Prefer tag creation timestamp in --cooldown-days#1221
Conversation
Use `git for-each-ref --sort=-creatordate --format='%(refname:lstrip=2) %(creatordate:unix)' refs/tags` to get a list of tags along with their timestamps. `creatordate` uses the tag’s creation time if it’s an annotated tag, and if it’s a lightweight tag, it falls back to the commit’s timestamp.
📦 Cargo Bloat ComparisonBinary size change: +0.00% (16.7 MiB → 16.7 MiB) Expand for cargo-bloat outputHead Branch ResultsBase Branch Results |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1221 +/- ##
==========================================
- Coverage 89.81% 89.81% -0.01%
==========================================
Files 79 79
Lines 15235 15273 +38
==========================================
+ Hits 13684 13717 +33
- Misses 1551 1556 +5 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
There is a very interesting change @j178 -> I am not sure if you realised that - but you can have people asking questions. I am applying cooldown-days in Airflow in apache/airflow#59395 and I noticed a strange change resulting from
if you look closer, you will see that hash changed for those two repos, but the version did not. I tried to find the reason and I was surprised that the hash stored previously cannot be found in commits of the repo, yet - surprisingly A bit of checking and it turned out that the original hashes were hashes of the TAGS not hashes of the commits they pointed to - those tags were signed and previous That did not change the security properties of it - but the side effect was that if someone actually moved the tags, such pre-commit-config would stop working when installing the hook. So the change in behaviour is "good" -> now the hashes stored are hashes of committs not tags, so even if somoene moves tags, you will see it with Just wanted you to know about it in case someone else asks - this behaviour change is not described in release notes (I guess because it was not intentional). |
|
@potiuk I noticed it, but kinda ignored it haha ^^ This actually came from this commit in #1172, where
So yeah, this wasn’t intentional. But it also doesn’t really have any practical effect. Whether you use the tag object’s hash or the commit’s hash, both refer to immutable objects in the git history — no one can change them anyway. And honestly, it might even be slightly better. GitHub shows the underlying commit hash for tags on the releases page, so it’s easier for people to verify that the hash matches what GitHub shows. |
|
I think I’ll add a test so it doesn’t get changed accidentally again in the future. |
Oh absolutely - it's better this way :) - tag hash is indeed immutable, but the tag itself is not - you can move it even if it is signed and then it will eventually disappear after garbage collection. For commit hash you would have to rewrite the history to make the commit disapper, so yeah - referring commit is definitely better (though security properties are indeed the same). |

Use
git for-each-ref --sort=-creatordate --format='%(refname:lstrip=2) %(creatordate:unix)' refs/tagsto get a list of tags along with their timestamps.creatordateuses the tag’s creation time if it’s an annotated tag, and if it’s a lightweight tag, it falls back to the commit’s timestamp.