-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bug] Blocker release v1.2.1: verify-checkout compares SHA digests from different repos #968
Comments
#993 finishes changes made to add the |
Reopening this because |
There are 2 "types" of checkout:
|
To be clear, this is a situation where the tag is being updated between the time the event was generated and the time the checkout actually happens? Right now I also noticed something else. Since you mentioned that
It seems like we'll want to build two different actions to support each type of checkout since each needs to support different things. If we build specific actions for each, we probably don't even need to support However, that would mean we can't use |
#1075 should probably fix this. |
Let's keep this issue open to keep track of hardening enhancements to checkout:
|
I think those can be covered as part of #626 no? |
This issue was reopened by the todo-issue-reopener action in the "TODO Issue Reopener" GitHub Actions workflow because there are TODOs referencing this issue:
|
The
verify-checkout
action seems to compare$GITHUB_SHA
with the locally checked out version. However,$GITHUB_SHA
refers to the digest of the commit that triggered the workflow, which might be from a different repo than the one we are checking out.verify-checkout
seems to have been created on the premise that one could update the tag between the time that it was pushed and when it was checked out by the workflow.I'm not sure this is actually the case since
git checkout
will only ever checkout the local tag reference and won't pull a new tag reference (that could be changed)./cc @laurentsimon
The text was updated successfully, but these errors were encountered: