Quick Definition (30–60 words)
Trunk based development is a branching strategy where developers integrate work into a single mainline frequently, avoiding long-lived branches. Analogy: a river where all streams merge continuously to keep flow stable. Formal: a development model emphasizing short-lived feature branches or feature flags with continuous integration to maintain a releasable trunk.
What is Trunk based development?
Trunk based development (TBD) is a source control and workflow model that minimizes branching divergence by having developers push small, frequent changes to a single main branch (the trunk). It is NOT a mandate to remove feature flags, nor is it identical to continuous deployment, although it complements CD practices.
Key properties and constraints
- Frequent merges to trunk, typically multiple times per day.
- Short-lived branches only for task-scoped work, usually hours to a few days.
- Heavy use of feature flags, toggles, or trunk-safe techniques for incomplete work.
- Continuous integration with automated tests gating merges.
- Emphasis on fast feedback, small pull requests or direct trunk commits.
- Cultural investment: collective code ownership and fast revertability.
Where it fits in modern cloud/SRE workflows
- CI/CD pipelines validate trunk builds that represent the canonical released artifact.
- Infrastructure-as-Code follows the same pattern: trunk is the source of truth for infra changes.
- Observability and experiment telemetry are tied to trunk deployments and feature flags.
- Incident response expects trunk to be deployable and rollbacks to be straightforward.
- Security scans and policy-as-code checks should gate trunk merges.
A text-only diagram description readers can visualize
- Developer branches or local changes flow into a continuous integration gate.
- CI runs unit tests, security scans, linting, and integration tests.
- Approved changes merge to trunk and trigger build pipelines.
- Build produces artifacts deployed to staging, canary, then production.
- Feature flags decouple merge from user-visible release; telemetry feeds back to developers.
Trunk based development in one sentence
A discipline where teams keep a single shared mainline, merging small validated changes frequently to keep the codebase continuously releasable.
Trunk based development vs related terms (TABLE REQUIRED)
| ID | Term | How it differs from Trunk based development | Common confusion |
|---|---|---|---|
| T1 | Gitflow | Uses long-lived branches and release branches | People think Gitflow is standard for all teams |
| T2 | Feature branching | Uses longer-lived branches for features | Often mixed with feature flags incorrectly |
| T3 | Continuous integration | CI is a practice, not a branching model | CI is required but not the same as TBD |
| T4 | Continuous delivery | Focuses on release readiness, not branch shape | CD often assumed implies trunk-only |
| T5 | Trunk-based deployment | Emphasizes deploying trunk frequently | Sometimes used interchangeably with TBD |
| T6 | Mainline development | Synonym in many orgs | Mainline may allow longer branches |
| T7 | Forking workflow | Contributors use forks and PRs | Forks can still practice TBD with small PRs |
| T8 | Trunk-based testing | Tests designed for trunk commits | Not everything tests should run on trunk |
| T9 | GitHub flow | Lightweight branching, similar but not identical | People assume GitHub flow equals TBD |
| T10 | Release train | Timeboxed releases on trunk | Release trains can coexist with TBD |
Row Details (only if any cell says “See details below”)
None
Why does Trunk based development matter?
Business impact (revenue, trust, risk)
- Faster time-to-market: Frequent merges and releases reduce lead time for features that drive revenue.
- Reduced merge risk: Smaller diffs are easier to review and cause fewer integration surprises.
- Improved trust: Stakeholders can rely on trunk representing a releasable state, enabling predictable launches.
- Regulatory and security posture: Centralized changes make audit trails clearer when combined with policy-as-code.
Engineering impact (incident reduction, velocity)
- Lower cognitive load: Developers spend less time on resolving complex merge conflicts and context switching.
- Higher throughput: Smaller, frequent commits accelerate PR review and automated validation.
- Faster rollback and mitigation: Reverting or disabling a single trunk change is simpler than unwinding long-lived branches.
SRE framing (SLIs/SLOs/error budgets/toil/on-call)
- SLIs tied to trunk deployments allow accurate SLOs because deployment units are smaller and measurable.
- Error budgets become actionable: high confidence in deployment size makes burn rate analysis more meaningful.
- Toil reduction: automation reduces manual merge and deploy tasks.
- On-call clarity: Incident remediation often maps to a specific recent trunk change or flag state.
3–5 realistic “what breaks in production” examples
- Feature flag misconfiguration exposes incomplete feature to users, causing errors.
- Incomplete migration pushed to trunk without backward compatibility, breaking consumers.
- CI pipeline flakiness allows regressions to be merged, triggering a production incident.
- Secret or credential accidentally committed, causing security exposure and rotation tasks.
- Large refactor merged without adequate end-to-end tests, causing performance regressions.
