diff mbox series

transport-helper: enforce atomic in push_refs_with_push

Message ID 20190702005340.66615-1-emilyshaffer@google.com (mailing list archive)
State New, archived
Headers show
Series transport-helper: enforce atomic in push_refs_with_push | expand

Commit Message

Emily Shaffer July 2, 2019, 12:53 a.m. UTC 
Teach transport-helper how to notice if skipping a ref during push would
violate atomicity on the client side. We notice that a ref would be
rejected, and choose not to send it, but don't notice that if the client
has asked for --atomic we are violating atomicity if all the other
pushes we are sending would succeed. Asking the server end to uphold
atomicity wouldn't work here as the server doesn't have any idea that we
tried to update a ref that's broken.

The added test-case is a succinct way to reproduce this issue that fails
today. The same steps work fine when we aren't using a transport-helper
to get to the upstream, i.e. when we've added a local repository as a
remote:

  git remote add ~/upstream upstream

Signed-off-by: Emily Shaffer <emilyshaffer@google.com>
---
 t/t5541-http-push-smart.sh | 58 ++++++++++++++++++++++++++++++++++++++
 transport-helper.c         |  6 ++++
 transport.c                | 15 +++++++++-
 3 files changed, 78 insertions(+), 1 deletion(-)

Comments

Johannes Schindelin July 2, 2019, 1:51 p.m. UTC | #1 
Hi Emily,

On Mon, 1 Jul 2019, Emily Shaffer wrote:

> Teach transport-helper how to notice if skipping a ref during push would
> violate atomicity on the client side. We notice that a ref would be
> rejected, and choose not to send it, but don't notice that if the client
> has asked for --atomic we are violating atomicity if all the other
> pushes we are sending would succeed. Asking the server end to uphold
> atomicity wouldn't work here as the server doesn't have any idea that we
> tried to update a ref that's broken.

Makes sense.

> The added test-case is a succinct way to reproduce this issue that fails
> today. The same steps work fine when we aren't using a transport-helper
> to get to the upstream, i.e. when we've added a local repository as a
> remote:
>
>   git remote add ~/upstream upstream
>
> Signed-off-by: Emily Shaffer <emilyshaffer@google.com>
> ---
>  t/t5541-http-push-smart.sh | 58 ++++++++++++++++++++++++++++++++++++++
>  transport-helper.c         |  6 ++++
>  transport.c                | 15 +++++++++-
>  3 files changed, 78 insertions(+), 1 deletion(-)
>
> diff --git a/t/t5541-http-push-smart.sh b/t/t5541-http-push-smart.sh
> index 8ef8763e06..b57f6d480f 100755
> --- a/t/t5541-http-push-smart.sh
> +++ b/t/t5541-http-push-smart.sh
> @@ -177,6 +177,64 @@ test_expect_success 'push (chunked)' '
>  	 test $HEAD = $(git rev-parse --verify HEAD))
>  '
>
> +test_expect_success 'push --atomic also prevents branch creation' '
> +	# Make up/master
> +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-branches.git &&
> +	git init --bare "$d" &&
> +	git --git-dir="$d" config http.receivepack true &&

Why not `-C "$d"`? And why not `test_config`?

> +	up="$HTTPD_URL"/smart/atomic-branches.git &&
> +	test_commit atomic1 &&
> +	test_commit atomic2 &&
> +	git push "$up" master &&

It would be more succinct to do a `git clone --bare . "$d"` here, instead
of a `git init --bare` and a `git push` no?

> +	# Make master incompatible with up/master
> +	git reset --hard HEAD^ &&
> +	# Add a new branch
> +	git branch atomic &&
> +	# --atomic should roll back creation of up/atomic
> +	test_must_fail git push --atomic "$up" master atomic &&
> +	git ls-remote "$up" >up-remotes &&
> +	test_must_fail grep atomic up-remotes

Why not `test_must_fail git -C "$d" rev-parse refs/heads/atomic`?

> +'
> +
> +test_expect_success 'push --atomic shows all failed refs' '
> +	# Make up/master, up/allrefs
> +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
> +	git init --bare "$d" &&
> +	git --git-dir="$d" config http.receivepack true &&
> +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
> +	test_commit allrefs1 &&
> +	test_commit allrefs2 &&
> +	git branch allrefs &&
> +	git push "$up" master allrefs &&
> +	# Make master and allrefs incompatible with up/master, up/allrefs
> +	git checkout allrefs &&
> +	git reset --hard HEAD^ &&
> +	git checkout master &&
> +	git reset --hard HEAD^ &&
> +	# --atomic should complain about both master and allrefs
> +	test_must_fail git push --atomic "$up" master allrefs >&output &&
> +	grep master output &&
> +	grep allrefs output
> +'

I have the impression that the setup these two new test cases perform are
_very_ similar, making it most likely that a combined test case would be
more succinct, yet still complete and easily readable.

> +
> +test_expect_success 'push --atomic indicates collateral failures' '
> +	# Make up/master, up/collateral
> +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-collateral.git &&
> +	git init --bare "$d" &&
> +	git --git-dir="$d" config http.receivepack true &&
> +	up="$HTTPD_URL"/smart/atomic-collateral.git &&
> +	test_commit collateral1 &&
> +	test_commit collateral2 &&
> +	git branch collateral &&
> +	git push "$up" master collateral &&
> +	# Make master incompatible with up/master
> +	git reset --hard HEAD^ &&
> +	# --atomic should mention collateral was OK but failed anyway
> +	test_must_fail git push --atomic "$up" master collateral >&output &&
> +	grep "master -> master" output &&
> +	grep "collateral -> collateral" output
> +'

Same here.

