Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test that commit is reachable from the default branch #21

Open
link2xt opened this issue Apr 2, 2024 · 1 comment
Open

Test that commit is reachable from the default branch #21

link2xt opened this issue Apr 2, 2024 · 1 comment

Comments

@link2xt
Copy link
Contributor

link2xt commented Apr 2, 2024

It is easy to create commit somewhere off the main branch where nobody reviews it.
Some projects keep non-main branch as default or maintain multiple stable branches that contain backports and are never merged into main, but at least a warning would be nice.

I also wonder if we can do something to prevent (re)moving tags later. If we check published crate today and tag is in the right place, it can still be moved later. Can we do something to prevent it? I have looked a bit into annotated tags, but it does not seem to be possible to merge the tag into branch, i.e. make it impossible to remove the tag without force-pushing, right?

I can see hash of annotated tags in .git/packed-refs, and it is different from the hash of the commit annotated tag points to, but attempting to merge this into main branch results in merging the commit, git says there is nothing to do, "already merged".

In mercurial it is different, tags are stored in .hgtags file that is actually commited to the branch. This means tags look different depending on the commit checked out, but they are permanently recorded in the history. Is there anything similar for git? It seems to be at least possible to extend git this way, nothing prevents writing .gittags into the repo.

@VorpalBlade
Copy link

Some projects keep non-main branch as default or maintain multiple stable branches that contain backports and are never merged into main, but at least a warning would be nice.

You could also check if the commit in question is reachable from any tag at all. If it isn't that might mean the release was made from a PR that later got rebased. Regardless it is quite suspicious.

I also wonder if we can do something to prevent (re)moving tags later. If we check published crate today and tag is in the right place, it can still be moved later. Can we do something to prevent it? I have looked a bit into annotated tags, but it does not seem to be possible to merge the tag into branch, i.e. make it impossible to remove the tag without force-pushing, right?

I believe annotated tags can still be moved. Those tags can be GPG signed though unlike normal tags (which is nice, but doesn't help cargo-goggles much). As gittags is not a standard (it would be one we make up) it might be a hard sell, and would be impossible to enforce.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants