search

redhat-plumbers-in-action / differential-shellcheck

🐚 GitHub Action for running ShellCheck differentially
GNU General Public License v3.0
53 stars 9 forks source link

Using a shallow git clone should cause a fatal failure #372

Open simondeziel opened 6 months ago

simondeziel commented 6 months ago

Type of issue

Bug Report

Description

If by mistake, one forgets to use fetch-depth: 0 with actions/checkout@v4, the action redhat-plumbers-in-action/differential-shellcheck@v5 will be unable to find the needed diff but will carry on:

Run actions/checkout@v4
Syncing repository: canonical/lxd-ci
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/909f679f-99cb-4e64-907a-ebed4d65f581' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/lxd-ci/lxd-ci
Deleting the contents of '/home/runner/work/lxd-ci/lxd-ci'
Initializing the repository
Disabling automatic garbage collection
Setting up auth
Fetching the repository
Determining the checkout info
Checking out the ref
/usr/bin/git log -1 --format='%H'
'35edb903e0835de501914bb32133d88136bcbef1'
Run redhat-plumbers-in-action/differential-shellcheck@v5
/usr/bin/docker run --name ghcrioredhatplumbersinactiondifferentialshellcheckv511_860cec --label ae11f4 --workdir /github/workspace --rm -e "INPUT_TOKEN" -e "INPUT_TRIGGERING-EVENT" -e "INPUT_BASE" -e "INPUT_HEAD" -e "INPUT_PULL-REQUEST-BASE" -e "INPUT_PULL-REQUEST-HEAD" -e "INPUT_PUSH-EVENT-BASE" -e "INPUT_PUSH-EVENT-HEAD" -e "INPUT_DIFF-SCAN" -e "INPUT_STRICT-CHECK-ON-PUSH" -e "INPUT_EXTERNAL-SOURCES" -e "INPUT_SEVERITY" -e "INPUT_SCAN-DIRECTORY" -e "INPUT_EXCLUDE-PATH" -e "INPUT_INCLUDE-PATH" -e "INPUT_TRIGGERING_EVENT" -e "INPUT_PULL_REQUEST_BASE" -e "INPUT_PULL_REQUEST_HEAD" -e "INPUT_PUSH_EVENT_BASE" -e "INPUT_PUSH_EVENT_HEAD" -e "INPUT_DIFF_SCAN" -e "INPUT_STRICT_CHECK_ON_PUSH" -e "INPUT_EXTERNAL_SOURCES" -e "INPUT_SCAN_DIRECTORY" -e "INPUT_EXCLUDE_PATH" -e "INPUT_INCLUDE_PATH" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/lxd-ci/lxd-ci":"/github/workspace" ghcr.io/redhat-plumbers-in-action/differential-shellcheck:v5.1.1
fatal: Invalid revision range 6034829bebd5755843be3ce8b8dee1e55afe1515..c31bb3595fab371d8e5d9265ceb9d210baf4c398

:::::::::::::::::::::
::: Used Versions :::
:::::::::::::::::::::

ShellCheck: 0.9.0
csutils: 3.2.0

:::::::::::::::::::::::::::::::
::: Differential ShellCheck :::
:::::::::::::::::::::::::::::::

📜 List of shell scripts for scanning

fatal: reference is not a tree: 6034829bebd5755843be3ce8b8dee1e55afe1515
fatal: reference is not a tree: 6034829bebd5755843be3ce8b8dee1e55afe1515
ℹ️ No Fixes!

error: pathspec '-' did not match any file(s) known to git
🥳 No defects added. Yay!

✅ SARIF report was successfully uploaded to GitHub

Those logs are from https://github.com/canonical/lxd-ci/actions/runs/8756699425/job/24033740622?pr=155#step:5:13

Omitting that force-depth: 0 is quite easy and considering that action/checkout changed the default in their v4 it feels safe to have some more safeguard in this action.

Describe the solution you'd like

IMHO, this fatal: Invalid revision range <commit..commit> error should cause the whole action to return an error.

jamacku commented 6 months ago

Yes, this is a good point. Thank you for reporting. I'll have a look.