> +
>  test_expect_success 'push --all can push to empty repo' '
>  	d=$HTTPD_DOCUMENT_ROOT_PATH/empty-all.git &&
>  	git init --bare "$d" &&
> diff --git a/transport-helper.c b/transport-helper.c
> index c7e17ec9cb..6b05a88faf 100644
> --- a/transport-helper.c
> +++ b/transport-helper.c
> @@ -853,6 +853,7 @@ static int push_refs_with_push(struct transport *transport,
>  {
>  	int force_all = flags & TRANSPORT_PUSH_FORCE;
>  	int mirror = flags & TRANSPORT_PUSH_MIRROR;
> +	int atomic = flags & TRANSPORT_PUSH_ATOMIC;
>  	struct helper_data *data = transport->data;
>  	struct strbuf buf = STRBUF_INIT;
>  	struct ref *ref;
> @@ -872,6 +873,11 @@ static int push_refs_with_push(struct transport *transport,
>  		case REF_STATUS_REJECT_NONFASTFORWARD:
>  		case REF_STATUS_REJECT_STALE:
>  		case REF_STATUS_REJECT_ALREADY_EXISTS:
> +			if (atomic) {
> +				string_list_clear(&cas_options, 0);
> +				return 0;
> +			} else
> +				continue;
>  		case REF_STATUS_UPTODATE:
>  			continue;
>  		default:
> diff --git a/transport.c b/transport.c
> index f1fcd2c4b0..f4d6b38f9d 100644
> --- a/transport.c
> +++ b/transport.c
> @@ -1226,10 +1226,23 @@ int transport_push(struct repository *r,
>  		err = push_had_errors(remote_refs);
>  		ret = push_ret | err;
>
> -		if (!quiet || err)
> +		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {

This looks funny. And it does so only...

> +			for (struct ref *it = remote_refs; it; it = it->next)
> +				switch (it->status) {
> +				case REF_STATUS_NONE:
> +				case REF_STATUS_UPTODATE:
> +				case REF_STATUS_OK:
> +					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
> +				default:
> +					continue;
> +				}
> +		}
> +
> +		if (!quiet || err) {

... because a curly was introduced around a single-liner. This adds
unnecessary noise to the patch.

This easily distracts reviewers like myself from more important questions
such as: why was this conditional switch added before this conditional
block, does it intend to influence the printed push status? Ah, yes, of
course, even if `it->status` is changed, it actually modifies the data
to which `remote_refs` points. So yes, this has to be done here.

>  			transport_print_push_status(transport->url, remote_refs,
>  					verbose | porcelain, porcelain,
>  					reject_reasons);
> +		}
>
>  		if (flags & TRANSPORT_PUSH_SET_UPSTREAM)
>  			set_upstreams(transport, remote_refs, pretend);
> --

Apart from minor nits, I like it. Thanks,
Dscho

> 2.22.0.410.gd8fdbe21b5-goog
>
>
Junio C Hamano July 2, 2019, 6:27 p.m. UTC | #2 
Johannes Schindelin <Johannes.Schindelin@gmx.de> writes:

>> +	# Make master incompatible with up/master
>> +	git reset --hard HEAD^ &&
>> +	# Add a new branch
>> +	git branch atomic &&
>> +	# --atomic should roll back creation of up/atomic
>> +	test_must_fail git push --atomic "$up" master atomic &&
>> +	git ls-remote "$up" >up-remotes &&
>> +	test_must_fail grep atomic up-remotes
>
> Why not `test_must_fail git -C "$d" rev-parse refs/heads/atomic`?

They check different expectations.

Between making sure that the state observable in the resulting
repository matches what should have been left and checking what the
command says it did to its output, I agree that the former is a more
robust way to test the commands.

We obviously could test both, though ;-)
Junio C Hamano July 2, 2019, 7:06 p.m. UTC | #3 
Emily Shaffer <emilyshaffer@google.com> writes:

> diff --git a/transport-helper.c b/transport-helper.c
> index c7e17ec9cb..6b05a88faf 100644
> --- a/transport-helper.c
> +++ b/transport-helper.c
> @@ -853,6 +853,7 @@ static int push_refs_with_push(struct transport *transport,
>  {
>  	int force_all = flags & TRANSPORT_PUSH_FORCE;
>  	int mirror = flags & TRANSPORT_PUSH_MIRROR;
> +	int atomic = flags & TRANSPORT_PUSH_ATOMIC;
>  	struct helper_data *data = transport->data;
>  	struct strbuf buf = STRBUF_INIT;
>  	struct ref *ref;
> @@ -872,6 +873,11 @@ static int push_refs_with_push(struct transport *transport,
>  		case REF_STATUS_REJECT_NONFASTFORWARD:
>  		case REF_STATUS_REJECT_STALE:
>  		case REF_STATUS_REJECT_ALREADY_EXISTS:
> +			if (atomic) {
> +				string_list_clear(&cas_options, 0);
> +				return 0;
> +			} else
> +				continue;

Ah, this looks vaguely familiar.  Thanks for resurrecting the topic.

The clearing is merely to avoid leaks, and the primary change to the
function is to immediately return 0.

>  		case REF_STATUS_UPTODATE:
>  			continue;
>  		default:
> diff --git a/transport.c b/transport.c
> index f1fcd2c4b0..f4d6b38f9d 100644
> --- a/transport.c
> +++ b/transport.c
> @@ -1226,10 +1226,23 @@ int transport_push(struct repository *r,
>  		err = push_had_errors(remote_refs);
>  		ret = push_ret | err;

Here, before reporting the push result, when we are doing ATOMIC,
we tweak the result we are going to report to atomic-push-failed.

> +		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {
> +			for (struct ref *it = remote_refs; it; it = it->next)
> +				switch (it->status) {
> +				case REF_STATUS_NONE:
> +				case REF_STATUS_UPTODATE:
> +				case REF_STATUS_OK:
> +					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
> +				default:
> +					continue;
> +				}
> +		}

This roughly corresponds to what send-pack.c::atomic_push_failure()
does.  Here, we avoid overwriting a status that already signals a
failure.  The list of "good" statuses used here match what is used
at the end of send_pack.c::send_pack(), which decides the final
outcome of "git push" for the native transport.

Looks good.

By the way, I rearranged the patch as I happen to agree with Dscho
that the additional {} was unwarranted and made it harder to review.
It is clear that we need to tweak the status before reporting.

