New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix scans of shallow clones such as those made by GitHub Actions #270
Conversation
3076392
to
32902d5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
Out of morbid curiosity, what is the effective difference between this (presumably a scan-local-repo
) and scan-folder
on the working directory? Probably just that we've instantiated the wrong scanner class by the time you realize this and can't change tracks. ;-)
Yeah, I hadn't thought about that, but realistically they're about the same thing. Although the Good callout! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🦅
15b3be2
to
87d7706
Compare
To help us get this pull request reviewed and merged quickly, please be sure to include the following items:
PR Type
What kind of change does this PR introduce?
Backward Compatibility
Is this change backward compatible with the most recently released version? Does it introduce changes which might change the user experience in any way? Does it alter the API in any way?
Issue Linking
Fixes #209
What's new?
This slightly changes the way we gather branches and commits so that we can more easily detect when we are in a scenario where there is no history or local branches. When that scenario is detected, we examine the entire current contents of the repository (the HEAD) as though it were a single commit.
In most cases, this code will never be encountered nor run. The primary thing this enables is for
tartufo
to run natively in an environment created by theactions/checkout
GitHub Action. Specifically, an environment with amax-depth=1
meaning no cloned history, and also no local refs or branches, with a detached HEAD.At this point in time, a few tests still need to be updated, but I wanted to open this PR to show my work so far and get more eyes on it to make sure I'm not missing any obviously glaring points.