KV3 - graveler - Discovery and Planning

[itaidavid]

closes #3531

[itaidavid]

Create the following issues:
#3567
#3568
#3569
#3570
#3571
#3572
#3573
#3574
#3575

[itaiad200]

I don't understand why anyone would like to sort anything based on a random generated string (commit ID) - maybe it's not really needed?

[arielshaqed]

I don't understand this either, and I am not sure where GC looks up a branch by commit ID. Indeed, given that a commit belongs to multiple branches, I am not sure what this lookup would do.

Assuming "ID" here means "name" -- otherwise we may have difficulty paginating a lengthy branches display in the GUI.

[itaidavid]

@arielshaqed - "ID" does mean "name"

[itaidavid]

@johnnyaug - can you please explain the purpose of sorting branches for iteration, by the associated commitID?
Used here
Thanks 🙏

[johnnyaug]

@Itai-David, sure: this iterator is then used as input for a GCStartingPointIterator. This iterator assumes the branch heads are sorted by commit ID. This way, it can go over branch heads side by side with other commit IDs that are also sorted, and compare them.

[itaidavid]

Thank you @johnnyaug.
@itaiad200 @arielshaqed - I looked at the GC code and it looks like we either need to support that with our Graveler over KV impl, or we will need to change the way GC traverses commits.
I think the first can be supported by maintaining a repo/<REPO_NAME>/commit/<COMMIT_ID>/branch/<BRANCH_NAME>. These keys will have to be constantly removed and added as commits take place, but we do have all the info at the time of the commit, so I don't think it is too difficult.
WDYT?

[arielshaqed]

Commits don't have branches.
If we try to attach branches to them, it will all end in tears.
I am not sure we need to fetch commits in sorted order to merge them. Let's define the algorithm and then see about speeding it up. I'm thinking maybe a Bloom filter on ancestors of each commit?

[itaidavid]

@arielshaqed I'm not sure I fully understand how a Bloom Filter can help here, but I guess this requires a bit of redesign to the GC commits gathering alogrithm (?)
If that is so, I think it should be out of scope for this KV milestone - I think we should "force" our graveler over KV impl to provide all the functionality currently supported by graveler over SQL, in terms of correctness, even in the painful price of performance regression, and handle any significant algorithmic change in another scope. WDYT?
For that purpose, I think defining a commitId to branchName(s) mapping (as a key?) can provide what we need, at least as a first step (regardless of the (very) wrong conception that commits "have" or "belong to" branch(s))

[itaiad200]

@arielshaqed and I discussed it a bit more and I think we now understand why it's needed for GCStartingPointIterator. We can have the same commitID order for a branch iterator on top of the kv implementation, by simply fetching all branches and sorting them in memory. It will not require to introduce any new indexing in KV. A counter argument would be memory consumption, but it's used by an algorithm that already stores all commits in memory, so there should not be any degradation.

[itaidavid]

Added to the doc - support of iteration by commitID by sorting branches in memory

[itaiad200]

Needs more details. The list of not-first-parent commits can always change since you may introduce a new child to any commit at any time. I wonder how do we use this list? And why would the ordering of CommitID matter?

I find it hard to come up with an iterator on top of the kv implementation that would cover these requirements.

[itaidavid]

These commits are used side by side with the branch-by-commitID list, as explained by @johnnyaug, hence the order by commitID for that list too.
regarding the not-first-parent attribute, its usage and the fact it is subtle to changes - is it any different than the way it is used today, over SQL? I see that the decision of whether a commit is non-first-parent or not is made at the time of query execution, but this also can be changed by the time the GC algorithm get there. Am I wrong?
I guess I miss some context on that algorithm - @johnnyaug, can you please help here?

[johnnyaug]

You can think of the "not first parent" thing as a generalization of tree leaves. If you take the commit tree and drop all connections (edges) that are not first-parent, these commits are the leaves of this tree.

This is used to find all potential starting points for scanning the tree towards garbage collection.

In the end, this doesn't need to be a consistent list: when you find a commit that is not a first parent, you can safely return it, regardless of whether the resulting list as a whole makes sense.

[itaidavid]

I find it hard to come up with an iterator on top of the kv implementation that would cover these requirements.