>
> 		if (!quiet || err)
>  			transport_print_push_status(transport->url, remote_refs,
>  					verbose | porcelain, porcelain,
>  					reject_reasons);
>  
>  		if (flags & TRANSPORT_PUSH_SET_UPSTREAM)
>  			set_upstreams(transport, remote_refs, pretend);
Junio C Hamano July 2, 2019, 8:16 p.m. UTC | #4 
Emily Shaffer <emilyshaffer@google.com> writes:

> +		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {
> +			for (struct ref *it = remote_refs; it; it = it->next)
> +				switch (it->status) {
> +				case REF_STATUS_NONE:
> +				case REF_STATUS_UPTODATE:
> +				case REF_STATUS_OK:
> +					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
> +				default:
> +					continue;
> +				}
> +		}


Let's write this more like so

		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {
			for (struct ref *it = remote_refs; it; it = it->next)
				switch (it->status) {
				case REF_STATUS_NONE:
				case REF_STATUS_UPTODATE:
				case REF_STATUS_OK:
					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
					break;
				default:
					break;
				}
		}

to prevent compilers from giving "implicit fallthru" warnings.
Junio C Hamano July 2, 2019, 9:37 p.m. UTC | #5 
Emily Shaffer <emilyshaffer@google.com> writes:

> Teach transport-helper how to notice if skipping a ref during push would
> violate atomicity on the client side. We notice that a ref would be
> rejected, and choose not to send it, but don't notice that if the client
> has asked for --atomic we are violating atomicity if all the other
> pushes we are sending would succeed. Asking the server end to uphold
> atomicity wouldn't work here as the server doesn't have any idea that we
> tried to update a ref that's broken.
>
> The added test-case is a succinct way to reproduce this issue that fails
> today. The same steps work fine when we aren't using a transport-helper
> to get to the upstream, i.e. when we've added a local repository as a
> remote:
>
>   git remote add ~/upstream upstream
>
> Signed-off-by: Emily Shaffer <emilyshaffer@google.com>
> ---
>  t/t5541-http-push-smart.sh | 58 ++++++++++++++++++++++++++++++++++++++
>  transport-helper.c         |  6 ++++
>  transport.c                | 15 +++++++++-
>  3 files changed, 78 insertions(+), 1 deletion(-)
>
> diff --git a/t/t5541-http-push-smart.sh b/t/t5541-http-push-smart.sh
> index 8ef8763e06..b57f6d480f 100755
> --- a/t/t5541-http-push-smart.sh
> +++ b/t/t5541-http-push-smart.sh
> @@ -177,6 +177,64 @@ test_expect_success 'push (chunked)' '
>  	 test $HEAD = $(git rev-parse --verify HEAD))
>  '
>  
> +test_expect_success 'push --atomic also prevents branch creation' '
> +	# Make up/master
> +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-branches.git &&
> +	git init --bare "$d" &&
> +	git --git-dir="$d" config http.receivepack true &&
> +	up="$HTTPD_URL"/smart/atomic-branches.git &&
> +	test_commit atomic1 &&
> +	test_commit atomic2 &&
> +	git push "$up" master &&
> +	# Make master incompatible with up/master
> +	git reset --hard HEAD^ &&
> +	# Add a new branch
> +	git branch atomic &&
> +	# --atomic should roll back creation of up/atomic
> +	test_must_fail git push --atomic "$up" master atomic &&
> +	git ls-remote "$up" >up-remotes &&
> +	test_must_fail grep atomic up-remotes

Don't use test_must_fail on non-git things.  We are not in the
business of catching segfaulting system programs.

> +'
> +
> +test_expect_success 'push --atomic shows all failed refs' '
> +	# Make up/master, up/allrefs
> +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
> +	git init --bare "$d" &&
> +	git --git-dir="$d" config http.receivepack true &&
> +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
> +	test_commit allrefs1 &&
> +	test_commit allrefs2 &&
> +	git branch allrefs &&
> +	git push "$up" master allrefs &&
> +	# Make master and allrefs incompatible with up/master, up/allrefs
> +	git checkout allrefs &&
> +	git reset --hard HEAD^ &&
> +	git checkout master &&
> +	git reset --hard HEAD^ &&
> +	# --atomic should complain about both master and allrefs
> +	test_must_fail git push --atomic "$up" master allrefs >&output &&

Don't rely on ">&output", which is an unnecessary bash-ism here.  It
breaks test run under shells like dash.

	>output 2>&1

should be OK.

> +	grep master output &&
> +	grep allrefs output
> +'
> +
> +test_expect_success 'push --atomic indicates collateral failures' '
> +	# Make up/master, up/collateral
> +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-collateral.git &&
> +	git init --bare "$d" &&
> +	git --git-dir="$d" config http.receivepack true &&
> +	up="$HTTPD_URL"/smart/atomic-collateral.git &&
> +	test_commit collateral1 &&
> +	test_commit collateral2 &&
> +	git branch collateral &&
> +	git push "$up" master collateral &&
> +	# Make master incompatible with up/master
> +	git reset --hard HEAD^ &&
> +	# --atomic should mention collateral was OK but failed anyway
> +	test_must_fail git push --atomic "$up" master collateral >&output &&

Ditto.

> +	grep "master -> master" output &&
> +	grep "collateral -> collateral" output
> +'
> +
Emily Shaffer July 3, 2019, 12:08 a.m. UTC | #6 
On Tue, Jul 02, 2019 at 02:37:42PM -0700, Junio C Hamano wrote:
> >  
> > +test_expect_success 'push --atomic also prevents branch creation' '
> > +	# Make up/master
> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-branches.git &&
> > +	git init --bare "$d" &&
> > +	git --git-dir="$d" config http.receivepack true &&
> > +	up="$HTTPD_URL"/smart/atomic-branches.git &&
> > +	test_commit atomic1 &&
> > +	test_commit atomic2 &&
> > +	git push "$up" master &&
> > +	# Make master incompatible with up/master
> > +	git reset --hard HEAD^ &&
> > +	# Add a new branch
> > +	git branch atomic &&
> > +	# --atomic should roll back creation of up/atomic
> > +	test_must_fail git push --atomic "$up" master atomic &&
> > +	git ls-remote "$up" >up-remotes &&
> > +	test_must_fail grep atomic up-remotes
> 
> Don't use test_must_fail on non-git things.  We are not in the
> business of catching segfaulting system programs.

Done:
  ! grep atomic up-remotes

> 
> > +'
> > +
> > +test_expect_success 'push --atomic shows all failed refs' '
> > +	# Make up/master, up/allrefs
> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
> > +	git init --bare "$d" &&
> > +	git --git-dir="$d" config http.receivepack true &&
> > +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
> > +	test_commit allrefs1 &&
> > +	test_commit allrefs2 &&
> > +	git branch allrefs &&
> > +	git push "$up" master allrefs &&
> > +	# Make master and allrefs incompatible with up/master, up/allrefs
> > +	git checkout allrefs &&
> > +	git reset --hard HEAD^ &&
> > +	git checkout master &&
> > +	git reset --hard HEAD^ &&
> > +	# --atomic should complain about both master and allrefs
> > +	test_must_fail git push --atomic "$up" master allrefs >&output &&
> 
> Don't rely on ">&output", which is an unnecessary bash-ism here.  It
> breaks test run under shells like dash.
> 
> 	>output 2>&1
> 
> should be OK.

