Skip to main content
HashnodeDevSecOps

Command Palette

Search for a command to run...

Mastering Testing and QA with Git

Published
3 min read
Mastering Testing and QA with Git
D
Divyanshu Maurya
Part of seriesDevOps Branching Strategies

🚀 The "Sleep-Well-at-Night" Strategy

We’ve all been there: you merge a "small change" and suddenly the whole site is down.

In this Part 4 of our Git series, we’re going to talk about The Filter System. Think of your Git branches not just as folders for code, but as a series of quality filters. By the time code reaches the end, it's clean, safe, and bug-free.

1. The "Shift-Left" Secret

In the old days, testing happened at the very end. That’s scary.

Modern DevOps "Shifts Left." This just means we start testing the moment a developer writes their first line of code in a feature/* branch.

The Goal: Find the bug when it’s a "tiny mosquito" in Dev, not a "fire-breathing dragon" in Production.

2. Who Tests What? (The Cheat Sheet)

Here is how we map testing to your branches:

The Branch

The Environment

The "Check"

feature/*

Local

Unit Tests: Does this tiny piece work?

dev

Development

Security: Are there leaked passwords or weak code?

qa

QA / Testing

User Flow: Can a user actually finish a purchase?

ppd

Staging

Stress Test: Can the site handle 10,000 users?

main

Production

Smoke Test: Is the "Log In" button still there?

3. The Security "Guard Dogs"

Before code even gets to the QA team, robots should check for two things:

  1. Secrets (Gitleaks): Did you accidentally commit your API key?

  2. Vulnerabilities (Trivy): Is your code using an old library that hackers love?

Pro-Tip: If these automated checks fail, the "Merge" button should stay locked. 🔒

4. Feature Flags: The "Dimmer Switch"

Ever wanted to push code to Production but weren't ready for users to see it? Use a Feature Flag.

It’s a simple if/else statement controlled by a dashboard:

JavaScript

if (flags.new_ui == true) {
  show_shiny_new_button();
} else {
  show_old_boring_button();
}

If the new button breaks everything, you don't need to "revert code." You just flip the switch to false. Problem solved in seconds.

5. The Release Candidate (RC) Workflow

When the qa branch looks good, we merge it to ppd (Pre-Production). We call this an RC (Release Candidate).

  • The Load Test: We use tools like k6 or JMeter to "stress" the app.

  • The UAT: Real humans (the product owners) click around to make sure the feature does what they actually asked for.

6. The "Oops!" Plan: Hotfixes & DR

  • Hotfixes: If Production breaks, we branch from main, fix it, and immediately back-merge that fix into dev and qa so it never happens again.

  • DR (Disaster Recovery): We keep a dr branch synced with main. If our main server goes boom 💥, the dr branch is ready to deploy to a backup server immediately.

🏁 Summary: The 3-Step Quality Filter

  1. Automate the Small Stuff: (Unit tests & Security) on feature and dev.

  2. Break it on Purpose: (Load tests & Integration) on qa and ppd.

  3. Control the Release: Use Feature Flags to keep things safe.

Testing isn't a chore; it’s the armor that protects your code!

#github#devops

Comments

Join the discussion

No comments yet. Be the first to comment.

DevOps Branching Strategies

Part 3 of 3
Start from the beginning

Git Branching Strategies

Stop Building Skyscrapers on a Swamp: A Simple Guide to Git Branching Strategies “A bad branching strategy is like trying to build a skyscraper on a swamp.” If you have ever stared at a Git history that looks like a bowl of spaghetti, you know exactl...

More from this blog

DevSecOps

35 posts