'Why can't I push tags in GitHub workflows anymore, and how do I fix it?

My team has a GitHub release workflow that automatically tags our prod branch on push. It has been working fine for the last year, with the most recent success being May 2, 2022. This workflow failed on May 11, 2022, and now I can't figure out how it ever worked. There was a new release of git on May 5, but I've looked through the changes and nothing is screaming obvious.

The error is:

Run git push --tags
  git push --tags
  shell: /usr/bin/bash -e {0}
  env:
    pythonLocation: /opt/hostedtoolcache/Python/3.8.12/x64
    LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.8.12/x64/lib
To github.com:ORGANIZATION/PACKAGE.git
 ! [remote rejected] PACKAGE/v0.3.13 -> PACKAGE/v0.3.13 (shallow update not allowed)
error: failed to push some refs to 'github.com:ORGANIZATION/PACKAGE.git'
Error: Process completed with exit code 1.

Here is a minimum example of the workflow step that is failing:

  check:
    runs-on: ubuntu-latest
    needs: correct_repository
    steps:
      - name: Check out code
        uses: actions/checkout@v2
        with:
          ssh-key: ${{ secrets.DEPLOY_MACHINE_SSH }}
      - name: Set up Python 3.8
        uses: actions/setup-python@v2
        with:
          python-version: 3.8
      - name: Install bump2version
        run: python -m pip install bump2version
      - name: Extract package version
        id: package
        run: |
          echo -n "::set-output name=version::"
          bump2version --dry-run --list patch | grep ^current_version | sed -r s,"^.*=",,
      - name: Tag package
        run: git tag PACKAGE/v${{ steps.package.outputs.version }}
      - name: Publish tags
        run: git push --tags 
    outputs:
      package-version: ${{ steps.package.outputs.version }}

The actual step is somewhat more complicated, but the above fails when I simulate it locally by copy-pasting the shell commands in order from the workflow log.

As far as I can tell, by default actions/checkout makes a shallow clone of the repository with depth 1, and has done so for quite some time (the last successful run specifies depth 1). You're not supposed to be able to push from shallow clones, since it is unclear how "push into/from a shallow repo" should behave.

It makes sense that this workflow should fail, but:

  • Why did it succeed before the 2.36.1 release of git (or is that release unrelated)?
  • What are the recommended checkout parameters if I want to push tags from a workflow?
  • Is this by any chance fixed in actions/checkout@v3?
gitgithub-actionsgit-tagshallow-clone


Solution 1:[1]

Okay, thanks to @torek and @TonyArra in the comments above pointing to the solution and easing my mind about what may have actually changed to start crashing the workflow. Ultimate fix to increase the fetch depth configured for actions/checkout:

      - name: Check out code
        uses: actions/checkout@v2
        with:
          ssh-key: ${{ secrets.CMU_DELPHI_DEPLOY_MACHINE_SSH }}
          fetch-depth: 5

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 krivard

Related Questions

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

How can I 'git clone' from another machine?

VS Code / Bitbucket / SSH - Permission denied (publickey)

Differences between git pull origin master & git pull origin/master

git config: remote.<name>.fetch - is it possible to set up exceptions?

Git push hangs when pushing to Github?

How to clone git repository with specific revision/changeset?

Remove a file from the list that will be committed

Unable to create '/git/index.lock': File exists - but it doesn't

VSTS: How to get all linked work items since last successful release to production?

Versioning of debian packaging Information

How to generate ssh keys (for github)

How do I commit case-sensitive only filename changes in Git?