From 9933185ad9c0064b47f374fc7e6a8b874de09907 Mon Sep 17 00:00:00 2001 From: Md Bayazid Bostame Date: Tue, 31 Mar 2026 11:54:47 +0200 Subject: [PATCH] docs: define customer release branch policy --- CONTRIBUTING.md | 17 +++++++++++++++++ .../workflows/developer_handbook.html | 19 +++++++++++++++++++ .../tests/test_app_registry_permissions.py | 15 +++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index aae9bd0..e084401 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,9 +14,26 @@ If you change architecture, deployment flow, or operational behavior, update the - `develop`: active integration branch - `main`: stable branch for production promotion - short-lived feature branches: branch from `develop`, merge back into `develop` +- customer release branches: branch from `main` for a frozen customer line when a customer must not receive future feature work automatically Do not use `main` as the default development branch. +### Customer release policy +For customer-specific deliveries such as TUBCO, use a dedicated release branch from the current stable line. + +Recommended pattern: +- `release/tubco-v1`: customer maintenance branch +- `tubco-baseline-2026-03`: baseline tag taken from the same stable point + +Rule: +- new product features continue on `develop` +- customer release branches only receive approved: + - bug fixes + - security updates + - UI improvements + +Do not let a customer deployment track `develop` directly. + ## Current Delivery Model - GitHub Actions is used for CI - the current test server is local/LAN-only diff --git a/backend/workflows/templates/workflows/developer_handbook.html b/backend/workflows/templates/workflows/developer_handbook.html index c59248c..d38f0c3 100644 --- a/backend/workflows/templates/workflows/developer_handbook.html +++ b/backend/workflows/templates/workflows/developer_handbook.html @@ -79,6 +79,7 @@
  • develop is the active integration branch.
  • main is the stable branch intended for production promotion.
  • Feature work should start from develop and merge back into develop.
    • +
  • Customer release branches should start from main when a customer must not receive future feature work automatically.
    • @@ -93,6 +94,24 @@
  • promote develop into main when stable
    • +
    +

    Customer release branches

    +

    Use a dedicated release branch when a customer should receive the current stable product line but not future features by default.

    + +

    This keeps the customer line stable while the main product keeps evolving.

    +

    4) Local Development Workflow

    Start

    diff --git a/backend/workflows/tests/test_app_registry_permissions.py b/backend/workflows/tests/test_app_registry_permissions.py index 20dc9b9..48629bd 100644 --- a/backend/workflows/tests/test_app_registry_permissions.py +++ b/backend/workflows/tests/test_app_registry_permissions.py @@ -1,5 +1,6 @@ from django.contrib.auth import get_user_model from django.test import TestCase +from django.urls import reverse from workflows.app_registry import build_portal_app_sections, ensure_portal_app_configs from workflows.models import PortalAppConfig @@ -48,3 +49,17 @@ class AppRegistryPermissionTests(TestCase): self.assertNotIn('requests_dashboard', self._visible_keys(self.staff)) self.assertIn('requests_dashboard', self._visible_keys(self.it_staff)) + def test_super_admin_cannot_open_platform_owner_app_registry_page(self): + self.client.force_login(self.super_admin) + + response = self.client.get(reverse('portal_app_registry_page')) + + self.assertEqual(response.status_code, 302) + self.assertEqual(response.url, reverse('home')) + + def test_platform_owner_can_open_app_registry_page(self): + self.client.force_login(self.platform_owner) + + response = self.client.get(reverse('portal_app_registry_page')) + + self.assertEqual(response.status_code, 200)