I am currently running Puppet with in masterless mode. I am using r10k for module and environment deployment.
Simplified version: The r10k control repository has two branches: testing and production. Changes in production will be automatically distributed to production servers. Changes in testing to some staging servers.
Now, if I am changing things in testing, I sometimes have to change the r10k control repository, too. A common example would be the Puppetfile
, which currently looks like this in production:
forge 'forge.puppetlabs.com'
# Forge modules
mod 'puppetlabs/stdlib'
mod 'puppetlabs/concat'
mod 'saz/ssh'
# Custom modules
mod 'ownmodule1',
:git => 'https://git.example.org/configuration/ownmodule1.git',
:ref => 'production'
mod 'ownmodule2',
:git => 'https://git.example.org/configuration/ownmodule2.git',
:ref => 'production'
The configuration for the Custom modules might look like this on the testing branch:
mod 'ownmodule1',
:git => 'https://git.example.org/configuration/ownmodule1.git',
:ref => 'testing'
mod 'ownmodule2',
:git => 'https://git.example.org/configuration/ownmodule2.git',
:ref => 'testing'
Now, a commit in testing might look like this:
+mod 'ownmodule3,
+ :git => 'https://git.example.org/configuration/ownmodule3.git',
+ :ref => 'testing'
If I merge this to production, and are not careful, ownmodule3 will be added to production with the testing branch, which could be fatal. This also prevents automated merging when all tests are successful.
How can I modify my repositories or workflow to prevent the accidental merging of branch specific changes?