Skip to content

GHA-216 Fix --force-with-lease failing with stale ref on bot branch#126

Merged
nils-werner-sonarsource merged 1 commit intomasterfrom
nw/gha-216-fix-force-push
Mar 24, 2026
Merged

GHA-216 Fix --force-with-lease failing with stale ref on bot branch#126
nils-werner-sonarsource merged 1 commit intomasterfrom
nw/gha-216-fix-force-push

Conversation

@nils-werner-sonarsource
Copy link
Contributor

@nils-werner-sonarsource nils-werner-sonarsource commented Mar 23, 2026

Summary

  • Switches git push --force-with-lease to git push --force in create-pull-request/action.yml

Context

GHA-216 introduced a stable bot branch name (bot/update-rule-metadata) instead of timestamped branches. This causes --force-with-lease to fail with "stale info" in shallow CI checkouts: the remote-tracking ref refs/remotes/origin/bot/update-rule-metadata is absent from the shallow clone, so git has no expected value to compare against and rejects the push.

Since the bot/update-rule-metadata branch is exclusively managed by this action (no human commits), --force is safe — there is no risk of overwriting unrelated work.

Fixes: https://sonarsource.atlassian.net/browse/GHA-216

🤖 Generated with Claude Code

@nils-werner-sonarsource @claude
GHA-216 Fix --force-with-lease failing with stale ref on bot branch
270ab72 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@sonar-review-alpha
Copy link

sonar-review-alpha bot commented Mar 23, 2026
edited
Loading

Summary

Changes git push --force-with-lease to git push --force when pushing the bot-managed branch. The lease check fails in shallow CI checkouts because the remote-tracking ref is unavailable, but using --force is safe here since only this action manages the branch — there's no human work to overwrite.

What reviewers should know

This is a single-line change in create-pull-request/action.yml. The key insight: --force-with-lease is a safer alternative to --force because it checks that the remote hasn't changed unexpectedly. However, in shallow clones (used in CI), git doesn't have the remote-tracking ref to compare against, so the check always fails. Since the bot branch is exclusively managed by this action with no concurrent manual updates, --force is the pragmatic choice. The updated comment explains this tradeoff clearly.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Mar 23, 2026
edited by atlassian bot
Loading

GHA-216

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 23, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: Clean, well-scoped fix. The switch from --force-with-lease to --force is the correct solution given the bot-owned branch invariant, and the inline comment documents the safety reasoning clearly.

🗣️ Give feedback

@nils-werner-sonarsource nils-werner-sonarsource merged commit 5e7da9e into master Mar 24, 2026
10 checks passed
@nils-werner-sonarsource nils-werner-sonarsource deleted the nw/gha-216-fix-force-push branch March 24, 2026 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@yasen-pavlov-sonarsource yasen-pavlov-sonarsource yasen-pavlov-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nils-werner-sonarsource @yasen-pavlov-sonarsource