github actions: Optimize kernel tree clone/fetch

kerneltoast · kerneltoast · commit cf8e45a0e373 · 2025-12-05T14:08:01.000-08:00
Cloning the base branch takes a long time because a fetch-depth of 0 causes
all history for all branches and tags to be cloned (!). In addition, the
entire history of the PR branch is fetched.

Only the tip of the base branch along with the new commits present in a PR
need to be cloned; anything more than that is unneeded.

Reduce the depth of the base branch clone to 1 commit and the PR branch
fetch to the number of commits in the PR plus 1 (to get the tip of the base
branch).

The same philosophy is applied to fetching the mainline branch, which is
substantially more complex. All that is needed _at most_ is the history
between the kernel version tag and the tip of mainline, since the kernel
version tag is the most recent common ancestor between us and mainline.
History older than the kernel version tag is thus excluded via
--shallow-exclude.

And as an added bonus, skip checkout on the base branch clone since all of
the python scripts inspecting the tree perform checkouts themselves. That
way, no time is wasted on checking out the tree to a different SHA than the
first checkout by one of the python scripts.
diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml
@@ -14,15 +14,16 @@ jobs:
     timeout-minutes: 120
 
     steps:
-      - name: Checkout base branch
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          ref: ${{ github.base_ref }}
+      - name: Clone base branch
+        run: |
+          # Optimization: don't checkout at the start because it's superfluous
+          git clone --depth=1 --no-checkout "${{ github.event.pull_request.base.repo.clone_url }}" -b "${{ github.base_ref }}" .
 
       - name: Fetch PR branch
         run: |
-          git fetch "${{ github.event.pull_request.head.repo.clone_url }}" "${{ github.head_ref }}"
+          # Fetch all of the commits in the PR plus one more commit before,
+          # which should be the head of the base branch
+          git fetch --depth=$((${{ github.event.pull_request.commits }} + 1)) "${{ github.event.pull_request.head.repo.clone_url }}" "${{ github.head_ref }}"
           echo "HEAD_SHA=$(git rev-parse FETCH_HEAD)" >> "$GITHUB_ENV"
 
       - name: Verify PR branch isn't on stale base
@@ -32,6 +33,21 @@ jobs:
             exit 1
           fi
 
+      - name: Fetch upstream mainline branch
+        run: |
+          # Determine the kernel version tag, since it is the most recent common
+          # ancestor between the base branch and the upstream mainline branch
+          MAKEFILE=$(git show "${{ github.base_ref }}":Makefile)
+          VERSION=$(grep -m1 -Po '(?<=^VERSION = )\d+' <<< "$MAKEFILE")
+          PATCHLEVEL=$(grep -m1 -Po '(?<=^PATCHLEVEL = )\d+' <<< "$MAKEFILE")
+
+          # Fetch upstream mainline branch without tags, fetching only history
+          # that is newer than this kernel version tag. This reduces the amount
+          # of commits cloned knowing that there's no need to check any commits
+          # for Fixes commits older than what the base branch already contains
+          git fetch --no-tags --shallow-exclude="v$VERSION.$PATCHLEVEL" origin kernel-mainline
+          echo "MAINLINE_SHA=$(git rev-parse FETCH_HEAD)" >> "$GITHUB_ENV"
+
       - name: Checkout kernel-src-tree-tools
         uses: actions/checkout@v4
         with:
@@ -55,6 +71,7 @@ jobs:
             --pr_branch "$HEAD_SHA" \
             --base_branch "${{ github.base_ref }}" \
             --markdown \
+            --upstream-ref "$MAINLINE_SHA" \
             --check-cves | tee ../ckc_result.txt
           EXIT_CODE=$?
 
