Using a shallow git clone should cause a fatal failure #372

simondeziel · 2024-04-19T16:48:10Z

Type of issue

Bug Report

Description

If by mistake, one forgets to use fetch-depth: 0 with actions/checkout@v4, the action redhat-plumbers-in-action/differential-shellcheck@v5 will be unable to find the needed diff but will carry on:

Run actions/checkout@v4
Syncing repository: canonical/lxd-ci
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/909f679f-99cb-4e64-907a-ebed4d65f581' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/lxd-ci/lxd-ci
Deleting the contents of '/home/runner/work/lxd-ci/lxd-ci'
Initializing the repository
Disabling automatic garbage collection
Setting up auth
Fetching the repository
Determining the checkout info
Checking out the ref
/usr/bin/git log -1 --format='%H'
'35edb903e0835de501914bb32133d88136bcbef1'

Run redhat-plumbers-in-action/differential-shellcheck@v5
/usr/bin/docker run --name ghcrioredhatplumbersinactiondifferentialshellcheckv511_860cec --label ae11f4 --workdir /github/workspace --rm -e "INPUT_TOKEN" -e "INPUT_TRIGGERING-EVENT" -e "INPUT_BASE" -e "INPUT_HEAD" -e "INPUT_PULL-REQUEST-BASE" -e "INPUT_PULL-REQUEST-HEAD" -e "INPUT_PUSH-EVENT-BASE" -e "INPUT_PUSH-EVENT-HEAD" -e "INPUT_DIFF-SCAN" -e "INPUT_STRICT-CHECK-ON-PUSH" -e "INPUT_EXTERNAL-SOURCES" -e "INPUT_SEVERITY" -e "INPUT_SCAN-DIRECTORY" -e "INPUT_EXCLUDE-PATH" -e "INPUT_INCLUDE-PATH" -e "INPUT_TRIGGERING_EVENT" -e "INPUT_PULL_REQUEST_BASE" -e "INPUT_PULL_REQUEST_HEAD" -e "INPUT_PUSH_EVENT_BASE" -e "INPUT_PUSH_EVENT_HEAD" -e "INPUT_DIFF_SCAN" -e "INPUT_STRICT_CHECK_ON_PUSH" -e "INPUT_EXTERNAL_SOURCES" -e "INPUT_SCAN_DIRECTORY" -e "INPUT_EXCLUDE_PATH" -e "INPUT_INCLUDE_PATH" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/lxd-ci/lxd-ci":"/github/workspace" ghcr.io/redhat-plumbers-in-action/differential-shellcheck:v5.1.1
fatal: Invalid revision range 6034829bebd5755843be3ce8b8dee1e55afe1515..c31bb3595fab371d8e5d9265ceb9d210baf4c398


:::::::::::::::::::::
::: Used Versions :::
:::::::::::::::::::::

ShellCheck: 0.9.0
csutils: 3.2.0


:::::::::::::::::::::::::::::::
::: Differential ShellCheck :::
:::::::::::::::::::::::::::::::

📜 List of shell scripts for scanning
  

fatal: reference is not a tree: 6034829bebd5755843be3ce8b8dee1e55afe1515
fatal: reference is not a tree: 6034829bebd5755843be3ce8b8dee1e55afe1515
ℹ️ No Fixes!

error: pathspec '-' did not match any file(s) known to git
🥳 No defects added. Yay!

✅ SARIF report was successfully uploaded to GitHub

Those logs are from https://github.com/canonical/lxd-ci/actions/runs/8756699425/job/24033740622?pr=155#step:5:13

Omitting that force-depth: 0 is quite easy and considering that action/checkout changed the default in their v4 it feels safe to have some more safeguard in this action.

Describe the solution you'd like

IMHO, this fatal: Invalid revision range <commit..commit> error should cause the whole action to return an error.

The text was updated successfully, but these errors were encountered:

`actions/checkout@v4` moved to shallow clones by default: https://github.com/actions/checkout?tab=readme-ov-file#checkout-v4 This prevents the differential shellcheck action from finding the proper revs: ``` fatal: Invalid revision range 6034829..c31bb35 ``` Now why is the action not failing in those case is another story (redhat-plumbers-in-action/differential-shellcheck#372). Signed-off-by: Simon Deziel <simon.deziel@canonical.com>

jamacku · 2024-04-19T17:41:30Z

Yes, this is a good point. Thank you for reporting. I'll have a look.

github-actions bot added the bug 🐛 label Apr 19, 2024

jamacku self-assigned this Apr 19, 2024

jamacku added RFE 🎁 and removed bug 🐛 labels Apr 19, 2024

jamacku pinned this issue Apr 19, 2024

jamacku linked a pull request Apr 26, 2024 that will close this issue

Make fetch-depth: 0 more visible in example ⚠️ #391

Merged

jamacku closed this as completed in #391 Apr 26, 2024

jamacku reopened this Apr 26, 2024

jamacku unpinned this issue Apr 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Using a shallow git clone should cause a fatal failure #372

Using a shallow git clone should cause a fatal failure #372

simondeziel commented Apr 19, 2024 •

edited

Loading

jamacku commented Apr 19, 2024

Using a shallow git clone should cause a fatal failure #372

Using a shallow git clone should cause a fatal failure #372

Comments

simondeziel commented Apr 19, 2024 • edited Loading

Type of issue

Description

Describe the solution you'd like

jamacku commented Apr 19, 2024

simondeziel commented Apr 19, 2024 •

edited

Loading