Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: Deleted branches are not pruned #590

Open
mvorisek opened this issue Nov 21, 2024 · 2 comments
Open

Bug: Deleted branches are not pruned #590

mvorisek opened this issue Nov 21, 2024 · 2 comments

Comments

@mvorisek
Copy link

mvorisek commented Nov 21, 2024

Describe the bug

To Reproduce
Steps to reproduce the behavior:

  1. Create a branch, push some changes and open PR (to submit coverage to Codecov)
  2. Close (or merge) the PR and delete the PR branch
  3. Notice the branch is still shown in Codecov (for ex. compare https://github.com/atk4/data/branches/all and https://app.codecov.io/gh/atk4/data )

Expected behavior

Deleted branches must be pruned from "Branch Context" dropdown in Codecov websize. Simple said, they must be in sync with the repo.

Deleted branches have zero meaning once they are deleted. Currently, having listed thousands of useless branches make actually very hard to locate the few present/meaninful branches.

Screenshots

Image

(many of these branches are not longer present in project's GH repo)

@covecod covecod bot moved this to Waiting for: Product Owner in GitHub Issues with 👀 Nov 21, 2024
@reactive-firewall
Copy link

reactive-firewall commented Dec 7, 2024

🤔 While I agree that the ability to prune and further "sync" (or rather as Git works: pull, including pruning deleted branches); I disagree on the rest.

Alternative View

  • Remain "secure by default" while also allowing the flexibility to prune the branches.

    TL;DR

    I'd actually prefer my data (including when tagged with a deleted or even dangling git commits) not be pruned with out authorization. I suggest instead an option in the UI to "sync" (fetch, pull and prune), and perhaps an API equivalent instead, that allows the project admin/owners to decide when to purge data and when not to.

    [!CAUTION]
    The principle of "secure by default" emphasizes that systems should be configured to prioritize security from the outset, minimizing vulnerabilities and reducing the risk of exploitation. By ensuring that security measures are the default setting, we create a stronger foundation for protecting sensitive data and maintaining user trust. While I understand the desire to explore alternative approaches, I believe adhering to this principle is crucial for fostering a secure environment and mitigating potential risks effectively.

  • My rational is, at its essence, that pruning is a destructive operation, and should be optional.

    TL;DR

    I actually configure git to disable it by default (so I must type the more dangerous --prune option to remove my local branches that may have been merged and deleted by a co-contributor, etc.)

  • If I've uploaded coverage reports to codecov, I'd like to keep them there by default.

    TL;DR

    I would like to retain my uploaded coverage reports on Codecov by default, as they are valuable for long-term comparisons. There may be instances where I need to restore a branch due to a mistaken or malicious merge, which highlights the importance of preserving this data. This flexibility is a key advantage of decentralized tools like Git and Mercurial over centralized systems like SVN and CVS, as they recognize that local and remote states can diverge. I don’t intend to spark a debate, but I believe the concept of undesired branches is central to this issue, and it’s important to keep coverage data and branch management distinct. 🙊 I'm sure there is a pun in this somewhere about that being just the tip of it.

Hopefully this is helpful. 🤷

Informative references:

@mvorisek
Copy link
Author

mvorisek commented Dec 7, 2024

Opt-in checkebox for automated pruning and manual pruning button when automated pruning pruning is disabled would cover all usecases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Waiting for: Product Owner
Development

No branches or pull requests

2 participants