Our implementation of GitHub is very basic.
We have one master branch (default) and then one open branch (DEV) for new developments.
Ideally we won't have more than one branch open at the same time.
Master branch is a protected branch so only admin can do changes on there.
The idea is to use GitHub Desktop to manage the developments locally in a computer as it would be too complex to manage it via the WebUI due to the kind of files being used.
Also we have the challenge that team is mostly consultant/external and rotating, so not everyone is familiar with the GitHub funcitonality...
Due to this, I would like to know if it is possible to avoid checking out the master branch when cloning our repository.
I am mainly aiming for this approach as I have problems when someone clones the repository locally and starts developing into the local master branch (without switching to the DEV branch first) and getting the error when pushing to server (due to the protected branch).
At that point the developer has already developed a lot and now is time for him to switch all his development to the proper branch instead of using the master one...
Is there any way to achieve that initial checkout from master to be avoided?
EDIT:
just immediately after posting I thought on changing the default branch to DEV so when someone clones it will always be directly targeted to the DEV branch instead of master...
Would this have any bad consequence for such a simple implementation?
Note that branch is created by admin as well as deleting it after pull request has been merged...
So this could be his responsibility to change the default branch every time a new development needs to be done and move it back to the master when development is finished...
Does it have sense?
When you clone a repository, whatever is "checked out" on the remote end becomes the default branch that is checked out on the local end.
For remote bare repositories, which is usually the norm, you have a "default branch" configuration that is used. In your case this is set to master.
You can change this on github to be DEV instead, so that fresh clones of the repository checks out DEV by default instead of master.
You do this by navigating to your repository on github, and click on the "X branches" button that is just to the right of the button/dropdown that shows the default branch selection on your repository page:
on the page that shows branches, click on the "Change default branch" button to the right of your current default branch:
and then finally select your new default branch and click Update:
Related
I'm not certain what happened. Somehow "main" didn't get set as the default branch at the origin. It got set to an old branch that I've long since moved beyond. Though I see in the settings where I can switch the default branch, GitHub presents a big, scary warning that says:
"Changing your default branch can have unintended consequences that can affect new pull requests and clones."
What's the actual danger here? Or is there a way to just recreate the origin repository at GitHub from my local repository? This is just a personal thing that I'm working on. No worries about collaborators.
There is no real issue in your case, for a personal repository.
You can use a gh repo edit --default-branch main (using the GitHub CLI gh, to be installed first), if executed from your local repository folder.
I'm trying to create a pull request on GitHub for project "original/QWERTY" so I forked the repo to "Mark/QWERTY". In Eclipse, I already have a repository set up for "original/QWERTY" and that project is in my workspace, named QWERTY.
Now if I create a new repository pointing at "Mark/QWERTY", I'll have two projects with the same name and both Eclipse and me won't like it.
I thought that it should be possible to have a branch or another remote under a repository and switch between them instead of having two copies (I mean just store the diffs). The problem is that they are different projects on GitHub so I'm not sure how to do it.
What is the correct way to set up two GitHub projects to create a pull request from my fork to the original one in Eclipse with EGit?
The usual workflow for forked repositories is to have a single local repository with a single work directory that is configured to fetch and push from/to multiple remote repositories.
With this setup, you can switch between branches that originate from different remote repositories.
The Fork a repo documentation of GitHub explains this setup when using CLI Git. Most of it should also apply to repositories hosted elsewhere.
Using the EGit documentation, it should be possible to translate these instructions into the corresponding actions in EGit.
How to manage multiple remotes with EGit is documented here: https://wiki.eclipse.org/EGit/User_Guide#Remote_Repositories
Using the information from Rudiger's comment and answer and my trial and error with branches I made my own steps. This picture also helps with terminology.
First, do these 2 things in any order:
fork the original project in the github website so now you have the original and the fork. They have the same code and branches.
create a local repository pointing to the original repo on github. Let's say you decided to select only the master branch.
Remotes: you get a new remote I'll call origin (default). configure its fetch if it's not done for you, the default specification is +refs/heads/*:refs/remotes/origin/*. This ref spec maps all the repo branches to Remote Tracking branches with the same name. If you want to only fetch the master branch then use +refs/heads/master:refs/remotes/origin/master.
Branches: you get a "Remote Tracking" branch called origin/master and a local branch called master with configuration of "Remote: origin" and "Upstream Branch: refs/heads/master". You will be working under the local master as it's the only branch right now.
Now you want to be able to push to your fork so you can create PR. You can and already did pull from the original to keep getting updates from other people's work.
Right click on "Remotes" and create a new remote, I'll call it fork (call it whatever you need). Configure its push.
the URI points to your fork the same way the origin Remote URI points to the original.
The ref mapping maps the branches. Go to "Advanced" and click "Add All Branch Specs" if it isn't done for you. You should get the spec refs/heads/*:refs/heads/*. It's easy to work with this spec but you can change it to whatever you need.
Create a local branch (right click -> switch to -> new branch) whose source is the local branch named master and the branch name is whatever suits what it does. it can be the master branch or a new branch that let's say fixes a bug, so bug 123. You do not have a Remote Tracking branch because those are used for pulls. If you also pull from fork then you will need to configure that in the Remote fork and get a remote branch.
