{"meta":{"title":"警告：“此工作流检测到 1 个问题：不再需要 git checkout HEAD^2”","intro":"如果看到此警告，应更新工作流以遵循当前的最佳做法。","product":"安全性和代码质量","breadcrumbs":[{"href":"/zh/code-security","title":"安全性和代码质量"},{"href":"/zh/code-security/reference","title":"Reference"},{"href":"/zh/code-security/reference/code-scanning","title":"代码扫描"},{"href":"/zh/code-security/reference/code-scanning/troubleshoot-analysis-errors","title":"排查与解决分析错误"},{"href":"/zh/code-security/reference/code-scanning/troubleshoot-analysis-errors/unnecessary-step-found","title":"发现了不必要的步骤"}],"documentType":"article"},"body":"# 警告：“此工作流检测到 1 个问题：不再需要 git checkout HEAD^2”\n\n如果看到此警告，应更新工作流以遵循当前的最佳做法。\n\n## 关于此警告\n\n```text\nWarning: 1 issue was detected with this workflow: git checkout HEAD^2 is no longer\nnecessary. Please remove this step as Code Scanning recommends analyzing the merge\ncommit for best results.\n```\n\n如果使用旧 CodeQL 工作流，可能会收到来自“初始化 CodeQL”操作的此警告。\n\n## 确认问题原因\n\n检查工作流中的 CodeQL 以下行。 这些行已被纳入`steps`部分的`Analyze`作业，这发生在CodeQL工作流的初始版本中。\n\n```yaml\n        with:\n          # We must fetch at least the immediate parents so that if this is\n          # a pull request then we can checkout the head.\n          fetch-depth: 2\n\n      # If this run was triggered by a pull request event, then checkout\n      # the head of the pull request instead of the merge commit.\n      - run: git checkout HEAD^2\n        if: ${{ github.event_name == 'pull_request' }}\n```\n\n## 修复问题\n\n从 CodeQL 工作流中删除行。 修改后的工作流的 `steps` 部分应如下所示：\n\n```yaml\n    steps:\n      - name: Checkout repository\n        uses: actions/checkout@v6\n\n      # Initializes the CodeQL tools for scanning.\n      - name: Initialize CodeQL\n        uses: github/codeql-action/init@v4\n\n      # ...\n```"}