Where is Trunk based development used? (TABLE REQUIRED)
| ID | Layer/Area | How Trunk based development appears | Typical telemetry | Common tools |
|---|---|---|---|---|
| L1 | Edge and CDN | Trunk holds configuration and edge rules deployed via IaC | Request latency and cache hit rates | CI, IaC tools |
| L2 | Network | Network policy and ingress configs in trunk | Connectivity errors and drop rates | IaC, policy agents |
| L3 | Service (microservice) | Services merged frequently to trunk and deployed via CD | Error rate, latency, deployment success | CI, CD, observability |
| L4 | Application UI | UI changes merged behind feature flags on trunk | Frontend errors and feature usage | Feature flag platforms, CI |
| L5 | Data and DB | Migrations coordinated with flags and trunk releases | Migration duration, query errors | Migration tools, DB CI |
| L6 | Kubernetes | Manifests and Helm charts in trunk with GitOps | Pod restarts and rollout status | GitOps operators, CI |
| L7 | Serverless | Functions integrated to trunk and deployed per change | Invocation errors and cold start metrics | Serverless frameworks, CI |
| L8 | IaaS/PaaS | Infra code changes in trunk trigger env updates | Provision time and drift | IaC tools, CI |
| L9 | CI/CD | Pipeline definitions in trunk controlling validation | Pipeline duration and failures | CI systems, workflow engines |
| L10 | Security and Policy | Scans and rules enforced on trunk changes | Vulnerability counts and policy violations | SCA, policy-as-code |
Row Details (only if needed)
None
When should you use Trunk based development?
When it’s necessary
- Cross-team coordination requires a single source of truth.
- High release frequency is required (multiple deploys per day).
- You need to minimize merge risk in a rapidly changing codebase.
- SRE/ops demand a consistently deployable mainline for rollback safety.
When it’s optional
- Small teams with low release cadence can choose simpler workflows.
- Projects with strict regulatory branching rules where gated long-lived branches are required.
When NOT to use / overuse it
- When legal or compliance constraints require isolated long-term control branches.
- For experiments that need long-lived diverging prototypes that will never merge.
- Overusing trunk commits without feature flags is unsafe for large incomplete changes.
Decision checklist
- If team size > X and release frequency > once per week -> prefer TBD.
- If multiple teams touch same services daily -> TBD recommended.
- If regulatory branches required -> consider hybrid model with strict gating.
- If feature complexity spans weeks and no flags -> use short-lived branches with gating.
Maturity ladder: Beginner -> Intermediate -> Advanced
- Beginner: Merge small PRs to trunk, basic CI, rely on staging deployments.
- Intermediate: Feature flags, GitOps for infra, automated integration tests.
- Advanced: Progressive delivery (canaries, blue/green), policy-as-code, observability-driven SLOs and automated rollbacks.
How does Trunk based development work?
Step-by-step overview
- Developer authors local change or short-lived branch.
- Automated pre-merge checks run: lint, unit tests, static analysis, secret scans.
- Merge to trunk after small peer review or CI approval.
- Post-merge CI builds an artifact and runs integration tests and security scans.
- Artifact is deployed to staging then to canary/production through progressive delivery.
- Feature flags control visibility; metrics and logs validate behavior.
- If incident detected, toggle flag, rollback artifact, or revert change on trunk.
Components and workflow
- Source control with trunk/main branch.
- CI system for pre-merge and post-merge validation.
- Feature flagging platform enabling runtime toggles.
- Artifact registry for trunk-built artifacts.
- CD system for progressive deployments.
- Observability stack for metrics, logs, tracing, and alerting.
- Policy-as-code and automated security checks.
Data flow and lifecycle
- Code commit -> CI build -> artifact -> tests -> CD deploy -> telemetry collected -> alerts -> feedback to developers.
Edge cases and failure modes
- Flaky tests allowing regressions: causes noisy signals and broken trunk.
- Feature flag debt: too many flags without cleanup causes complexity.
- Large refactors: merged too quickly can destabilize many services.
- Cross-repo coordinated changes: need feature orchestration to avoid partial breakage.
Typical architecture patterns for Trunk based development
- Single-repo monolith with trunk: use when teams benefit from tight coupling and unified CI.
- Multi-repo microservices with trunk per repo: each service has its trunk and CI; use for independent deployment cadence.
- Mono-repo with packages and feature flags: good for large code sharing and coordinated refactors.
- GitOps for infra with trunk as source of truth: use for declarative infra and Kubernetes deployments.
- Trunk + orchestration repo for cross-cutting features: use when changes span many services and need coordinated rollout.
