From 8b44deebaf02246b40c267c06bf0c74ef71df292 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Wed, 22 Apr 2026 19:00:20 -0400 Subject: [PATCH 01/12] Revert "transport-helper, connect: use clean_on_exit to reap children on abnormal exit" This reverts commit dd3693eb0859274d62feac8047e1d486b3beaf31. The goal of that commit was to avoid zombie child processes hanging around when the parent git process is killed. But it doesn't quite work when the child command is run by the shell: 1. If there is a shell, then we kill and wait for the shell, not the process spawned by the shell. And so the child process, even if it eventually exits, will hang around as a zombie forever. And this is true of most (all?) shells: bash, dash, etc. So we are not really accomplishing our goal in the first place. 2. Not all shells will exit immediately upon receiving a signal. In particular, mksh will wait for its children to exit (but not actually propagate the signal to them!) leaving us with a potential deadlock: git is wait()ing on mksh, which is wait()ing on a child process, but that child process is waiting on git to produce more input (or EOF) over a pipe. You can see several examples of this deadlock in the test suite, for example by running: make SHELL_PATH=/bin/mksh cd t ./t5702-protocol-v2.sh Because this is a regression for mksh users, and because we did not achieve our goal even with other shells, let's revert the commit for now. If there is a more clever way of doing the same thing, we can consider applying it separately on top (or do nothing and just accept the zombies and rely on PID 1 to reap them). Reported-by: Jan Palus Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- connect.c | 4 ---- transport-helper.c | 2 -- 2 files changed, 6 deletions(-) diff --git a/connect.c b/connect.c index fcd35c5539a76e..a02583a1027241 100644 --- a/connect.c +++ b/connect.c @@ -1054,8 +1054,6 @@ static struct child_process *git_proxy_connect(int fd[2], char *host) strvec_push(&proxy->args, port); proxy->in = -1; proxy->out = -1; - proxy->clean_on_exit = 1; - proxy->wait_after_clean = 1; if (start_command(proxy)) die(_("cannot start proxy %s"), git_proxy_command); fd[0] = proxy->out; /* read from proxy stdout */ @@ -1517,8 +1515,6 @@ struct child_process *git_connect(int fd[2], const char *url, } strvec_push(&conn->args, cmd.buf); - conn->clean_on_exit = 1; - conn->wait_after_clean = 1; if (start_command(conn)) die(_("unable to fork")); diff --git a/transport-helper.c b/transport-helper.c index 570d7c6439569a..4d95d84f9e4d05 100644 --- a/transport-helper.c +++ b/transport-helper.c @@ -154,8 +154,6 @@ static struct child_process *get_helper(struct transport *transport) helper->trace2_child_class = helper->args.v[0]; /* "remote-" */ - helper->clean_on_exit = 1; - helper->wait_after_clean = 1; code = start_command(helper); if (code < 0 && errno == ENOENT) die(_("unable to find remote helper for '%s'"), data->name); From b33bea27a2fa5168b8881d73d6c9c6133b046b87 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Wed, 29 Apr 2026 08:22:54 +0000 Subject: [PATCH 02/12] t5564: use a short path for the SOCKS proxy socket The SOCKS proxy test introduced in 0ca365c2ed4 (http: do not ignore proxy path, 2024-08-02) creates a Unix domain socket in `$TRASH_DIRECTORY`. When the trash directory path is long (e.g. when running from a deeply nested worktree), the socket path can exceed the 108-character limit for `struct sockaddr_un.sun_path` on Linux, causing the test to fail with "Path length ... is longer than maximum supported length (108)". We cannot work around this using the chdir trick our own socket code employs, because both sides of the connection are outside our control: the socket is created by socks4-proxy.pl via Perl's IO::Socket::UNIX, and the client side is libcurl. Use `mktemp -d` to create a unique temporary directory with a short path, and place the socket inside it. This avoids collisions between concurrent test runs (e.g. `--stress`) and tmpdir-race vulnerabilities that a static `/tmp` path would be susceptible to. Helped-by: Jeff King Assisted-by: Claude Opus 4.6 Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- t/t5564-http-proxy.