I think your idea of cloning your template is best. But you can tweak that by using GitHub or similar site.
With GitHub you would fork for each new project based on your template.
The fork would create a brand new git repository but based on your template.
Now if one your projects has an update you would like picked up in your original template repository, you could submit a pull request to the original template. Others could too, if you wanted to share.
Then you would simply accept the pull requests you found that you want to incorporate into your original project.
Your plan sounds great! I think you are off to a really good start.
My only advice is in regard to you Developer Workflow. I think you're dev branch may become problematic, because developers will be merging code willy-nilly then they think its ready.
If both branchA and branchB, C, and D are merged into dev, and it fails, you can't be certain which parts are necessarily failing. Also, if someone pushes up something with a conflict, you dont know who it was. Madness and insanity are bound to ensue.
If a feature turns out not to be ready, and code needs to be backed out of dev, other developers will have already pulled down their additions. Those developers then will merge back into dev, unwittingly re-introducing the broken code. Madness and insanity are bound to ensue.
You're going to need a couple steps of separation to keep untested code away from tested code.
This all depends on the skill sets of your team, and how you actually work together. What follows is my solution to problems of a quickly expanding team with differing levels of git knowledge and different levels of developers code dependability.
I always try to tell people to not simply think about developer workflow, but testing procedure, and release process. They all need to be planned as part of a singular process.
- Lead Dev or Release Mngr (whoever) creates a new
release branch based off master. This branch will be a container for anything going on it in the next release.
- Lead/ReleaseMngr creates
integration branch based off release.
- Developer creates new feature branch (or topic branch, whatever you want to call it), based off the current release branch.
- Developer tests locally, is happy.
- The developers feature branch deployed somewhere and tested by QA independently of any untested code.
- QA signs off on feature - it gets merged into an
integration branch. (ideally, IMHO, only after the feature branch has been rebased off release, to force the conflict resolutions )
- QA tests the
integration branch which is just the release branch + this one feature.
- QA signs off - integration is merged into release (if not signed off, integration is blown away and recreated based on
release). This is the reason for integration. No one pulls form this branch, and it can be blown away as needed.
- Now the feature is in release, and can be shared with other developers making features based off
release branch.
- Release is good, merge to master. Deploy, make a new release branch based off master.
I know it sounds like a lot, but it really will save you from the headaches and, in my experience, are inevitable with large projects with logs of people having differing levels of knowledge.
If you have a small team with a simple release process, or a team that is very experienced - all this may not be necessary - but do be aware of the inherent problem with testing multiple people's code at the same time in your dev branch.
All that said, its my understanding the GitHub team just lets everyone merge into master directly (after a brief code review) and auto deploys ~30 times a day.
Best Answer
You can do it with individual developers working in branches and then merge into master as required, then just deploy from master into each of your environments.
Or you can do it via top level branches (development, acceptance, production, etc) as you suggest. At some point, the logic of what goes into each environment needs to be handled. And the way you suggest is about as good as any.
It's worthwhile looking into something like Ansible (https://www.ansible.com/). We've recently employed this at the company where I work and it's an excellent way of pushing out varying builds to different servers based on configuration and templating. It works best from a Unix based control machine to push the changes to whatever machines you desire, so it's worth bearing that in mind, as you may need to build a Unix VM as your control machine and install Ansible on it. I'd also recommend Vagrant to manage this (https://www.vagrantup.com/).
You could also have a Jenkins server that manages each of the builds for each of the branches and then simply deploy the binaries to each server via some other process, such as Ansible or some batch program.
Hope that helps answer your question.