Skip to content

This repo is minimal test for the default CodeQL setup

Notifications You must be signed in to change notification settings

jww3/checkout-test

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

checkout-test

This repo is minimal test to show that actions/checkout@v4.1.4 introduces a new requirement on consumers to use either a newer version of git or a newer version of other dependencies that need to handle the repositoryformatversion value of 1 in the .git directory.

The difference between actions/checkout@v4.1.4 and actions/checkout@v4.1.1 is that sparse-checkout is disabled explicitly, which depending on the version of git being used, results in a repositoryformatversion value of 1 being written to the .git directory for older versions and a value of 0 for newer versions. What exact git version boundary this change occurs at is not clear. The following table shows the combinations of software and their results:

actions/checkout git repositoryformatversion Test
v4.1.1 2.34.1 0 ✔️ https://github.com/hicksjacobp/checkout-test/actions/runs/8848651950/job/24298891141
v4.1.4 2.34.1 1 https://github.com/hicksjacobp/checkout-test/actions/runs/8848651950/job/24298890845
v4.1.4 2.43.2 0 ✔️ https://github.com/hicksjacobp/checkout-test/actions/runs/8848651950/job/24298890623

The scenario of actions/checkout@v4.1.4 and git@2.34.1 is what has caused us unforeseen pain. This scenario is exacerbated by the fact that actions/runner@v3.16.0 comes with git@2.34.1 and the default CodeQL workflow uses actions/checkout@v4 (and therefore resolves to actions/checkout@v4.1.4 as of the time of writing). Performing an apt-get install git does NOT update git to a newer version because the base and ancestor images which actions/runner is based off of does not use the apt feed which has newer versions of git, and is rather left behind at 2.34.1.

Resolutions

Update git

In order to update git to newer versions, in Ubuntu at least, you have to perform at least these steps:

apt update
apt install software-properties-common
add-apt-repository -y ppa:git-core/ppa
apt install git

See https://git-scm.com/download/linux for reference.

Tip

Do this in actions/runner?

Update dependencies to handle repositoryformatversion of 1

Personally, I found this issue through referencing Microsoft.SourceLink.GitHub@1.1.1. With .NET SDK 8, there is now a Microsoft.SourceLink.GitHub@8.0.0 package (along with the transitive dependency which can now handle the repositoryformatversion of 1). See dotnet/sourcelink#772.

Downgrade actions/checkout to v4.1.1

Warning

This may not be possible for your situation, for example using the default CodeQL setup and using a CI infrastructure where updating git has not yet been done and is out of your control.

References

About

This repo is minimal test for the default CodeQL setup

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C# 100.0%