Home

Awesome

ColPrac: Contributor's Guide on Collaborative Practices for Community Packages

Global Docs

This document describes some best practices for collaborating on repositories. Following these practices makes it easier for contributors (new and old) to understand what is expected of them. It should be linked to in the README.md.

There are many good practices that this document does not cover. These include other members of the wider community reviewing pull requests (PRs) they are interested in, and maintainers encouraging and supporting people who open issues to make PRs to solve them. This document facilitates these other good practices by clarifying what can seem like a mysterious process to those who are unfamiliar with it.

This document is also only intended for community practices, it is not suitable for solo projects with one maintainer.

Community Standards

Interactions with people in the community must always follow the community standards, including in pull requests, issues, and discussions.

Contributing PRs

Reviewing, Approving, and Merging PRs

Releases

Becoming a Collaborator (gaining merge rights)


ColPrac: Further Guidance

This page offers some further guidance on conventions that can be helpful when collaborating on projects. This is an expansion on the Collaborative Practices, with more details and extra guidance. Anything detailed here should be considered less important than the main Collaborative Practices.

Guidance on contributing PRs

Guidance on reviewing PRs

Guidance on Package Releases

Incrementing the package version

Unreleased Changes and -DEV

Following the Collaborative Practices, when there are unreleased changes in the repository for an extended period of time, the version number in the Project.toml should be suffixed with -DEV. This makes it clear that there are unreleased changes. Which is useful for many things, including quickly understanding why a bug is still occurring, and working out if a bugfix may need to be backported.

Some more details on the use of -DEV.

Changing dependency compatibility

Dropping support for earlier versions of Julia

Accidental breaking releases

Do not panic, these things sometimes slip through.

It is important to fix it as soon as possible, as otherwise people start using the breaking change, and reverting it later causes more problems (c.f. Murphy's law).

To fix it:

  1. Make a PR which reverts the PR that made the breaking change.
  2. Bump the Patch version number in the Project.toml. The breaking API change was a bug, so a Patch release is correct to fix it.
  3. Merge the PR and release the new version.

Once the change is reverted, you can take stock and decide what to do. There are generally 2 options:

  1. Make a new PR to reimplement the feature in a non-breaking way.
  2. Make a new PR which reverts the reversion, bump the version number to signify it as breaking, and release the new breaking version.

Example

Consider a package which is currently on v1.14.2. I made a PR to add a new feature and tagged release v1.15.0. The next evening, we get bug reports that the new feature actually broke lots of real uses.

Maybe I changed what I thought was an internal function, but one that was actually part of the public API; maybe I accidentally changed the return type, and that was something people depended on. Whatever it was, I broke it, and this was not caught in code review.

To fix it, I revert the change, and then tag release v1.15.1. Hopefully, I can also add a test to prevent that part of the API from being broken by mistake.

Now I look at my change again. If I can add the same functionality in a non-breaking way - for example, make a new internal function for my use - then I would do so and tag v1.15.2 or v1.16.0 depending on what had to change.Bu If I cannot make an equivalent non-breaking change, then I would have to make the breaking change and tag v2.0.0.

Accidental support for an unsupported dependency

Say you were updating PackageA to support a new version of a dependency, PackageB. For example, you want PackageA v1.1.0 to support PackageB v0.5 and to discontinue supporting v0.4. But say you forgot to remove the compatibility for v0.4, which now no longer works, but other downstream packages that only use v0.4 are now pulling in PackageA v1.1.0 and getting errors.

Simply releasing a patch for PackageA (v1.1.1) that removes support for v0.4 won't work in this instance because downstream packages will continue to pull in v1.1.0. It might seem sufficient to just pin the downstream packages to use v1.0.0, but there may be a lot of them to fix, and you can't be certain you're aware of them all. It also does nothing to prevent new compatibility issues from arising in the future.

To fix this, you should still release a patch of PackageA (v1.1.1) that removes support for v0.4 of PackageB, but you should then mark v1.1.0 of PackageA as broken in the registry. To do this, simply make a PR to the registry, adding yanked = true to the Version.toml file under the version causing issues (in this case v1.1.0). This marks the release as broken and prevents it from being used by any package from then on.

Guidance on automatically enforcing guidelines

Many of these guidelines can and should be enforced automatically.


Definition of Public API

The public API is defined as all exported symbols or symbols marked via the public keyword (i.e. the full set of names from Docs.undocumented_names(module)), plus any unexported symbols that are explicitly documented as part of the public API, for instance, documented as part of standard usage in the README or hosted documentation. Note that the latter part of the definition is a "deprecation path" because the public keyword was only introduced in v1.11: it is expected in the future that the public API will be defined strictly as Docs.undocumented_names(module).

For macros, the public API is the documented set of behaviors and functionality.

Changes that are considered breaking

Changes that are not considered breaking

Everything on this list can, in theory, break users' code. See XKCD#1172. However, we consider changes to these things to be non-breaking from the perspective of package versioning.

(This guidance on non-breaking changes is inspired by https://www.tensorflow.org/guide/versions.)

Clarity on the Definition of Breaking in Macros

Note that the definition of breaking on macros is slightly larger than changes to its public API. This is due to the natural difficulty of documenting all parsable behaviors of macros and the difficulty of developing deprecation paths for changes to macro syntax. Thus in order to improve stability of the ecosystem with respect to macro changes, a more conservative definition of breaking is taken such that any change which does not have a backwards compatible alternative is considered breaking.

For example, if a macro had accidentally parsed @myequation 2x + 2 + the same as @myequation 2x + 2, it is not breaking to remove support for the trailing operator. If the trailing operator meant something which is not expressible in another way, and it is used in downstream packages, then it is considered a breaking change to remove this support.

Implicit Public API and Downstream Breakage

Appendix:

Marking a Repository as following ColPrac:

As mentioned at the top, community repositories following ColPrac, should link to it in their README.md. One way to do that is with a GitHub badge.

ColPrac: Contributor's Guide on Collaborative Practices for Community Packages

[![ColPrac: Contributor's Guide on Collaborative Practices for Community Packages](https://img.shields.io/badge/ColPrac-Contributor's%20Guide-blueviolet)](https://github.com/SciML/ColPrac)

Typically, ColPrac serves in places of a CONTRIBUTING.md, having all the common guidance that you would otherwise put there. If your package has its own CONTRIBUTING.md, then you should also link to ColPrac there, and indicate how the content of ColPrac relates to the CONTRIBUTING.md. For example, by stating:

We follow the ColPrac guide for collaborative practices. New contributors should make sure to read that guide. Below are some additional practices we follow.