Fix running in annotated git tag GitHub (#227)

MishaKav · claude · web-flow · commit 40c105a88eb9 · 2025-11-08T14:30:35.000+02:00
* Fix: Handle annotated git tags in push events (#195) Resolves issue where the action failed when triggered by annotated tag pushes with error "No commit found for SHA". The problem occurred because payload.after contains the tag object's SHA for annotated tags, not the commit SHA. Changes: - Added resolveCommitSha() helper function to detect tag pushes and resolve annotated tag objects to their underlying commit SHA using GitHub's Git Data API - Initialize octokit early in main() to enable tag resolution before setting options.commit - Updated getChangedFiles() to use the resolved commit SHA from options - Gracefully handles both annotated tags (resolves to commit) and lightweight tags (already contain commit SHA) The fix ensures createCommitComment() receives a valid commit SHA regardless of whether the push event was triggered by a regular commit, lightweight tag, or annotated tag. * chore: update octokit API calls for @actions/github v6 compatibility Add .rest namespace to all octokit API calls to support @actions/github v6. This change is required before merging PR #229 (dependency updates). Changes: - Updated 7 octokit method calls to use .rest namespace - Rebuilt bundled action with updated code 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Update CHANGELOG for version 1.1.58, including fixes for annotated git tags in push events, dependency updates for @actions/github, and resolution of security vulnerabilities in Octokit dependencies. * 1.1.58 --------- Co-authored-by: Claude <noreply@anthropic.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Changelog of the Pytest Coverage Comment
 
+## [Pytest Coverage Comment 1.1.58](https://github.com/MishaKav/pytest-coverage-comment/tree/v1.1.58)
+
+**Release Date:** 2025-11-08
+
+#### Changes
+
+- fix handling of annotated git tags in push events (#195)
+- update `@actions/github` from v4.0.0 to v6.0.1 (#229)
+- fix 3 security vulnerabilities in Octokit dependencies
+
 ## [Pytest Coverage Comment 1.1.57](https://github.com/MishaKav/pytest-coverage-comment/tree/v1.1.57)
 
 **Release Date:** 2025-08-30
diff --git a/dist/index.js b/dist/index.js
@@ -18710,6 +18710,50 @@ const FILE_STATUSES = Object.freeze({
   RENAMED: 'renamed',
 });
 
+/**
+ * Resolves a potential tag object SHA to the underlying commit SHA.
+ * For annotated tags, GitHub's push event payload.after contains the tag object SHA,
+ * not the commit SHA. This function detects tag pushes and resolves them to commits.
+ *
+ * @param {object} octokit - GitHub API client
+ * @param {string} owner - Repository owner
+ * @param {string} repo - Repository name
+ * @param {string} sha - SHA to resolve (might be tag object or commit)
+ * @param {string} ref - Git ref (e.g., refs/tags/v1.0.0 or refs/heads/main)
+ * @returns {Promise<string>} - The commit SHA
+ */
+const resolveCommitSha = async (octokit, owner, repo, sha, ref) => {
+  // Check if this is a tag push
+  if (ref && ref.startsWith('refs/tags/')) {
+    try {
+      core.info(`Detected tag push: ${ref}`);
+      core.info(`Attempting to resolve SHA: ${sha}`);
+
+      // Try to get the tag object
+      const { data: tag } = await octokit.rest.git.getTag({
+        owner,
+        repo,
+        tag_sha: sha,
+      });
+
+      // If it's an annotated tag, it will have an object field pointing to the commit
+      if (tag && tag.object && tag.object.sha) {
+        core.info(`Resolved annotated tag to commit: ${tag.object.sha}`);
+        return tag.object.sha;
+      }
+    } catch (error) {
+      // If getTag fails, it might be a lightweight tag or direct commit
+      // In this case, the SHA is already a commit SHA
+      // prettier-ignore
+      core.info(`SHA is not an annotated tag object, using as commit SHA: ${sha}`);
+      core.debug(`Error details: ${error.message}`);
+    }
+  }
+
+  // Return original SHA if not a tag or if it's a lightweight tag
+  return sha;
+};
+
 const truncateSummary = (content, maxLength) => {
   if (content.length <= maxLength) {
     return content;
@@ -18847,12 +18891,23 @@ const main = async () => {
   options.repoUrl =
     payload.repository?.html_url || `https://github.com/${options.repository}`;
 