@itaiad200 - I absolutely agree with that last sentence. Maybe we can maintain a live set of not-first-parent commits and modify it as commits occur. i.e. each new commit is by default not-first-parent and for each further operation, which makes it a first-parent, we try to remove that commit from the list (possibly already removed, hence the try) (Question: Can a commit become not-first-parent if it is already a first-parent?)
I can think of a couple of ways to implement this list, each optnio with its own drawbacks:

• We can use some not_first_parent/<COMMIT_ID>. This will require searching the list for each commit we modify, but will make it easier to list all not-first-parent commits, or
• We can "flag" the commit key itself i.e. commit commit/<COMMIT_ID> is accompanied by commit/<COMMIT_ID>/not_first_parent (not sure this works well with our scan logic, right?), or, for the same purpose add an attribute to the commit entry isFirstParent. However, I don't think this option supports the use case

What other options do we have?

[itaidavid]

In the end, this doesn't need to be a consistent list: when you find a commit that is not a first parent, you can safely return it, regardless of whether the resulting list as a whole makes sense.

Thank you for this input @johnnyaug.
What happens if I found a not-first-parent commit, return it as a starting point, and before the GC contniues, a commit is created over that commit, making it a first parent? Is that possible?

[arielshaqed]

I think that we might be overworking this. The fact that something is efficiently possible on PostgreSQL does not mean that we have to do it efficiently in the KV world and in the same way.

Also please note that the proposal to add parameters to Next() simply makes it not an iterator. I would argue that the iterator abstraction adds nothing here.

We will not be able to manage this list of "not first-parent commits" correctly and efficiently. The question is really, do we need to? We will probably be scanning all commits, or all commits up to a previously-processed set of "safe" commits, on each GC. We could process not-first commits "just" by scanning all of these. (I am starting to think that the commits logic for GC should also move off of lakeFS and into the Spark cluster. @johnnyaug WDYT?)

[johnnyaug]

I'm totally open to it - the not-first-parent thing is a means to an end. We just need to start scanning the tree somewhere.

[itaidavid]

I'm aiming at preserving the current behavior with KV support, as a first step, and improve that later, based on our needs. I think introducing the KV aspect is enough of a load already, and would like to stay away from redesigning our GC as a side effect.
Even though it will not be as efficient, I think it can work, at least as a first step. Moreover, since it is the GC, I think we can loosen up the efficiency requirements, again - at least as a first step.
@arielshaqed @johnnyaug - WDYT?

[itaidavid]

@arielshaqed - either ways we are not changing the interface of Next()

[itaiad200]

@Itai-David I understood that we will be reading everything to memory, applying the same logic that was used in Postgres, thus implementing the same iterators as today. If so, what are the remaining open questions?

[itaiad200]

Interesting. The problem with flagging the repository is that now you would have to check it with every call. For example, trying to get a Tag would first need to check that flag which is stored somewhere else.
I think the best we can do here is to delete it in an order that would leave a consistent state in every possible failure. One way could be: Tags, Staging Tokens (as in workspaces), Branches (all except for the default), update the default branch commit to "NotACommit", Commits and finally the default branch and the repo.

[arielshaqed]

If a repository (probably with a prefix) is a partition key, then you can delete a repository by deleting everything inside the partition. And you can keep a list of "repositories being deleted" (or an object inside the partition of each repository) and keep retrying to delete those repositories.

[itaiad200]

Right @arielshaqed, but now every time you try to get an object from that repo, you would have to query that list.

[itaidavid]

I like the usage of repository as partition. It makes sense in the way that each scan operation (in that case, for deleting everything) is partition bounded eitherways, plus, I think the locallity of partition (supported by DynamoDB, as an example) seems to be working in our benefits with this one (be it performance-wise or GDPR-wise).
We will need to maintain the repository entry itself outside of the partition, for repositories listing, correct?
I think we can "mark" a repository as being-deleted by simply remove its entry from the repositories list, and once successful, start removing everything in the relevant partition
Any objection we go with that?

[arielshaqed]

All Itais are right. There are two issues here: immediately stop using a repository, and eventually delete it.

To delete a repository, mark it as deleted on its value. So now when you fetch it you can set it's deleted (but not yet removed). If this becomes too expensive, we'll need to put a single cache in front of the kv.

To ensure it gets cleaned up, add it to the repositories-to-delete list. And periodically treeverse that list to clean up.

[N-o-Z]

Please note that with current path definitions - and as @eden-ohana mentioned, there's a risk of accidentally seeping into different entities when scanning on repositories

[itaidavid]

@N-o-Z - that was fixed with the recent update to the keys

[itaiad200]

Missing a /?

