check-whitespace: two fixes #995
Closed
+2
−24
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dscho
force-pushed
the
fix-check-whitespace
branch
from
a79d415 to
45f5dcf
Compare
dscho
added a commit
to dscho/git
that referenced
this pull request
Jul 14, 2021
We introduced a couple of whitespace issues, and it this was sadly not caught by the `check-whitespace` workflow (the reason is a bit convoluted, see gitgitgadget#995 which also fixes it). Signed-off-by: Johannes Schindelin <[email protected]>
dscho
added a commit
to dscho/git
that referenced
this pull request
Jul 14, 2021
Fix some whitespace issues that were missed by the `check-whitespace` job (most likely because of issues that are being fixed in gitgitgadget#995). Signed-off-by: Johannes Schindelin <[email protected]>
webstech
approved these changes
Jul 14, 2021
As part of some recent security tightening, GitHub introduced the ability to configure GitHub workflows to be run with a read-only token. This is much more secure, in particular when working in a public repository: While the regular read/write token might be restricted to writing to the current branch, it is not necessarily restricted to access only the current Pull Request. However, the `check-whitespace` workflow threw a wrench into this plan: it _requires_ write access (because it wants to add a PR comment in case of a whitespace issue). Let's just skip that PR comment. The user can always click through to the actual error, even if it is slightly less convenient. Signed-off-by: Johannes Schindelin <[email protected]>
During a run of the `check-whitespace` we want to verify that the
commits introduced in the Pull Request have no whitespace issues. We
only want to look at those commits, not the upstream commits (because
the contributor cannot do anything about the latter).
However, by using the `-<count>` form in `git log --check`, we run the
risk of looking at the wrong commits. The reason is that the
`actions/checkout` step does _not_ check out the tip commit of the Pull
Request's branch: Instead, it checks out a merge commit that merges that
branch into the target branch. For that reason, we already adjust the
commit count by incrementing it, but that is not enough: if the upstream
branch has newer commits, they are traversed _first_. And obviously we
will then miss some of the commits that we _actually_ wanted to look at.
Therefore, let's be careful to stop assuming a linear, up to date commit
topology in the contributed commits, and instead specify the correct
commit range.
Unfortunately, this means that we no longer can rely on a shallow clone:
There is no way of knowing just how many commits the upstream branch
advanced after the commit from which the PR branch branched off. So
let's just go with a full clone instead, and be safe rather than sorry
(if we have "too shallow" a situation, a commit range `@{u}..` may very
well include a shallow commit itself, and the output of `git show
--check <shallow>` is _not_ pretty).
Signed-off-by: Johannes Schindelin <[email protected]>
dscho
force-pushed
the
fix-check-whitespace
branch
from
45f5dcf to
b63a5bb
Compare
Good point! |
|
/submit |
|
Submitted as [email protected] To fetch this version into To fetch this version to local tag |
![gitgitgadget[bot]](https://avatars.githubusercontent.com/in/12836?s=60&v=4){kind=small}
| @@ -51,21 +51,5 @@ jobs: | |||
|
|
|||
There was a problem hiding this comment.
On the Git mailing list, Junio C Hamano wrote (reply to this):
"Johannes Schindelin via GitGitGadget" <[email protected]>
writes:
> However, the `check-whitespace` workflow threw a wrench into this plan:
> it _requires_ write access (because it wants to add a PR comment in case
> of a whitespace issue).
OK.
| @@ -12,15 +12,9 @@ jobs: | |||
| check-whitespace: | |||
There was a problem hiding this comment.
On the Git mailing list, Junio C Hamano wrote (reply to this):
"Johannes Schindelin via GitGitGadget" <[email protected]>
writes:
> Unfortunately, this means that we no longer can rely on a shallow clone:
> There is no way of knowing just how many commits the upstream branch
> advanced after the commit from which the PR branch branched off. So
> let's just go with a full clone instead, and be safe rather than sorry
> (if we have "too shallow" a situation, a commit range `@{u}..` may very
> well include a shallow commit itself, and the output of `git show
> --check <shallow>` is _not_ pretty).
