fix: pass --depth to git fetch step to match checkout fetch-depth#35730
Conversation
The generateFetchStepLines and buildSafeOutputsFetchRefsStep functions emitted a bare 'git fetch origin <refspecs>' with no depth constraint. When the original actions/checkout used the default fetch-depth: 1 (shallow clone), the subsequent git fetch ignored that constraint and fetched full unbounded history — catastrophic for large monorepos. Fix: mirror the fetchDepth from the resolvedCheckout entry onto the git fetch command: - nil (default, shallow) → --depth=1 - *fetchDepth > 0 → --depth=N - *fetchDepth == 0 → no flag (full history explicitly requested) Adds test cases for all three cases in TestGenerateFetchStep and updates the safe_outputs fetch step assertions to expect --depth=1.
|
✅ smoke-ci: safeoutputs CLI comment + comment-memory run (26646532528)
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment.
|
There was a problem hiding this comment.
Pull request overview
Fixes a bug where additional git fetch steps generated after actions/checkout lacked a depth flag, causing full-history fetches even when the checkout was shallow. The fix mirrors the resolved checkout's fetchDepth onto the fetch command in both the agent and safe_outputs paths.
Changes:
generateFetchStepLinesnow appends--depth=Nbased onentry.fetchDepth(nil → 1, 0 → omit, N → N).buildSafeOutputsFetchRefsStepgains afetchDepth *intparameter and applies the same logic.- New unit tests cover nil/1/0/N depth cases; safe_outputs tests assert
--depth=1.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/checkout_step_generator.go | Adds depth flag derivation to agent-job fetch step |
| pkg/workflow/compiler_safe_outputs_steps.go | Threads fetchDepth into safe_outputs fetch step and applies depth flag |
| pkg/workflow/checkout_manager_test.go | New depth-handling cases for generateFetchStepLines |
| pkg/workflow/compiler_safe_outputs_steps_test.go | Asserts --depth=1 appears in cross-repo safe_outputs fetch steps |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 4/4 changed files
- Comments generated: 0
fix: pass
--depthto git fetch step to match checkout fetch-depthSummary
Fixes a gap where the
git fetchcommand emitted by the workflow compiler ignored thefetch-depthsetting configured on the checkout step. BothgenerateFetchStepLinesandbuildSafeOutputsFetchRefsStepnow derive a--depth=Nflag from the resolved checkout configuration and inject it into the generated fetch command, matching the depth behaviour of the surrounding checkout step.Changes
pkg/workflow/checkout_step_generator.go— core fixgenerateFetchStepLinesreadsresolvedCheckout.fetchDepthto compute the depth flag.--depth=1whenfetchDepthis unset (nil).--depthentirely whenfetchDepthis0(full history).git fetchinvocation.pkg/workflow/compiler_safe_outputs_steps.go— parity fixbuildSafeOutputsFetchRefsStepgains afetchDepth *intparameter.--depthderivation logic asgenerateFetchStepLines.matchedEntry.fetchDepth.pkg/workflow/checkout_manager_test.go— new test coveragegenerateFetchStepLines:--depth=1--depth=1--depthflag--depth=Npkg/workflow/compiler_safe_outputs_steps_test.go— updated assertionsTestBuildSharedPRCheckoutStepscases updated to assert--depth=1appears in the generated fetch step.Risk
Low. No behavioural change for workflows that did not set
fetch-depth; those continue to get--depth=1, which was already the effective default for the surrounding checkout step. Workflows explicitly settingfetch-depth: 0(full clone) will now correctly propagate that intent to the fetch step.