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/t/t5564-http-proxy.sh b/t/t5564-http-proxy.sh index 3bcbdef409b25f..b4d95b12caeaf0 100755 --- a/t/t5564-http-proxy.sh +++ b/t/t5564-http-proxy.sh @@ -50,14 +50,20 @@ start_socks() { # The %30 tests that the correct amount of percent-encoding is applied to the # proxy string passed to curl. +# Use a short path for the socket to avoid exceeding the 108-character +# Unix domain socket limit when the trash directory path is long. +SOCKS_TMPDIR=$(mktemp -d) +SOCKS_SOCK="$SOCKS_TMPDIR/%30.sock" + test_lazy_prereq SOCKS_PROXY ' test_have_prereq PERL && - start_socks "$TRASH_DIRECTORY/%30.sock" + start_socks "$SOCKS_SOCK" ' test_atexit ' test ! -e "$TRASH_DIRECTORY/socks.pid" || kill "$(cat "$TRASH_DIRECTORY/socks.pid")" + rm -rf "$SOCKS_TMPDIR" ' # The below tests morally ought to be gated on a prerequisite that Git is @@ -70,7 +76,8 @@ old_libcurl_error() { test_expect_success SOCKS_PROXY 'clone via Unix socket' ' test_when_finished "rm -rf clone" && - test_config_global http.proxy "socks4://localhost$PWD/%2530.sock" && { + socks_proxy_url="socks4://localhost$(echo "$SOCKS_SOCK" | sed "s/%/%25/g")" && + test_config_global http.proxy "$socks_proxy_url" && { { GIT_TRACE_CURL=$PWD/trace \ GIT_TRACE_CURL_COMPONENTS=socks \ From e54194d8bacdefd0cdfe98f49051020ca23c81a7 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 07:34:55 +0000 Subject: [PATCH 03/12] ci: bump microsoft/setup-msbuild from v2 to v3 The v2 of `microsoft/setup-msbuild` runs on Node.js 20, which GitHub is phasing out of the Actions runners. v3 is a minimal release whose only substantive change is moving the action's runtime to Node.js 24, so that our Visual Studio build jobs keep working once Node.js 20 is removed from the runners. The risk of this bump is very low: v3 contains no functional changes to the action itself -- it merely adds `msbuild.exe` to `PATH`, with no change to command-line flags, inputs, outputs, or default tool resolution. The only precondition is a recent-enough Actions Runner, which the github.com-hosted runners already satisfy. See also: - Release notes: https://github.com/microsoft/setup-msbuild/releases - Compare: https://github.com/microsoft/setup-msbuild/compare/v2...v3 Originally-authored-by: dependabot[bot] Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6f3d94e3a60cdd..0d3e0e42a4ee4a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -186,7 +186,7 @@ jobs: repository: git/git definitionId: 9 - name: add msbuild to PATH - uses: microsoft/setup-msbuild@v2 + uses: microsoft/setup-msbuild@v3 - name: copy dlls to root shell: cmd run: compat\vcbuild\vcpkg_copy_dlls.bat release From 3148cf56b1c5698e144604500b4aa201cde13686 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 07:34:56 +0000 Subject: [PATCH 04/12] ci: bump actions/{upload,download}-artifact to v7 and v8 `actions/upload-artifact` and `actions/download-artifact` are tightly coupled: the upload action writes artifact archives in a format that the download action then reads. Because of this coupling, the two actions should always be bumped together so that the artifact format contract between them is satisfied. All of our `actions/upload-artifact` uses are still on v5, with one stray v4 occurrence. Keeping them on these versions would leave the artifact-upload steps running on Node.js 20, which GitHub is phasing out, and would eventually cause all upload steps to fail. Going from v5 directly to v7 folds in two release bumps: - v6 switches the action's default runtime from Node.js 20 to Node.js 24 (v5 had preliminary Node 24 support but still defaulted to Node 20). This is the main motivation for bumping now: it gets us off the deprecated runtime. - v7 adds two opt-in features: direct (unzipped) single-file uploads via a new `archive: false` parameter, and an internal conversion of the action to ESM to match the updated `@actions/*` packages. Risk analysis: we never pass `archive`, so the zip-as-usual behavior is unchanged. We also do not `require('@actions/*')` from any calling workflow, so the ESM migration cannot affect us. The upload steps we care about -- tracked files/build artifacts and failing-test directories -- keep the same inputs (`name`, `path`) and outputs, so the diff is purely the `@vN` identifier. The main precondition is a recent Actions Runner (>= 2.327.1), which the github.com-hosted runners used by our CI already satisfy. While at it, align the one remaining `@v4` occurrence with the rest so that every `upload-artifact` step uses the same version. See also: - Release notes: https://github.com/actions/upload-artifact/releases - Compare: https://github.com/actions/upload-artifact/compare/v5...v7 We use `actions/download-artifact` to pass build artifacts between the "windows-build" / "vs-build" / "windows-meson-build" jobs and their corresponding test jobs. All callers are currently on v6; bumping to v8 keeps this action in lockstep with the `upload-artifact` bump above. What v7 and v8 change: - v7 switches the default runtime from Node.js 20 to Node.js 24 (v6 had preliminary Node 24 support but still defaulted to Node 20). This is the main motivation: it gets us off the deprecated runtime. - v8 makes three further changes: * The package is converted to ESM (invisible to workflow authors). * The action now checks the `Content-Type` header before attempting to unzip a download, so that directly-uploaded (unzipped) artifacts from `upload-artifact` v7 are downloaded correctly. * The `digest-mismatch` behaviour is changed from warn-and- continue to a hard failure by default. Risk analysis: defaulting hash-mismatch to a hard failure is strictly safer than the previous warn-and-continue behaviour -- a mismatch points to real corruption or tampering and should stop the run. We download archives that the same workflow just uploaded, on the same runner fleet, so false positives are not expected. Our usage is limited to the `name` and `path` inputs, which are unchanged between v6 and v8, so the diff is purely the `@vN` identifier. See also: - Release notes: https://github.com/actions/download-artifact/releases - Compare: https://github.com/actions/download-artifact/compare/v6...v8 Originally-authored-by: dependabot[bot] Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- .github/workflows/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0d3e0e42a4ee4a..da31b10c790762 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -123,7 +123,7 @@ jobs: - name: zip up tracked files run: git archive -o artifacts/tracked.tar.gz HEAD - name: upload tracked files and build artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v7 with: name: windows-artifacts path: artifacts @@ -140,7 +140,7 @@ jobs: cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - name: download tracked files and build artifacts - uses: actions/download-artifact@v6 + uses: actions/download-artifact@v8 with: name: windows-artifacts path: ${{github.workspace}} @@ -157,7 +157,7 @@ jobs: run: ci/print-test-failures.sh - name: Upload failed tests' directories if: failure() && env.FAILED_TEST_ARTIFACTS != '' - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v7 with: name: failed-tests-windows-${{ matrix.nr }} path: ${{env.FAILED_TEST_ARTIFACTS}} @@ -208,7 +208,7 @@ jobs: - name: zip up tracked files run: git archive -o artifacts/tracked.tar.gz HEAD - name: upload tracked files and build artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v7 with: name: vs-artifacts path: artifacts @@ -226,7 +226,7 @@ jobs: steps: - uses: git-for-windows/setup-git-for-windows-sdk@v1 - name: download tracked files and build artifacts - uses: actions/download-artifact@v6 + uses: actions/download-artifact@v8 with: name: vs-artifacts path: ${{github.workspace}} @@ -244,7 +244,7 @@ jobs: run: ci/print-test-failures.sh - name: Upload failed tests' directories if: failure() && env.FAILED_TEST_ARTIFACTS != '' - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v7 with: name: failed-tests-windows-vs-${{ matrix.nr }} path: ${{env.FAILED_TEST_ARTIFACTS}} @@ -270,7 +270,7 @@ jobs: shell: pwsh run: meson compile -C build - name: Upload build artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v7 with: name: windows-meson-artifacts path: build @@ -292,7 +292,7 @@ jobs: shell: pwsh run: pip install meson ninja - name: Download build artifacts - uses: actions/download-artifact@v6 + uses: actions/download-artifact@v8 with: name: windows-meson-artifacts path: build @@ -305,7 +305,7 @@ jobs: run: ci/print-test-failures.sh - name: Upload failed tests' directories if: failure() && env.FAILED_TEST_ARTIFACTS != '' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: failed-tests-windows-meson-${{ matrix.nr }} path: ${{env.FAILED_TEST_ARTIFACTS}} @@ -349,7 +349,7 @@ jobs: run: ci/print-test-failures.sh - name: Upload failed tests' directories if: failure() && env.FAILED_TEST_ARTIFACTS != '' - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v7 with: name: failed-tests-${{matrix.vector.jobname}} path: ${{env.FAILED_TEST_ARTIFACTS}} @@ -449,7 +449,7 @@ jobs: run: sudo --preserve-env --set-home --user=builder ci/print-test-failures.sh - name: Upload failed