Change all references of master to main (#405)

* Change all references of master to main

* optimize docker build process

* fix runner type

* simplify cache key

* don't cache to ECR

Author: irvingpop

.dockerignore

@@ -1,33 +1,56 @@
-*.env
-git/
+# Git
+.git
+.github
+.gitignore
 
-build
-dist
+# Python
+.venv
+venv
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.Python
+*.so
+*.egg
 *.egg-info
-*.egg/
+dist
+build
+.pytest_cache
+.coverage
+htmlcov
+.tox
+.mypy_cache
+.ruff_cache
+
+# Environment files
+.env
+.env.*
+!.env.example
+
+# IDE
+.vscode
+.idea
 *.swp
+*.swo
+*~
 
-.tox
-.coverage
-html/*
-**/__pycache__
-**/*.pyc
-
-# Development files - should not be in production
-.dev/
-src/.dev/
-src/.dev
-**/.dev/
-**/.dev
-*.sqlite3
-*.db
-db.sqlite3
-src/db.sqlite3
-**/db.sqlite3
-
-# Test artifacts
-.pytest_cache/
-src/.pytest_cache/
-**/.pytest_cache/
-.coverage
-htmlcov/
+# Logs
+*.log
+
+# Documentation
+*.md
+!README.md
+docs/
+
+# Testing
+tests/
+*.test
+
+# macOS
+.DS_Store
+
+# Temporary files
+tmp/
+temp/
+*.tmp

.github/SETUP.md

@@ -39,18 +39,18 @@ After adding the secret, the workflow will automatically:
 - Authenticate to AWS using OIDC (no credentials stored)
 - Build Docker images for ARM64 platform
 - Push to ECR with appropriate tags:
-  - `:staging` for non-master branches
-  - `:prod` for master branch (after CI passes)
+  - `:staging` for non-main branches
+  - `:prod` for main branch (after CI passes)
 
 ## Testing
 
 To test the setup:
 
-1. **Test staging build**: Push to any branch except `master`
+1. **Test staging build**: Push to any branch except `main`
    - Should trigger Docker build and push to `:staging` tag
    - Check ECR repository to verify image was pushed
 
-2. **Test production build**: Merge to `master` branch
+2. **Test production build**: Merge to `main` branch
    - Should run lint, test, security checks first
    - If all pass, should build and push to `:prod` tag
    - Check ECR repository to verify image was pushed

.github/workflows/ci.yml

@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: [master]
+    branches: [main]
   pull_request:
-    branches: [master]
+    branches: [main]
 
 env:
   POETRY_VERSION: "2.3.0"
@@ -14,8 +14,8 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-latest
-    # Only run on master branch pushes and PRs to master
-    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
+    # Only run on main branch pushes and PRs to main
+    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -62,8 +62,8 @@ jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
-    # Only run on master branch pushes and PRs to master
-    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
+    # Only run on main branch pushes and PRs to main
+    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -125,8 +125,8 @@ jobs:
   security:
     name: Security Scan
     runs-on: ubuntu-latest
-    # Only run on master branch pushes and PRs to master
-    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
+    # Only run on main branch pushes and PRs to main
+    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -172,10 +172,10 @@ jobs:
 
   docker-build-push:
     name: Build and Push Docker Image
-    runs-on: ubuntu-latest
-    # Run on push to master (build+push) and on PRs (build only)
+    runs-on: ubuntu-24.04-arm
+    # Run on push to main (build+push) and on PRs (build only)
     if: github.event_name == 'push' || github.event_name == 'pull_request'
-    # For master/PR, wait for CI checks to pass
+    # For main/PR, wait for CI checks to pass
     needs: [ci-success]
     permissions:
       id-token: write  # Required for OIDC authentication
@@ -232,7 +232,7 @@ jobs:
       - name: Determine Docker tag
         id: docker-tag
         run: |
-          if [ "${{ github.ref }}" == "refs/heads/master" ]; then
+          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
             echo "image=633607774026.dkr.ecr.us-east-2.amazonaws.com/back-end:prod" >> $GITHUB_OUTPUT
             echo "environment=Production" >> $GITHUB_OUTPUT
           else
@@ -260,7 +260,7 @@ jobs:
         uses: aws-actions/amazon-ecr-login@v2
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           target: runtime
@@ -269,8 +269,8 @@ jobs:
           tags: |
             ${{ steps.docker-tag.outputs.image }}
           provenance: false
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=arm64
+          cache-to: type=gha,mode=max,scope=arm64
 
