This repo is minimal test to show that actions/checkout@v4.1.4 introduces a new requirement on consumers to use either a newer version of git or a newer version of other dependencies that need to handle the repositoryformatversion value of 1 in the .git directory.
The difference between actions/checkout@v4.1.4 and actions/checkout@v4.1.1 is that sparse-checkout is disabled explicitly, which depending on the version of git being used, results in a repositoryformatversion value of 1 being written to the .git directory for older versions and a value of 0 for newer versions. What exact git version boundary this change occurs at is not clear. The following table shows the combinations of software and their results:
actions/checkout |
git |
repositoryformatversion |
Test |
|---|---|---|---|
v4.1.1 |
2.34.1 |
0 |
✔️ https://github.com/hicksjacobp/checkout-test/actions/runs/8848651950/job/24298891141 |
v4.1.4 |
2.34.1 |
1 |
❌ https://github.com/hicksjacobp/checkout-test/actions/runs/8848651950/job/24298890845 |
v4.1.4 |
2.43.2 |
0 |
✔️ https://github.com/hicksjacobp/checkout-test/actions/runs/8848651950/job/24298890623 |
The scenario of actions/checkout@v4.1.4 and git@2.34.1 is what has caused us unforeseen pain.
This scenario is exacerbated by the fact that actions/runner@v3.16.0 comes with git@2.34.1 and the default CodeQL workflow uses actions/checkout@v4 (and therefore resolves to actions/checkout@v4.1.4 as of the time of writing).
Performing an apt-get install git does NOT update git to a newer version because the base and ancestor images which actions/runner is based off of does not use the apt feed which has newer versions of git, and is rather left behind at 2.34.1.
In order to update git to newer versions, in Ubuntu at least, you have to perform at least these steps:
apt update
apt install software-properties-common
add-apt-repository -y ppa:git-core/ppa
apt install gitSee https://git-scm.com/download/linux for reference.
Tip
Do this in actions/runner?
Personally, I found this issue through referencing Microsoft.SourceLink.GitHub@1.1.1. With .NET SDK 8, there is now a Microsoft.SourceLink.GitHub@8.0.0 package (along with the transitive dependency which can now handle the repositoryformatversion of 1). See dotnet/sourcelink#772.
Warning
This may not be possible for your situation, for example using the default CodeQL setup and using a CI infrastructure where updating git has not yet been done and is out of your control.
actions/runner@v3.16.0is based off ofmcr.microsoft.com/dotnet/runtime-deps:6.0-jammyand none of these images do any additional setup forgit: https://github.com/actions/runner/blob/14cea13ab5e7a5f385d805bf8a9034947d25f1b6/images/Dockerfile https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/6.0/jammy/amd64/Dockerfile- Install instructions for
git: https://git-scm.com/download/linux