Objective
Fix push_signed_commits.cjs to detect and warn about non-standard file modes (executable bits, symlinks) that are silently dropped by the GitHub GraphQL createCommitOnBranch mutation.
Context
Reported in issue #26156. The createCommitOnBranch GraphQL mutation only supports regular file mode 100644. Files with other modes are silently handled incorrectly:
- Executable files (
100755): The executable bit is silently dropped
- Symlinks (
120000): Silently converted to a regular file containing the link target path; fails for directory symlinks
See upstream discussion: https://github.com/orgs/community/discussions/191953
Fix
When parsing the diff with git diff-tree -r --raw <sha> (which includes mode information), check the destination mode for each changed/added file:
- If mode is
120000 (symlink): log a warning and fall back to git push (symlinks cannot be represented)
- If mode is
100755 (executable): log a warning that the executable bit will be lost, but continue (this is a data-loss warning rather than a corruption; decide based on team policy whether to warn-and-continue or fall back)
Example detection logic:
if (dstMode === "120000") {
core.warning(`pushSignedCommits: symlink ${filePath} cannot be pushed as a signed commit, falling back to git push`);
throw new Error("symlink detected");
}
if (dstMode === "100755") {
core.warning(`pushSignedCommits: executable bit on ${filePath} will be lost in signed commit (GitHub GraphQL does not support mode 100755)`);
// optionally: fall back to git push
}Note: The mode information is available from the git diff-tree -r --raw format that will be introduced as part of the submodule fix (issue for submodule handling). Coordinate with that change to use the same raw diff parsing.
Files to Modify
actions/setup/js/push_signed_commits.cjs
Acceptance Criteria
Generated by Plan Command for issue #26156 · ● 383.5K · ◷
Objective
Fix
push_signed_commits.cjsto detect and warn about non-standard file modes (executable bits, symlinks) that are silently dropped by the GitHub GraphQLcreateCommitOnBranchmutation.Context
Reported in issue #26156. The
createCommitOnBranchGraphQL mutation only supports regular file mode100644. Files with other modes are silently handled incorrectly:100755): The executable bit is silently dropped120000): Silently converted to a regular file containing the link target path; fails for directory symlinksSee upstream discussion: https://github.com/orgs/community/discussions/191953
Fix
When parsing the diff with
git diff-tree -r --raw <sha>(which includes mode information), check the destination mode for each changed/added file:120000(symlink): log a warning and fall back togit push(symlinks cannot be represented)100755(executable): log a warning that the executable bit will be lost, but continue (this is a data-loss warning rather than a corruption; decide based on team policy whether to warn-and-continue or fall back)Example detection logic:
Note: The mode information is available from the
git diff-tree -r --rawformat that will be introduced as part of the submodule fix (issue for submodule handling). Coordinate with that change to use the same raw diff parsing.Files to Modify
actions/setup/js/push_signed_commits.cjsAcceptance Criteria
git pushwith a clear warninggit diff-tree --rawoutput, not assumed100644) continue to work without any warningsRelated to bug: multiple critical issues in push_signed_commits #26156