Makes sense.
As long as you have pull-request base, I suspect that you could
shallow clone the base and incrementally fetch the rest to update,
perhaps? But I do not know if it is worth doing so for a small
project like ours.
Thanks.
> Signed-off-by: Johannes Schindelin <[email protected]>
> ---
> .github/workflows/check-whitespace.yml | 10 ++--------
> 1 file changed, 2 insertions(+), 8 deletions(-)
>
> diff --git a/.github/workflows/check-whitespace.yml b/.github/workflows/check-whitespace.yml
> index c53614d6033..8c4358d805c 100644
> --- a/.github/workflows/check-whitespace.yml
> +++ b/.github/workflows/check-whitespace.yml
> @@ -12,15 +12,9 @@ jobs:
> check-whitespace:
> runs-on: ubuntu-latest
> steps:
> - - name: Set commit count
> - shell: bash
> - run: echo "COMMIT_DEPTH=$((1+$COMMITS))" >>$GITHUB_ENV
> - env:
> - COMMITS: ${{ github.event.pull_request.commits }}
> -
> - uses: actions/checkout@v2
> with:
> - fetch-depth: ${{ env.COMMIT_DEPTH }}
> + fetch-depth: 0
>
> - name: git log --check
> id: check_out
> @@ -47,7 +41,7 @@ jobs:
> echo "${dash} ${etc}"
> ;;
> esac
> - done <<< $(git log --check --pretty=format:"---% h% s" -${{github.event.pull_request.commits}})
> + done <<< $(git log --check --pretty=format:"---% h% s" ${{github.event.pull_request.base.sha}}..)
>
> if test -n "${log}"
> then
There was a problem hiding this comment.
On the Git mailing list, Taylor Blau wrote (reply to this):
On Wed, Jul 14, 2021 at 03:25:15PM -0700, Junio C Hamano wrote:
> "Johannes Schindelin via GitGitGadget" <[email protected]>
> writes:
>
> > Unfortunately, this means that we no longer can rely on a shallow clone:
> > There is no way of knowing just how many commits the upstream branch
> > advanced after the commit from which the PR branch branched off. So
> > let's just go with a full clone instead, and be safe rather than sorry
> > (if we have "too shallow" a situation, a commit range `@{u}..` may very
> > well include a shallow commit itself, and the output of `git show
> > --check <shallow>` is _not_ pretty).
>
> Makes sense.
>
> As long as you have pull-request base, I suspect that you could
> shallow clone the base and incrementally fetch the rest to update,
> perhaps? But I do not know if it is worth doing so for a small
> project like ours.
Agreed, and...
> > - uses: actions/checkout@v2
> > with:
> > - fetch-depth: ${{ env.COMMIT_DEPTH }}
> > + fetch-depth: 0
...I wondered whether "fetch-depth: 0" was the default and whether or
not this hunk could have just removed "fetch-depth" entirely. But the
default is "1", and "0" means "fetch everything". So we really do need
it.
Thanks,
Taylor
There was a problem hiding this comment.
On the Git mailing list, Johannes Schindelin wrote (reply to this):
Hi Junio,
On Wed, 14 Jul 2021, Junio C Hamano wrote:
> "Johannes Schindelin via GitGitGadget" <[email protected]>
> writes:
>
> > Unfortunately, this means that we no longer can rely on a shallow clone:
> > There is no way of knowing just how many commits the upstream branch
> > advanced after the commit from which the PR branch branched off. So
> > let's just go with a full clone instead, and be safe rather than sorry
> > (if we have "too shallow" a situation, a commit range `@{u}..` may very
> > well include a shallow commit itself, and the output of `git show
> > --check <shallow>` is _not_ pretty).
>
> Makes sense.
>
> As long as you have pull-request base, I suspect that you could
> shallow clone the base and incrementally fetch the rest to update,
> perhaps?
Fetching into shallow clones is very expensive on the server. I want to
avoid that whenever possible.
