Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Merge pull request #4795 from bk2204/actions-checkout-v2" #4877

Merged
merged 1 commit into from Feb 15, 2022
Merged

Revert "Merge pull request #4795 from bk2204/actions-checkout-v2" #4877

merged 1 commit into from Feb 15, 2022

Conversation

bk2204
Copy link
Member

@bk2204 bk2204 commented Feb 15, 2022

actions/checkout@v2 "helpfully" overwrites the tag with the data from the ref, erasing the annotated tag, and therefore breaking git describe, which by default only checks annotated tags. Note that every tag except the one for the current head is preserved, so git describe uses an annotation that is based off the most recent tag. This behavior is described in actions/checkout#290.

The original reporter claiming that a security fix had been applied has not provided details, and the behavior described should not be a vulnerability in a single-tenant Actions VM. Therefore, revert to actions/checkout@v1 to preserve functionality at the expense of a behavior which does not appear to describe an actual vulnerability.

This reverts commit e3893b1, reversing changes made to eb0dc94.

@bk2204
Revert "Merge pull request git-lfs#4795 from bk2204/actions-checkout-v2"
1e33f0c 
actions/checkout@v2 "helpfully" overwrites the tag with the data from
the ref, erasing the annotated tag, and therefore breaking git describe,
which by default only checks annotated tags.  Note that every tag except
the one for the current head is preserved, so git describe uses an
annotation that is based off the most recent tag.  This behavior is
described in actions/checkout#290.

The original reporter claiming that a security fix had been applied has
not provided details, and the behavior described should not be a
vulnerability in a single-tenant Actions VM.  Therefore, revert to
actions/checkout@v1 to preserve functionality at the expense of a
behavior which does not appear to describe an actual vulnerability.

This reverts commit e3893b1, reversing
changes made to eb0dc94.
@bk2204 bk2204 requested a review from a team as a code owner February 15, 2022 17:31
@bk2204 bk2204 merged commit 9d09dcf into git-lfs:main Feb 15, 2022
@bk2204 bk2204 deleted the revert-pr-4795 branch February 15, 2022 19:02
bk2204 added a commit that referenced this pull request Feb 15, 2022
@bk2204
Merge pull request #4877 from bk2204/revert-pr-4795
d0f5c27 
Revert "Merge pull request #4795 from bk2204/actions-checkout-v2"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisd8088 chrisd8088 chrisd8088 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bk2204 @chrisd8088