Failure modes & mitigation (TABLE REQUIRED)
| ID | Failure mode | Symptom | Likely cause | Mitigation | Observability signal |
|---|---|---|---|---|---|
| F1 | Flaky CI tests | Intermittent pipeline failures | Unreliable tests or environment | Isolate flaky tests and quarantine | Increased CI failure rate |
| F2 | Feature flag leak | Users see incomplete feature | Flag misconfiguration or rollout error | Implement flag safety and audits | Spike in error rates for flagged feature |
| F3 | Large refactor break | Multiple services fail after merge | Insufficient integration testing | Use feature branch for refactor with gated merge | Elevated error counts across services |
| F4 | Secret exposure | Credential committed to trunk | Poor secret management | Rotate secrets and enforce pre-commit hooks | Audit log with commit containing secret |
| F5 | Broken rollout | Canary fails but full deploy continues | Missing guard in CD pipeline | Add automated canary aborts and rollbacks | Canary error rate high then drop |
| F6 | Infra drift | Production differs from trunk IaC | Manual changes in prod | Enforce GitOps reconciliation | Drift detector alerts |
| F7 | SLO burn | Error budget consumed after deploy | Regression or unexpected load | Automatic rollback or mitigation | Burn rate increased |
Row Details (only if needed)
None
Key Concepts, Keywords & Terminology for Trunk based development
(40+ terms; each line: Term — 1–2 line definition — why it matters — common pitfall)
Commit — Atomic change recorded in VCS — Basis of small merges — Large commits hide scope
Trunk — Primary branch where changes converge — Single source of truth — Treating as unstable trunk
Mainline — Synonym for trunk in many orgs — Central repository state — Confusing with long-lived branches
Short-lived branch — Branch with brief lifespan — Reduces merge conflicts — Branches kept too long
Feature flag — Runtime toggle controlling feature exposure — Decouples deploy from release — Flag debt
Canary deployment — Gradual rollout to subset of users — Limits blast radius — Insufficient telemetry
Blue-green deploy — Swap traffic between environments — Safe rollback strategy — Costly duplicate infra
Continuous integration — Automated testing on change — Prevents broken trunk — Flaky tests undermine value
Continuous delivery — Maintain releasable artifacts on trunk — Enables predictable releases — Lacking deploy automation
Continuous deployment — Auto-deploy every change to prod — Fast release cycle — Risky without guardrails
Progressive delivery — Controlled release strategies with metrics — Reduces risk — Complexity in orchestration
GitOps — Declarative infra driven from VCS — Ensures drift-free infra — Human overrides cause drift
IaC — Infrastructure as Code for provisioning — Reproducible environments — Secrets mismanagement risk
Feature toggle lifecycle — Management of flags from creation to removal — Prevents flag bloat — Forgotten toggles
Artifact registry — Stores built artifacts from trunk — Traceable release artifacts — Orphaned artifacts
Pipeline gating — Checks preventing merge without validation — Maintains trunk health — Overly strict gating slows velocity
Policy-as-code — Enforce org policies via code — Automates compliance — Rules too rigid block devs
Secret scan — Automated detection of secrets in commits — Prevents exposure — False negatives exist
Security scanning — SCA and SAST integrated in CI — Lowers vulnerability risk — Generates noisy findings
SLO — Service Level Objective — Aligns reliability to business — Poorly set SLOs are meaningless
SLI — Service Level Indicator — Measure of system performance — Choosing wrong metric misleads
Error budget — Allowable unreliability within SLOs — Supports trade-offs between release velocity and risk — Misinterpreting burn rate
Rollback — Reverting to previous safe state — Restores service quickly — Frequent rollbacks hide underlying issues
Revert commit — Commit that undoes previous change — Fast fix for bad merge — Revert can miss side effects
Observability — Metrics, logging, tracing for visibility — Essential for validating trunk changes — Blind spots from missing traces
Telemetry — Runtime data from applications — Informs decisions — Missing tags reduce signal fidelity
End-to-end test — Broad test covering full stack — Catches integration issues — Flaky and slow test execution
Unit test — Fine-grained tests for small units — Fast feedback — Over-reliance misses integration bugs
Integration test — Tests interactions between components — Validates cross-service changes — Environment setup can be fragile
Feature orchestration — Coordinating multi-repo feature rollout — Necessary for cross-cutting changes — Complexity increases coordination cost
Atomic deploy — Deploy that does not leave system in half-changed state — Reduces inconsistency — Not always feasible for schema changes
Schema migration strategy — Techniques like backward compatible migrations — Prevents outages — Breaking migrations cause downtime
On-call — Engineers responsible for incidents — Ensures rapid response — Lack of rotation leads to burnout
Runbook — Step-by-step guide for common incidents — Speeds recovery — Outdated runbooks mislead responders
Postmortem — Blameless incident analysis — Drives system improvements — Vague action items hinder progress
Service mesh — Runtime for service-to-service behavior — Adds observability and control — Complexity and latency overhead
Immutable infrastructure — Recreate rather than change instances — Predictable deployments — Higher provisioning cost
Deployment window — Time allowed for risky deploys — Limits blast radius — Artificial windows reduce agility
Feature branch — Branch for feature development — Useful if short-lived — Long-lived branches cause divergence
Merge queue — Serializes merges to trunk under CI gating — Prevents broken trunk — Queue latency slows commits
Test flakiness — Non-deterministic test results — Reduces trust in CI — Causes false alarms and wasted cycles
Monorepo — Single repo for many projects — Eases cross-repo changes — Tooling and scale challenges
How to Measure Trunk based development (Metrics, SLIs, SLOs) (TABLE REQUIRED)
| ID | Metric/SLI | What it tells you | How to measure | Starting target | Gotchas |
|---|---|---|---|---|---|
| M1 | Merge frequency | How often changes reach trunk | Count merges per day per team | 5–20 merges/day/team | Noise from trivial merges |
| M2 | Lead time for changes | Time from commit to production | Median time from first commit to prod deploy | <1 day initial goal | Large builds inflate metric |
| M3 | Change failure rate | Fraction of deploys causing incidents | Incidents caused per deploys | <5% initially | Attribution of incident to deploy is hard |
| M4 | Time to restore | How quickly incidents are resolved | Median time from alert to recovery | <1 hour depending on SLOs | Incident detection latency skews value |
| M5 | CI pass rate | Pipeline stability for trunk merges | Percentage of CI runs passing on trunk | >95% desirable | Flaky tests distort signal |
| M6 | Feature flag coverage | Percent of releases using flags | Count of releases with flags / total | Aim >50% for risky changes | Overuse without cleanup |
| M7 | Deployment success rate | Fraction of successful deployments | Successful deploys / total deploy attempts | >98% target | Infrastructure flakiness affects measure |
| M8 | Build time | Time to produce trunk artifact | Median CI build time | <15–30 mins typical | Slow tests or caching issues |
| M9 | Time to merge queue | Delay introduced by merge queue | Median wait time before merge | <10 mins desirable | Queue misconfiguration creates backlog |
| M10 | SLO burn rate | Rate of error budget consumption | Errors per minute normalized to budget | Keep burn low in business hours | Traffic spikes can mislead |
Row Details (only if needed)
None
Best tools to measure Trunk based development
Tool — CI/CD system (e.g., generic)
- What it measures for Trunk based development: Build, test, and deploy success and durations.
- Best-fit environment: Any codebase with CI/CD needs.
- Setup outline:
- Define pipeline for pre-merge and post-merge stages.
- Integrate test, lint, security scans.
- Publish artifacts to registry.
- Hook CD to deploy from trunk artifacts.
- Strengths:
- Central control of validation.
- Integrates many checks.
- Limitations:
- Pipeline complexity grows with tests.
- Does not provide feature flagging by itself.
Tool — Observability platform (metrics and tracing)
- What it measures for Trunk based development: Error rates, latency, traces per deployment.
- Best-fit environment: Distributed systems and cloud-native apps.
- Setup outline:
- Instrument services with metrics and tracing.
- Tag telemetry with deployment and flag metadata.
- Create dashboards for deployments and SLOs.
- Strengths:
- Real-time visibility.
- Correlates deployment to behavior.
- Limitations:
- High-cardinality tags increase cost.
- Requires consistent instrumentation.
Tool — Feature flag platform
- What it measures for Trunk based development: Flag usage, rollout progress, and exposure.
- Best-fit environment: Teams using flags for progressive release.
- Setup outline:
- Centralize flag definitions in code or service.
- Integrate with SDKs for runtime checks.
- Monitor flag toggles and audits.
- Strengths:
- Decouples deploy and release.
- Fast mitigation via toggles.
- Limitations:
- Flag sprawl and technical debt.
- SDK latency risk if remote flags used.
Tool — GitOps operator
- What it measures for Trunk based development: Infra reconciliation status and drift.
- Best-fit environment: Kubernetes and declarative infra.
- Setup outline:
- Point operator at trunk repo directory.
- Set reconciliation interval and alert on drift.
- Peer review IaC changes into trunk.
- Strengths:
- Declarative drift reduction.
- Clear audit trail from trunk to cluster.
- Limitations:
- Requires robust rollback strategy.
- Not all infra fits declarative model.
Tool — Security scanner (SCA/SAST)
- What it measures for Trunk based development: Vulnerabilities introduced by trunk commits.
- Best-fit environment: Any codebase with third-party deps.
- Setup outline:
- Run scans during CI pre-merge and post-merge.
- Fail or warn based on severity policy.
- Track vulnerability age and remediation.
- Strengths:
- Early detection of security issues.
- Policy enforcement.
- Limitations:
- False positives and noise.
- Requires triage process.
Recommended dashboards & alerts for Trunk based development
Executive dashboard
- Panels:
- Merge frequency trend: business-facing velocity.
- Lead time distribution: cycle time health.
- Overall SLO burn rate: business risk indicator.
- Deployment success rate: release reliability.
- Why: Gives non-engineering stakeholders a quick view of delivery performance.
On-call dashboard
- Panels:
- Current alerts and incident list.
- Recent deploys and revert history.
- Error rates and latency for impacted services.
- Active feature flags and recent toggles.
- Why: Focused actionable view for responders to correlate deploys to incidents.
Debug dashboard
- Panels:
- Per-deploy traces and error logs.
- Canary metrics and progression graphs.
- CI pipeline history for failed jobs.
- Diff of recent commits around incident timeframe.
- Why: Enables deep troubleshooting to find root cause quickly.
Alerting guidance
- What should page vs ticket:
- Page: SLO breaches, production outage, severe security incidents.
- Ticket: CI flakiness below threshold, non-urgent policy violations.
- Burn-rate guidance:
- Alert at sustained burn rate that will exhaust error budget in 24 hours; page if within 3 hours.