Done.

> 
> > +	grep master output &&
> > +	grep allrefs output
> > +'
> > +
> > +test_expect_success 'push --atomic indicates collateral failures' '
> > +	# Make up/master, up/collateral
> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-collateral.git &&
> > +	git init --bare "$d" &&
> > +	git --git-dir="$d" config http.receivepack true &&
> > +	up="$HTTPD_URL"/smart/atomic-collateral.git &&
> > +	test_commit collateral1 &&
> > +	test_commit collateral2 &&
> > +	git branch collateral &&
> > +	git push "$up" master collateral &&
> > +	# Make master incompatible with up/master
> > +	git reset --hard HEAD^ &&
> > +	# --atomic should mention collateral was OK but failed anyway
> > +	test_must_fail git push --atomic "$up" master collateral >&output &&
> 
> Ditto.

Done.

 - Emily
Emily Shaffer July 3, 2019, 12:09 a.m. UTC | #7 
On Tue, Jul 02, 2019 at 01:16:46PM -0700, Junio C Hamano wrote:
> Emily Shaffer <emilyshaffer@google.com> writes:
> 
> > +		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {
> > +			for (struct ref *it = remote_refs; it; it = it->next)
> > +				switch (it->status) {
> > +				case REF_STATUS_NONE:
> > +				case REF_STATUS_UPTODATE:
> > +				case REF_STATUS_OK:
> > +					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
> > +				default:
> > +					continue;
> > +				}
> > +		}
> 
> 
> Let's write this more like so
> 
> 		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {
> 			for (struct ref *it = remote_refs; it; it = it->next)
> 				switch (it->status) {
> 				case REF_STATUS_NONE:
> 				case REF_STATUS_UPTODATE:
> 				case REF_STATUS_OK:
> 					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
> 					break;
> 				default:
> 					break;
> 				}
> 		}
> 
> to prevent compilers from giving "implicit fallthru" warnings.

Done, thanks.
SZEDER Gábor July 3, 2019, 9:10 a.m. UTC | #8 
On Tue, Jul 02, 2019 at 02:37:42PM -0700, Junio C Hamano wrote:
> > +test_expect_success 'push --atomic shows all failed refs' '
> > +	# Make up/master, up/allrefs
> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
> > +	git init --bare "$d" &&
> > +	git --git-dir="$d" config http.receivepack true &&
> > +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
> > +	test_commit allrefs1 &&
> > +	test_commit allrefs2 &&
> > +	git branch allrefs &&
> > +	git push "$up" master allrefs &&
> > +	# Make master and allrefs incompatible with up/master, up/allrefs
> > +	git checkout allrefs &&
> > +	git reset --hard HEAD^ &&
> > +	git checkout master &&
> > +	git reset --hard HEAD^ &&
> > +	# --atomic should complain about both master and allrefs
> > +	test_must_fail git push --atomic "$up" master allrefs >&output &&
> 
> Don't rely on ">&output", which is an unnecessary bash-ism here.  It
> breaks test run under shells like dash.
> 
> 	>output 2>&1
> 
> should be OK.

'2>output' would be a tad better, because those refs should be printed
to stderr.
Junio C Hamano July 3, 2019, 6:13 p.m. UTC | #9 
SZEDER Gábor <szeder.dev@gmail.com> writes:

> On Tue, Jul 02, 2019 at 02:37:42PM -0700, Junio C Hamano wrote:
>> > +test_expect_success 'push --atomic shows all failed refs' '
>> > +	# Make up/master, up/allrefs
>> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
>> > +	git init --bare "$d" &&
>> > +	git --git-dir="$d" config http.receivepack true &&
>> > +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
>> > +	test_commit allrefs1 &&
>> > +	test_commit allrefs2 &&
>> > +	git branch allrefs &&
>> > +	git push "$up" master allrefs &&
>> > +	# Make master and allrefs incompatible with up/master, up/allrefs
>> > +	git checkout allrefs &&
>> > +	git reset --hard HEAD^ &&
>> > +	git checkout master &&
>> > +	git reset --hard HEAD^ &&
>> > +	# --atomic should complain about both master and allrefs
>> > +	test_must_fail git push --atomic "$up" master allrefs >&output &&
>> 
>> Don't rely on ">&output", which is an unnecessary bash-ism here.  It
>> breaks test run under shells like dash.
>> 
>> 	>output 2>&1
>> 
>> should be OK.
>
> '2>output' would be a tad better, because those refs should be printed
> to stderr.

Yeah; there are many existing uses of ">output 2>&1" in the same
script and I was following the suit.  There also are 2>err and I
agree that it is more appropriate in this case.
Emily Shaffer July 3, 2019, 6:56 p.m. UTC | #10 
> > +test_expect_success 'push --atomic also prevents branch creation' '
> > +	# Make up/master
> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-branches.git &&
> > +	git init --bare "$d" &&
> > +	git --git-dir="$d" config http.receivepack true &&
> 
> Why not `-C "$d"`?
The example I had found below the new ones used --git-dir, but yeah, there's no
reason not to use -C instead. Changing.

> And why not `test_config`?

Done, didn't know about it and it's not used in the test I referred to
while writing this one ('push --all can push to empty repo'). Thanks, I
learned something new.

> 
> > +	up="$HTTPD_URL"/smart/atomic-branches.git &&
> > +	test_commit atomic1 &&
> > +	test_commit atomic2 &&
> > +	git push "$up" master &&
> 
> It would be more succinct to do a `git clone --bare . "$d"` here, instead
> of a `git init --bare` and a `git push` no?

I'm not sure I would say "more succinct." This leaves the test with the
same number of lines, but now it says:

  Make some commits
  Name a Git directory
  Clone to the new Git directory
  Do some config on the new Git directory
  Name a remote URL
  Change some commits
  ...

In my opinion, it's more readable the way it is now:

  {Do some setup stuff.}
  Name a Git directory
  Init it
  Config it
  Name the remote URL
  {Do the test stuff.}
  Make some commits
  Push some commits
  Change some commits
  ...

