Add support for branches other-than main#687
Add support for branches other-than main#687kipz wants to merge 1 commit intotheupdateframework:mainfrom
Conversation
kipz
force-pushed
the
kipz/custom-branch
branch
from
a6166b8 to
7a34cc7
Compare
This change removes hardcoded references to 'main' as the base branch and adds support for configuring and auto-detecting the default branch across TUF-on-CI components. ## Features - **Auto-detection**: Automatically detect the default branch from git remote using `git symbolic-ref refs/remotes/<remote>/HEAD`, falling back to "main" if detection fails - **Configuration support**: Allow users to configure base branch in signer settings file via `base-branch` option - **Action support**: Add `base-branch` input parameter to signing-event action for workflow customization
kipz
force-pushed
the
kipz/custom-branch
branch
from
7a34cc7 to
e8fdc07
Compare
|
Thanks, I'll have a good look later this week. |
I totally agree with the "I want to run tuf-on-ci on a default branch that is not main" use case. I'm not as sure about the "I want to run tuf-on-ci on a non-default branch" use case though. What's your take on that? I think I'm ok with the "API changes" here (the added action argument and the new signer config item) if you believe the use case is real... but I can't help but think that we could likely support the first use case without adding that complexity. |
|
How about just rely on the config/action argument file for the branch name (and default to |
I've looked at the PR again and I don't really see how it simplifies a lot -- the only thing I see is removing the git symbolic-ref call... and to me I think the question is is there any reason ever to run tuf-on-ci on non-default branch? I don't think there is and that would imply that we could avoid the configuration |
| draft: true, | ||
| head: process.env.GITHUB_REF_NAME, | ||
| base: "main", | ||
| base: process.env.BASE_BRANCH, |
There was a problem hiding this comment.
if we decide to avoid configuration and just use the default branch, we can use
something like base: context.payload.repository.default_branch here
(I think that's the correct path but the documentation is confusing to me so that definitely requires testing)
I don't think so? This can be updated in the documentation that it's a requirement.
If we can rely on this to get rid of the git ref resoltion code, it seems like a good way to get this forward. |
|
Thanks @jku and @kommendorkapten. I do actually use non-default branches for testing etc, but I don't know how common that is (or would be if it was possible). I'm not 100% sure what the consensus is here:
My concern with removing the defaulting to
WDYT? |
I'm fine calling this an edge case we don't care about. If this can be done cleanly without adding more configuration knobs, I think I would prefer that. Otherwise it's more variables that we should test for. So if your option 1 is acceptable to you , that seems best from my perspective. |
3 participants
Right now, the actions and CLI are hard-coded to
main, but folks (read me) might use other default branch names, or even not use the default branch as the base branch.This PR:
base-branchconfiguration to.tuf-on-ci-sign.inibase-branchconfiguration tosigning-eventactionMy main concern is about the default-branch detection and whether or not it might break some folks who have a main branch that isn't their default branch, though this is probably rare. It might be safer to remove the detection and just default to main.