- Noise reduction tactics:
- Dedupe similar alerts, group by service and deploy commit, suppress during known maintenance windows.
Implementation Guide (Step-by-step)
1) Prerequisites – Version control with trunk/main. – CI/CD pipeline capability. – Feature flagging mechanism. – Observability stack for metrics/traces/logs. – Policy-as-code tooling for gating.
2) Instrumentation plan – Tag all telemetry with commit SHA and deployment ID. – Add feature flag context to request traces. – Emit deploy events to observability system.
3) Data collection – Capture merge frequency, build times, deploy times, and SLO metrics. – Store CI artifacts and build logs for traceability.
4) SLO design – Select SLIs tied to user impact (latency and error rate). – Define SLOs and error budgets with business input.
5) Dashboards – Build executive, on-call, and debug dashboards. – Include deploy overlays and commit metadata.
6) Alerts & routing – Create alert rules for SLO violations and canary failures. – Route alerts to appropriate on-call teams and escalation.
7) Runbooks & automation – Create runbooks for common incidents linked to deployments. – Automate safe rollback and flag toggles where possible.
8) Validation (load/chaos/game days) – Regularly run load tests and chaos experiments against trunk deployments. – Execute game days that simulate flag misconfiguration and canary failures.
9) Continuous improvement – Review metrics weekly and postmortems monthly to refine pipelines and policies.
Checklists
Pre-production checklist
- CI gates pass on trunk.
- Feature flags implemented for non-backward-compatible changes.
- Observability instrumentation present.
- Security scans clean or accepted exceptions.
Production readiness checklist
- Deployment automation verified.
- SLOs defined and monitoring wired.
- Rollback and flag playbooks available.
- Approvals and compliance checks done.
Incident checklist specific to Trunk based development
- Identify last trunk commit and associated flags.
- Check canary performance and rollout status.
- If flagged, toggle off and observe recovery.
- If needed, rollback to previous artifact and open postmortem.
Use Cases of Trunk based development
Provide 8–12 use cases briefly.
1) Rapid feature delivery for SaaS UI – Context: Frequent UI improvements. – Problem: Long-lived UI branches cause merge churn. – Why TBD helps: Flags allow deploy without exposing features. – What to measure: Merge frequency, flag coverage, user error rate. – Typical tools: CI, flag platform, observability.
2) Microservices with independent teams – Context: Multiple services evolve in parallel. – Problem: Integration surprises at release time. – Why TBD helps: Smaller commits simplify troubleshooting. – What to measure: Lead time and change failure rate. – Typical tools: Per-repo CI, tracing.
3) Database schema evolution – Context: Backward-compatible migrations needed. – Problem: Long migrations break consumers. – Why TBD helps: Use flags and phased migrations from trunk. – What to measure: Migration duration and error rate. – Typical tools: Migration frameworks, DB CI.
4) Kubernetes GitOps deployments – Context: Declarative infra for clusters. – Problem: Drift between repo and cluster. – Why TBD helps: Trunk is source of truth for operators. – What to measure: Reconciliation errors and drift alerts. – Typical tools: GitOps operator, IaC tests.
5) Security-first organizations – Context: Need gating for vulnerabilities. – Problem: Vulnerabilities slip into production from long branches. – Why TBD helps: Centralized scanning and policy-as-code. – What to measure: Vulnerability age and scan pass rate. – Typical tools: SCA, pre-merge scans.
6) Large refactors – Context: Big cross-cutting changes. – Problem: Hard to merge across repos. – Why TBD helps: Coordinated trunk-safe rollout with flags. – What to measure: Integration test pass rate. – Typical tools: Monorepo tools, feature orchestration.
7) Serverless API teams – Context: Frequent updates to functions. – Problem: Inconsistent deployments and config. – Why TBD helps: Trunk-driven artifacts reduce mismatch. – What to measure: Cold starts, invocation errors. – Typical tools: Serverless frameworks, CI.
8) Compliance audits and traceability – Context: Need auditable change history. – Problem: Multiple branches obscure change lineage. – Why TBD helps: Every prod change originates from trunk commits. – What to measure: Audit trail completeness. – Typical tools: VCS with signed commits, policy-as-code.
9) Progressive delivery experiments – Context: A/B testing and staged rollouts. – Problem: Hard rollbacks during experiments. – Why TBD helps: Flags and canaries enable safe experimentation. – What to measure: Experiment metric lift and error delta. – Typical tools: Feature flags, metrics platform.
10) Cross-team coordination for platform upgrades – Context: Shared runtime or library upgrades. – Problem: Dependency hell across teams. – Why TBD helps: Trunk-based upgrade with coordination reduces drift. – What to measure: Upgrade deployment success per team. – Typical tools: Monorepo or upgrade orchestrator.
Scenario Examples (Realistic, End-to-End)
Scenario #1 — Kubernetes: Safe rollout of new microservice version
Context: A microservice running in Kubernetes needs a new feature and dependency update.
Goal: Deploy safely from trunk without impacting users.