[N-o-Z]

I would change the naming convention to plural - 'branches', 'commits' etc. Consistent with other packages

[eden-ohana]

Isn't the repo/<REPO_NAME> should have a different name to not list the branches(repo/<REPO_NAME>/branch<BRANCH_NAME>) when listing repositories?

[itaidavid]

@itaiad200 - Yup. Fixed
@N-o-Z - done
@eden-ohana - Good catch, thank you. Fixed

[itaiad200]

I pray for 0 double slash bugs 🙏

[eden-ohana]

I think staging token is per branch, should add branch prefix

[itaidavid]

@eden-ohana - agree. Added under the new scema
@itaiad200 - double slash is the obvious. I added an option for triple slashes... My new suggestion removes the redundant keywords such as key and branch from anywhere except from the key prefix

[itaiad200]

I don't think it covers the special iterators above..

[itaidavid]

Correct - we are still discussing it. I believe we should support these by additional keys, and strive to remove them as an improvements iteration out of the scope of this milestone (and probably out of the scope of KV all together, as suggeated by @N-o-Z )

[itaiad200]

This step alone is quite big. It means reimplementing Graveler in a single step.. I think we should support an hybrid mode, i.e. if it makes sense, move just the tags, then just the staging areas, then commits, finally branches.

[itaidavid]

Are you suggesting breaking it into smaller steps within the same deliverable, which has mainley administrative aspects, or creating a deliverable in each sub-step (e.g. a working, mergable, graveler with hybrid support)?
I'm not sure what does the later mean in terms of effort and overhead to get such a hybrid working

If we look at it, it is a big step, work wise, but I believe the auth implementation was bigger in terms of both size and complexity. Moreover, since testing coverege is excellent, it should converge much quicker IMHO
WDYT?

[itaiad200]

If Naive implementation with locking means replacing all graveler to work on top of the kv interface and adding a locking mechanism to support that, then I think it's too big. I also think auth was way smaller than that, and was also too big for a single step/PR which is what we did.

[itaidavid]

Added to doc - implementatingan initial skeleton with no real KV access (delegating all DB related calls to DB gravlere, as we discussed) and deriving followup implementation tasks

[N-o-Z]

I agree with this approach.
Generally I think the lock-less feature is a post KV feature

[arielshaqed]

I agree!

Perfectly doable to start without lockfree commits. It will roughly mirror the intented current semantics -- which indeed starve commits. Also the actual current semantics are broken and can lose writes, so just locking (correctly) is an improvement!

However we do need lockfree commits in order to support many streaming ingestion use-cases.

[itaidavid]

Looks like we're aligned on this one

[itaidavid]

Created #3586 to fully support lock-free commits, out of KV3 scope

[N-o-Z]

Since you already stated that lock-less commits are out of scope for KV, I think this part is irrelevant for this doc

[itaidavid]

Out of KV3 scope, or out of KV scope all together?
I think we need a wider opinions range here
@eden-ohana @itaiad200 - WDYT?

[itaiad200]

Let's be more specific - what are the things we think can degradate? There might be paths we would like to benchmark now. Graveler is pretty wide so if you have any specific paths you think we need to benchmark let's discuss.

[itaidavid]

Added to the doc and to #3571 to comments we discussed earlier, regarding which scenarios are interesting and should be benchmarked

[N-o-Z]

I've seems to misunderstand the previous section - I really think lock free commits are not part of the KV scope. I believe it's best to first focus on the transition to KV with the current implementation and only after that working on the lock free feature

[itaidavid]

I can definitely live with lock-free out of KV scope

[N-o-Z]

What I'm missing is the data modelling for KV store. It can either be part of #3567 or as a new issue. But it is required as part of the common code base that we all work over. In auth we didn't do it well enough and as a result there were many changes during implementation and technical debts left.

[itaidavid]

Data modeling added to doc. As graveler pretty much uses the SQL DB as KVStore, there is not much of a difference, excpet for a few things we will need to add

[N-o-Z]

Thanks @Itai-David,
I have 2 main concerns:

1. Missing data models
2. Adding the lock free commits as part of the KV milestone (maybe this can be discussed further)
   Other than that - it seems like a very thorough plan!

[arielshaqed]

Thanks!

My chief concern is that the GC calls will continue to work with reasonable performance. I would like to understand the proposed iterators better to be sure of this...