tests' directories if: failure() && env.FAILED_TEST_ARTIFACTS != '' - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v7 with: name: failed-tests-${{matrix.vector.jobname}} path: ${{env.FAILED_TEST_ARTIFACTS}} From 6e61245d0a9bab8645d992c39eae64a4cfd39441 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 07:34:57 +0000 Subject: [PATCH 05/12] ci: bump actions/github-script from v8 to v9 The only use we have of `actions/github-script` is the "skip if the commit or tree was already tested" step in `main.yml`, which checks whether an identical tree-SHA was already built successfully. It currently pins v8; v9 is the latest release. What v9 changes: - The `ACTIONS_ORCHESTRATION_ID` environment variable is now appended to the HTTP user-agent string. This is transparent to our script. - A new injected `getOctokit` factory lets scripts create additional authenticated clients in the same step without importing `@actions/github`. We do not use it. - Two breaking changes affect scripts that either call `require('@actions/github')` (fails at runtime, because `@actions/github` v9 is now ESM-only) or that shadow the implicit `getOctokit` parameter via `const`/`let` (syntax error). Our script does neither -- it only uses the pre-supplied `github` REST client and `core` helpers -- so the upgrade is safe. Risk analysis: the step is advisory. It sets `enabled=' but skip'` as an optimization to avoid re-running CI on a tree that was already tested successfully. Even if the v9 upgrade broke the script, the surrounding `try { ... } catch (e) { core.warning(e); }` block would degrade it to a warning and CI would still run normally. In practice the script continues to work identically on v9. See also: - Release notes: https://github.com/actions/github-script/releases - Compare: https://github.com/actions/github-script/compare/v8...v9 Originally-authored-by: dependabot[bot] Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index da31b10c790762..6d7f26e71e76e1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -63,7 +63,7 @@ jobs: echo "skip_concurrent=$skip_concurrent" >>$GITHUB_OUTPUT - name: skip if the commit or tree was already tested id: skip-if-redundant - uses: actions/github-script@v8 + uses: actions/github-script@v9 if: steps.check-ref.outputs.enabled == 'yes' with: github-token: ${{secrets.GITHUB_TOKEN}} From 20cd2c96a7b8930d451ec1189e80f7238f68d0ab Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 07:34:58 +0000 Subject: [PATCH 06/12] ci: bump actions/checkout from v5 to v6 Every workflow currently pins `actions/checkout` to v5, which was introduced primarily to move to the Node.js 24 runtime. v6 is the next release and worth picking up so we stay on a maintained version of the action. The one behaviorally interesting change in v6: `persist-credentials` now stores the helper credentials under `$RUNNER_TEMP` instead of writing them directly into the local `.git/config`. Two implications follow: 1. In the normal case this is an unambiguous improvement -- the token no longer lands in `.git/config`, reducing the risk of inadvertently leaking it through workspace archiving (`upload-artifact` snapshots, cache entries, core dumps, ...). 2. Docker container actions require an Actions Runner of at least v2.329.0 to find the credentials in their new location. The github.com-hosted runners our CI uses are already past that version, so this does not affect us. Downstream users running self-hosted runners may need to update them before adopting this version of the action. Risk analysis: our checkout steps either check out the default repository (no special credential requirements) or, in the `vs-build` job, explicitly set `repository: microsoft/vcpkg` and `path: compat/vcbuild/vcpkg`. Neither case relies on the precise location of the persisted credentials -- subsequent steps interact with the API via the runner-provided `GITHUB_TOKEN` directly -- so the v6 credential-storage change is transparent to our workflows. The diff is purely the `@vN` identifier; there are no input or output changes. See also: - Release notes: https://github.com/actions/checkout/releases - Changelog: https://github.com/actions/checkout/blob/main/CHANGELOG.md - Compare: https://github.com/actions/checkout/compare/v5...v6 Originally-authored-by: dependabot[bot] Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- .github/workflows/check-style.yml | 2 +- .github/workflows/check-whitespace.yml | 2 +- .github/workflows/coverity.yml | 2 +- .github/workflows/main.yml | 24 ++++++++++++------------ 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/check-style.yml b/.github/workflows/check-style.yml index 19a145d4ad0c5a..108a2de903310c 100644 --- a/.github/workflows/check-style.yml +++ b/.github/workflows/check-style.yml @@ -20,7 +20,7 @@ jobs: jobname: ClangFormat runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/check-whitespace.yml b/.github/workflows/check-whitespace.yml index 928fd4cfe2456d..ea6f49f742108e 100644 --- a/.github/workflows/check-whitespace.yml +++ b/.github/workflows/check-whitespace.yml @@ -19,7 +19,7 @@ jobs: check-whitespace: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 3435baeca29a55..89bef267275aee 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -38,7 +38,7 @@ jobs: COVERITY_LANGUAGE: cxx COVERITY_PLATFORM: overridden-below steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: install minimal Git for Windows SDK if: contains(matrix.os, 'windows') uses: git-for-windows/setup-git-for-windows-sdk@v1 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6d7f26e71e76e1..0ea266f27cf3f1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -112,7 +112,7 @@ jobs: group: windows-build-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: git-for-windows/setup-git-for-windows-sdk@v1 - name: build shell: bash @@ -173,10 +173,10 @@ jobs: group: vs-build-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: git-for-windows/setup-git-for-windows-sdk@v1 - name: initialize vcpkg - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: 'microsoft/vcpkg' path: 'compat/vcbuild/vcpkg' @@ -258,7 +258,7 @@ jobs: group: windows-meson-build-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/setup-python@v6 - name: Set up dependencies shell: pwsh @@ -286,7 +286,7 @@ jobs: group: windows-meson-test-${{ matrix.nr }}-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/setup-python@v6 - name: Set up dependencies shell: pwsh @@ -341,7 +341,7 @@ jobs: TEST_OUTPUT_DIRECTORY: ${{github.workspace}}/t runs-on: ${{matrix.vector.pool}} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: ci/install-dependencies.sh - run: ci/run-build-and-tests.sh - name: print test failures @@ -362,7 +362,7 @@ jobs: CI_JOB_IMAGE: ubuntu-latest runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: ci/install-dependencies.sh - run: ci/run-build-and-minimal-fuzzers.sh dockerized: @@ -439,7 +439,7 @@ jobs: else apt-get -q update && apt-get -q -y install git fi - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: ci/install-dependencies.sh - run: useradd builder --create-home - run: chown -R builder . @@ -464,7 +464,7 @@ jobs: group: static-analysis-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: ci/install-dependencies.sh - run: ci/run-static-analysis.sh - run: ci/check-directional-formatting.bash @@ -480,7 +480,7 @@ jobs: group: rust-analysis-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: ci/install-dependencies.sh - run: ci/run-rust-checks.sh sparse: @@ -494,7 +494,7 @@ jobs: group: sparse-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Install other dependencies run: ci/install-dependencies.sh - run: make sparse @@ -510,6 +510,6 @@ jobs: CI_JOB_IMAGE: ubuntu-latest runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: ci/install-dependencies.sh - run: ci/test-documentation.sh From 7e6ede6ce11430d2c6f314005926d91f0a68c2f8 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 07:34:59 +0000 Subject: [PATCH 07/12] ci: bump git-for-windows/setup-git-for-windows-sdk from v1 to v2 The v1 of `git-for-windows/setup-git-for-windows-sdk` runs on Node.js 20, which GitHub is phasing out of the Actions runners. v2 moves the action to Node.js 24 so that the CI jobs relying on a Git for Windows SDK keep working once Node.js 20 is removed. The risk is very low: v2 contains no functional changes to the SDK setup itself, only the runtime upgrade. The action still provisions the same minimal SDK and exposes the same outputs. The sole precondition is a recent Actions Runner (>= 2.327.1), which the github.com-hosted runners already satisfy. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- .github/workflows/coverity.yml | 2 +- .github/workflows/main.