Why Trunk based development matters here: Ensures the canonical artifact is tested and safe for deployment; feature flag limits exposure.
Architecture / workflow: Trunk commit -> CI builds image -> GitOps updates manifests referencing image tag -> GitOps operator rolls out canary -> observability monitors canary -> full rollout.
Step-by-step implementation: 1) Implement feature behind flag. 2) Commit to trunk with tests. 3) CI publishes image tagged with commit SHA. 4) Update manifests in GitOps directory and merge to trunk. 5) Operator deploys canary. 6) Monitor canary metrics and toggle or rollback as needed.
What to measure: Canary error rate, latency, deployment success, SLO burn.
Tools to use and why: CI for build, GitOps operator for reconciliation, flag platform for toggles, observability for canary metrics.
Common pitfalls: Missing flag in all code paths, insufficient canary traffic.
Validation: Run canary under synthetic load and chaos test node termination.
Outcome: New version validated on small slice, safe progressive rollout.
Scenario #2 — Serverless/Managed-PaaS: Feature rollout for function-based API
Context: A team uses serverless functions on a managed PaaS and needs to deliver a new API change.
Goal: Deliver quickly with minimal risk and rollback capability.
Why Trunk based development matters here: Trunk artifacts trigger deployment and flags decouple user exposure, enabling quick mitigation.
Architecture / workflow: Trunk commit -> CI builds function bundle -> CI runs integration tests using emulators -> Deploy to staging then to production canary -> Flag controls route.
Step-by-step implementation: 1) Add feature behind flag. 2) Run local and CI tests. 3) Deploy to staging and validate. 4) Deploy to production canary with 1% traffic. 5) Monitor invocation errors and latency. 6) Increase rollout or toggle off.
What to measure: Invocation error rate, cold starts, latency by version.
Tools to use and why: CI, function platform, feature flags, metrics.
Common pitfalls: Cold start regressions, remote flag latency.
Validation: Load test the canary under expected traffic.
Outcome: Safe rollout with ability to toggle off quickly.
Scenario #3 — Incident-response/postmortem: Rapid rollback after production regression
Context: A trunk merge caused a regression impacting payments.
Goal: Restore service quickly and learn root cause.
Why Trunk based development matters here: Small recent trunk commits narrow the search space for the offending change.
Architecture / workflow: Incident detected -> On-call checks recent trunk deploy -> Toggle flag or rollback to previous artifact -> Run postmortem and add tests.
Step-by-step implementation: 1) Identify deploy ID and commit SHA. 2) Check feature flag state; toggle off if relevant. 3) If toggle insufficient, rollback deploy. 4) Collect traces and logs for postmortem. 5) Implement fix and harden CI.
What to measure: Time to restore, error budget burned, time to identify root cause.
Tools to use and why: Observability, feature flags, CD with rollback.
Common pitfalls: Missing telemetry linking deploy to errors.
Validation: Postmortem with timeline and action items.
Outcome: Service restored and process improved.
Scenario #4 — Cost/performance trade-off: Balancing rollout speed and infra cost
Context: High deployment cadence is increasing infra costs due to duplicate environments.
Goal: Maintain fast trunk flow while controlling cost.
Why Trunk based development matters here: Trunk allows single source for reusable artifacts and shared staging to reduce duplication.
Architecture / workflow: Trunk builds reusable artifacts -> Shared ephemeral environments for validation -> Progressive delivery uses traffic shaping instead of full environment clones.
Step-by-step implementation: 1) Consolidate expensive staging into shared environments with tenant isolation. 2) Use canaries and flags rather than full blue/green duplicates. 3) Measure cost and performance impact.
What to measure: Cost per deploy, lead time, SLO impact.
Tools to use and why: CI, cost monitoring, observability.
Common pitfalls: Shared environment interference.
Validation: Cost vs SLOs before and after change.
Outcome: Reduced infra cost while preserving deployment safety.
Common Mistakes, Anti-patterns, and Troubleshooting
List of 20 common mistakes with symptom -> root cause -> fix
- Symptom: Frequent broken trunk commits. -> Root cause: Flaky tests or missing CI gating. -> Fix: Quarantine flaky tests and strengthen pre-merge checks.
- Symptom: Feature exposed unexpectedly. -> Root cause: Flag misconfiguration. -> Fix: Add flag audits and automatic validation tests.
- Symptom: Long-lived branches reintroduced. -> Root cause: Poor culture or tooling for small merges. -> Fix: Training and merge queue enforcement.
- Symptom: High change failure rate. -> Root cause: Insufficient integration testing. -> Fix: Add targeted end-to-end tests and canary policies.
- Symptom: Secret accidentally committed. -> Root cause: Missing secret scans. -> Fix: Add pre-commit and CI secret scanning and rotate secrets.
- Symptom: Unclear incident cause. -> Root cause: Missing deploy metadata in telemetry. -> Fix: Tag logs and metrics with commit SHA and deploy ID.
- Symptom: Flag debt accumulation. -> Root cause: No lifecycle for flags. -> Fix: Enforce TTL and periodic cleanup sprints.
