Skip to main content

Git-Based Code Delivery Channel

Overview

Submit code deliverables directly from GitHub or GitLab repositories instead of uploading files. The platform clones your repository, runs automated quality checks (linting, security scans, tests), and syncs updates automatically when you push new commits. This streamlines expert-client code reviews while maintaining full audit trails and quality standards.

Step-by-Step Guide

Submitting a Repository for the First Time

  1. Navigate to the Expert Submission page (/delivery/expertsubmission) after completing work on a job
  2. Choose “Submit via Git Repository” instead of the traditional file upload option
  3. Provide your repository details:
    • Enter the GitHub or GitLab repository URL (HTTPS format: https://github.com/username/repo)
    • Specify either a branch name (e.g., main or feature/new-dashboard) or a specific commit SHA
    • If submitting a private repository, provide a personal access token with read permissions
  4. Submit the repository - The platform clones your code at the specified commit or branch
  5. Wait for automated quality checks - The system runs linting, security scans, and tests based on your detected language/framework
  6. Review quality check results - You’ll see pass/fail status with detailed error messages if any checks fail
  7. Client reviews your code - The client browses your repository file structure and views code files directly in the platform

Submitting a Pull Request

  1. Create a pull request in your GitHub or GitLab repository with your changes
  2. On the Expert Submission page, select “Submit via Pull Request”
  3. Paste the PR URL - The platform clones the PR’s head branch and displays PR metadata (title, description, comments)
  4. Quality checks run automatically - Same automated checks as repository submissions
  5. PR comments sync to the platform - Reviewers’ GitHub/GitLab comments appear in the Fiftyknots review interface
  6. Track PR status - When the PR is merged or closed, both you and the client receive notifications

Updating a Submission with New Commits

  1. Push new commits to the branch you originally submitted (if you submitted by branch, not commit SHA)
  2. Webhook triggers automatic update - The platform detects your push and re-clones the repository
  3. Quality checks run again - All checks re-execute on the updated code
  4. Both parties receive notifications - You and the client are alerted to the update
  5. Client reviews the updated code - They see a diff showing what changed between submissions
Note: Submissions made via specific commit SHA are immutable - new commits won’t trigger updates. Accepted submissions are locked and won’t auto-update regardless of new commits.

Resubmitting After Rejection

  1. Receive rejection feedback from the client on the Client Review page (/review/clientreview)
  2. Fix issues in your repository and push commits
  3. Create a resubmission by providing an updated branch name or commit SHA
  4. Platform treats this as a fresh submission - Quality checks run again from scratch
  5. Client sees commit history and diffs - They can compare your resubmission to the original

Common Questions

Can I submit both public and private repositories?
Yes. For public repositories, just provide the URL. For private repositories, you’ll need to provide a personal access token (GitHub) or deploy key (for SSH) with read permissions. The platform encrypts and stores these credentials securely. You can view and revoke stored credentials anytime from your submission dashboard. What happens if I push new commits after the client has already accepted my deliverable?
Nothing. Once a client accepts your submission, it becomes locked. New commits won’t trigger updates, and the accepted version remains frozen. This protects both parties by ensuring the approved code doesn’t change after escrow funds are released. How do I stop automatic updates if I submit by branch but want to freeze it?
Submit using a specific commit SHA instead of a branch name. Commit SHA submissions are immutable - the platform clones that exact commit and won’t sync updates, even if you push new code. Alternatively, once the client accepts your work, it locks automatically. What if my repository is too large or contains sensitive data?
The platform enforces a 500MB repository size limit to prevent resource exhaustion. If your repo contains sensitive data (API keys, passwords), the system scans for these and warns you before exposing files to the client. Remove sensitive data or use environment variables before submitting. Can I submit code from the same repository for multiple jobs?
Yes. You can submit from the same repository but different branches for different jobs. Each submission is isolated - updates to one branch won’t affect other jobs using different branches from the same repo.

Troubleshooting

“Failed to clone repository” error appears
This usually means the repository URL is incorrect, the repo was deleted, or your credentials expired. Verify the URL is correct and uses HTTPS format (not SSH). If it’s a private repo, regenerate your personal access token and resubmit. Check that the token has “repo” read permissions enabled. Quality checks keep failing for valid code
The platform auto-detects your language/framework and runs appropriate checks. If checks fail incorrectly, verify your code follows standard conventions for your language (e.g., ESLint rules for JavaScript, Pylint for Python). You can view detailed error messages in the quality report. If checks hang for over 10 minutes, they’ll timeout - optimize long-running tests or break them into smaller suites. Webhook updates aren’t working after I push commits
First, confirm you submitted via branch name, not commit SHA (SHA submissions don’t auto-update by design). Check that the client hasn’t already accepted your submission (accepted work is locked). If neither applies, the webhook registration may have failed - try resubmitting the repository to re-register webhooks. GitHub/GitLab rate limits can also delay webhook delivery. “Repository contains malicious code” warning blocks my submission
The platform scans for security threats before exposing code to clients. Review your repository for unintended files - sometimes dependency folders or build artifacts trigger false positives. Remove flagged files, commit, and resubmit. If you believe the scan is incorrect, contact platform support for manual review. Client Review (/review/clientreview) - Where clients view your Git-based submissions, browse code files, and make accept/reject decisions. The review interface integrates quality check results and displays commit history for resubmissions. Escrow Dashboard (/escrowdashboard) - Tracks payment releases tied to your code submissions. When a client accepts your Git-based deliverable, the escrow system automatically releases funds using the same flow as traditional file uploads. Expert Dashboard (/developerdashboard) - Shows all your active submissions, including Git-based deliverables. Monitor quality check status, client review progress, and payment status for repositories you’ve submitted across all jobs.