Hi all, I have started to use the REUSE API for some projects to show the badge in the README.md file.
See https://github.com/noi-techpark/webcomp-mountain-area for example
The problem now is, that currently I have the .reuse and LICENSES folder only on our "development" branch.
https://github.com/noi-techpark/webcomp-mountain-area/tree/development
On my local machine "reuse lint" gives green light for REUSE compliance, but the badge shows non-compliant, because it seems to always check the main branch of each registered repository.
Is there a possibility to automatically check the current branch?
Cheers, Peter
Hi Peter,
~ Peter Moser [2021-04-15 16:07 +0200]:
The problem now is, that currently I have the .reuse and LICENSES folder only on our "development" branch.
https://github.com/noi-techpark/webcomp-mountain-area/tree/development
On my local machine "reuse lint" gives green light for REUSE compliance, but the badge shows non-compliant, because it seems to always check the main branch of each registered repository.
Is there a possibility to automatically check the current branch?
I gave this a longer thought but am not able to find a good solution for this with our current API setup, both technically and strategically. These are the reasons:
Aside from the one-time registration that only checks for validity of the email address, the API holds no account data. So you would not be able to change preferred branch once you've set it, e.g. during registration.
Moreover, I would consider that such a branch-picking would break the expectation of consumers of your REUSE compliant repository. If there is a "REUSE compliant" badge, I would expect that I can clone your repo and reuse parts of it easily because you provided all information about copyright and licensing. However, in this scenario, this would perhaps only apply to a development branch.
An evil mind could even set up a separate branch containing only one REUSE compliant test file and register this with our API while having the actual main branch being completely REUSE-ignorant. Of course there would be other methods to fake a repo's REUSE compliance, but this would make the official API providing a false-positive certification.
So as I said, I am afraid we cannot and don't want to enable a custom branch. However, the API is not bound to the branch names "main" or "master" – whatever you define as you default branch is being checked by the API, so you could make you "development" branch the default branch. But of course, this would also alter the branch that people see when they visit your Git repository.
Best, Max
I agree with the statement of Max that the default branch should be leading.
For checking each branch, you could consider a Continous Integration (CI) solution like GitHub Actions. There is a REUSE Action you can easily apply to verify each commit on each branch: https://github.com/marketplace/actions/reuse-compliance-check In that case you can be sure you are keeping your repository REUSE compliant.
Best, Nico Rikken