Skip to content

deploy: force-fetch branch tip after clone to defeat stale refs#183

Open
benvinegar wants to merge 1 commit intomainfrom
fix/update-stale-clone
Open

deploy: force-fetch branch tip after clone to defeat stale refs#183
benvinegar wants to merge 1 commit intomainfrom
fix/update-stale-clone

Conversation

@benvinegar
Copy link
Member

@benvinegar benvinegar commented Feb 27, 2026

Problem

baudbot update sometimes deploys commits that are days behind the true remote HEAD. Observed on DigitalOcean droplets.

Root cause

git clone --single-branch --branch main relies on the remote's ref advertisement, which can be stale due to:

  • GitHub's HTTPS smart transport CDN caching — edge nodes can lag behind by minutes to hours
  • HTTP proxy caching on the host or network
  • Local path repos that haven't been fetched recently (when REPO_URL resolves to a local checkout)

Fix

After cloning, explicitly git fetch --force the branch and git reset --hard origin/<branch> to guarantee the checkout reflects the actual latest tip, bypassing any transport-level caching.

Changes

  • bin/update-release.sh — added force-fetch + hard-reset after clone
  • bin/update-release.test.sh — added test confirming sequential updates pick up new commits

Testing

  • All existing tests pass (5/5)
  • Shell lint clean (59 files)
  • Full shell test suite green (15/15)

@benvinegar
deploy: force-fetch branch tip after clone to defeat stale refs
9de5bed 
git clone --single-branch can serve a stale ref advertisement from
GitHub's CDN or HTTP transport cache, causing baudbot update to deploy
commits that are minutes to days behind the true remote HEAD.

After cloning, explicitly fetch --force the branch and hard-reset to
origin/<branch> to guarantee the checkout reflects the latest tip.

Adds a test confirming sequential updates pick up new commits.
@greptile-apps
Copy link

greptile-apps bot commented Feb 27, 2026

Greptile Summary

This PR addresses a deployment reliability issue where baudbot update could deploy stale commits due to cached git ref advertisements. The fix adds a force-fetch and hard-reset immediately after cloning to ensure the checkout reflects the true remote HEAD, bypassing GitHub CDN caching, HTTP proxies, and stale local mirrors.

Key changes:

  • Added git fetch --force and git reset --hard after clone in update-release.sh
  • Included clear comments explaining the caching issue and solution
  • Added comprehensive test coverage validating sequential updates pick up new commits
  • Maintains existing error handling and workflow integrity

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The fix is minimal, well-tested, and addresses a real production issue. The logic is sound (force-fetching after clone defeats transport caching), the implementation follows repository conventions, and comprehensive test coverage was added. No security concerns or breaking changes.
  • No files require special attention

Important Files Changed

Filename Overview
bin/update-release.sh Added force-fetch and hard-reset after clone to defeat transport-level caching
bin/update-release.test.sh Added test verifying sequential updates pick up latest commits

Last reviewed commit: 9de5bed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benvinegar