From 6b136998ede7ba24682b0365bbe1b9efd397e9af Mon Sep 17 00:00:00 2001
From: Markus Schulz <msc@0zero.de>
Date: Thu, 5 Jan 2023 17:45:37 +0100
Subject: [PATCH] fix(git): checkout branch in a safer way (#19681)

---
 lib/util/git/index.ts | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/util/git/index.ts b/lib/util/git/index.ts
index 00da5302f1..5cdeb178aa 100644
--- a/lib/util/git/index.ts
+++ b/lib/util/git/index.ts
@@ -505,11 +505,9 @@ export async function checkoutBranch(branchName: string): Promise<CommitSha> {
   logger.debug(`Setting current branch to ${branchName}`);
   await syncGit();
   try {
-    config.currentBranch = branchName;
-    config.currentBranchSha = (
-      await git.raw(['rev-parse', 'origin/' + branchName])
-    ).trim();
     await gitRetry(() => git.checkout(['-f', branchName, '--']));
+    config.currentBranch = branchName;
+    config.currentBranchSha = (await git.raw(['rev-parse', 'HEAD'])).trim();
     const latestCommitDate = (await git.log({ n: 1 }))?.latest?.date;
     if (latestCommitDate) {
       logger.debug({ branchName, latestCommitDate }, 'latest commit');
-- 
GitLab