actions: pin /review URLs to the immutable base commit SHA#117
Open
reuvenharrison wants to merge 1 commit into
Open
actions: pin /review URLs to the immutable base commit SHA#117reuvenharrison wants to merge 1 commit into
reuvenharrison wants to merge 1 commit into
Conversation
The free /review URL emitted by every entrypoint used $GITHUB_BASE_REF
(the branch name, e.g. "main") in the base_sha query parameter. That's
mutable: once the base branch advances past the commit the action ran
against — for example, when a downstream PR renames or moves the spec
file on main — every previously-emitted /review URL silently breaks.
raw.githubusercontent.com resolves the branch to whatever the current
HEAD is, not what HEAD was when CI ran. The rev_sha parameter was
always pinned to the immutable head commit, but base_sha wasn't,
leaving the base side of every URL exposed to drift.
Switch all three URL-emitting entrypoints (breaking, changelog,
pr-comment) to a three-tier fallback for base_sha:
1. pull_request.base.sha from $GITHUB_EVENT_PATH (the canonical
value for pull_request triggers)
2. git rev-parse origin/$GITHUB_BASE_REF (works on push triggers
where the base branch was fetched into the workspace)
3. $GITHUB_BASE_REF as the ultimate fallback (today's behavior,
so this is a strict superset of the current contract)
The pr-comment entrypoint already used pattern #1 with #3 as fallback;
this commit adds #2 to its chain so push triggers also get an
immutable SHA whenever possible. breaking and changelog gain the
whole chain.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
reuvenharrison
force-pushed
the
fix/review-url-immutable-base-sha
branch
from
f7ff8f2 to
74f141d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The free
/reviewURL emitted bybreaking,changelog, andpr-commentused$GITHUB_BASE_REF(the branch name, e.g.main) in thebase_shaquery parameter. That's mutable — once the base branch advances past the commit the action ran against, every previously-emitted URL silently breaks.raw.githubusercontent.comresolves the branch to whatever HEAD is now, not what HEAD was when CI ran. Therev_shaparameter was already pinned to the immutable head commit;base_shawas not.Concrete failure mode: a workflow runs, emits a
::notice::link withbase_sha=main&base_file=backend/openapi.json. Later, another PR merges a rename of that file. The original::notice::link now 404s on the base side, and the visitor can't tell whether the cause is a permissions problem or a moved file. So they chase the wrong fix.Fix
Three-tier fallback for
base_shain all three URL-emitting entrypoints:pull_request.base.shafrom$GITHUB_EVENT_PATH(canonical forpull_requesttriggers)git rev-parse origin/$GITHUB_BASE_REF(push triggers that have fetched the base branch)$GITHUB_BASE_REF(ultimate fallback — today's behavior)pr-commentalready used#1with#3as fallback; this PR adds#2to its chain.breakingandchangeloggain the whole chain.head_shaextraction is unchanged.Test plan
bash -nsyntax check on all three entrypoints::notice::link contains a 40-char SHA in thebase_sha=position, not a branch nameBackward compatibility
Strict superset of today's contract. Worst case (no
pull_request.base.shaavailable,git rev-parsefails) falls back to$GITHUB_BASE_REF, which is today's behavior. URLs already in the wild keep working at the same URLs they pointed at before; the change affects only newly-emitted URLs from this version forward.Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com
Generated with Claude Code