Checkout correct commit for int. tests

nsidc · Nov 5, 2024 · cf73e1d · cf73e1d
1 parent e615b43
commit cf73e1d
Showing 1 changed file with 14 additions and 4 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -71,13 +71,23 @@ jobs:
           echo "See [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/resources/github-actions-preventing-pwn-requests)." >> $GITHUB_STEP_SUMMARY
           exit 1
 
-      - name: Check merge commit SHA
-        run: echo "github.event.pull_request.merge_commit_sha = ${{ github.event.pull_request.merge_commit_sha }}"
-
       - name: Checkout source
         uses: actions/checkout@v4
         with:
-          ref: "${{ github.event.pull_request.merge_commit_sha }}"
+          # Getting the correct commit for a pull_request_target event appears to be
+          # a known, problematic issue: https://github.com/actions/checkout/issues/518
+          # It seems that ideally, we want github.event.pull_request.merge_commit_sha,
+          # but that it is not reliable, and can sometimes be a null values.  It
+          # appears that this is the most reasonable way to ensure that we are pulling
+          # the same code that triggered things, based upon this particular comment:
+          # https://github.com/actions/checkout/issues/518#issuecomment-1661941548
+          ref: "refs/pull/${{ github.event.number }}/merge"
+          fetch-depth: 2
+
+      - name: Sanity check
+        # Continuing from previous comment in checkout step above.
+        run: |
+          [[ "$(git rev-parse 'HEAD~2')" == "${{ github.event.pull_request.head.sha }}" ]]
 
       - name: Install package with dependencies
         uses: ./.github/actions/install-pkg