git issue with builds on Travis-CI

git issue with builds on Travis-CI

[Maurice McCabe]

There is a problem on travis-ci with doing builds on Pull Requests
with multiple jobs. For each job it will build off the FETCH_HEAD. The
problem is that if the FETCH_HEAD changes while the build is running
(due to a commit), the subsequent jobs will build off the new
FETCH_HEAD. This results in loss of integrity of the build.

The fix would have been doing a fetch by the SHA-1 (commit) instead of
the FETCH_HEAD. But this results in an error:
"error: Server does not allow request for unadvertised object"

Since this is not working, the current option available to the people
at travis-ci is to abandon the build with an error message. This is
not a good user experience. The preferred option is to trigger a new
build when a commit is made.

You can see more details about the problem in this comment:
https://github.com/travis-ci/travis-ci/issues/8577#issuecomment-336596843
and the current discussion:
https://github.com/travis-ci/travis-ci/issues/10210

BTW: on reading the git mailing list a suggestion seems to be to ask
the server operator (GitHub in this case) to set:
"git config uploadpack.allowReachableSHA1InWant 1"
Apparently this has some security implications.

Does anyone have a suggestion how to do a fetch by SHA-1? Or is there
another approach to solve this issue on travis-ci?

Thnx,

Maurice