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 89bef267275aee..58a78f1eb3f836 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -41,7 +41,7 @@ jobs: - uses: actions/checkout@v6 - name: install minimal Git for Windows SDK if: contains(matrix.os, 'windows') - uses: git-for-windows/setup-git-for-windows-sdk@v1 + uses: git-for-windows/setup-git-for-windows-sdk@v2 - run: ci/install-dependencies.sh if: contains(matrix.os, 'ubuntu') || contains(matrix.os, 'macos') env: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0ea266f27cf3f1..3da5326f0ba90a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -113,7 +113,7 @@ jobs: cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - uses: actions/checkout@v6 - - uses: git-for-windows/setup-git-for-windows-sdk@v1 + - uses: git-for-windows/setup-git-for-windows-sdk@v2 - name: build shell: bash env: @@ -147,7 +147,7 @@ jobs: - name: extract tracked files and build artifacts shell: bash run: tar xf artifacts.tar.gz && tar xf tracked.tar.gz - - uses: git-for-windows/setup-git-for-windows-sdk@v1 + - uses: git-for-windows/setup-git-for-windows-sdk@v2 - name: test shell: bash run: . /etc/profile && ci/run-test-slice.sh $((${{matrix.nr}} + 1)) 10 @@ -174,7 +174,7 @@ jobs: cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - uses: actions/checkout@v6 - - uses: git-for-windows/setup-git-for-windows-sdk@v1 + - uses: git-for-windows/setup-git-for-windows-sdk@v2 - name: initialize vcpkg uses: actions/checkout@v6 with: @@ -224,7 +224,7 @@ jobs: group: vs-test-${{ matrix.nr }}-${{ github.ref }} cancel-in-progress: ${{ needs.ci-config.outputs.skip_concurrent == 'yes' }} steps: - - uses: git-for-windows/setup-git-for-windows-sdk@v1 + - uses: git-for-windows/setup-git-for-windows-sdk@v2 - name: download tracked files and build artifacts uses: actions/download-artifact@v8 with: From 4a6ed9d09f9346f24c15c408b8eb005c3133fd5b Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 30 Apr 2026 07:35:00 +0000 Subject: [PATCH 08/12] l10n: bump mshick/add-pr-comment from v2 to v3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The l10n workflow uses `mshick/add-pr-comment` to post git-po-helper reports as comments on translation pull requests. It was still pinned to v2, which runs on Node.js 20. GitHub is phasing out the Node.js 20 runtime on Actions runners, so staying on v2 will eventually cause the "Create comment in pull request for report" step to fail. The sole breaking change in v3 is the switch from Node.js 20 to Node.js 24 (https://github.com/mshick/add-pr-comment/releases/tag/v3.0.0). The action's inputs and outputs are unchanged, so the upgrade is a drop-in replacement. Subsequent v3.x releases added new opt-in features (message truncation, retry with exponential backoff, file attachments, commit comment support, "delete on status") but none of them affect existing callers that do not opt in. See also: - Changelog: https://github.com/mshick/add-pr-comment/blob/main/CHANGELOG.md - Compare: https://github.com/mshick/add-pr-comment/compare/v2...v3 Pointed-out-by: Christoph GrĂ¼ninger Assisted-by: Claude Opus 4.6 Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- .github/workflows/l10n.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/l10n.yml b/.github/workflows/l10n.yml index 95e55134bdbed4..114a12a9e59f60 100644 --- a/.github/workflows/l10n.yml +++ b/.github/workflows/l10n.yml @@ -92,7 +92,7 @@ jobs: cat git-po-helper.out exit $exit_code - name: Create comment in pull request for report - uses: mshick/add-pr-comment@v2 + uses: mshick/add-pr-comment@v3 if: >- always() && github.event_name == 'pull_request_target' && From 69ed0e35a7548a17a0fcd79b265a6872bceb2d5d Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 7 May 2026 12:51:12 +0000 Subject: [PATCH 09/12] mingw: optionally use legacy (non-POSIX) delete semantics At some point between Windows 10 Build 17134.1304 and Build 18363.657, the default behavior of `DeleteFileW()` was changed to use POSIX semantics (https://stackoverflow.com/a/60512798). Under those semantics, a file can be deleted even when another process holds an active `MapViewOfFile` view on it: the directory entry is removed immediately, but the underlying data persists until the last handle is closed. On older Windows versions (and Windows 10 builds before that change), `DeleteFileW()` uses legacy semantics where deletion fails outright if any process holds a file mapping. To allow testing code paths that depend on the legacy behavior, introduce a `GIT_TEST_LEGACY_DELETE` environment variable. When set, `mingw_unlink()` uses `SetFileInformationByHandle()` with `FileDispositionInfo` (the non-POSIX variant) instead of `DeleteFileW()`, forcing legacy delete semantics regardless of the Windows version. