What lives in Git in a mature DevOps org

• Application code — The obvious one. Every commit triggers a CI pipeline.
• Infrastructure as Code — Terraform, CloudFormation, Pulumi configs. Every merge to main triggers a terraform apply via GitOps.
• Configuration — Kubernetes manifests, Helm charts, Ansible playbooks. Environments are declared, not clicked.
• CI/CD pipelines — GitHub Actions, GitLab CI, Jenkins files. The pipeline that deploys your code is itself version controlled.
• Documentation — Runbooks, architecture decision records (ADRs), onboarding guides. Reviewed and versioned like code.
• Policies and compliance — OPA policies, security scanning rules, access control configs. Auditable changes with author and timestamp.

Git objects

• Blob — The content of a file at a point in time. Identified by SHA-1 hash of the content. Two files with identical content share one blob.
• Tree — A directory listing: maps filenames to blob or tree objects. Represents a directory at a point in time.
• Commit — Points to a tree (root directory snapshot), has one or more parent commits, and contains: author, committer, timestamp, message. A commit SHA is a hash of all this — changing anything changes the SHA.
• Ref (branch/tag) — A human-readable pointer to a commit SHA. main is just a file containing a 40-character SHA. Moving a branch just updates that file.
• HEAD — A pointer to the current branch ref (or directly to a commit in "detached HEAD" state). HEAD~1 means "one commit before HEAD."

Merge vs rebase: when to use which

• git merge — Creates a merge commit with two parents. Preserves the full history of when branches diverged and converged. Best for merging feature branches into main via PR — the merge commit marks "this feature landed here."
• git rebase — Replays your commits on top of the target branch. Creates a linear history. Best for keeping your feature branch up-to-date with main before a PR. Rule: never rebase commits that have already been pushed to a shared branch.
• git rebase -i (interactive) — Squash, reorder, edit, or drop commits before merging. Use to clean up a messy WIP commit history into a clean, reviewable set of commits.
• Squash merge — GitHub/GitLab option: squash all PR commits into one merge commit. Keeps main history clean but loses individual commit context. Popular for trunk-based development.

The undo toolkit

• git revert <sha> — Creates a NEW commit that undoes the changes from a previous commit. Safe for shared history — does not rewrite anything. Use this to undo a bad commit that has already been pushed to main.
• git reset --soft HEAD~1 — Moves the branch pointer back one commit but keeps changes staged. Use to un-commit but keep changes to recommit differently. Safe if not yet pushed.
• git reset --hard HEAD~1 — Moves the branch pointer back and discards changes entirely. Destructive — changes are gone. Never use on pushed commits in a shared branch.
• git reflog — Git's safety net. Records every movement of HEAD, even after reset --hard or rebase. If you accidentally lose commits, git reflog shows where HEAD was and you can git checkout <sha> to recover.
• git stash — Temporarily shelves uncommitted changes. Switch branches, pull, do something else, then git stash pop to restore. Use git stash list to see all stashes.
• git cherry-pick <sha> — Applies one specific commit from any branch onto your current branch. Use for hotfixes: cherry-pick a fix from a feature branch to main without merging the whole branch.

Git events and their pipeline triggers

• push to feature branch — Triggers: lint, unit tests, type check. Fast feedback to the developer. Does NOT deploy.
• pull request / merge request opened — Triggers: full test suite, security scan, terraform plan (posted as PR comment), code review requirement. Deploy to ephemeral preview environment.
• merge to main — Triggers: build, publish image, deploy to staging. The main branch is always deployable.
• tag push (e.g. v1.2.3) — Triggers: production deployment. Semantic versioning tags are the gate for production releases.
• scheduled (cron) — Triggers: dependency security scan, drift detection (terraform plan), performance regression tests.