       - name: Output image URI
         if: steps.can-push.outputs.push == 'true'
@@ -286,20 +286,20 @@ jobs:
     # Always run to satisfy docker-build-push dependency
     if: always()
     steps:
-      - name: Check all jobs passed (master/PR only)
-        if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
+      - name: Check all jobs passed (main/PR only)
+        if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
         run: |
-          # Check if jobs were skipped (non-master) or failed
+          # Check if jobs were skipped (non-main) or failed
           if [[ "${{ needs.lint.result }}" == "skipped" ]]; then
-            echo "Lint job was skipped - this should not happen on master/PR"
+            echo "Lint job was skipped - this should not happen on main/PR"
             exit 1
           fi
           if [[ "${{ needs.lint.result }}" != "success" ]]; then
             echo "Lint job failed"
             exit 1
           fi
           if [[ "${{ needs.test.result }}" == "skipped" ]]; then
-            echo "Test job was skipped - this should not happen on master/PR"
+            echo "Test job was skipped - this should not happen on main/PR"
             exit 1
           fi
           if [[ "${{ needs.test.result }}" != "success" ]]; then
@@ -308,7 +308,7 @@ jobs:
           fi
           # Security is informational, doesn't fail CI
           echo "All required jobs passed!"
-      - name: Pass through for non-master branches
-        if: github.event_name != 'pull_request' && github.ref != 'refs/heads/master'
+      - name: Pass through for non-main branches
+        if: github.event_name != 'pull_request' && github.ref != 'refs/heads/main'
         run: |
-          echo "Skipping CI checks for non-master branch (staging build will proceed)"
+          echo "Skipping CI checks for non-main branch (staging build will proceed)"

CONTRIBUTING.md

@@ -172,7 +172,7 @@ High level overview of upcoming Operation Code goals.  This is the source of upc
 
 ## Working On Your Issue
 
-* Please first **read** Operation Code's [guidelines for working an issue](https://github.com/OperationCode/operationcode/blob/master/CONTRIBUTING.md#guidelines-for-working-an-issue)
+* Please first **read** Operation Code's [guidelines for working an issue](https://github.com/OperationCode/operationcode/blob/main/CONTRIBUTING.md#guidelines-for-working-an-issue)
 
 * From the forked and cloned repository on your environment, you can now create a [feature branch](http://nvie.com/posts/a-successful-git-branching-model/). It is a good idea to name your branch after the issue it is attached to.
 
@@ -188,10 +188,10 @@ git branch
 
 * Once you have finished your work, head over to **Operation Code**'s main GitHub page, and make a pull request. More information about pull requests can be found in the next section.
 
-* To return to your main `master` branch, type the following in the terminal:
+* To return to your main `main` branch, type the following in the terminal:
 
 ```bash
-git checkout master
+git checkout main
 ```
 
 </details>
@@ -202,10 +202,10 @@ git checkout master
   <summary>Click to Expand</summary>
 Some issues take awhile to code a solution for. It is very normal to take a large amount of time to turn in 
 well-written work that resolves an issue! In the meantime, there could be many other people contributing to the 
-code base. Since we use Git, you'll want to keep you project up-to-date with the `master` branch so there are no 
+code base. Since we use Git, you'll want to keep you project up-to-date with the `main` branch so there are no 
 [merge conflicts](https://help.github.com/articles/about-merge-conflicts/) to resolve when you make your pull request.
 <ol>
-  <li> <a href="https://help.github.com/articles/syncing-a-fork/">Keep your fork in sync with Operation Code's master branch.</a></li>
+  <li> <a href="https://help.github.com/articles/syncing-a-fork/">Keep your fork in sync with Operation Code's main branch.</a></li>
 </ol>
 </details>
 
@@ -291,7 +291,7 @@ Download and install Git for Windows from https://git-scm.com/download/win
 
 Download the latest version of python at https://www.python.org/downloads/, (3.7.3 at time of writing)
 
-Follow the steps found in the [Quick Start Guide](https://github.com/OperationCode/back-end/blob/master/README.md#quick-start)
+Follow the steps found in the [Quick Start Guide](https://github.com/OperationCode/back-end/blob/main/README.md#quick-start)
 
 Occasionally you will deal with path issues this is fixed within windows by adding the appropriate key value pair to the path.
 