I did add another comment to separate "Make 'up'" and "Make up/master",
which I hope expresses my intent in organizing it this way.

> 
> > +	# Make master incompatible with up/master
> > +	git reset --hard HEAD^ &&
> > +	# Add a new branch
> > +	git branch atomic &&
> > +	# --atomic should roll back creation of up/atomic
> > +	test_must_fail git push --atomic "$up" master atomic &&
> > +	git ls-remote "$up" >up-remotes &&
> > +	test_must_fail grep atomic up-remotes
> 
> Why not `test_must_fail git -C "$d" rev-parse refs/heads/atomic`?

Sure, changed.

> > > +'
> > +
> > +test_expect_success 'push --atomic shows all failed refs' '
> > +	# Make up/master, up/allrefs
> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
> > +	git init --bare "$d" &&
> > +	git --git-dir="$d" config http.receivepack true &&
> > +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
> > +	test_commit allrefs1 &&
> > +	test_commit allrefs2 &&
> > +	git branch allrefs &&
> > +	git push "$up" master allrefs &&
> > +	# Make master and allrefs incompatible with up/master, up/allrefs
> > +	git checkout allrefs &&
> > +	git reset --hard HEAD^ &&
> > +	git checkout master &&
> > +	git reset --hard HEAD^ &&
> > +	# --atomic should complain about both master and allrefs
> > +	test_must_fail git push --atomic "$up" master allrefs >&output &&
> > +	grep master output &&
> > +	grep allrefs output
> > +'
> 
> I have the impression that the setup these two new test cases perform are
> _very_ similar, making it most likely that a combined test case would be
> more succinct, yet still complete and easily readable.

(Junio replied to this downthread... I have more to ask too.)

> 
> > +
> > +test_expect_success 'push --atomic indicates collateral failures' '
> > +	# Make up/master, up/collateral
> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-collateral.git &&
> > +	git init --bare "$d" &&
> > +	git --git-dir="$d" config http.receivepack true &&
> > +	up="$HTTPD_URL"/smart/atomic-collateral.git &&
> > +	test_commit collateral1 &&
> > +	test_commit collateral2 &&
> > +	git branch collateral &&
> > +	git push "$up" master collateral &&
> > +	# Make master incompatible with up/master
> > +	git reset --hard HEAD^ &&
> > +	# --atomic should mention collateral was OK but failed anyway
> > +	test_must_fail git push --atomic "$up" master collateral >&output &&
> > +	grep "master -> master" output &&
> > +	grep "collateral -> collateral" output
> > +'
> 
> Same here.
> 
> > +
> >  test_expect_success 'push --all can push to empty repo' '
> >  	d=$HTTPD_DOCUMENT_ROOT_PATH/empty-all.git &&
> >  	git init --bare "$d" &&
> > diff --git a/transport-helper.c b/transport-helper.c
> > index c7e17ec9cb..6b05a88faf 100644
> > --- a/transport-helper.c
> > +++ b/transport-helper.c
> > @@ -853,6 +853,7 @@ static int push_refs_with_push(struct transport *transport,
> >  {
> >  	int force_all = flags & TRANSPORT_PUSH_FORCE;
> >  	int mirror = flags & TRANSPORT_PUSH_MIRROR;
> > +	int atomic = flags & TRANSPORT_PUSH_ATOMIC;
> >  	struct helper_data *data = transport->data;
> >  	struct strbuf buf = STRBUF_INIT;
> >  	struct ref *ref;
> > @@ -872,6 +873,11 @@ static int push_refs_with_push(struct transport *transport,
> >  		case REF_STATUS_REJECT_NONFASTFORWARD:
> >  		case REF_STATUS_REJECT_STALE:
> >  		case REF_STATUS_REJECT_ALREADY_EXISTS:
> > +			if (atomic) {
> > +				string_list_clear(&cas_options, 0);
> > +				return 0;
> > +			} else
> > +				continue;
> >  		case REF_STATUS_UPTODATE:
> >  			continue;
> >  		default:
> > diff --git a/transport.c b/transport.c
> > index f1fcd2c4b0..f4d6b38f9d 100644
> > --- a/transport.c
> > +++ b/transport.c
> > @@ -1226,10 +1226,23 @@ int transport_push(struct repository *r,
> >  		err = push_had_errors(remote_refs);
> >  		ret = push_ret | err;
> >
> > -		if (!quiet || err)
> > +		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {
> 
> This looks funny. And it does so only...
> 
> > +			for (struct ref *it = remote_refs; it; it = it->next)
> > +				switch (it->status) {
> > +				case REF_STATUS_NONE:
> > +				case REF_STATUS_UPTODATE:
> > +				case REF_STATUS_OK:
> > +					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
> > +				default:
> > +					continue;
> > +				}
> > +		}
> > +
> > +		if (!quiet || err) {
> 
> ... because a curly was introduced around a single-liner. This adds
> unnecessary noise to the patch.
> 
> This easily distracts reviewers like myself from more important questions
> such as: why was this conditional switch added before this conditional
> block, does it intend to influence the printed push status? Ah, yes, of
> course, even if `it->status` is changed, it actually modifies the data
> to which `remote_refs` points. So yes, this has to be done here.

Oops, I thought I had omitted the new braces when I was staging the changes.
Really sorry for the distraction. You're right that it makes the diff
look weird.

> 
> >  			transport_print_push_status(transport->url, remote_refs,
> >  					verbose | porcelain, porcelain,
> >  					reject_reasons);
> > +		}
> >
> >  		if (flags & TRANSPORT_PUSH_SET_UPSTREAM)
> >  			set_upstreams(transport, remote_refs, pretend);
> > --
> 
> Apart from minor nits, I like it. Thanks,
> Dscho
> 
> > 2.22.0.410.gd8fdbe21b5-goog
> >
> >
Emily Shaffer July 3, 2019, 6:58 p.m. UTC | #11 
On Wed, Jul 03, 2019 at 11:13:45AM -0700, Junio C Hamano wrote:
> SZEDER Gábor <szeder.dev@gmail.com> writes:
> 
> > On Tue, Jul 02, 2019 at 02:37:42PM -0700, Junio C Hamano wrote:
> >> > +test_expect_success 'push --atomic shows all failed refs' '
> >> > +	# Make up/master, up/allrefs
> >> > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
> >> > +	git init --bare "$d" &&
> >> > +	git --git-dir="$d" config http.receivepack true &&
> >> > +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
> >> > +	test_commit allrefs1 &&
> >> > +	test_commit allrefs2 &&
> >> > +	git branch allrefs &&
> >> > +	git push "$up" master allrefs &&
> >> > +	# Make master and allrefs incompatible with up/master, up/allrefs
> >> > +	git checkout allrefs &&
> >> > +	git reset --hard HEAD^ &&
> >> > +	git checkout master &&
> >> > +	git reset --hard HEAD^ &&
> >> > +	# --atomic should complain about both master and allrefs
> >> > +	test_must_fail git push --atomic "$up" master allrefs >&output &&
> >> 
> >> Don't rely on ">&output", which is an unnecessary bash-ism here.  It
> >> breaks test run under shells like dash.
> >> 
> >> 	>output 2>&1
> >> 
> >> should be OK.
> >
> > '2>output' would be a tad better, because those refs should be printed
> > to stderr.
> 
> Yeah; there are many existing uses of ">output 2>&1" in the same
> script and I was following the suit.  There also are 2>err and I
> agree that it is more appropriate in this case.

