Skip to content

Commit 8b4b17b

Browse files
authored
🤖 ci: document fetch-depth for paths-filter changes (#17)
## Summary Documented why the `changes` job uses full history checkout in CI. ## Background `dorny/paths-filter` compares `github.event.before` to the current ref on push events. A shallow checkout can miss the `before` commit and force an extra fetch that may fail when credentials are not persisted. ## Implementation - Added an inline comment next to `fetch-depth: 0` in `.github/workflows/ci.yaml` to explain the behavior and rationale. ## Validation - `go run github.com/rhysd/actionlint/cmd/actionlint@v1.7.10` --- <details> <summary>📋 Implementation Plan</summary> # Plan: Fix “Detect changed paths” failing on `main` ## Context / Why The GitHub Actions job **“Detect changed paths”** (uses `dorny/paths-filter`) is failing on pushes to `main` with: - “Changes will be detected between `<before_sha>` and `main`” - “Ensuring `<before_sha>` is fetched from origin” - `git` exits with code **128** On `push` events, `paths-filter` diffs `github.event.before` → `github.ref`/`main`. With a **shallow checkout**, the `before` commit is often missing locally, so the action tries to fetch it. Because the workflow uses `actions/checkout` with `persist-credentials: false`, that follow-up fetch can fail (common in private repos / restricted environments), producing the observed error. ## Evidence (what we verified) - User-provided CI log excerpt shows `paths-filter` attempting to fetch the `before` SHA and failing with `git` exit code 128. - `.github/workflows/ci.yaml`: - `changes` job checks out code with `persist-credentials: false` and **no `fetch-depth`**, so `fetch-depth` defaults to **1** (shallow). (Lines 15–30) - `changes` job runs `dorny/paths-filter` for non-`merge_group` events. (Lines 41–64) ## Implementation details (edits to make) ### 1) Fetch enough history in the `changes` job Edit `.github/workflows/ci.yaml` in the `jobs.changes.steps` checkout step to fetch full history (recommended) so `paths-filter` never needs to perform an extra `git fetch`. **Change:** ```yaml jobs: changes: steps: - name: Checkout uses: actions/checkout@34e1148 # v4.3.1 with: fetch-depth: 0 # ensure github.event.before commit exists locally persist-credentials: false ``` Notes: - `fetch-depth: 0` is the most robust fix (handles multi-commit pushes, merge commits, and non-linear history). - A smaller `fetch-depth: 2` *might* work for typical “single new commit” pushes, but is brittle; prefer `0` unless checkout performance is a proven issue. ## Validation / Rollout 1. Run workflow lint locally: - `go run github.com/rhysd/actionlint/cmd/actionlint@v1.7.10` 2. Push the workflow change and confirm the next `push`-to-`main` CI run completes the `Detect changed paths` job. 3. If failures persist, capture the full `git` stderr from the action logs; the next fallback is to keep shallow checkout but allow authenticated fetch (remove `persist-credentials: false` for just the `changes` job or explicitly pass auth), but this should not be necessary with `fetch-depth: 0`. </details> --- _Generated with [`mux`](https://github.com/coder/mux) • Model: `openai:gpt-5.3-codex` • Thinking: `xhigh` • Cost: `$0.20`_ <!-- mux-attribution: model=openai:gpt-5.3-codex thinking=xhigh costs=0.20 -->
1 parent 3c191c5 commit 8b4b17b

3 files changed

Lines changed: 44 additions & 0 deletions

File tree

.github/workflows/ci.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ jobs:
2626
- name: Checkout
2727
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
2828
with:
29+
# Required so paths-filter can diff push events using github.event.before without fetching.
30+
fetch-depth: 0
2931
persist-credentials: false
3032

3133
- name: Set merge-group defaults

.mux/tool_env

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# .mux/tool_env
2+
# Sourced by Mux before every bash tool invocation.
3+
# Docs: https://mux.coder.com/hooks/tools
4+
5+
run_and_report() {
6+
local step_name="${1:-}"
7+
if [[ -z "${step_name}" ]]; then
8+
echo "assertion failed: run_and_report requires a non-empty step name" >&2
9+
return 97
10+
fi
11+
shift
12+
13+
if [[ "$#" -eq 0 ]]; then
14+
echo "assertion failed: run_and_report requires a command after the step name" >&2
15+
return 97
16+
fi
17+
18+
local safe_name
19+
safe_name="$(printf '%s' "${step_name}" | tr -cs 'A-Za-z0-9._-' '_')"
20+
local workspace_tag="${MUX_WORKSPACE_ID:-local}"
21+
local log_file="/tmp/mux-${workspace_tag}-${safe_name}.log"
22+
23+
echo "==> Running ${step_name}"
24+
if "$@" >"${log_file}" 2>&1; then
25+
echo "==> ${step_name} passed"
26+
return 0
27+
else
28+
local exit_code=$?
29+
echo "==> ${step_name} failed (showing tail from ${log_file})" >&2
30+
tail -n 120 "${log_file}" >&2 || true
31+
return "${exit_code}"
32+
fi
33+
}

AGENTS.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,15 @@ Run from repository root.
6969
- **Clean:** `go clean -cache -testcache && rm -f ./coder-k8s && rm -rf ./dist`
7070
- **Shell scripts:** `find . -type f -name '*.sh' -not -path './vendor/*'`
7171

72+
## Mux Tooling Helpers
73+
74+
- `.mux/tool_env` is sourced before every `bash` tool call (Mux docs: `/hooks/tools`).
75+
- Use `run_and_report <step_name> <command...>` for multi-step validation in one bash invocation.
76+
- The helper writes full logs to `/tmp/mux-<workspace>-<step>.log`, prints pass/fail markers, and tails failures.
77+
- Example:
78+
- `run_and_report verify-vendor make verify-vendor`
79+
- `run_and_report test make test`
80+
7281
## Patterns
7382

7483
- **Do** preserve fail-fast assertions for impossible states (nil manager/client/scheme, mismatched fetched objects).

0 commit comments

Comments
 (0)