[arielshaqed]

I agree!

Perfectly doable to start without lockfree commits. It will roughly mirror the intented current semantics -- which indeed starve commits. Also the actual current semantics are broken and can lose writes, so just locking (correctly) is an improvement!

However we do need lockfree commits in order to support many streaming ingestion use-cases.

[arielshaqed]

Suggested change

	`graveler_staging_kv` creates entries based on the current branch `staging_token` and is protected from creating entries during a commit under the same lock. This should also be supported lockless-ly, as referred to by the above proposal, and can also be solved with naive locking, as a first step</br>
	`graveler_staging_kv` creates entries based on the current branch `staging_token` and is protected from creating entries during a commit under the same lock. This should also be supported lockfree-ly, as referred to by the above proposal, and can also be solved with naive locking, as a first step</br>

The term is "lock-free", not "lock-less".

[itaidavid]

Rephrased

[arielshaqed]

I don't understand this either, and I am not sure where GC looks up a branch by commit ID. Indeed, given that a commit belongs to multiple branches, I am not sure what this lookup would do.

Assuming "ID" here means "name" -- otherwise we may have difficulty paginating a lengthy branches display in the GUI.

[arielshaqed]

If a repository (probably with a prefix) is a partition key, then you can delete a repository by deleting everything inside the partition. And you can keep a list of "repositories being deleted" (or an object inside the partition of each repository) and keep retrying to delete those repositories.

[arielshaqed]

(Also cool that this is really happening!)

[eden-ohana]

REPO_NAME == repository ID
BRANCH_NAME == branch ID

[itaidavid]

Correct. These are the same. I tried to maintain the SQL names, just for simplicity of this doc

[eden-ohana]

Isn't the repo/<REPO_NAME> should have a different name to not list the branches(repo/<REPO_NAME>/branch<BRANCH_NAME>) when listing repositories?

[eden-ohana]

I think staging token is per branch, should add branch prefix

[eden-ohana]

tag path should save its commit ID

[itaidavid]

As part of the key?
It will be in the value

[itaiad200]

After reading it once again with the help of @arielshaqed and @N-o-Z comments, I think I have a better idea of what you were aiming for here. A naive table lock means that we would be using the same locking technique we have for the current postgres DB, right? Well - that cannot be achieved with KV. It's not part of the KV interface and adding it to the current 3 implementations we have is harder than just straightforward use the mechanisms described in the original proposal.

[arielshaqed]

I think by now we are arguing about different words to describe the exact same thing. I would strongly encourage that we simply stop using the word "lock", CAS-type operations ("SetIf") like those used here are at a lower level and easier to use directly. The term "lock" is overloaded and has many different meaning. (Note that "lock-free" does not talk about locks, intentionally, so we can continue to use that term.)

Let's be concrete. I call the following "the naïve way" to perform a protected action on a branch:

1. Get the original branch state o.
2. (Maybe perform some actions, they might all be lost in the last step.)
3. Compute a new branch state n.
4. SetIf the branch state to n IF it is still o.
   • (If setting failed and some other actions were performed, maybe clean them up.)

This type of process is sometimes loosely called "optimistic locking".

[itaidavid]

Actually, what I had in mind for naive and temporary locking is locking of some common resource, on a logical level, not related to KV.
Both staging and commit operations (on the same branch) mutually block each other (this is the case, right? any other operatios need to be blocked), by locking a common resource (mutex?), just for the correctness of things.
We can reduce the contention by having NumLocks (say 2^10) such locks, and each operatation locks branchID%NumLocks, letting several operations (up to NumLocks, not sure how to calculate the average) run in parallel.
Any reason why that should not work as a naive, temporary yet correct, solution?

[itaidavid]

Having a discussion with @itaiad200 @N-o-Z, we came to the following understandings. Unless anything is missing, wrong or unacceptable, I will update the doc to reflect these, so we can move forward:

• GC, not-first-parent and branch iterator by commit ID - The following GC algorithm will remain unchanged, and graveler over KV will supported the 2 above requirement by in memory processing, i.e. not-first-parent will fetch all commits, using standard KV means (scan) and filtering out all not not-first-parent commits, in memory. branc iterator by commit ID will fetch all branches using KV, and will sort them by commit ID in memory. Will add a task to revisit this and further discuss this out of the scope of KV3 milestone.
• Commits, staging and lock-free - we will follow @arielshaqed suggestion to prevent commits overriding each other by using KV's SetIf on the branch, making sure no racing commit is already finished and being overrided. In case a commit fails to finish due to another commit "beating" it to the finish line - a retry should be attmpted. This implementation will require to support multiple staging tokens, as proposed by lakeFS on KV design proposal. Lock-free commits will handled out of thye scope of KV3 milestone
• Using of partitions - Partitions, and partition keys, will be used to distinguish different logical aspects of graveler.
  • A general partition - graveler - will contain the repositories, to allow iterating them
  • A partition per each repository - <REPO_NAME> - will contain all repository related data, except for staged objects. This data includes branches, commits and tags. This will allow easy access to all the repository data and our ability to traverse it preceisley (in case of future cleaning algorithm, to support failed deletions, or alike)
  • A partition per each staging token - <STAGING_TOKEN> - will contain all the staged obejcts under this token. Will allow a beeter load balancing for multiple staging tokens handling. Note that the <STAGING_TOKEN> contains the <REPO_NAME> and <BRANCH_NAME>
• Repository Deletion - A separate task to further investigate that. Currently, 2 possibilities seem valid:
  • Option 1 - It does seem that most (if not all) graveler's operations, perfrom a repository existence check by issuing a call to GetRepository, which perfroms a DB access. If that is indeed the case, we can easily "mark" a repository as deleted by removing the repository entry from the common partition graveler, thus making it unreachable. We can later iterate all entries under this repository partition and delete them one by one, preceding the branch entry deletion by iteratively deleting all relelvant staging partitions. Failures can be handled by a background garbage collector (which, BTW, can handle the inital deletion too), but that is only for space saving purposes and should have no effect on the deleted repository itself, once the repository entry is deleted. A point to consider - what happens if a repository entry is deleted, the data in the relevant repository partition fails to delete, and a new repository with the same name is created? Can we solve that with adding a guid to the repository and use it as the patition key?
  • Option 2 - As suggested by @itaiad200 - performing the deletion in a way that preserves consistency with each possible failure - e.g. staging partitions need to be deleted before the branch, as not to leave any hanging in case of failure, commits cannot be deleted before branches, as this may leave a branch pointing to a deleted commit, the default branch cannot be deleted until the repository is deleted, etc. Part of the discovery should define the correct order
• Execution Plan - The initial task of basic graveler implementation over KV, is estimeted to be too big to be well contained as a single task. Instead, we will break it to smaller pieces, by initially implementing the KV graveler skeleton, which will delegate all calls to the DB graveler. We will later implement each functionality separately
• Benchmarks - A decision is to be made regarding the required benchmarks - which scenarios do we really want to test. One example is multiple parallel commits, that will definitely fail each other until all retries will succeed - while this is an exhaustive scenario, which stress the performance to an edge, it might not be as interesting as a "real life" scenario. The bottom line is we can predict that such a scenario will show performance degradation for our not-lock-free commit algoritm, but it is probably not interesting. Another example is a single long commit, with multiple staging operations taking place at the same time. This scenario is much more common in real life usage and a performance regression in this scenario is something we better discover sooner than later.

[itaiad200]

Almost there

[itaiad200]

I get a request for aRepo, how do I know to look for aRepo-guid2 in the KV?

[itaidavid]

You perform GetRepository by aRepo. that will be translated to kv.Get(partition = "graveler", key = "repos/aRepo")
Upon success, you will get a Repository object that has, among other things, a my_guid (or similar name. TBD) field set to "guid2"
This value will be autogenerated upon repository creation and will be initially used to create the repository with the default branch and initial commit
Does this make sense?

[itaiad200]

Nope :) You're referring to a situation where lakeFS has two repositories with the same name. How would lakeFS know to delete everything under aRepo-guid2 and not aRepo-guid1?

[itaiad200]

There's no need to "Update" - it is not checked in yet.

[itaiad200]

In general, let's bring this document to reflect what we decide on and the next steps. We can have alternatives that were offered and even rejected, but currently it feels more of a discussion log and not an agreed upon plan (e.g. Other ideas?, Update, options that have been ruled out appears on top, etc.)

[itaidavid]

Fixed

[itaiad200]

Actually Ariel's suggestion was the Lock-free commits

[itaidavid]

So we are actually implementaing the fully-blown lock-free commits as part of KV3?