- Symptom: Slow CI builds. -> Root cause: Inefficient tests and caching. -> Fix: Parallelize tests, cache dependencies, and split pipelines.
- Symptom: Drift between IaC and prod. -> Root cause: Manual edits in prod. -> Fix: Enforce GitOps reconciliation and restrict ad-hoc changes.
- Symptom: High on-call burn. -> Root cause: Poor runbooks and unclear ownership. -> Fix: Create actionable runbooks and clear escalation paths.
- Symptom: Inconsistent rollback behavior. -> Root cause: Missing rollback automation. -> Fix: Automate rollback and test it regularly.
- Symptom: Overly strict gating blocking work. -> Root cause: Overly broad blocking policies. -> Fix: Rebalance gates to focus on high-risk checks.
- Symptom: Poor observability coverage. -> Root cause: Missing instrumentation. -> Fix: Standardize telemetry libraries and mandate instrumenting new code.
- Symptom: False security alerts. -> Root cause: No triage or threshold settings. -> Fix: Tune rules and create a triage process.
- Symptom: Merge queue latency causing backlog. -> Root cause: Serial merge process without scaling. -> Fix: Increase parallel workers or optimize queue.
- Symptom: Multiple teams stepping on each other. -> Root cause: No clear ownership boundaries. -> Fix: Define ownership and API contracts.
- Symptom: Feature not tested in prod-like environment. -> Root cause: Missing staging fidelity. -> Fix: Improve staging parity or use production canaries.
- Symptom: High-cardinality observability costs. -> Root cause: Excessive tagging and retention. -> Fix: Sample traces and limit high-cardinal tags.
- Symptom: Slow incident RCA. -> Root cause: Missing historical CI and deploy logs. -> Fix: Archive artifacts and logs for retrospective analysis.
- Symptom: Deployment causes database downtime. -> Root cause: Non-backwards-compatible migration. -> Fix: Implement phased migrations and feature flags.
Observability pitfalls (subset emphasized)
- Missing deploy metadata in metrics -> Hard to correlate changes to incidents -> Add commit tags to telemetry.
- Trace sampling too aggressive -> Missing distributed traces -> Adjust sampling for error traces.
- Logs lacking context -> Can’t find user impact -> Enrich logs with request and deploy identifiers.
- Dashboards without deploy overlays -> Hard to assess cause -> Overlay deploy events and commit IDs.
- Alerts firing on symptoms only -> Alerts without root cause data -> Include tracing links and recent commit info.
Best Practices & Operating Model
Ownership and on-call
- Define service ownership per team with rotating on-call responsibilities.
- Tie ownership to code ownership and runbook maintenance.
Runbooks vs playbooks
- Runbook: deterministic steps for common incidents.
- Playbook: higher-level decision guides for complex incidents.
Safe deployments (canary/rollback)
- Start small with canaries and automated aborts.
- Validate key SLIs before increasing rollout percentage.
- Automate rollback on canary failure.
Toil reduction and automation
- Automate repetitive CI tasks and approve routine changes via automation.
- Use merge queues to ensure trunk health without manual gating.
Security basics
- Integrate SCA and SAST into CI.
- Enforce pre-commit secret scanning and policy-as-code.
- Audit flag toggles and restrict who can flip production flags.
Weekly/monthly routines
- Weekly: Review recent deploys and CI health; triage flaky tests.
- Monthly: Flag cleanup sprint; review SLO burn trends and incident follow-ups.
- Quarterly: Run game days and large-scale chaos tests.
What to review in postmortems related to Trunk based development
- Time from deploy to incident.
- Whether feature flags or trunk commits were involved.
- CI pipeline failures or gaps.
- Actions to improve test coverage or automation.
- Ownership gaps that contributed to delay.
Tooling & Integration Map for Trunk based development (TABLE REQUIRED)
| ID | Category | What it does | Key integrations | Notes |
|---|---|---|---|---|
| I1 | Version control | Stores code and trunk branch | CI and GitOps | Trunk is mainline |
| I2 | CI system | Builds and tests commits | VCS and artifact registry | Pre and post-merge stages |
| I3 | CD system | Deploys artifacts from trunk | CI and observability | Supports canaries |
| I4 | Feature flag platform | Runtime control of features | SDKs and telemetry | Central flag audits |
| I5 | Observability | Metrics, logs, tracing | CD and CI | Tag with deploy IDs |
| I6 | IaC tools | Provision infra via code | GitOps and VCS | Use with policy-as-code |
| I7 | GitOps operator | Reconciles trunk to cluster | VCS and observability | Detects drift |
| I8 | Security scanners | SAST and SCA in CI | CI and VCS | Block or warn on violations |
| I9 | Artifact registry | Stores build artifacts | CI and CD | Immutable artifact tags |
| I10 | Merge queue | Serializes merges under CI | VCS and CI | Reduces race merges |
| I11 | Policy-as-code | Enforces policies on merge | CI and VCS | Automates compliance |
| I12 | Incident management | Pager and ticketing | Observability and VCS | Tracks RCA |
| I13 | Cost monitoring | Tracks infra costs | CD and IaC | Correlate cost with deploys |
Row Details (only if needed)
None
Frequently Asked Questions (FAQs)
What is the difference between trunk based development and continuous delivery?