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/compat/mingw.c b/compat/mingw.c index 2023c16db65742..aa7525f419cb64 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -449,20 +449,63 @@ static wchar_t *normalize_ntpath(wchar_t *wbuf) return wbuf; } +/* + * Use SetFileInformationByHandle(FileDispositionInfo) to force legacy + * (non-POSIX) delete semantics. On Windows 11, DeleteFileW() uses POSIX + * delete semantics internally, allowing deletion even with active + * MapViewOfFile views. This helper simulates Windows 10 behavior where + * deletion fails if a file mapping exists. + * + * Returns nonzero on success (like DeleteFileW), 0 on failure. + */ +static int legacy_delete_file(const wchar_t *wpathname) +{ + FILE_DISPOSITION_INFO fdi = { TRUE }; + DWORD gle; + HANDLE h = CreateFileW(wpathname, DELETE, + FILE_SHARE_READ | FILE_SHARE_WRITE | + FILE_SHARE_DELETE, + NULL, OPEN_EXISTING, + FILE_FLAG_OPEN_REPARSE_POINT, NULL); + if (h == INVALID_HANDLE_VALUE) + return 0; + + if (SetFileInformationByHandle(h, FileDispositionInfo, + &fdi, sizeof(fdi))) { + CloseHandle(h); + return 1; + } + gle = GetLastError(); + CloseHandle(h); + SetLastError(gle); + return 0; +} + +static int try_delete_file(const wchar_t *wpathname, int use_legacy) +{ + if (use_legacy) + return legacy_delete_file(wpathname); + return DeleteFileW(wpathname); +} + int mingw_unlink(const char *pathname, int handle_in_use_error) { + static int use_legacy_delete = -1; int tries = 0; wchar_t wpathname[MAX_PATH]; if (xutftowcs_path(wpathname, pathname) < 0) return -1; - if (DeleteFileW(wpathname)) + if (use_legacy_delete < 0) + use_legacy_delete = git_env_bool("GIT_TEST_LEGACY_DELETE", 0); + + if (try_delete_file(wpathname, use_legacy_delete)) return 0; do { /* read-only files cannot be removed */ _wchmod(wpathname, 0666); - if (!_wunlink(wpathname)) + if (try_delete_file(wpathname, use_legacy_delete)) return 0; if (!is_file_in_use_error(GetLastError())) break; From 4bb086cfa20aed183d540a701df9a71550c7caa4 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 7 May 2026 12:51:13 +0000 Subject: [PATCH 10/12] maintenance(geometric): do release the `.idx` files before repacking As is done for all the other maintenance tasks, let's release the ODB also before starting the geometric repacking. That way, the `.idx` files won't be `mmap()`ed when they are to be deleted (which does not work on Windows because you cannot delete files on that platform as long as they are kept open by a process). This regression was introduced by 9bc151850c1c (builtin/maintenance: introduce "geometric-repack" task, 2025-10-24), but was only noticed once geometric repacking was made the default in 452b12c2e0fe (builtin/ maintenance: use "geometric" strategy by default, 2026-02-24). The fix recapitulates my work from df76ee7b77f0 (run-command: offer to close the object store before running, 2021-09-09) & friends. To guard against future regressions of this kind, add a check to `run_and_verify_geometric_pack()` in `t7900` that detects orphaned `.idx` files left behind after repacking. Contrary to interactive calls, the `git maintenance` call in that test case would _not_ block on Windows, asking whether to retry deleting that file, which is the reason why this bug was not caught earlier. Furthermore, since the default behavior of `DeleteFileW()` was changed at some point between Windows 10 Build 17134.1304 and Build 18363.657 to use POSIX semantics (see https://stackoverflow.com/a/60512798), the added orphaned-`.idx` check would be insufficient to catch this regression on modern Windows without emulating legacy delete semantics via `GIT_TEST_LEGACY_DELETE=1`. This fixes https://github.com/git-for-windows/git/issues/6210. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- builtin/gc.c | 1 + t/t7900-maintenance.sh | 22 +++++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/builtin/gc.c b/builtin/gc.c index 3a71e314c975af..84a66d32404e4d 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -1590,6 +1590,7 @@ static int maintenance_task_geometric_repack(struct maintenance_run_opts *opts, pack_geometry_split(&geometry); child.git_cmd = 1; + child.odb_to_close = the_repository->objects; strvec_pushl(&child.args, "repack", "-d", "-l", NULL); if (geometry.split < geometry.pack_nr) diff --git a/t/t7900-maintenance.sh b/t/t7900-maintenance.sh index 4700beacc18281..f497f51b2348c8 100755 --- a/t/t7900-maintenance.sh +++ b/t/t7900-maintenance.sh @@ -532,7 +532,16 @@ run_and_verify_geometric_pack () { # And verify that there are no loose objects anymore. git count-objects -v >count && - test_grep '^count: 0$' count + test_grep '^count: 0$' count && + + # Verify that no orphaned .idx files were left behind. On + # Windows, a missing odb_to_close causes the parent to hold + # mmap handles on .idx files, silently preventing their + # deletion by the child git-repack process. + ls .git/objects/pack/pack-*.idx .git/objects/pack/pack-*.pack | + sed "s/\.pack$/.idx/" | + sort | uniq -u >orphaned-idx && + test_must_be_empty orphaned-idx } test_expect_success 'geometric repacking task' ' @@ -580,8 +589,19 @@ test_expect_success 'geometric repacking task' ' # And these two small packs should now be merged via the # geometric repack. The large packfile should remain intact. + cp -R .git/objects .git/objects.save && run_and_verify_geometric_pack 2 && + # On Windows, verify the same with legacy delete semantics + # that reject deletion of mmap-held .idx files. + if test_have_prereq MINGW + then + rm -rf .git/objects && + mv .git/objects.save .git/objects && + test_env GIT_TEST_LEGACY_DELETE=1 \ + run_and_verify_geometric_pack 2 + fi && + # If we now add two more objects and repack twice we should # then see another all-into-one repack. This time around # though, as we have unreachable objects, we should also see a From 66ae1a48ecebff554762efe63761a70392c5fdf7 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 8 May 2026 14:31:03 +0900 Subject: [PATCH 11/12] t5551: "GIT_TEST_LONG=Yes make test" is broken The "test_expect_success 'tag following always works over v0 http'" test in t5551 fails when it tries to run "git init tags", but this happens only when EXPENSIVE test is allowed to run. This is because the step tries to create a repository with "git init tags" but the EXPENSIVE test that runs way before it creates and leaves around a temporary file "tags". Have the EXPENSIVE test clean it up after itself. Acked-by: Jeff King Signed-off-by: Junio C Hamano --- t/t5551-http-fetch-smart.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh index 73cf5315800fa4..cd44fa52bdc2c4 100755 --- a/t/t5551-http-fetch-smart.sh +++ b/t/t5551-http-fetch-smart.sh @@ -481,6 +481,7 @@ test_expect_success 'test allowanysha1inwant with unreachable' ' ' test_expect_success EXPENSIVE 'http can handle enormous ref negotiation' ' + test_when_finished "rm -f tags" && ( cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && create_tags 2001 50000 From 29bd7ed5127255713c1ac2f43b7c6f257d7b4594 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 12 May 2026 11:04:30 +0900 Subject: [PATCH 12/12] The second batch Signed-off-by: Junio C Hamano --- Documentation/RelNotes/2.55.0.adoc | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/Documentation/RelNotes/2.55.0.adoc b/Documentation/RelNotes/2.55.0.adoc index 3bee5b9dd85e06..ddac906a92632d 100644 --- a/Documentation/RelNotes/2.55.0.adoc +++ b/Documentation/RelNotes/2.55.0.adoc @@ -10,6 +10,10 @@ UI, Workflows & Features * The userdiff driver for the Scheme language has been extended to cover other Lisp dialects. + * Terminal control sequences coming over the sideband while talking + to a remote repository are mostly disabled by default, except for + ANSI color escape sequences. + Performance, Internal Implementation, Development Support etc. -------------------------------------------------------------- @@ -38,6 +42,23 @@ Fixes since v2.54 detect misspelled test commands. (merge ffe8005b9d ps/test-set-e-clean later to maint). + * Revert a recent change that introduced a regression to help mksh users. + (merge 8b44deebaf jk/revert-aa-reap-transport-child-processes later to maint). + * Other code cleanup, docfix, build fix, etc. (merge 80f4b802e9 ja/doc-difftool-synopsis-style later to maint). (merge b96490241e jc/doc-timestamps-in-stat later to maint). + + * Update various GitHub Actions versions. + (merge 4a6ed9d09f js/ci-github-actions-update later to maint). + + * Avoid hitting the pathname limit for socks proxy socket during the + test.. + (merge b33bea27a2 js/t5564-socks-use-short-path later to maint). + + * Test fix. + (merge 66ae1a48ec jc/t5551-fix-expensive later to maint). + + * To help Windows 10 installations, avoid removing files whose + contents are still mmap()'ed. + (merge 4bb086cfa2 js/maintenance-fix-deadlock-on-win10 later to maint).