Branch protection on DM GitHub repositories

This week we have started to enable branch protections on DM GitHub repositories. This means that force push to master will not be allowed and merges that are not up to date should be rejected on master.

For information on the options used please see:

For repositories that have flake8 testing enabled, we encourage you to enable additional flake8 testing in pull requests via Travis. This is described in the developer guide but feel free to contact me if you need help on setting that up. It’s one extra test that can be automated.

Protecting master and flake8 means that making hot fixes directly to master for documentation changes is no longer safe. We will shortly adjust that part of the developer guide.

For background see RFC-121.


Are there any DM-centric instructions on how to use Travis (e.g., do we need to provide a specific account when enabling it for a repository)?

As far as I’m aware you don’t fill in anything special when activating Travis on GitHub. I’m not sure who is allowed to enable travis on lsst repos.

Aha, it doesn’t prompt for details if you activate it from or instead of the repository’s integrations page. Looking at the default settings, they seem to be:

So I guess you really can just leave them empty.

I think we need some more instructions in the dev guide about enabling travis integration. It says add a simple Travis script like the following, but does that get added to the root of the repository, should we create a jira ticket to enable it, etc.? The “do these steps, click these buttons” for branch protection are handy, but something similar for travis would be great, please. As @kfindeisen says above, there are a couple of possible ways to enable travis, and I don’t know what, if anything, the differences between them are.

This is a good point. You always activate Travis from the Travis website, not from the GitHub repository integration settings page.

Generally, you can go to<github_org_name>/<github_repo_name> to either see the test dashboard or a page to activate the repo (if you have permissions).

You always activate Travis from the Travis website, not from the GitHub repository integration settings page.

Is that actually the case? I assume activating it as described would have worked had I not been scared off by what looked like an authentication prompt.

Re: @parejkoj’s remarks, I think we’re supposed to avoid duplicating information that’s documented elsewhere, and I found answers to every question except the “what do I put in these boxes” one in the Travis quick start guide. So maybe just a link would suffice.

Why? I always do it from GitHub and I don’t think I’ve had a problem.

I recalled reading that recommendation from Travis at some point, though I can’t find it right now.

That said, it is recommended practice in their docs. And it seems like the simplest approach.

Of course, I can always remember how to find github settings but I can’t even remember the URL for Travis most days…

Out of curiosity, is there a list of which packages this has been enabled for?

The post-dev guide update link is now:

It would be good to get clarification there on the travis issues discussed above. Separately, the line about clang-tidy should probably refer to clang-format instead (we could probably put an auto-clang-format hook in place safely: many of use do “clang-format on save” already): that’s the project official tool for formatting C++ (equivalent to flake8), whereas tidy is more complicated.

I did all the LSST packages in lsst_apps. I did not do the third party packages or lsst_distrib-only packages. I don’t know if there’s an easy way to query a GitHub org to get a list of all protected branches.