Dockerfile

@@ -6,11 +6,13 @@
 FROM python:3.12-slim AS builder
 
 # Install build dependencies required for compiling Python packages
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    rm -f /etc/apt/apt.conf.d/docker-clean && \
+    apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     libpq-dev \
-    curl \
-    && rm -rf /var/lib/apt/lists/*
+    curl
 
 # Install Poetry
 ENV POETRY_VERSION=2.3.0 \
@@ -20,7 +22,8 @@ ENV POETRY_VERSION=2.3.0 \
     POETRY_VIRTUALENVS_CREATE=1 \
     POETRY_CACHE_DIR=/tmp/poetry_cache
 
-RUN curl -sSL https://install.python-poetry.org | python3 - && \
+RUN --mount=type=cache,target=/root/.cache \
+    curl -sSL https://install.python-poetry.org | python3 - && \
     ln -s /opt/poetry/bin/poetry /usr/local/bin/poetry
 
 WORKDIR /app
@@ -52,13 +55,14 @@ LABEL org.opencontainers.image.description="Operation Code Backend - Development
 LABEL org.opencontainers.image.licenses="MIT"
 
 # Install runtime dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    rm -f /etc/apt/apt.conf.d/docker-clean && \
+    apt-get update && apt-get install -y --no-install-recommends \
     libpq5 \
     curl \
     wget \
-    && apt-get upgrade -y \
-    && rm -rf /var/lib/apt/lists/* \
-    && apt-get clean
+    && apt-get upgrade -y
 
 # Create non-root user for security
 RUN groupadd -r appuser && \
@@ -100,13 +104,14 @@ LABEL org.opencontainers.image.description="Operation Code Backend - Django API"
 LABEL org.opencontainers.image.licenses="MIT"
 
 # Install only runtime dependencies (no build tools)
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    rm -f /etc/apt/apt.conf.d/docker-clean && \
+    apt-get update && apt-get install -y --no-install-recommends \
     libpq5 \
     curl \
     wget \
-    && apt-get upgrade -y \
-    && rm -rf /var/lib/apt/lists/* \
-    && apt-get clean
+    && apt-get upgrade -y
 
 # Create non-root user for security
 RUN groupadd -r appuser && \

MAINTAINERS.md

@@ -2,7 +2,7 @@
 
 This file lists how the Operation Code Back End project is maintained. When making changes to the system, this file tells you who needs to review your contribution - you need a simple majority of maintainers for the relevant subsystems to provide a 👍 on your pull request. Additionally, you need to not receive a veto from a lieutenant or the project lead.
 
-Check out [how Operation Code Open Source projects are maintained](https://github.com/OperationCode/START_HERE/blob/master/open_source_maintenance_policy.md) for details on the process, how to become a maintainer, lieutenant, or the project lead.
+Check out [how Operation Code Open Source projects are maintained](https://github.com/OperationCode/START_HERE/blob/main/open_source_maintenance_policy.md) for details on the process, how to become a maintainer, lieutenant, or the project lead.
 
 # Project Lead
 

OPS.md

@@ -8,8 +8,8 @@ The backend is deployed to AWS ECS (Elastic Container Service) with separate sta
 
 Docker images are automatically built and pushed to AWS ECR via GitHub Actions:
 
-- **PR branches** (any branch except `master`): Automatically builds and pushes to `:staging` tag
-- **Master branch**: Automatically builds and pushes to `:prod` tag after CI checks pass
+- **PR branches** (any branch except `main`): Automatically builds and pushes to `:staging` tag
+- **main branch**: Automatically builds and pushes to `:prod` tag after CI checks pass
 
 The automated builds use AWS OIDC for secure authentication (no long-lived credentials).
 
@@ -208,8 +208,8 @@ After setup, the GitHub Actions workflow will automatically:
 - Push images to ECR with appropriate tags (`:staging` or `:prod`)
 
 You can verify by:
-1. Pushing a commit to a non-master branch (should push `:staging`)
-2. Merging to master (should push `:prod` after tests pass)
+1. Pushing a commit to a non-main branch (should push `:staging`)
+2. Merging to main (should push `:prod` after tests pass)
 3. Checking ECR repository for new images
 
 ## Security Best Practices