Skip to content

Overlay: Only require Git 2.36.0 for repos that contain submodules#3789

Open
henrymercer wants to merge 3 commits intomainfrom
henrymercer/lower-minimum-git-if-no-submodules
Open

Overlay: Only require Git 2.36.0 for repos that contain submodules#3789
henrymercer wants to merge 3 commits intomainfrom
henrymercer/lower-minimum-git-if-no-submodules

Conversation

@henrymercer
Copy link
Copy Markdown
Contributor

@henrymercer henrymercer commented Mar 27, 2026

We only need to pass --recurse-submodules when the repo contains submodules, so we can lower the minimum required version of Git on repos that don't.

Specifics:

  • The remaining Git options were added well before the actions/checkout minimum Git version, so I have simply removed the guard. Our telemetry confirms that we are not seeing runs before this Git version.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.
  • High risk: Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.

Which use cases does this change impact?

Workflow types:

  • Advanced setup - Impacts users who have custom CodeQL workflows.
  • Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.
  • Other first-party - The changes impact other first-party analyses.
  • Third-party analyses - The changes affect the upload-sarif action.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.
  • GHES - Impacts CodeQL workflows on GitHub Enterprise Server.
  • Testing/None - This change does not impact any CodeQL workflows in production.

How did/will you validate this change?

  • Test repository - This change will be tested on a test repository before merging.
  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).
  • Other - Please provide details.
  • None - I am not validating these changes.

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.
  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.
  • Development/testing only - This change cannot cause any failures in production.
  • Other - Please provide details.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.
  • Other - Please provide details.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.
  • Special considerations - This change should only be merged once certain preconditions are met. Please provide details of those or link to this PR from an internal issue.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@henrymercer henrymercer requested a review from a team as a code owner March 27, 2026 19:10
Copilot AI review requested due to automatic review settings March 27, 2026 19:10
@github-actions github-actions bot added the size/M Should be of average difficulty to review label Mar 27, 2026
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR narrows the Git 2.36.0 minimum-version requirement for overlay (improved incremental) analysis to only repositories that contain submodules, by conditionally enabling git ls-files --recurse-submodules.

Changes:

  • Added submodule detection (.gitmodules at repo root) and used it to conditionally include --recurse-submodules in git ls-files calls.
  • Updated overlay enablement validation to require Git ≥ 2.36.0 only when submodules are present.
  • Updated/expanded unit tests and added a changelog entry for the behavioral change.

Reviewed changes

Copilot reviewed 8 out of 14 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/git-utils.ts Adds hasSubmodules and conditionally includes --recurse-submodules when listing file OIDs.
src/git-utils.test.ts Updates tests to validate the conditional git ls-files args behavior based on submodule presence.
src/config-utils.ts Gates the Git version requirement on submodule presence when validating overlay enablement.
src/config-utils.test.ts Extends overlay enablement test setup to include submodule presence and adjusts fallback tests accordingly.
CHANGELOG.md Documents that the Git 2.36.0 requirement now applies only to repos with submodules.
lib/resolve-environment-action.js Generated build output (not reviewed).
lib/autobuild-action.js Generated build output (not reviewed).

src/config-utils.test.ts
Comment on lines +1951 to +1955
"Fallback when git version cannot be determined and repo has submodules",
{
overlayDatabaseEnvVar: "overlay",
gitVersion: undefined,
hasSubmodules: true,
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is coverage for the fallback cases when the repo has submodules, but the main new behavior (allow overlay when gitVersion is undefined and the repo has no submodules) isn’t currently asserted. Add a test case with gitVersion: undefined and hasSubmodules: false that expects overlay to remain enabled, so this PR’s key behavior doesn’t regress.

Copilot uses AI. Check for mistakes.
src/config-utils.ts
Comment on lines +981 to +985
if (await hasSubmodules(sourceRoot)) {
if (gitVersion === undefined) {
logger.warning(
`Cannot build an ${overlayDatabaseMode} database because ` +
"the repository has submodules and the Git version could not be determined. " +
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

validateOverlayDatabaseMode calls hasSubmodules(sourceRoot), but hasSubmodules runs getGitRoot internally even though this function already performed a getGitRoot(sourceRoot) check just above. This results in an extra git rev-parse --show-toplevel invocation and introduces a possible inconsistency if the second call fails (it would throw instead of returning OverlayDisabledReason.NoGitRoot). Consider reusing the already-determined git root (store it in a variable) and checking for .gitmodules relative to that root, or update hasSubmodules to accept an optional gitRoot to avoid the second lookup.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/M Should be of average difficulty to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@henrymercer