Every concept, every command, every workflow — from your very first commit to production-grade branching strategies, automated guardrails, and team administration.
Git is a distributed version control system. It tracks every change you make to your code, lets you travel back in time to any previous state, and lets multiple people work on the same project simultaneously — without overwriting each other's work.
Every time you "commit", Git takes a snapshot of all your files at that moment. Think of it like saving a game — you can always load a previous save.
Create separate "branches" to experiment or build features without touching the working code. Merge it back when it's ready. Branches are free and instant.
Everyone has the full history locally. You push changes to a shared server (GitHub) and pull others' changes. Conflicts are resolved explicitly — nothing is lost.
A command-line tool installed on your computer. It manages the history of your project locally. No internet required. Created by Linus Torvalds in 2005.
A website that hosts Git repositories in the cloud. Adds collaboration features: Pull Requests, Issues, Actions (CI/CD), team management, and code review.
Get Git installed on Windows 11, configure your identity, set up SSH authentication for GitHub, and establish sane global defaults.
Download Git from git-scm.com. During setup: choose VS Code as default editor, select "Git from the command line and also from 3rd-party software", and choose "Use Windows' default console window".
Git stamps every commit with your name and email. This is how GitHub knows which commits are yours.
SSH keys let you push/pull without typing your password every time. Much more secure than HTTPS with password.
Your global git configuration lives at ~/.gitconfig. Here's a professional setup:
Every developer follows this cycle hundreds of times. Master these commands and you'll handle 90% of daily Git work confidently.
Conventional Commits is a standard format that makes your history readable and enables automated changelogs and version bumping.
Tell Git which files to never track. Critical for keeping secrets and build artifacts out of your repo.
Branches are the backbone of team collaboration. They are free, instant, and allow parallel development without interference. Understanding branching strategies separates junior developers from seniors.
main is always deployable. Create a branch → commit → open PR → review → merge to main → deploy. Ideal for continuous delivery teams. Simple, no ceremony.
main + develop + feature/* + release/* + hotfix/*. Structured for versioned software releases. More ceremony, very controlled. Good for apps with explicit release windows.
Everyone commits directly to main or uses very short-lived branches (<2 days). Relies on feature flags to hide incomplete work. Used by Google and Meta. Requires strong CI.
Feature branches off main, merged via PR. Release branches cut from main at release time. Patches cherry-picked to release branches. Great balance of control and agility.
Getting code from one branch into another is the heart of collaboration. Three strategies exist, each with different tradeoffs for your commit history and team workflow.
Creates a merge commit that ties two branches together. Preserves full branching history. Use when you want to clearly see when branches diverged and rejoined.
Squashes all commits from the feature branch into one single commit on main. Cleaner main history — each PR becomes one atomic commit. Individual commits from the branch are discarded.
Replays your commits on top of the target branch for a perfectly linear history. Rewrites commit SHAs — never rebase shared or public branches.
One of Git's most powerful properties — you can undo almost anything. Knowing which tool to use is critical. Some commands rewrite history (dangerous on shared branches), others are always safe.
reset --hard, rebase, and commit --amend rewrite history — safe on private branches only. For shared branches like main or develop, always use git revert — it creates a new commit that undoes changes, preserving full history for everyone.A remote is a version of your repository hosted on a server. You can have multiple — origin (your fork or primary), upstream (the original source when contributing to open source). All sync operations go through remotes.
GitHub transforms Git into a collaboration platform. Pull Requests are the central mechanism for proposing, reviewing, discussing, and safely merging changes across teams of any size.
Professional teams enforce quality automatically — preventing bad commits from entering the codebase, requiring peer reviews, running tests before every merge, detecting leaked secrets, and ensuring consistent formatting across the entire team.
.git/hooks/ that fire automatically at key moments. Key hooks: pre-commit (runs before every commit — block bad code here), commit-msg (validates the message format), pre-push (runs tests before any push), prepare-commit-msg (auto-populate message templates).chmod +x .git/hooks/pre-commit .git/hooks/commit-msg .git/hooks/pre-push on Linux/Mac. On Windows, Git Bash respects the executable bit automatically. Without this step, hooks won't run..git/hooks/ files are not tracked by Git — only your machine has them. Husky manages hooks that ARE committed to the repository, so every developer on the team gets them automatically when they clone or pull.Navigate to: GitHub → Repo → Settings → Branches → Add branch ruleset. Apply rules to main and develop.
Set 1–2 required approvals. Enable "Dismiss stale reviews when new commits are pushed" so every change gets a fresh pair of eyes. Combine with CODEOWNERS for domain-specific reviewers.
Block merge until all GitHub Actions CI jobs pass (lint, tests, security scan). Select "Require branches to be up to date before merging" to prevent stale merges.
Forces squash or rebase merges only — no merge commits on main. Keeps the history clean, readable, and easily bisectable when hunting bugs in production.
"Do not allow force pushes" and "Do not allow deletions" on protected branches. Prevents malicious or accidental history rewrites even by admins.
Only allow GPG-signed commits to merge. Proves that commits actually came from the claimed author — critical for supply chain security in high-stakes repos.
All PR review comments must be marked "resolved" before merge. Ensures no feedback is silently ignored — every requested change is acknowledged.
These commands separate senior engineers from everyone else. Master them and you'll be the person teammates come to when things go catastrophically wrong — or when they need to surgically extract one commit from a three-month-old branch.
Managing repositories, teams, permissions, secrets, and organization-level policies at scale — for tech leads, engineering managers, and DevOps engineers running professional GitHub organizations.
| Role | What They Can Do |
|---|---|
| Read | View code, clone, create issues & comments |
| Triage | + manage issues, PRs, labels (no code write) |
| Write | + push to non-protected branches, manage releases |
| Maintain | + manage repo settings, webhooks (no sensitive) |
| Admin | Full control — settings, teams, delete, transfer |
Create GitHub Teams that mirror your organization structure: @org/backend, @org/frontend, @org/devops, @org/security, @org/data.
Assign teams to repositories — not individual users. When someone joins or leaves a team, their access to all repositories updates automatically. Individual-level access is a management nightmare at scale.
Enable: Dependabot security updates, Secret scanning, Push protection (blocks secrets at push time), Code scanning with CodeQL. All are free on public repos and available on private with GitHub Advanced Security.
Disable "Allow merge commits" — only allow squash and rebase. Enable "Automatically delete head branches" after merge. Enable "Require contributors to sign off on web-based commits."
Create staging and production environments in Settings → Environments. Add required reviewers for production, deployment branch rules (only main), and environment-specific secrets.
Use the Audit Log (org level) to track who changed what branch protection rules, who added deploy keys, and who accessed secrets. Export logs to SIEM tools for compliance.
Every essential command organized into color-coded reference cards. Print it, bookmark it, memorize it.