Oh, this is a good point. I'll change it, thanks both.
Emily Shaffer July 3, 2019, 7:01 p.m. UTC | #12 
> > > > +'
> > > +
> > > +test_expect_success 'push --atomic shows all failed refs' '
> > > +	# Make up/master, up/allrefs
> > > +	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
> > > +	git init --bare "$d" &&
> > > +	git --git-dir="$d" config http.receivepack true &&
> > > +	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
> > > +	test_commit allrefs1 &&
> > > +	test_commit allrefs2 &&
> > > +	git branch allrefs &&
> > > +	git push "$up" master allrefs &&
> > > +	# Make master and allrefs incompatible with up/master, up/allrefs
> > > +	git checkout allrefs &&
> > > +	git reset --hard HEAD^ &&
> > > +	git checkout master &&
> > > +	git reset --hard HEAD^ &&
> > > +	# --atomic should complain about both master and allrefs
> > > +	test_must_fail git push --atomic "$up" master allrefs >&output &&
> > > +	grep master output &&
> > > +	grep allrefs output
> > > +'
> > 
> > I have the impression that the setup these two new test cases perform are
> > _very_ similar, making it most likely that a combined test case would be
> > more succinct, yet still complete and easily readable.
> 
> (Junio replied to this downthread... I have more to ask too.)

Oops, I misremembered which comment he had replied to. Yeah, I'll think
about this and reword.

Reroll to come shortly. Thanks, all.

 - Emily
Johannes Schindelin July 3, 2019, 7:41 p.m. UTC | #13 
Hi Emily,

On Wed, 3 Jul 2019, Emily Shaffer wrote:

> > > +	up="$HTTPD_URL"/smart/atomic-branches.git &&
> > > +	test_commit atomic1 &&
> > > +	test_commit atomic2 &&
> > > +	git push "$up" master &&
> >
> > It would be more succinct to do a `git clone --bare . "$d"` here, instead
> > of a `git init --bare` and a `git push` no?
>
> I'm not sure I would say "more succinct." This leaves the test with the
> same number of lines,

No, it does not, as `git clone --bare . "$d"` does _both_ the initializing
and the object transfer.

It only saves one line, of course, but do keep in mind that anybody
running into any kind of regression with your test case needs to
understand what it does. And from experience I can tell you that reading
any test case longer than 5 lines is quite annoying when you actually
only care about fixing the regression, and not so much about the wonderful
story the test case tells.

So in a sense, I guess I would even suggest to move as much of the setup
for your test cases outside, preferably into an initial `setup` test case
that initializes the minimal scenario required by the regression test
case.

Thanks,
Dscho
Emily Shaffer July 3, 2019, 8:57 p.m. UTC | #14 
On Wed, Jul 03, 2019 at 09:41:46PM +0200, Johannes Schindelin wrote:
> Hi Emily,
> 
> On Wed, 3 Jul 2019, Emily Shaffer wrote:
> 
> > > > +	up="$HTTPD_URL"/smart/atomic-branches.git &&
> > > > +	test_commit atomic1 &&
> > > > +	test_commit atomic2 &&
> > > > +	git push "$up" master &&
> > >
> > > It would be more succinct to do a `git clone --bare . "$d"` here, instead
> > > of a `git init --bare` and a `git push` no?
> >
> > I'm not sure I would say "more succinct." This leaves the test with the
> > same number of lines,
> 
> No, it does not, as `git clone --bare . "$d"` does _both_ the initializing
> and the object transfer.
> 
> It only saves one line, of course, but do keep in mind that anybody
> running into any kind of regression with your test case needs to
> understand what it does. And from experience I can tell you that reading
> any test case longer than 5 lines is quite annoying when you actually
> only care about fixing the regression, and not so much about the wonderful
> story the test case tells.

I suppose I'm confused, then, as I understood you were asking me to
combine my three test cases into one, which naturally makes the test
itself more complex and longer to read. Which do you prefer?

> 
> So in a sense, I guess I would even suggest to move as much of the setup
> for your test cases outside, preferably into an initial `setup` test case
> that initializes the minimal scenario required by the regression test
> case.
> 
> Thanks,
> Dscho
Johannes Schindelin July 4, 2019, 8:29 a.m. UTC | #15 
Hi Emily,

On Wed, 3 Jul 2019, Emily Shaffer wrote:

> On Wed, Jul 03, 2019 at 09:41:46PM +0200, Johannes Schindelin wrote:
>
> > On Wed, 3 Jul 2019, Emily Shaffer wrote:
> >
> > > > > +	up="$HTTPD_URL"/smart/atomic-branches.git &&
> > > > > +	test_commit atomic1 &&
> > > > > +	test_commit atomic2 &&
> > > > > +	git push "$up" master &&
> > > >
> > > > It would be more succinct to do a `git clone --bare . "$d"` here,
> > > > instead of a `git init --bare` and a `git push` no?
> > >
> > > I'm not sure I would say "more succinct." This leaves the test with the
> > > same number of lines,
> >
> > No, it does not, as `git clone --bare . "$d"` does _both_ the initializing
> > and the object transfer.
> >
> > It only saves one line, of course, but do keep in mind that anybody
> > running into any kind of regression with your test case needs to
> > understand what it does. And from experience I can tell you that reading
> > any test case longer than 5 lines is quite annoying when you actually
> > only care about fixing the regression, and not so much about the wonderful
> > story the test case tells.
>
> I suppose I'm confused, then, as I understood you were asking me to
> combine my three test cases into one, which naturally makes the test
> itself more complex and longer to read. Which do you prefer?

