Don’t fall for the golden hammer: avoid git empty commits, especially for kicking off parts of your CI/CD
Posted by jpluimers on 2022/08/16
A while back Kristian Köhntopp (isotopp) wrote a blog post after quite a Twitter argument where he poses against using git empty commits. I’m with Kris: don’t use them for anything, especially not for kicking off your CI/CD.
Basically his blog post is all about avoiding to think you have a golden hammer, and avoid falling for the Law of the instrument – Wikipedia.
Originally, Abraham Maslow said in 1966:
“I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.”
For me this has all to do with preventing technical debt: find the right tool to kick your CI/CD pipeline after part of that chain somehow malfunctioned is way better than polluting the commit history with empty commits.
His blog post: [Wayback/Archive.is] Empty commits and other wrong tools for the job | Die wunderbare Welt von Isotopp
The most important bit in it:
And since we are talking about CI/CD pipelines: Don’t YAML them. Don’t JSON them. Don’t XML them.
…
Programming in any of these three is wrong use of tooling, and you should not do it.
- YAML, JSON and XML are for declarative things.
- Python, Go and Rust are for procedural things.
- Bash is for interactive use only.
Use the proper tooling for the job. Be an engineer.
This very much reminds me of an Entwickler Konferenz keynote a long time ago, where Neal Ford made the point that most software engineers act very much unlike what is expected from traditional engineering way of operating where the engineer is both responsible and liable for his actions.
The start of the Twitter thread: [Archive.is] Kristian Köhntopp on Twitter: “A lot of people right now that git is an API and triggering CI/CD pipelines with empty commits replaces the equivalent of a Kubernetes controller for their fragile pile of bash in git triggers. This is broken and begets more brokenness. Evidence:… “
The tweet that started the subtweet: [Archive.is] Florian Haas on Twitter: “(For anyone wondering, what’s nice about this one is it works in any CI. So you don’t have to remember how to manually kick off a GitLab CI pipeline or GitHub Action or Zuul job, you just push an empty commit and off you go.)”
Other relevant tweets:
- [Archive.is] Kristian Köhntopp on Twitter: “If you go down this path, stop right now and rethink your life choices. If you ever need this, you are very likely holding it very wrong and you need to wake up the engineer in you.”
- [Archive.is] Patrick Gerken on Twitter: “Naja, sowohl bei git als auch bei der gitlab api muss ich mich einmal authentifizieren und die auth daten irgendwo sicher ablegen. Dann ist es bei beidem ein einzelnes Kommando. Ich bin nur auf der Console in der Regel noch nicht bei der APIauthentifiziert.… “
- [Archive.is] Patrick Gerken on Twitter: “… “
- [Wayback/Archive.is] How to trigger pipeline securely from the terminal ($2185598) · Snippets · Snippets · GitLab
This solution still has one drawback. Gitlab requires a project specific token. If every developer uses the same token, its validity is bound to the project and not the individual contributor. While Gitlab allows users to create personal access tokens, you cannot require such a token to trigger a pipeline.
- [Wayback/Archive.is] How to trigger pipeline securely from the terminal ($2185598) · Snippets · Snippets · GitLab
- [Archive.is] Patrick Gerken on Twitter: “… “
- [Archive.is] Kristian Köhntopp on Twitter: “”But I need to retrigger the deployment, because I need a Terraform run after I lost an instance.” This needs a proper reconciliation loop. If you are not on K8s, you need to write a thing that reinvents K8s for your infrastructure.”
- [Archive.is] Kristian Köhntopp on Twitter: “Normale CI-Pipelines haben eine REST-API, die man curlen kann, wenn man sich 15 Sekunden Zeit nimmt, die Doku zu greppen.… “
- [Archive.is] Kristian Köhntopp on Twitter: “Take this instead.… “ / [Archive.is] Kristian Köhntopp on Twitter: “Empty commits and other wrong tools for the job If you look at empty commits and think they can be useful for you, maybe you need to stop and think.”
- [Archive.is] Jeroen Wiert Pluimers on Twitter: “That “Be an engineer” is very much no coincidence and reminds me of an @EntwicklerKON keynote by @neal4d a long time ago where he posed that IT engineers act very much unlike traditional engineers and hardly bear responsibility or liability. So use the right tool for the job.… “
Yes, you want to avoid shell too (anything like for instance sh, ash, dash, bash or zsh), but you have to know it (and understand why to avoid it) as often it is the only interactive way to access systems from the console.
And of course Kris also wrote a big document on that too, which is available as full PDF (Wayback), full HTML (Wayback) and chaptered HTML Die UNIX Shell /bin/sh.
But more importantly, Kris wrote [Wayback/Archive.is] Using Python to bash | Die wunderbare Welt von Isotopp which is about using Python to do things you might be tempted to do in the shell. It quotes
Shell is a thing you want to understand and then not use, because you learned to understand it.
which is from the German post in thread [Wayback/Archive.is] Bashprogrammierung, wo gehts am besten los which quotes Kris’ 1998 message:
From kris Tue Sep 1 11:26:12 1998 From: kris Newsgroups: de.comp.os.unix.misc Subject: Re: Shell-Frage, find, xargs, kopieren von vielen Dateien References: <6seh24$q9a$2...@nz12.rz.uni-karlsruhe.de> From: kr...@koehntopp.de (Kristian Koehntopp) Alignment: chaotic/neutral X-Copyright: (C) Copyright 1987-1998 Kristian Koehntopp -- All rights reserved. MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Marc.Hab...@gmx.de (Marc Haber) writes: >mir ist das ganze Zeug mit der Shell, find, xargs und Konsorten noch >reichlich verschlüsselt. http://www.koehntopp.de/kris/artikel/unix/shellprogrammierung/ >xargs hin oder sollte ich besser ein Perlskript schreiben? Verwende Perl. Shell will man koennen, dann aber nicht verwenden. Kristian
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a Reply