+  // Initialize octokit early so we can use it for tag resolution
+  const octokit = github.getOctokit(token);
+
   if (eventName === 'pull_request' || eventName === 'pull_request_target') {
     options.commit = payload.pull_request.head.sha;
     options.head = payload.pull_request.head.ref;
     options.base = payload.pull_request.base.ref;
   } else if (eventName === 'push') {
-    options.commit = payload.after;
+    // For annotated tags, payload.after contains the tag object SHA, not the commit SHA
+    // Resolve it to the actual commit SHA
+    options.commit = await resolveCommitSha(
+      octokit,
+      owner,
+      repo,
+      payload.after,
+      context.ref,
+    );
     options.head = context.ref;
   } else if (eventName === 'workflow_dispatch') {
     options.commit = context.sha;
@@ -18976,7 +19031,6 @@ const main = async () => {
     return;
   }
   const body = WATERMARK + finalHtml;
-  const octokit = github.getOctokit(token);
 
   const issue_number = payload.pull_request
     ? payload.pull_request.number
@@ -19075,7 +19129,9 @@ const getChangedFiles = async (options, pr_number) => {
         break;
       case 'push':
         base = payload.before;
-        head = payload.after;
+        // Use the resolved commit SHA from options instead of payload.after
+        // This handles annotated tags correctly
+        head = options.commit || payload.after;
         break;
       case 'workflow_run':
       case 'workflow_dispatch': {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pytest-coverage-comment",
-  "version": "1.1.57",
+  "version": "1.1.58",
   "description": "Comments a pull request with the pytest code coverage badge, full report and tests summary",
   "author": "Misha Kav",
   "license": "MIT",
diff --git a/src/index.js b/src/index.js
@@ -18,6 +18,50 @@ const FILE_STATUSES = Object.freeze({
   RENAMED: 'renamed',
 });
 
+/**
+ * Resolves a potential tag object SHA to the underlying commit SHA.
+ * For annotated tags, GitHub's push event payload.after contains the tag object SHA,
+ * not the commit SHA. This function detects tag pushes and resolves them to commits.
+ *
+ * @param {object} octokit - GitHub API client
+ * @param {string} owner - Repository owner
+ * @param {string} repo - Repository name
+ * @param {string} sha - SHA to resolve (might be tag object or commit)
+ * @param {string} ref - Git ref (e.g., refs/tags/v1.0.0 or refs/heads/main)
+ * @returns {Promise<string>} - The commit SHA
+ */
+const resolveCommitSha = async (octokit, owner, repo, sha, ref) => {
+  // Check if this is a tag push
+  if (ref && ref.startsWith('refs/tags/')) {
+    try {
+      core.info(`Detected tag push: ${ref}`);
+      core.info(`Attempting to resolve SHA: ${sha}`);
+
+      // Try to get the tag object
+      const { data: tag } = await octokit.rest.git.getTag({
+        owner,
+        repo,
+        tag_sha: sha,
+      });
+
+      // If it's an annotated tag, it will have an object field pointing to the commit
+      if (tag && tag.object && tag.object.sha) {
+        core.info(`Resolved annotated tag to commit: ${tag.object.sha}`);
+        return tag.object.sha;
+      }
+    } catch (error) {
+      // If getTag fails, it might be a lightweight tag or direct commit
+      // In this case, the SHA is already a commit SHA
+      // prettier-ignore
+      core.info(`SHA is not an annotated tag object, using as commit SHA: ${sha}`);
+      core.debug(`Error details: ${error.message}`);
+    }
+  }
+
+  // Return original SHA if not a tag or if it's a lightweight tag
+  return sha;
+};
+
 const truncateSummary = (content, maxLength) => {
   if (content.length <= maxLength) {
     return content;
@@ -155,12 +199,23 @@ const main = async () => {
   options.repoUrl =
     payload.repository?.html_url || `https://github.com/${options.repository}`;
 
+  // Initialize octokit early so we can use it for tag resolution
+  const octokit = github.getOctokit(token);
+
   if (eventName === 'pull_request' || eventName === 'pull_request_target') {
     options.commit = payload.pull_request.head.sha;
     options.head = payload.pull_request.head.ref;
     options.base = payload.pull_request.base.ref;
   } else if (eventName === 'push') {
-    options.commit = payload.after;
+    // For annotated tags, payload.after contains the tag object SHA, not the commit SHA
+    // Resolve it to the actual commit SHA
+    options.commit = await resolveCommitSha(
+      octokit,
+      owner,
+      repo,
+      payload.after,
+      context.ref,
+    );
     options.head = context.ref;
   } else if (eventName === 'workflow_dispatch') {
     options.commit = context.sha;
@@ -284,7 +339,6 @@ const main = async () => {
     return;
   }
   const body = WATERMARK + finalHtml;
-  const octokit = github.getOctokit(token);
 
   const issue_number = payload.pull_request
     ? payload.pull_request.number
@@ -383,7 +437,9 @@ const getChangedFiles = async (options, pr_number) => {
         break;
       case 'push':
         base = payload.before;
-        head = payload.after;
+        // Use the resolved commit SHA from options instead of payload.after
+        // This handles annotated tags correctly
+        head = options.commit || payload.after;
         break;
       case 'workflow_run':
       case 'workflow_dispatch': {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "pytest-coverage-comment",`
`3`		`- "version": "1.1.57",`
	`3`	`+ "version": "1.1.58",`
`4`	`4`	`"description": "Comments a pull request with the pytest code coverage badge, full report and tests summary",`
`5`	`5`	`"author": "Misha Kav",`
`6`	`6`	`"license": "MIT",`