liauw-media/git-workflow

Git Workflow

Core Principle

Maintain clean, readable Git history with meaningful commits and consistent branching practices.

When to Use This Skill

• Creating new branches
• Making commits
• Writing commit messages
• Merging branches
• Creating pull/merge requests
• Any Git operation

The Iron Laws

1. NO AI CO-AUTHOR ATTRIBUTION IN COMMITS

This is a firm policy. Commits represent human accountability.

2. NO COMMITS WITHOUT VERIFICATION

MANDATORY: Use verification-before-completion skill before EVERY commit.

Never commit without:

• ✅ All tests passing (unit, integration, e2e)
• ✅ Code quality checks passed
• ✅ Pre-commit hooks successful
• ✅ Self-review completed
• ✅ Verification checklist complete

3. SMALL, PRECISE COMMITS

One logical change per commit.

✅ Good commits:

• feat(auth): add email validation to login form
• fix(api): handle null values in user profile endpoint
• test(checkout): add e2e tests for payment flow

❌ Bad commits:

• feat: add login, fix bugs, update tests, refactor code
• Large commits with multiple unrelated changes
• Commits without running tests

Why small commits:

• 🔍 Easier to review
• 🐛 Easier to find bugs (git bisect)
• ⏪ Easier to revert
• 📖 Clearer history

4. FRONTEND + BACKEND = BOTH TESTS REQUIRED

When changes affect both frontend and backend:

MANDATORY before commit:
1. ✅ Backend tests pass (unit + integration)
2. ✅ E2E tests pass (full user flow)
3. ✅ API tests pass (if API changed)
4. ✅ Frontend tests pass (component + integration)

Never commit:

• ❌ Backend changes without backend tests
• ❌ Frontend changes without e2e tests
• ❌ API changes without both backend AND e2e tests
• ❌ Changes that break existing tests

5. PRE-COMMIT HOOKS ARE MANDATORY

Every project MUST have pre-commit hooks.

Minimum hooks required:

• Code formatting (Prettier, Black, PHP CS Fixer)
• Linting (ESLint, Ruff, PHPStan)
• Type checking (TypeScript, mypy, Psalm)
• Test execution (if files changed)
• No secrets/credentials check

See: .claude/skills/safety/pre-commit-hooks/SKILL.md for setup

Git Commit Message Format

Structure

<type>(<scope>): <subject>

<body>

<footer>

Type

Must be one of:

• feat: New feature
• fix: Bug fix
• docs: Documentation only changes
• style: Code style changes (formatting, missing semi-colons, etc)
• refactor: Code refactoring (no functional changes)
• perf: Performance improvements
• test: Adding or updating tests
• build: Build system or dependencies
• ci: CI/CD changes
• chore: Other changes (gitignore, etc)

Scope (Optional)

Component or module affected:

• auth: Authentication
• api: API endpoints
• database: Database changes
• ui: User interface
• tests: Test files

Subject

• Use imperative mood: "add" not "added" or "adds"
• Don't capitalize first letter
• No period at end
• Max 50 characters
• Be specific and concise

Body (Optional but Recommended)

• Explain WHAT and WHY, not HOW
• Wrap at 72 characters
• Separate from subject with blank line
• Use bullet points if multiple items

Footer (Optional)

• Breaking changes: BREAKING CHANGE: description
• Issue references: Closes #123, Fixes #456
• NO AI co-author attribution

Commit Message Examples

Good Examples

feat(auth): add JWT token-based authentication

Implement stateless authentication using Laravel Sanctum:
- User registration with email/password
- Login returns bearer token
- Protected routes use auth:sanctum middleware
- Token revocation on logout

Closes #45

fix(api): resolve N+1 query in user list endpoint

Added eager loading for user relationships to prevent
multiple database queries per user.

Performance improvement: 50+ queries → 2 queries

Fixes #78

docs: update README with authentication setup

Add step-by-step guide for:
- Installing Sanctum
- Configuring .env variables
- Running migrations
- Testing authentication

Bad Examples

❌ Updated stuff
   - Too vague, no context

❌ Added authentication.
   - Capitalized, has period, no detail

❌ feat: add auth with JWT and social login and fix bugs and update docs
   - Too long, multiple unrelated changes

❌ WIP
   - Meaningless, what is in progress?

❌ fix: fixed the bug
   - Redundant, no detail about which bug

Branching Strategy

Branch Naming Convention

<type>/<short-description>

Types:

• feature/ - New features
• fix/ - Bug fixes
• hotfix/ - Urgent production fixes
• refactor/ - Code refactoring
• docs/ - Documentation
• test/ - Test-related work

Examples:

• feature/jwt-authentication
• fix/login-validation-error
• hotfix/security-patch-xss
• refactor/user-controller
• docs/api-documentation

Branch Workflow

Creating a New Branch

# Ensure you're on main/master and up to date
git checkout main
git pull origin main

# Create and switch to new branch
git checkout -b feature/authentication

# Or create from specific branch
git checkout -b fix/login-bug develop

Working on a Branch

# Make changes
[edit files]

# Stage changes
git add path/to/file.php

# Or stage all changes (careful!)
git add .

# Commit with good message
git commit -m "feat(auth): add user registration endpoint

Implement registration with email/password validation.
Returns JWT token on successful registration.

