Last release failing due to sparse-checkout

[joseotoro]

/usr/bin/git sparse-checkout disable
git: 'sparse-checkout' is not a git command. See 'git --help'.
Error: The process '/usr/bin/git' failed with exit code 1

Job template:

jobs:
  FlakyTests:
    runs-on: ubuntu-20.04
    container:
      image: python:2.7.18-buster
    name: Tests
    steps:
    - uses: actions/checkout@v4
      with:
        token: ${{ secrets.BOT_TOKEN }}
        submodules: 'recursive'

[bewinsnw]

Adding detail from my closed bug (also ubuntu-20.04)

git version 2.25.1

[jww3]

We are investigating. As a workaround, you can pin to v4.1.1

 - uses: actions/[email protected]

[clausbuchwald]

it looks like an outdated git version is being used:

Run actions/[email protected]
[...]
  /usr/bin/git version
  git version 2.20.1

[bewinsnw]

Indeed... my bad - the step of my build that fails was the windows build which is older: git version 2.22.0.windows.1

But #1386 reports that sparse-checkout wasn't working here until 2.28 and there's a check in the code that the min version for sparse is 2.25 already

checkout/src/git-command-manager.ts

Line 610 in 8410ad0

const minimumGitSparseCheckoutVersion = new GitVersion('2.25')

[bewinsnw]

https://github.com/actions/checkout/blob/main/src/git-source-provider.ts#L212 this is where it's failing in ours - if sparseCheckout isn't enabled it calls disableSparseCheckout() which runs git sparse-checkout disable, boom

[fhammerl]

Rolled back from v4.1.2 to v4.1.1: actions/checkout@v4 and actions/[email protected] is ‘latest’ again: https://github.com/actions/checkout/releases

[credfeto]

Rolled back from v4.1.2 to v4.1.1: actions/checkout@v4 and actions/[email protected] is ‘latest’ again: https://github.com/actions/checkout/releases

Any reason why this was rolled back rather than a v4.1.3 to revert? Dependabot keeps bringing this in as a suggested update, and then I get an error in one of our tools that uses libgit2 (libgit2/libgit2#6044) which doesn't handle the extensions.worktreeconfig that 4.1.2 brings in. Being on self hosted runners - i have to delete all the repos from the disk for each runner every single time as nothing will build with a repo that has this enabled

Looks like the release is still here and still tagged, so whatever rollback was done isn't complete:

https://github.com/actions/checkout/releases/tag/v4.1.2

[norrisjeremy]

Rolled back from v4.1.2 to v4.1.1: actions/checkout@v4 and actions/[email protected] is ‘latest’ again: https://github.com/actions/checkout/releases

Any reason why this was rolled back rather than a v4.1.3 to revert? Dependabot keeps bringing this in as a suggested update, and then I get an error in one of our tools that uses libgit2 (libgit2/libgit2#6044) which doesn't handle the extensions.worktreeconfig that 4.1.2 brings in. Being on self hosted runners - i have to delete all the repos from the disk for each runner every single time as nothing will build with a repo that has this enabled

Looks like the release is still here and still tagged, so whatever rollback was done isn't complete:

https://github.com/actions/checkout/releases/tag/v4.1.2

Yes, if v4.1.2 is fatally flawed, than a new v4.1.3 release needs to be tagged, not slipping the v4 tag.

[credfeto]

Dependabot has tried to update to 4.1.3 which is pre-release and also has this issue funfair-tech/funfair-server-code-analysis#218 not sure why dependabot is trying to update to pre-release given the dependabot config, but given that it has its shown that this version fails too

[cory-miller]

v4.1.4 should have the fix for this issue.

As for dependabot, we reached out to that team about pre-release being included in their updates. On the actions/checkout side we will avoid use pre-release until that's been looked at.