fix(read): fail when --from and --to share no merge-base #4555

[CervEdin]

Fixes #4555.

When linting a range with --from A --to B in a shallow clone where the merge-base wasn't fetched, git log A..B silently returns whatever subset of the range exists locally. We validate that subset and report success — even though we never saw the rest of the range. Most visible in CI: actions/checkout@v4 clones with fetch-depth: 1, so a branch with N commits ahead of origin/master surfaces only HEAD; if HEAD is well-formed, the lint passes regardless of the unfetched commits.

This PR adds a git merge-base check between from and to (defaulting to to HEAD to mirror what git-raw-commits does internally) before walking the range, and errors with a clear message if no common ancestor exists. --last, --edit, and the no-flag default all bypass the check, since none of them depend on a two-ended range.

Tests

Two new tests in @commitlint/read/src/read.test.ts use git checkout --orphan to create unrelated histories — the exact condition the check enforces, decoupled from shallow-clone trigger specifics.

Out of scope

• --from-last-tag in a shallow clone has a related failure mode (git describe falls back to a hash → no-op range → silent pass). The merge-base check doesn't catch it because the no-op sets from = HEAD-hash, which trivially merge-bases with HEAD. Surfacing this requires a separate decision (warn vs. error, and how a library function should communicate diagnostics) and is left for follow-up.
• Using same commit for --from and --to does nothing and returns exit-code=0 (success) #3376 (--from === --to silently succeeds) is a related but distinct issue, also out of scope here.

Alternative considered

The issue thread suggested gating on .git/shallow instead. Merge-base is more precise — it detects the actual broken state regardless of cause, and matches git diff --three-dot's behavior. A path-based shallow check would also be wrong in worktrees and submodules, where .git is a file pointing elsewhere; if such a check is ever wanted, git rev-parse --is-shallow-repository is the right primitive.

[Copilot]

Pull request overview

This PR hardens @commitlint/read when linting a two-ended git range (--from A --to B, with --to defaulting to HEAD) by failing fast if the two refs do not share a merge-base. This prevents false-positive “success” results in shallow clones where git log A..B can silently return an incomplete subset of commits.

Changes:

• Add a pre-flight git merge-base <from> <to|HEAD> check before walking history via git-raw-commits.
• Throw a targeted error when no merge-base exists (common in shallow/incomplete history scenarios).
• Add tests that construct unrelated histories via git checkout --orphan to validate the new failure mode.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
@commitlint/read/src/read.ts	Adds merge-base validation for from/to ranges before delegating to git-raw-commits.
@commitlint/read/src/read.test.ts	Adds coverage for the new error behavior when refs share no merge-base (including implicit to=HEAD).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[knocte]

Can you split the commit in two (first commit the tests, after that commit the fix) so that we can see the red CI first? This way it's pure TDD style, you know.

[CervEdin]

Can you split the commit in two (first commit the tests, after that commit the fix) so that we can see the red CI first? This way it's pure TDD style, you know.

you want it red in CI or is it okay to commit with test.fails -> test?

[escapedcat]

I think two commits are good, one fails CI, one makes it green. Does this work?

[knocte]

to commit with test.fails -> test?

Sorry I don't know what you mean with this.

BTW I just saw that you did a single push with 2 commits. The point is do a push per commit.
You can do this with git using this kind of command: https://stackoverflow.com/a/45155607/23158491

Or if you want a script, I developed one:
https://github.com/tarsgate/conventions/blob/master/scripts/gitPush1by1.fsx

Although, not sure if you have to wait first for @escapedcat to approve the workflows

[escapedcat]

Try this:

1. fix format issues
2. create a commit that fails CI
3. fix code
4. create a commit that passes CI
5. tackle copilot feedback

[knocte]

Try this:
fix format issues

But bro, you're the one that broke the formatting in master 😆

[CervEdin]

to commit with test.fails -> test?

Sorry I don't know what you mean with this.

What I did was two commits:

1. assert the tests fail
2. commit fix and change the tests to assert success

BTW I just saw that you did a single push with 2 commits. The point is do a push per commit.
Okay, sure I can do it like that

[escapedcat]

Try this:
fix format issues

But bro, you're the one that broke the formatting in master 😆

Fixed: #4768

[CervEdin]

First commit
d75f703 (test: add tests for missing coverage, 2026-05-14)
fails the tests, like you asked @knocte

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯ Failed Tests 2 ⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯

 FAIL  @commitlint/read/src/read.test.ts > throws when from and to share no merge-base
AssertionError: promise resolved "[ 'orphan commit\n\n' ]" instead of rejecting

- Expected:
Error {
  "message": "rejected promise",
}

+ Received:
[
  "orphan commit

",
]

 ❯ @commitlint/read/src/read.test.ts:170:62
    168|  });
    169|
    170|  await expect(read({ from: initialBranch, to: "other", cwd })).rejects.toThrow(
       |                                                              ^
    171|   /Cannot find merge-base/,
    172|  );

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/2]⎯

 FAIL  @commitlint/read/src/read.test.ts > throws when from has no merge-base with HEAD (no --to)
AssertionError: promise resolved "[ 'orphan commit\n\n' ]" instead of rejecting

- Expected:
Error {
  "message": "rejected promise",
}

+ Received:
[
  "orphan commit

",
]

 ❯ @commitlint/read/src/read.test.ts:191:49
    189|  });
    190|
    191|  await expect(read({ from: initialBranch, cwd })).rejects.toThrow(
       |                                                 ^
    192|   /Cannot find merge-base/,
    193|  );

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[2/2]⎯


 Test Files  1 failed | 89 passed (90)
      Tests  2 failed | 1188 passed (1190)
Type Errors  no errors
   Start at  12:48:46
   Duration  24.71s (transform 4.25s, setup 0ms, import 12.65s, tests 54.74s, environment 1.32s, typecheck 499ms)

error Command failed with exit code 1.

btw, the current vitest.config.ts doesn't play nice with vim undo/swap files. Maybe consider excluding hidden files or tightening the include smh

diff --git a/vitest.config.ts b/vitest.config.ts
index 09b59699..0d9f802d 100644
--- a/vitest.config.ts
+++ b/vitest.config.ts
@@ -15,6 +15,7 @@ export default defineConfig({
                coverage: {
                        provider: "istanbul",
                        include: ["**/@commitlint/*/src/**"],
+                       exclude: ["**/.*"],
                },
        },
        environments: {

[CervEdin]

rebased and re-formatted

[knocte]

fails the tests, like you asked @knocte

You still pushed both commits with the same push operation, so we only see one CI status.

[CervEdin]

fails the tests, like you asked @knocte

You still pushed both commits with the same push operation, so we only see one CI status.

Earlier I pushed them separetly

I will re force-push the first commit
how long do I need to wait before pushing the full series for CI to register in a way which shows the red CI like you want?

[knocte]

how long do I need to wait

No need to wait IME. However, I see what's happening here: everytime you push, @escapedcat needs to approve the CI workflow run. So I'm afraid you have to push 1st commit first, then wait until he approves, and then push again.

[knocte]

Looks good! I see broken CI now, then you can now push 2nd commit.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

[escapedcat]

Looks good, thanks! undraft?

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[escapedcat]

Thanks everybody! ❤️