Closes #23"

# Push to remote
git push -u origin feature/authentication

Updating Branch with Latest Changes

# Option 1: Merge (preserves history)
git checkout main
git pull origin main
git checkout feature/authentication
git merge main

# Option 2: Rebase (cleaner history)
git checkout feature/authentication
git fetch origin
git rebase origin/main

Finishing a Branch

See finishing-a-development-branch skill for complete checklist.

Git Best Practices

Commit Frequency

• Commit often: Small, focused commits
• Commit working code: Each commit should be functional
• Commit before major refactors: So you can rollback if needed

What to Commit

✅ DO commit:

• Source code
• Configuration files (without secrets)
• Tests
• Documentation
• Migrations
• .env.example (template, no secrets)

❌ DON'T commit:

• .env (contains secrets)
• node_modules/, vendor/
• Build artifacts (dist/, build/)
• IDE-specific files (.idea/, .vscode/)
• Log files
• Database files (*.sqlite, backups/)
• Temporary files

.gitignore

Ensure proper .gitignore for your framework:

Laravel:

/vendor/
/node_modules/
.env
.env.*.local
/storage/*.key
/public/hot
/public/storage
/storage/logs/
/bootstrap/cache/*.php
backups/

Node.js:

node_modules/
.env
.env.*.local
dist/
build/
*.log
.DS_Store

Python:

__pycache__/
*.pyc
.env
.venv/
venv/
*.log
.pytest_cache/
.coverage

Commit Workflow Checklist

Before committing:

• [ ] Run tests (with database backup!)
• [ ] Verify all changes are intentional
• [ ] No debugging code (console.log, dd(), var_dump())
• [ ] No commented-out code
• [ ] No secrets in files
• [ ] Files properly formatted (run linter)
• [ ] Commit message follows format

Advanced Git Operations

Amending Last Commit

# Add forgotten files to last commit
git add forgotten-file.php
git commit --amend --no-edit

# Or change commit message
git commit --amend -m "new commit message"

# ⚠️ Only amend commits that haven't been pushed

Undoing Changes

# Discard changes in working directory
git restore path/to/file.php

# Unstage changes (keep in working directory)
git restore --staged path/to/file.php

# Undo last commit (keep changes)
git reset HEAD~1

# Undo last commit (discard changes) ⚠️
git reset --hard HEAD~1

Stashing Changes

# Save current changes temporarily
git stash

# List stashes
git stash list

# Apply most recent stash
git stash pop

# Apply specific stash
git stash apply stash@{0}

Cherry-picking Commits

# Apply specific commit from another branch
git cherry-pick <commit-hash>

GitHub/GitLab Integration

Creating Pull/Merge Request

GitHub:

# Using GitHub CLI
gh pr create --title "feat(auth): Add JWT authentication" --body "Implements user authentication with JWT tokens

- Registration endpoint
- Login endpoint
- Protected routes
- Tests included

Closes #45"

GitLab:

# Using GitLab CLI
glab mr create --title "feat(auth): Add JWT authentication" --description "Implements user authentication with JWT tokens

- Registration endpoint
- Login endpoint
- Protected routes
- Tests included

Closes #45"

Commit Message in PR/MR

Use the same format as commit messages:

## What

Implements JWT authentication for API

## Why

Needed stateless authentication for mobile app support

## Changes

- Added Laravel Sanctum
- User registration endpoint
- Login/logout endpoints
- Auth middleware on protected routes
- 15 tests covering auth flows

## Testing

- All tests pass (127 total)
- Manual testing completed
- API documentation updated

Closes #45

Integration with Other Skills

Use before committing:

• code-review - Review your changes
• verification-before-completion - Ensure everything works
• database-backup - Before running tests

Related skills:

• finishing-a-development-branch - Complete checklist before PR/MR
• git-worktrees - Working on multiple branches

Red Flags (Bad Git Practices)

• ❌ Committing directly to main/master
• ❌ Vague commit messages ("fix", "update", "WIP")
• ❌ Committing secrets (.env file)
• ❌ Committing broken code
• ❌ Huge commits with unrelated changes
• ❌ Not testing before committing
• ❌ Including AI co-author attribution

Common Rationalizations to Reject

• ❌ "I'll write a proper message later" → Write it now
• ❌ "Just a quick fix, doesn't need good message" → All commits need good messages
• ❌ "I'll clean up history before merging" → Don't rely on it, do it right first time
• ❌ "Adding AI attribution gives credit" → Humans are accountable, not AI

Authority

This skill is based on:

• Git best practices (Conventional Commits standard)
• Industry standard: All professional teams use consistent commit practices
• Legal/accountability: Commits represent human responsibility
• CodeAssist policy: NO AI attribution in commits

Social Proof: Companies like Google, Microsoft, and GitHub use commit message conventions.

Your Commitment

Before making commits:

• [ ] I will write clear, meaningful commit messages
• [ ] I will follow the commit message format
• [ ] I will NOT include AI co-author attribution
• [ ] I will test before committing
• [ ] I will commit small, focused changes

---

Bottom Line: Git history is documentation. Write it for humans who will read it later (including future you). Clean Git history makes debugging, code review, and collaboration easier.