If I were tasked with developing this further, I would try to move as much
of the setup into the initial test case (if there is already a `setup`
test case; otherwise I would create one). In fact, I would try to reuse as
much of the existing setup test case as possible, and only add commands if
really necessary. Then, I would try to combine the three test cases in the
patch into a single one, structuring it by white space and using comments
to clarify what is happening.

In my mind, even just adding an empty line before the comments like "Make
master incompatible with up/master" would make it much easier for me to
read, were I to analyze a test breakage.

I have to admit that I have a hard time understanding what the intention
of those three test cases is because I get confused: where does the set-up
end, where is the code that is expected to fail, where are the
expectations tested?

Also, I get confused by how similar the test cases look, and have a hard
time discerning what the differences are (i.e. what are the interesting
bits, where the entropy comes from).

I could imagine that I would have had an easier time reading something
like this:

test_expect_success 'push --atomic' '
	: set up two branches, one which will require a force push &&
	git checkout -b fast-forwarding master &&
	test_commit push-atomic &&
	git checkout -b non-fast-forwarding &&

	: now, initialize the bare repository to push to &&
	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic.git &&
	git clone --bare . $d &&

	: modify the two branches and create a third one &&
	git reset --hard HEAD^ &&
	git checkout fast-forwarding &&
	test_commit no-need-to-force &&
	git branch new-branch &&

	: now the atomic push must fail &&
	test_must_fail git push --atomic "$HTTPD_URL"/smart/atomic.git \
		fast-forwarding non-fast-forwarding new-branch 2>err &&

	: verify that new-branch was not pushed &&
	test_must_fail git -C $d rev-parse --verify refs/heads/new-branch &&

	: fast-forwarding should be mentioned even if it would have been OK &&
	grep fast-forwarding err
'

Of course, everybody has their preferences, and their personal style. I do
not want you to imitate my style just to "pacify" me. That's not the point
of this example.

The point is that I need some structure to walk along, especially when I
am a bit annoyed at a test case that shows that I introduced a regression
and all I want is to understand as quickly as possible what I did wrong
again so that I can fix it and move on.

The point is that I want a regression test case to _not_ distract me from
the essential part, ideally I should be able to ignore all the set-up code
and deduce from the command-line of the failing command what is going on.

For example, if the test case fails in the line `grep fast-forwarding err`
above, that command-line alone does not tell me anything, it just
frustrates me. If there is a comment above that line (which is ideally
part of the `-x` trace, that's why I used `:` instead of `#`) that states
the intention in what I consider to be clear, simple English, it is a lot
easier to figure out what the heck is going wrong.

Of course, it would be even better if we had a function, say,
`must_contain` that runs that `grep` and shows the file contents and the
regular expression if that `grep` failed. That's of course outside of the
concern of your patch. But this idea illustrates what I want in a
regression test case: I want it to _help_ me figure out things when it
breaks.

Ciao,
Dscho

P.S.: Please note that the many test cases _I_ introduced into Git's test
suite mostly do not conform to what I wrote above. I learned _quite_ a
lot of how I want regression test cases to look like in the past six
months, not from writing them, but from analyzing literally hundreds of
Azure Pipelines builds. And your question forced me to think about my
learnings to formulate the above (hopefully clear) explanation of what I
want in a regression test, so: thank you.
Emily Shaffer July 9, 2019, 8:23 p.m. UTC | #16 
Firstly, sorry for the delay, I wasn't working for national holiday from
the 4th til yesterday.

> If I were tasked with developing this further, I would try to move as much
> of the setup into the initial test case (if there is already a `setup`
> test case; otherwise I would create one). In fact, I would try to reuse as
> much of the existing setup test case as possible, and only add commands if
> really necessary. Then, I would try to combine the three test cases in the
> patch into a single one, structuring it by white space and using comments
> to clarify what is happening.
> 
> In my mind, even just adding an empty line before the comments like "Make
> master incompatible with up/master" would make it much easier for me to
> read, were I to analyze a test breakage.
> 
> I have to admit that I have a hard time understanding what the intention
> of those three test cases is because I get confused: where does the set-up
> end, where is the code that is expected to fail, where are the
> expectations tested?
> 
> Also, I get confused by how similar the test cases look, and have a hard
> time discerning what the differences are (i.e. what are the interesting
> bits, where the entropy comes from).
> 
> I could imagine that I would have had an easier time reading something
> like this:
> 
> test_expect_success 'push --atomic' '
> 	: set up two branches, one which will require a force push &&
> 	git checkout -b fast-forwarding master &&
> 	test_commit push-atomic &&
> 	git checkout -b non-fast-forwarding &&
> 
> 	: now, initialize the bare repository to push to &&
> 	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic.git &&
> 	git clone --bare . $d &&
> 
> 	: modify the two branches and create a third one &&
> 	git reset --hard HEAD^ &&
> 	git checkout fast-forwarding &&
> 	test_commit no-need-to-force &&
> 	git branch new-branch &&
> 
> 	: now the atomic push must fail &&
> 	test_must_fail git push --atomic "$HTTPD_URL"/smart/atomic.git \
> 		fast-forwarding non-fast-forwarding new-branch 2>err &&
> 
> 	: verify that new-branch was not pushed &&
> 	test_must_fail git -C $d rev-parse --verify refs/heads/new-branch &&
> 
> 	: fast-forwarding should be mentioned even if it would have been OK &&
> 	grep fast-forwarding err
> '

After I read your initial comment this is close to what my rewrite
started to look like; I suppose we're only the same page after all :)