> But I do not know if it is worth doing so for a small project like ours.
And then there's that.
Ciao,
Dscho
There was a problem hiding this comment.
On the Git mailing list, Johannes Schindelin wrote (reply to this):
Hi Taylor,
On Wed, 14 Jul 2021, Taylor Blau wrote:
> On Wed, Jul 14, 2021 at 03:25:15PM -0700, Junio C Hamano wrote:
> > "Johannes Schindelin via GitGitGadget" <[email protected]>
> > writes:
> >
> > > Unfortunately, this means that we no longer can rely on a shallow clone:
> > > There is no way of knowing just how many commits the upstream branch
> > > advanced after the commit from which the PR branch branched off. So
> > > let's just go with a full clone instead, and be safe rather than sorry
> > > (if we have "too shallow" a situation, a commit range `@{u}..` may very
> > > well include a shallow commit itself, and the output of `git show
> > > --check <shallow>` is _not_ pretty).
> >
> > Makes sense.
> >
> > As long as you have pull-request base, I suspect that you could
> > shallow clone the base and incrementally fetch the rest to update,
> > perhaps? But I do not know if it is worth doing so for a small
> > project like ours.
>
> Agreed, and...
>
> > > - uses: actions/checkout@v2
> > > with:
> > > - fetch-depth: ${{ env.COMMIT_DEPTH }}
> > > + fetch-depth: 0
>
> ...I wondered whether "fetch-depth: 0" was the default and whether or
> not this hunk could have just removed "fetch-depth" entirely. But the
> default is "1", and "0" means "fetch everything". So we really do need
> it.
Indeed. One of the things that makes `action/checkout@v2` so much faster
than `@v1` is that it fetches shallow by default. But we can't have that
here.
Ciao,
Dscho
|
User |
|
This branch is now known as |
|
This patch series was integrated into seen via git@776d0c9. |
|
This patch series was integrated into seen via git@3455777. |
|
This patch series was integrated into seen via git@7cf83c9. |
|
This patch series was integrated into seen via git@9fd0fbb. |
|
There was a status update in the "New Topics" section about the branch CI update. Will merge to 'next'. |
|
This patch series was integrated into seen via git@4c922d2. |
|
This patch series was integrated into seen via git@b796683. |
|
This patch series was integrated into seen via git@b00d3eb. |
|
This patch series was integrated into seen via git@ef98f70. |
|
There was a status update in the "Cooking" section about the branch CI update. Will merge to 'next'. |
|
This patch series was integrated into seen via git@17248f4. |
|
This patch series was integrated into next via git@cdc9aa0. |
|
This patch series was integrated into seen via git@fb06ead. |
|
There was a status update in the "Cooking" section about the branch CI update. Will merge to 'master'. |
|
This patch series was integrated into seen via git@cdc9aa0. |
|
This patch series was integrated into seen via git@1a8e7ea. |
|
There was a status update in the "Cooking" section about the branch CI update. Will merge to 'master'. |
|
This patch series was integrated into seen via git@f73bc92. |
|
There was a status update in the "Cooking" section about the branch CI update. Will merge to 'master'. |
|
This patch series was integrated into seen via git@8a49dfa. |
|
This patch series was integrated into next via git@8a49dfa. |
|
This patch series was integrated into master via git@8a49dfa. |
|
Closed via 8a49dfa. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I recently ran into a situation where a merge commit (which admittedly are undesirable in git/git and gitgitgadget/git Pull Requests, but are sometimes totally appropriate in the context of other forks such as git-for-windows/git) misled the logic in the
check-whitespaceworkflow to look at upstream commits (and missing some patches that it should have looked at).At the same time, I also realized that the feature where this workflow adds a PR comment in an attempt to be more helpful requires a read/write token (which weakens the overall security, I'd much rather stay with the read-only token configured e.g. in gitgitgadget/git and in git-for-windows/git).
This patch series addresses both issues.
Cc: Chris. Webster [email protected]
cc: Taylor Blau [email protected]