git: export gitutil helper for identifying commit shas

Signed-off-by: Justin Chadwell <me@jedevc.com>

source/git/source.go

@@ -36,7 +36,6 @@ import (
 	"google.golang.org/grpc/status"
 )
 
-var validHex = regexp.MustCompile(`^[a-f0-9]{40}$`)
 var defaultBranch = regexp.MustCompile(`refs/heads/(\S+)`)
 
 type Opt struct {
@@ -341,7 +340,7 @@ func (gs *gitSourceHandler) CacheKey(ctx context.Context, g session.Group, index
 	gs.locker.Lock(remote)
 	defer gs.locker.Unlock(remote)
 
-	if ref := gs.src.Ref; ref != "" && isCommitSHA(ref) {
+	if ref := gs.src.Ref; ref != "" && gitutil.IsCommitSHA(ref) {
 		cacheKey := gs.shaToCacheKey(ref)
 		gs.cacheKey = cacheKey
 		return cacheKey, ref, nil, true, nil
@@ -400,7 +399,7 @@ func (gs *gitSourceHandler) CacheKey(ctx context.Context, g session.Group, index
 	if sha == "" {
 		return "", "", nil, false, errors.Errorf("repository does not contain ref %s, output: %q", ref, string(buf))
 	}
-	if !isCommitSHA(sha) {
+	if !gitutil.IsCommitSHA(sha) {
 		return "", "", nil, false, errors.Errorf("invalid commit sha %q", sha)
 	}
 
@@ -455,7 +454,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
 	}
 
 	doFetch := true
-	if isCommitSHA(ref) {
+	if gitutil.IsCommitSHA(ref) {
 		// skip fetch if commit already exists
 		if _, err := git.Run(ctx, "cat-file", "-e", ref+"^{commit}"); err == nil {
 			doFetch = false
@@ -467,7 +466,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
 		os.RemoveAll(filepath.Join(gitDir, "shallow.lock"))
 
 		args := []string{"fetch"}
-		if !isCommitSHA(ref) { // TODO: find a branch from ls-remote?
+		if !gitutil.IsCommitSHA(ref) { // TODO: find a branch from ls-remote?
 			args = append(args, "--depth=1", "--no-tags")
 		} else {
 			args = append(args, "--tags")
@@ -476,11 +475,11 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
 			}
 		}
 		args = append(args, "origin")
-		if !isCommitSHA(ref) {
-			args = append(args, "--force", ref+":tags/"+ref)
+		if !gitutil.IsCommitSHA(ref) {
 			// local refs are needed so they would be advertised on next fetches. Force is used
 			// in case the ref is a branch and it now points to a different commit sha
 			// TODO: is there a better way to do this?
+			args = append(args, "--force", ref+":tags/"+ref)
 		}
 		if _, err := git.Run(ctx, args...); err != nil {
 			return nil, errors.Wrapf(err, "failed to fetch remote %s", urlutil.RedactCredentials(gs.src.Remote))
@@ -549,7 +548,7 @@ func (gs *gitSourceHandler) Snapshot(ctx context.Context, g session.Group) (out
 		pullref := ref
 		if isAnnotatedTag {
 			pullref += ":refs/tags/" + pullref
-		} else if isCommitSHA(ref) {
+		} else if gitutil.IsCommitSHA(ref) {
 			pullref = "refs/buildkit/" + identity.NewID()
 			_, err = git.Run(ctx, "update-ref", pullref, ref)
 			if err != nil {
@@ -710,10 +709,6 @@ func (gs *gitSourceHandler) gitCli(ctx context.Context, g session.Group, opts ..
 	return gitCLI(opts...), cleanup, err
 }
 
-func isCommitSHA(str string) bool {
-	return validHex.MatchString(str)
-}
-
 func tokenScope(remote string) string {
 	// generally we can only use the token for fetching main remote but in case of github.com we do best effort
 	// to try reuse same token for all github.com remotes. This is the same behavior actions/checkout uses