> 
> Of course, everybody has their preferences, and their personal style. I do
> not want you to imitate my style just to "pacify" me. That's not the point
> of this example.
> 
> The point is that I need some structure to walk along, especially when I
> am a bit annoyed at a test case that shows that I introduced a regression
> and all I want is to understand as quickly as possible what I did wrong
> again so that I can fix it and move on.
> 
> The point is that I want a regression test case to _not_ distract me from
> the essential part, ideally I should be able to ignore all the set-up code
> and deduce from the command-line of the failing command what is going on.
> 
> For example, if the test case fails in the line `grep fast-forwarding err`
> above, that command-line alone does not tell me anything, it just
> frustrates me. If there is a comment above that line (which is ideally
> part of the `-x` trace, that's why I used `:` instead of `#`) that states
> the intention in what I consider to be clear, simple English, it is a lot
> easier to figure out what the heck is going wrong.
> 
> Of course, it would be even better if we had a function, say,
> `must_contain` that runs that `grep` and shows the file contents and the
> regular expression if that `grep` failed. That's of course outside of the
> concern of your patch. But this idea illustrates what I want in a
> regression test case: I want it to _help_ me figure out things when it
> breaks.
> 
> Ciao,
> Dscho
> 
> P.S.: Please note that the many test cases _I_ introduced into Git's test
> suite mostly do not conform to what I wrote above. I learned _quite_ a
> lot of how I want regression test cases to look like in the past six
> months, not from writing them, but from analyzing literally hundreds of
> Azure Pipelines builds. And your question forced me to think about my
> learnings to formulate the above (hopefully clear) explanation of what I
> want in a regression test, so: thank you.
> 

This writeup is great, and I think your example is very clear and
readable. I'll push a reroll with my similar-looking reformat soon.
Thanks, Johannes.

 - Emily
diff mbox series

Patch

diff --git a/t/t5541-http-push-smart.sh b/t/t5541-http-push-smart.sh
index 8ef8763e06..b57f6d480f 100755
--- a/t/t5541-http-push-smart.sh
+++ b/t/t5541-http-push-smart.sh
@@ -177,6 +177,64 @@  test_expect_success 'push (chunked)' '
 	 test $HEAD = $(git rev-parse --verify HEAD))
 '
 
+test_expect_success 'push --atomic also prevents branch creation' '
+	# Make up/master
+	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-branches.git &&
+	git init --bare "$d" &&
+	git --git-dir="$d" config http.receivepack true &&
+	up="$HTTPD_URL"/smart/atomic-branches.git &&
+	test_commit atomic1 &&
+	test_commit atomic2 &&
+	git push "$up" master &&
+	# Make master incompatible with up/master
+	git reset --hard HEAD^ &&
+	# Add a new branch
+	git branch atomic &&
+	# --atomic should roll back creation of up/atomic
+	test_must_fail git push --atomic "$up" master atomic &&
+	git ls-remote "$up" >up-remotes &&
+	test_must_fail grep atomic up-remotes
+'
+
+test_expect_success 'push --atomic shows all failed refs' '
+	# Make up/master, up/allrefs
+	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-failed-refs.git &&
+	git init --bare "$d" &&
+	git --git-dir="$d" config http.receivepack true &&
+	up="$HTTPD_URL"/smart/atomic-failed-refs.git &&
+	test_commit allrefs1 &&
+	test_commit allrefs2 &&
+	git branch allrefs &&
+	git push "$up" master allrefs &&
+	# Make master and allrefs incompatible with up/master, up/allrefs
+	git checkout allrefs &&
+	git reset --hard HEAD^ &&
+	git checkout master &&
+	git reset --hard HEAD^ &&
+	# --atomic should complain about both master and allrefs
+	test_must_fail git push --atomic "$up" master allrefs >&output &&
+	grep master output &&
+	grep allrefs output
+'
+
+test_expect_success 'push --atomic indicates collateral failures' '
+	# Make up/master, up/collateral
+	d=$HTTPD_DOCUMENT_ROOT_PATH/atomic-collateral.git &&
+	git init --bare "$d" &&
+	git --git-dir="$d" config http.receivepack true &&
+	up="$HTTPD_URL"/smart/atomic-collateral.git &&
+	test_commit collateral1 &&
+	test_commit collateral2 &&
+	git branch collateral &&
+	git push "$up" master collateral &&
+	# Make master incompatible with up/master
+	git reset --hard HEAD^ &&
+	# --atomic should mention collateral was OK but failed anyway
+	test_must_fail git push --atomic "$up" master collateral >&output &&
+	grep "master -> master" output &&
+	grep "collateral -> collateral" output
+'
+
 test_expect_success 'push --all can push to empty repo' '
 	d=$HTTPD_DOCUMENT_ROOT_PATH/empty-all.git &&
 	git init --bare "$d" &&
diff --git a/transport-helper.c b/transport-helper.c
index c7e17ec9cb..6b05a88faf 100644
--- a/transport-helper.c
+++ b/transport-helper.c
@@ -853,6 +853,7 @@  static int push_refs_with_push(struct transport *transport,
 {
 	int force_all = flags & TRANSPORT_PUSH_FORCE;
 	int mirror = flags & TRANSPORT_PUSH_MIRROR;
+	int atomic = flags & TRANSPORT_PUSH_ATOMIC;
 	struct helper_data *data = transport->data;
 	struct strbuf buf = STRBUF_INIT;
 	struct ref *ref;
@@ -872,6 +873,11 @@  static int push_refs_with_push(struct transport *transport,
 		case REF_STATUS_REJECT_NONFASTFORWARD:
 		case REF_STATUS_REJECT_STALE:
 		case REF_STATUS_REJECT_ALREADY_EXISTS:
+			if (atomic) {
+				string_list_clear(&cas_options, 0);
+				return 0;
+			} else
+				continue;
 		case REF_STATUS_UPTODATE:
 			continue;
 		default:
diff --git a/transport.c b/transport.c
index f1fcd2c4b0..f4d6b38f9d 100644
--- a/transport.c
+++ b/transport.c
@@ -1226,10 +1226,23 @@  int transport_push(struct repository *r,
 		err = push_had_errors(remote_refs);
 		ret = push_ret | err;
 
-		if (!quiet || err)
+		if ((flags & TRANSPORT_PUSH_ATOMIC) && err) {
+			for (struct ref *it = remote_refs; it; it = it->next)
+				switch (it->status) {
+				case REF_STATUS_NONE:
+				case REF_STATUS_UPTODATE:
+				case REF_STATUS_OK:
+					it->status = REF_STATUS_ATOMIC_PUSH_FAILED;
+				default:
+					continue;
+				}
+		}
+
+		if (!quiet || err) {
 			transport_print_push_status(transport->url, remote_refs,
 					verbose | porcelain, porcelain,
 					reject_reasons);
+		}
 
 		if (flags & TRANSPORT_PUSH_SET_UPSTREAM)
 			set_upstreams(transport, remote_refs, pretend);