[itaidavid]

Eventually figured it out. By Ariel's suggestion, I was referring to this comment and you were referring to #3091
Modified the doc to clarify that

[itaiad200]

Why not define them now? They're the most important part of this plan!

[itaidavid]

Agreed. Will add these

[itaidavid]

Done

[itaidavid]

Added #3590 (out of KV3 scope) for failed repository deletion cleanup

[itaiad200]

Approved, just need to break down step 2 to concrete tasks.

[itaidavid]

Approved, just need to break down step 2 to concrete tasks.

Thank you
Created followup implementation tasks:
#3591 - for repository support (except for deletion, which is handled in #3590)
#3592 - for branches support, including by-commit-id iterator
#3593 - tags implementation
#3594 - commit implementation - storing and supporting a commit in our KV store - not about the commit flow
#3595 - staging implementation - supporting a staged object in KV - not the staging flow

[N-o-Z]

I have to say I'm not a fan of this solution, but nevertheless, why not add the guid to the path instead of concatenating it to the repo name? e.g. instead of aRepo-guid1/branches/... do aRepo/guid1/branches/...

[itaidavid]

@N-o-Z the repo with guid is the partition key and not part of the path.
Neverthelss, the use od - and concat was illustrative. Change the doc to reflect aRepo/guid1 etc.

[N-o-Z]

Thanks @Itai-David. It's really hard to understand the data models for each entity as a textual description. I think it will be much more readable if you just model it

[arielshaqed]

Thanks!

This PR mentions GUIDs, which AFAIK is just another term for UUID. I cannot overstate how much I dislike these: they are a really long representation, hard for me to identify and distinguish by sight, support versions that are pretty much useless, require a particular text format which is meaningless for the version commonly used, and cannot be configured to decrease or increase collision resistance.

I would much prefer to use a nanoid. :-)

[arielshaqed]

I think that we might be overworking this. The fact that something is efficiently possible on PostgreSQL does not mean that we have to do it efficiently in the KV world and in the same way.

Also please note that the proposal to add parameters to Next() simply makes it not an iterator. I would argue that the iterator abstraction adds nothing here.

We will not be able to manage this list of "not first-parent commits" correctly and efficiently. The question is really, do we need to? We will probably be scanning all commits, or all commits up to a previously-processed set of "safe" commits, on each GC. We could process not-first commits "just" by scanning all of these. (I am starting to think that the commits logic for GC should also move off of lakeFS and into the Spark cluster. @johnnyaug WDYT?)

[arielshaqed]

Consider retrying commits on the client side. It will make it easier to provide different retry strategies for different clients.

[itaidavid]

@arielshaqed - are you referring to explicit retries by the user, or implicit retries by the (various) client? I believe it is the first?

[itaidavid]

Thanks!

This PR mentions GUIDs, which AFAIK is just another term for UUID. I cannot overstate how much I dislike these: they are a really long representation, hard for me to identify and distinguish by sight, support versions that are pretty much useless, require a particular text format which is meaningless for the version commonly used, and cannot be configured to decrease or increase collision resistance.

I would much prefer to use a nanoid. :-)

Thanks @arielshaqed
In general, I have nothing against using nanoid (to be sincere, I have nothing against uuid either). What about uuids we already use in our staging token - do you want to change these too? (now is a great time as it can be done as part of the migration)

[itaidavid]

Thanks @Itai-David. It's really hard to understand the data models for each entity as a textual description. I think it will be much more readable if you just model it

@N-o-Z the thing is that other than the new guid field for the repository, and the sealed_tokens array for the branch - the model is the same as used by the current graveler. The current entities does not contain any DB related fields that need to change (as we saw in auth). In fact, graveler already uses the <ENTITY>Record types, which are essentially the same wrappers we implemented in auth (the data entity plus its ID in DB). As such, "coding" this model into the doc is pretty much copying the code, which feels redundant.
WDYT? Do you still think it is essential?

[itaidavid]

@N-o-Z - added the agreed code snippets. Please re-review

[N-o-Z]

Need to consider using pointers for both DefaultBranchID and RepositoryToken as we need to support bare repositories

[itaidavid]

Bare repos has the same default branch logic as non-bare repos (i.e. they "hold" the default branch ID == name, upon creation). The difference is the branch object is not really created. I think it would be better to leave it as is, and apply the same logic

[N-o-Z]

Thanks for making these changes!
It is much more clearer for me now.
One comment you might want to take into consideration