Branch: An independent line of development within the repository.<br />
* Commit: A recorded change in the version history.<br />
* Pull Request/Merge Request: A mechanism for integrating code changes.<br />
<br />
== 5. Procedure ==<br />
<br />
=== 5.1 Repository Management ===<br />
<br />
* All code must be stored in an approved version control system (e.g., GitHub, Gitea).<br />
* Gitea is the internal git repository system for H+F.<br />
* Repositories must be registered and approved by the IT team.<br />
<br />
=== 5.2 Access Control ===<br />
<br />
* Access to repositories is role-based and must be authorized by the relevant project manager. <br />
* Use of personal accounts is prohibited. Only company-assigned credentials are allowed. <br />
* Access must be revoked immediately upon employee termination or role change. <br />
<br />
=== 5.3 Branching Strategy ===<br />
A standard branching strategy must be followed, e.g.: <br />
<br />
* main or master or production: Production-ready code. <br />
* develop: Active development. <br />
* feature/*: Feature-specific branches. <br />
* bugfix/*: Bugfix branches. <br />
* release/*: Release preparation. <br />
* hotfix/*: Critical bug fixes. <br />
<br />
=== 5.4 Commit Guidelines ===<br />
<br />
* Commit messages must be meaningful and refer issue/task numbers where applicable.<br />
* Code must not contain hard coded secrets, passwords, or sensitive data.<br />
* All commits must be traceable to an individual user.<br />
<br />
=== 5.5 Code Review & Merge ===<br />
<br />
* All merges to main or develop branches must go through a pull/merge request with at least one peer review. <br />
* Code reviewers must verify security and compliance aspects. <br />
<br />
=== 5.6 Tagging & Release Management ===<br />
<br />
* Releases must be tagged with delivery id (e.g., DID-NNNN).<br />
* Release notes must accompany each version and stored in the delivery record.<br />
* Code released to production must be signed off by QA and the project manager.<br />
<br />
=== 5.7 Backup & Retention ===<br />
<br />
* All repositories must be backed up daily and stored securely.<br />
* Backups must be tested at least quarterly.<br />
<br />
=== 5.8 Incident Response for Code Breach ===<br />
<br />
* Any unauthorized access or code tampering must be reported as a security incident.<br />
* The standard incident response procedure must be followed immediately.<br />
* A post-incident review must be conducted, and corrective actions documented.<br />
<br />
== 6. Compliance & Audit ==<br />
<br />
* Periodic internal audits shall verify compliance with this procedure.<br />
* Non-conformities will result in corrective actions and may lead to disciplinary action.</div>Artha.kadamb@heinfricke.team