• Guides
  • Testing
  • How to protect code with Buddy and GitHub status checks

How to protect code with Buddy and GitHub status checks

March 16, 2017

How to protect code with Buddy and GitHub status checks

In this guide we'll show you how to secure yourself from merging errors in your GitHub projects with help of BuddyWorks testing features.

Action used in this guide:


Git and its branches are one of the best inventions since sliced bread (well, at least for developers). Employing branches, gitflow and pull requests to development workflow is a great way to ensure code quality.

In short, Gitflow is a type of workflow in which all new features and bug fixes are made on dedicated branches; only when the branch is tested it can be merged to the master branch.

Make sure to check out our insight article on 5 types of Git workflows.

Gitflow in practice may look like this:

  1. Junior Developer receives a task 'develop a new feature'
  2. They create a new branch and codes the feature
  3. When the feature is ready, the developer creates a pull request
  4. Senior Developer reviews the code and assigns back comments
  5. Finally, the feature branch is merged into the master branch and the new feature is ready for deployment

However, no matter how experienced and thorough the Senior Dev is (the coffee wears off, eventually!), such approach doesn't guarantee the code is free of errors.

The principle rule of Continuous Integration says that all changes to code need to be tested before they can be merged to the master branch.

Automate tests with BuddyWorks

Regardless if you use Test, Behavior or Domain Driven Development, writing tests for your application before deploying it to your client is extremely important. Let's begin with creating a pipeline that will automatically test all changes pushed to your repository.

For the purpose of this guide we'll use a simple calculator app written in PHP and Laravel. Make sure to fork it before going forward!

  1. Go to buddy.works, sign up with your GitHub profile and select the forked repository for the first project: Creating a new projectCreating a new project

  2. Create a new pipeline and set the trigger mode to On every push. Assign the branch to Advanced wildcard and set it to *: Adding a new pipelineAdding a new pipeline

  3. Add the PHP action that will run the tests: Adding the PHP actionAdding the PHP action

See how it works in practice

According to Gitflow principles, we now need to create a new branch for the changes in the GitHub project. Let's make a change that will not break anything, eg. add a sad comment to method responsible for math operations in app/Calculator.php:

public function div($x, $y) { //Every time you divide by zero, a puppy dies
    if($y == 0)
        return "don't divide by zero";
    $z = $x / $y;

    return $z;

The commit will immediately trigger the tests in Buddy:

Success! If you open the list of commits in GitHub, you'll see they have passed as well:

Successful build on GitHubSuccessful build on GitHub

What happens when the tests fail

It's time to break something up. For example, change the results of the sum operation to 100:

public function sum($x, $y) {
    $z = $x + $y;
    return 100;

Buddy will run the tests and produce the results:

Ooops! We did - we broke the app. If you fire up the list of commits in GitHub, you'll see that the commit status says "Failed", too.

Protecting your code

Introducing tests like these doesn't secure our code in full: it's still possible to accidentally merge the errors to the production branch. In order to prevent that, we need to secure the main branch on GitHub (usually master):

  1. Go to SettingsBranches in your GitHub project
  2. Under Protected branches select the master branch
  3. Check these boxes:
    • Protect this branch
    • Require status checks to pass before merging
    • the name of the pipeline from Buddy

Protecting master branch from merging errorsProtecting master branch from merging errors

From now on, it will not be possible to issue a pull request and merge untested code to the master branch. The merge will be simply not be possible if the tests are in progress or have failed:

Merge blocked due to errorsMerge blocked due to errors

Alexander Kus

Alexander Kus

Customer Success Manager

A story-teller and conversation-lover, Alexander decided to invest his skills to help his friends at Buddy transform the cold language of patch notes into exciting narratives. Also: an avid gamer, hip-hop DJ, Liverpool FC fan, absentminded husband, and the father of two.

With Buddy even the most complicated CI/CD workflows take minutes to create

Sign up for Buddy CI/CD

Start a free trial

Trusted by customers from 170+ countries