Trunk based development is a branching model while continuous delivery is the practice of keeping trunk always deployable; they complement each other but are distinct.
Can small teams ignore trunk based development?
Smaller teams can use simpler workflows, but trunk practices still help reduce merge friction and speed up delivery.
How long is a short-lived branch?
Typically hours to a few days; anything beyond that risks divergence.
Do you need feature flags to do trunk based development?
Feature flags are highly recommended for decoupling merge from release but alternatives exist for small changes.
How do we manage flag cleanup?
Adopt lifecycle policies, enforce TTLs, and run periodic cleanup sprints.
How do we handle database migrations?
Use backward-compatible migrations, deploy code that supports both schemas, and use flags to flip behavior.
What CI gates are essential?
Unit tests, linting, security scans, and basic integration tests at minimum.
How do we measure change failure rate?
Track incidents that are attributable to deploys divided by number of deploys in a time window.
What if CI is slow?
Optimize tests, parallelize, cache, and isolate long-running end-to-end tests to separate pipelines.
How to prevent secret leaks to trunk?
Use pre-commit hooks, CI secret scanning, and avoid storing secrets in repo.
Is trunk based development compatible with monorepos?
Yes; trunk-based workflows are often used with monorepos and require tooling to scale CI.
How to handle cross-repo coordinated changes?
Use feature orchestration, deploy-order automation, or an orchestration repo with flags.
How do we ensure rollback safety?
Automate rollback paths, test rollbacks, and ensure database migration reversibility.
How often should we run game days?
Quarterly or after major process changes; more often if maturity is low.
Who should own feature flags?
Feature flag ownership should be with the feature team; platform teams govern flag infrastructure.
How to avoid alert fatigue from deployment alerts?
Tune thresholds, group related alerts, and suppress noisy transient issues.
What telemetry tags are non-negotiable?
Commit SHA, deploy ID, environment, and feature flag identifiers.
How to onboard teams to trunk based development?
Start with pilot teams, document practices, provide CI templates, and coach via pairing and reviews.
Conclusion
Trunk based development is a practical branching and delivery discipline that reduces integration risk, improves velocity, and aligns well with cloud-native, SRE-driven practices. It requires cultural investment, automation, observability, and careful feature flag management. When implemented with proper CI/CD, feature flags, and SLO-driven observability, it enables safe, frequent releases with predictable risk.
Next 7 days plan (5 bullets)
- Day 1: Audit current branching and CI pipeline; identify long-lived branches and flaky tests.
- Day 2: Instrument trunk with deploy metadata and enable build artifact tagging.
- Day 3: Implement at least one feature flag framework and gate a risky change behind a flag.
- Day 4: Configure canary deployment policy and add automated canary abort rules.
- Day 5–7: Run a tabletop game day simulating a flag misconfiguration and a canary failure; iterate on runbooks.
Appendix — Trunk based development Keyword Cluster (SEO)
- Primary keywords
- trunk based development
- trunk-based development
- trunk based workflow
- trunk-based workflow
- trunk based branching
-
trunk based strategy
-
Secondary keywords
- feature flags and trunk based development
- CI/CD trunk strategy
- trunk based deployment
- trunk mainline development
- trunk based git workflow
- merge queue for trunk
- trunk based testing
- trunk based gitflow alternative
- trunk based development benefits
-
trunk based development challenges
-
Long-tail questions
- what is trunk based development and why use it
- how to implement trunk based development in kubernetes
- trunk based development versus feature branching
- how to measure trunk based development success
- best practices for trunk based development with feature flags
- how to migrate to trunk based development from gitflow
- how to run canaries with trunk based development
- trunk based development tips for microservices teams
- how to manage database migrations with trunk based development
- trunk based development and compliance audits
- how to manage secrets in trunk based development
- trunk based development CI pipeline checklist
- trunk based development observability requirements
- how to reduce test flakiness for trunk based development
-
trunk based development for serverless architectures
-
Related terminology
- mainline
- feature branch
- continuous integration
- continuous delivery
- continuous deployment
- feature toggle
- feature flag lifecycle
- canary deployment
- blue green deployment
- progressive delivery
- gitops
- infrastructure as code
- policy as code
- service level objective
- service level indicator
- error budget
- merge queue
- monorepo
- microservices
- observability
- tracing
- metrics
- logging
- CI pipeline
- CD pipeline
- artifact registry
- security scanning
- SCA
- SAST
- on-call
- runbook
- postmortem
- rollback
- revert commit
- secret scanning
- deployment pipeline
- deployment automation
- deployment safety
- test flakiness
- feature orchestration
- deployment metadata
- canary metrics
- deployment success rate
- lead time for changes
- change failure rate
- merge frequency
- trunk based development checklist
- trunk based development maturity