Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename master branches? #312

Closed
tarcieri opened this issue Jun 21, 2020 · 8 comments
Closed

Rename master branches? #312

tarcieri opened this issue Jun 21, 2020 · 8 comments

Comments

@tarcieri
Copy link
Member

In the wake of recent events, several developers have chosen to rename the "master" branches on their projects, and GitHub has announced they will be changing the default branch name as well (although they haven't announced to what). It seems like "main", "develop", and "trunk" are all popular options.

Should we consider doing the same?

While it's pretty easy to rename the default branch of code repositories associated with this project, doing the same for advisory-db is trickier as the rustsec crate and everything that uses it including cargo-audit and cargo-deny all directly consume the https://github.com/RustSec/advisory-db git repository. What's particularly troublesome is that the git refs for the master branch are presently hardcoded:

https://github.com/RustSec/rustsec-crate/blob/42e8d16/src/repository.rs#L25-L29

This means we need to do a phased approach where we pick a new branch name, update clients with the new branch name, and then phase out the "master" branch some time after clients have upgraded.

All that said, in general I think the advisory-db repo could benefit from using a two-branch model where work on preparing advisories happens on one branch, and when it's complete they are published to a second branch which is what clients of the advisory-db actually consume.

Setting aside for a moment what to rename the first branch too, I'm thinking would make sense to have a branch with a name like "live" or "published" for advisory-db clients to consume.

There's an open PR (#311) to add a GitHub Action to assign advisory IDs. This seems like a good place to automatically update the "live"/"published" branch.

@kpcyrd
Copy link
Contributor

kpcyrd commented Jun 21, 2020

I think it'd be a good idea to introduce a new branch that's specifically intended to be consumed by (automated) tooling as soon as possible, and then wait until github has actually settled on a new name and adopt that one. Picking develop while github eventually settles for trunk would be unfortunate. It'd be also on pair with regular software development in which only the release branch is really intended for end-users.

Something we could also consider to phase out old clients is a dummy branch that has "dummy" advisories for common crates with instructions on how to upgrade the rustsec client.

@tarcieri
Copy link
Member Author

Something we could also consider to phase out old clients is a dummy branch that has "dummy" advisories for common crates with instructions on how to upgrade the rustsec client.

As it were, there's already a first-class mechanism for filing informational advisories against cargo-audit/rustsec specifically for alerting for these sorts of breaking changes:

https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199

@alex
Copy link
Member

alex commented Jun 21, 2020 via email

@8573
Copy link
Contributor

8573 commented Jun 22, 2020

Picking develop while github eventually settles for trunk would be unfortunate.

It'd be frustrating to switch and then need to switch again.

If you don't mind my asking, why is it important that a particular repository have its default branch have the default name for a default branch? I admit I don't maintain anything as important as this (maybe there are issues I'd see if I did), but, the few times I've bothered to translate my preference for being explicit about how stable or under-development the "master" branch is meant to be into actually giving it a different name, it never caused problems (except once, briefly, when I forgot to point GitHub at the new branch).

@tarcieri
Copy link
Member Author

why is it important that a particular repository have its default branch have the default name for a default branch?

From a muscle memory perspective, it's nice if you aren't constantly switching default branch names between projects.

@alex
Copy link
Member

alex commented Jun 22, 2020

Yeah, I'm someone who contributes to dozens of projects between work and OSS, some commonality of my workflow is highly valued.

@tarcieri
Copy link
Member Author

tarcieri commented Oct 2, 2020

I'm a soft vote for waiting to see if a consensus emerges on what the right replacement name is, and if github or git upstream makes a change

GitHub has renamed the default branch to "main":

https://github.blog/changelog/2020-10-01-the-default-branch-for-newly-created-repositories-is-now-main/

tarcieri added a commit that referenced this issue Mar 7, 2021
The 'master' branch has been renamed to 'main' per:

#312

However older clients are still consuming the 'master' branch.

This commit adds a GitHub Actions job which mirrors the 'main' branch to
'master' to continue supporting these older clients.
tarcieri added a commit that referenced this issue Mar 7, 2021
The 'master' branch has been renamed to 'main' per:

#312

However older clients are still consuming the 'master' branch.

This commit adds a GitHub Actions job which mirrors the 'main' branch to
'master' to continue supporting these older clients.
tarcieri added a commit that referenced this issue Mar 7, 2021
tarcieri added a commit that referenced this issue Mar 7, 2021
@tarcieri
Copy link
Member Author

tarcieri commented Mar 7, 2021

The default branches of all repos in the RustSec org have now been renamed to main, which is also the new default branch name used by GitHub going forward.

The advisory-db repo continues to mirror the main branch to master to support older clients.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants