| name | git-workflow |
| description | Branch-based Git workflow for code changes, commits, and pull requests. |
Skill: Git Workflow
Overview
All code changes go through Git using a branch-based workflow. DEV never
commits directly to main. Every change lives on a feature branch, goes
through a pull request, and gets reviewed by CQ before merging. This skill
covers the full workflow from cloning to PR creation.
Configuration
| Variable | Description |
|---|
REPO_URL | Git remote URL for the repository |
Git authentication is handled via SSH keys pre-configured in the container.
GitHub CLI (gh) is pre-installed and authenticated.
Workflow Steps
1. Clone the Repository
On first setup, clone the project repository into the workspace.
git clone ${REPO_URL} /home/agent/workspace/repo
cd /home/agent/workspace/repo
If the repo is already cloned, make sure you are up to date:
cd /home/agent/workspace/repo
git checkout main
git pull origin main
2. Create a Feature Branch
Every ticket gets its own branch. Create it from an up-to-date main.
git checkout main
git pull origin main
git checkout -b feature/TICKET-42-user-authentication
Branch naming convention:
feature/{TICKET-ID}-{brief-description}
Rules:
- Always prefix with
feature/
- Include the full ticket ID (e.g.,
TICKET-42)
- Add a brief, hyphenated description (2-5 words)
- Use lowercase only
- Use hyphens, not underscores
Examples:
feature/TICKET-42-user-authentication
feature/TICKET-17-fix-cart-total
feature/TICKET-103-add-rate-limiting
feature/TICKET-8-refactor-db-queries
Never branch from another feature branch. Always branch from main.
3. Make Changes and Commit
Write your code, then stage and commit in logical, atomic units. Each commit
should represent one coherent change.
git add src/auth/middleware.js src/auth/middleware.test.js
git commit -m "feat(TICKET-42): add JWT authentication middleware"
Conventional commit format:
{type}({TICKET-ID}): {description}
{optional body}
{optional footer}
Commit types:
| Type | When to Use |
|---|
feat | A new feature or capability |
fix | A bug fix |
refactor | Code change that neither fixes a bug nor adds a feature |
test | Adding or updating tests only |
docs | Documentation changes only |
chore | Build process, tooling, or dependency changes |
style | Formatting, whitespace, semicolons (no logic change) |
perf | Performance improvement |
Commit message rules:
- The description (first line) must be under 72 characters
- Use imperative mood: "add feature" not "added feature" or "adds feature"
- Do not end the description with a period
- The ticket ID must always be in the scope parentheses
- The body (optional) explains why, not what (the diff shows what)
Examples of good commits:
feat(TICKET-42): add JWT authentication middleware
Implements token verification for all protected routes.
Uses RS256 signing with rotating keys from the auth service.
fix(TICKET-42): handle expired token gracefully
Previously returned a 500 error. Now returns 401 with a clear
message telling the client to refresh their token.
test(TICKET-42): add integration tests for auth flow
Covers login, registration, token refresh, and invalid
credential scenarios.
refactor(TICKET-42): extract token validation into helper
Reduces complexity in the middleware by moving validation
logic to a dedicated module. Addresses CQ feedback on
function length.
Examples of bad commits:
# Too vague
fix(TICKET-42): fix bug
# No ticket ID
feat: add authentication
# Past tense
feat(TICKET-42): added authentication
# Too long
feat(TICKET-42): add JWT authentication middleware with RS256 signing and rotating keys from auth service with graceful error handling
4. Push the Branch
Push your feature branch to the remote. Use -u on the first push to set
the upstream tracking reference.
git push -u origin feature/TICKET-42-user-authentication
git push
If the push is rejected because main has moved ahead, rebase:
git fetch origin
git rebase origin/main
git push --force-with-lease
Use --force-with-lease instead of --force. It prevents you from
accidentally overwriting someone else's changes.
5. Create a Pull Request
Use the GitHub CLI to create a PR. The PR title should include the ticket ID,
and the body should follow the template below.
gh pr create \
--title "TICKET-42: Implement user authentication flow" \
--body "## Summary
Implements JWT-based user authentication per the requirements in TICKET-42.
## Changes
- Added JWT authentication middleware for protected routes
- Created login endpoint with email/password validation
- Created registration endpoint with input sanitization
- Added rate limiting (5 attempts per minute per IP)
- Added comprehensive test suite (unit + integration)
## Acceptance Criteria
- [x] Users can register with email and password
- [x] Users can log in and receive a JWT
- [x] Protected routes reject unauthenticated requests
- [x] Rate limiting prevents brute force attacks
- [x] All error responses follow the standard format
## Testing
- Unit tests: 24 passing
- Integration tests: 8 passing
- Docker build and test: passing
- Manual verification: login, register, token refresh all working
## Ticket
Resolves TICKET-42"
PR template breakdown:
| Section | Purpose |
|---|
| Summary | 1-2 sentences explaining what and why |
| Changes | Bulleted list of what was changed |
| Acceptance Criteria | Checklist from the ticket, checked off |
| Testing | What tests were run, what was verified |
| Ticket | Reference to the ticket using "Resolves TICKET-X" |
6. After PR Creation
Once the PR is created:
- Start the app running inside your container for QA access
- Add a ticket comment with the PR link and test URL (under "How to Test")
- Move the ticket to
in-review on the planning board
- Post the PR link on the Meeting Board #review channel
- Keep the app running until QA renders a verdict
If CQ requests changes:
- Make the changes on the same feature branch
- Commit with a clear message referencing the feedback
- Push to the same branch (the PR updates automatically)
- Restart the app if the changes affect it
- Comment on the PR explaining what changed
- Post an update on the Meeting Board #review channel
7. Merge After QA Pass
When QA passes the ticket and moves it to completed, you merge the PR to main:
-
Check out main and pull latest:
git checkout main
git pull origin main
-
Merge the PR using GitHub CLI:
gh pr merge {pr_number} --merge --delete-branch
Use --merge (not squash, not rebase) unless the project specifies otherwise.
The --delete-branch flag cleans up the remote feature branch.
-
Verify the merge:
git pull origin main
git log --oneline -3
-
Stop the running test instance (QA is done with it):
kill %1
-
Move the ticket to rfp on the planning board
-
Add a comment: "PR merged to main. Feature branch cleaned up. Moving to rfp."
-
Post on Meeting Board #review channel
Merging completed work is your FIRST priority in every heartbeat. Check
the completed column before fixing bugs or picking up new work.
Common Scenarios
Rebasing After Main Moves Ahead
git fetch origin
git rebase origin/main
git add <resolved-files>
git rebase --continue
git push --force-with-lease
Squashing Commits Before Review
If you have many small commits that should be one logical change, squash them
before requesting review. Use interactive rebase with care:
git rebase -i HEAD~3
git push --force-with-lease
Checking PR Status
gh pr list --author @me
gh pr view 18
gh pr checks 18
Updating PR Description
gh pr edit 18 --body "updated description here"
Rules
- Never commit directly to main. All changes go through feature branches and PRs.
- You merge your own PRs — but only after QA passes. CQ reviews, QA tests, then you merge when the ticket reaches
completed.
- Always reference the ticket ID in branch names, commit messages, and PR descriptions.
- Keep PRs focused. One ticket, one PR. Do not bundle unrelated changes.
- Test before pushing. If tests fail, fix them before creating the PR.
- Use force-with-lease, never force. Protect against accidentally overwriting shared work.
- Write meaningful commit messages. Future you and your teammates will thank you.
- Keep your branch up to date. Rebase on main regularly to avoid large merge conflicts.
- Merge completed work first. Always check
completed column before starting new work.