From 96be8a015840da078447732107fd05f9129f87fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ignas=20Vy=C5=A1niauskas?= Date: Fri, 22 May 2026 11:33:17 +0300 Subject: [PATCH] Avoid doing git operations after checkout Noticed that this breaks builds in private repos, since without credentials it is not possible to fetch the tags. This is future-proofing the usage of `persist-credentials: false`. For a public repo, this changes nothing. But if `driver` were to become a private repo or something in Github's logic were to change to block public reads, this would start failing. --- .github/workflows/release.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 40186e0..e190047 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,10 +15,9 @@ jobs: steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: + ref: ${{ github.ref }} fetch-depth: 0 persist-credentials: false - - run: git fetch --tags --force origin ${GITHUB_REF} - - run: git checkout ${GITHUB_REF} - run: git describe --always HEAD - uses: cachix/install-nix-action@616559265b40713947b9c190a8ff4b507b5df49b # v31 with: @@ -37,10 +36,9 @@ jobs: steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: + ref: ${{ github.ref }} fetch-depth: 0 persist-credentials: false - - run: git fetch --tags --force origin ${GITHUB_REF} - - run: git checkout ${GITHUB_REF} - run: git describe --always HEAD - uses: cachix/install-nix-action@616559265b40713947b9c190a8ff4b507b5df49b # v31 with: @@ -62,6 +60,7 @@ jobs: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: + ref: ${{ github.ref }} fetch-depth: 0 persist-credentials: false