Now you are working on a local branch bug 123 (you can see a checkmark next to it). Fix the bug in your code and in the Git Staging view you should see the files changed and the title is <Repository name> [bug 123]. Make sure you are going to commit/push to the correct branch! Stage whatever you need and commit (adds the changes to the local branch bug123) and push (creates a branch on the github repo called bug 123 if you stayed with the default spec).
Now go to the GitHub repo page of either the original or the fork and the UI will tell you that you can create a PR. From there GitHub will guide you.
Once the PR is merged into the master branch of the original on GitHubm, you will want to fetch from the master.
Right click on the Remote origin or its fetch "subdir" and choose fetch. The will fetch any changes in all the remote branches because the fetch spec we used maps all the branches (we used the * character).
That's it. Continue to switch to a local branch which maps to your fork based on the updated master, fix bug, commit and push, create PR, wait for merge into the original, fetch and pull from the original.
It seems to me that you can only see the vulnerable dependencies on the master branch. I fixed those mentioned in the alert on a separate branch and want to check if in fact the vulnerable dependencies are fixed, so what I really need is to be able to check the alert for the specific branch, can this be done?
I had this same issue.
The problem with GitHub's Security Alert feature is that it will always scans the default branch of a repository. This is normally the master branch. Therefore, any changes to resolve security issues made to other branches will not be recognised by GitHub.
The workaround.
You can change the default branch to be any branch in your repository! Including the one you have done the work to resolve the security issues.
On GitHub, navigate to the main page of the repository.
Under your repository name, click Settings.
In the left menu, click Branches.
Choose the new default branch.
Once you have changed the default branch to the branch you have done the resolving work on, GitHub's Security Alert feature will start to scan that branch.
And you should see the security alerts that you have resolved disappear.
Afterwards you can change the default branch back to the master branch and only change it when you are specifically working on resolving security vulnerabilities.
The security alerts for vulnerable dependencies reported by GitHub might be valid only for the default branch (usually master, but you can change it).
If you are not ready to merge your fix to the default branch of your repo, one workaround would be to push that branch to the default (again, usually master) branch of a new dedicated (and temporary) repository, just to check if any new alerts are detected on that new repo.
Update Oct. 2020, 2+ years later: Michael Greisman points out in the comments to this GitHub Community answer and the documentation "About alerts for vulnerable dependencies".
It confirms that the scan is done against the default branch.
"Once the fix... is merged into the default branch... GitHub will schedule a new scan of your project’s dependencies".
We have a GitHub project (master), every member of the team have a Fork of the project into their own repository.
Once a developer fixed something he create a new branch inside his local forked repo and commit that into remote repository and after that they request a Pull Request so that change go into the master reposiroty.
We publish to production "manually" once a week but we have had issues in production because accidentaly developer had committed to their forked repository and other developer with higher privilegies accept the changes and merge that into master repo, then someone else publish to production and he didnt knew that those new changes didn't passed to QA process.
So, what I want is to create like a Production Repository, so when we have the code in master repo that we know is stable and working then create like a Production branch so if by mistake something is commited and merge into master repo then the code for production publish is not affected.
Any clue or best practice to do this?
Not sure I'm understanding the question correctly, but you can add as many remote repositories as you like. There is a section in the Pro Git book called Working with Remotes that discusses this thoroughly.
In my experience, separating development and production code is typically done with a branching model such as git-flow. You can create separate repositories to solve this problem if you like, but doing so is unnecessary. This is because if developer A submits a PR that's merged by developer B, then developer C will get a non-fast-forward error when they try to commit upstream. This is called a subversion-style workflow. Per the docs:
Git will not allow you to push if someone has pushed since the last time you fetched, so a centralized model where all developers push to the same server works just fine.
If commits to the upstream branch are not being fetched and merged appropriately before pushing, then someone has likely taken it upon themselves to rewrite history.
Your git workflow is good enough to take care of this issue.
First, to fix the issue:
Treat unintended code push as bug and fix it as you would fix any other bug. Best person to perform this activity would be the developer who pushed that code. Developer can just fix it in their fork and submit a pull request. Try not to add any other unrelated code with this pull request.
About Production Branch or Repo:
I don't think you need another Production Branch/Repo (you already have one). As it happened with your current PROD repo, accidental code push can make it to new Branch/Repo too.
Instead use tags/releases feature in GitHub. Whenever state of code in master repo is prod ready, tag it and use the tag for production publish.
This is probably quite simple, but I am just not familiar with eclipse. I have a dev branch that I have pushed to the server for review using the basic git push origin dev. My co-worker is new to git and would prefer to stay within eclipse to review the code. He has egit installed and I cannot seem to find a way to pull a specific remote branch. I know this is brief but I am more than willing to provide any information for clarification.
To easily review the changes, your co-worker can check out the remote branch as a new local branch and then look at the code and commits.
One possible way is:
Team > Fetch from Upstream to get the newest branches (or a normal pull, which includes a fetch)
Team > Switch to > New Branch...
Select origin/dev (assuming the remote is named origin) as the base branch
Click Finish to check out the new local dev branch
It can also be done via the Git Repositories view by expanding Branches > Remote Tracking and using Create Branch... from the context menu.
Another way is to find the branch in the History view (you may need to toggle the Show All Branches and Tags option, see here) and use Create Branch... there.