fix: emit filter:'' in agent checkout when sparse-checkout is enabled (#35947)#35949
Merged
Conversation
Prevents actions/checkout@v6 from adding --filter=blob:none when sparse-checkout is specified. Blobless clones require credentials for lazy blob fetches, but agent jobs use persist-credentials: false, making offline git operations fail. Only emits filter:'' when sparse-checkout patterns are configured, since that is the condition under which actions/checkout would automatically add the blobless filter. Fixes #35947
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the workflow YAML generation for agent-job checkouts to explicitly emit filter: '' in actions/checkout when sparse-checkout patterns are configured, preventing actions/checkout@v6 from implicitly enabling blobless/partial clones that break offline git operations in agent jobs.
Changes:
- Emit
filter: ''for the default checkout whensparsePatternsis non-empty. - Emit
filter: ''for additional checkouts whensparsePatternsis non-empty. - Add/extend unit tests to verify
filter:is present only when sparse-checkout is configured.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/checkout_step_generator.go | Adds conditional filter: '' emission for default and additional checkouts when sparse-checkout is used. |
| pkg/workflow/checkout_manager_test.go | Adds assertions covering filter: '' presence/absence based on sparse-checkout configuration. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 2
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
Contributor
|
✅ smoke-ci: safeoutputs CLI comment + comment-memory run (26689009788)
|
This was referenced May 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes a bug where agent jobs using sparse-checkout would silently fail due to
actions/checkoutenabling blobless clones when afiltervalue is not explicitly set. When sparse-checkout is active, blobless clones require persistent credentials for subsequentgit fetchcalls — credentials that are not available in agent job contexts. This PR emitsfilter: ''in generated checkout steps whenever sparse-checkout patterns are present, disabling blobless clone behaviour and restoring pull request findability.Changes
pkg/workflow/checkout_step_generator.go— Bug Fix (high impact)filter: ''in both the default and additional checkout step generators when sparse-checkout patterns are configured.actions/checkoutfrom implicitly enabling blobless clones that would fail in agent contexts lacking persistent credentials.pkg/workflow/checkout_manager_test.go— Tests (medium impact)filter: ''is present in checkout steps when sparse-checkout is configured.filterkey is emitted when sparse-checkout is absent.docs/sparseness.md— Documentation (low impact, new file)filter: ''must be explicitly emitted for agent jobs when sparse-checkout is enabled.safe_outputsjobs.Motivation
actions/checkoutenables blobless clones by default when a sparse-checkout pattern list is provided. Blobless clones defer blob fetching and require that git credentials remain available beyond the initial checkout step. Agent jobs do not retain these credentials, causing subsequentgitoperations (including pull request discovery) to fail. Explicitly passingfilter: ''suppresses the blobless clone and ensures a standard full-content sparse checkout that works without persistent credentials.Testing
checkout_manager_test.gocovering the presence and absence offilter: ''under sparse-checkout conditions.