Merge 02ade5d400 into c2d88d3ecc

Update all references from v5 and v4 to v6 (#2314 )
- Updated README.md examples to reference @v6 - Updated all workflow files to use actions/checkout@v6
2026-03-07 08:51:46 +08:00 · 2025-11-24 14:04:25 +01:00 · 2025-11-23 19:32:55 -06:00 · 2025-11-20 10:20:04 -06:00 · 2022-02-14 23:18:53 +00:00
11 changed files with 43 additions and 34 deletions
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v6

      - name: Set Node.js 24.x
        uses: actions/setup-node@v4
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -39,7 +39,7 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4.1.6
+      uses: actions/checkout@v6

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@ -9,6 +9,6 @@ jobs:
    runs-on: ubuntu-latest
    name: Check licenses
    steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v6
      - run: npm ci
      - run: npm run licensed-check
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@ -14,7 +14,7 @@ jobs:

    steps:
      - name: Checking out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: Publish
        id: publish
        uses: actions/publish-immutable-action@0.0.3
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -19,7 +19,7 @@ jobs:
      - uses: actions/setup-node@v4
        with:
          node-version: 24.x
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v6
      - run: npm ci
      - run: npm run build
      - run: npm run format-check
@ -37,7 +37,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v6

      # Basic checkout
      - name: Checkout basic
@ -202,7 +202,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v6

      # Basic checkout using git
      - name: Checkout basic
@ -234,7 +234,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v6

      # Basic checkout using git
      - name: Checkout basic
@ -264,7 +264,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v6
        with:
          path: localClone

@ -291,8 +291,8 @@ jobs:
          git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main

      # needed to make checkout post cleanup succeed
-      - name: Fix Checkout v4
-        uses: actions/checkout@v4.1.6
+      - name: Fix Checkout v6
+        uses: actions/checkout@v6
        with:
          path: localClone

@ -301,7 +301,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v6
        with:
          path: actions-checkout

--- a/.github/workflows/update-main-version.yml
+++ b/.github/workflows/update-main-version.yml
@ -23,7 +23,7 @@ jobs:
    # Note this update workflow can also be used as a rollback tool.
    # For that reason, it's best to pin `actions/checkout` to a known, stable version
    # (typically, about two releases back).
-    - uses: actions/checkout@v4.1.6
+    - uses: actions/checkout@v6
      with:
        fetch-depth: 0
    - name: Git config
--- a/.github/workflows/update-test-ubuntu-git.yml
+++ b/.github/workflows/update-test-ubuntu-git.yml
@ -26,7 +26,7 @@ jobs:
 
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

      # Use `docker/login-action` to log in to GHCR.io. 
      # Once published, the packages are scoped to the account defined here.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,8 +1,17 @@
 # Changelog

+## V6.0.0
+* Persist creds to a separate file by @ericsciple in https://github.com/actions/checkout/pull/2286
+* Update README to include Node.js 24 support details and requirements by @salmanmkc in https://github.com/actions/checkout/pull/2248
+
+## V5.0.1
+* Port v6 cleanup to v5 by @ericsciple in https://github.com/actions/checkout/pull/2301
+
 ## V5.0.0
 * Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226

+## V4.3.1
+* Port v6 cleanup to v4 by @ericsciple in https://github.com/actions/checkout/pull/2305

 ## V4.3.0
 * docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 [![Build and Test](https://github.com/actions/checkout/actions/workflows/test.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/test.yml)

-# Checkout v6-beta
+# Checkout v6

 ## What's new

@ -51,7 +51,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 <!-- start usage -->
 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    # Repository name with owner. For example, actions/checkout
    # Default: ${{ github.repository }}
@ -190,7 +190,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only the root files

 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    sparse-checkout: .
 ```
@ -198,7 +198,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only the root files and `.github` and `src` folder

 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    sparse-checkout: |
      .github
@ -208,7 +208,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only a single file

 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    sparse-checkout: |
      README.md
@ -218,7 +218,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch all history for all tags and branches

 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    fetch-depth: 0
 ```
@ -226,7 +226,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout a different branch

 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    ref: my-branch
 ```
@ -234,7 +234,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout HEAD^

 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    fetch-depth: 2
 - run: git checkout HEAD^
@ -244,12 +244,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 ```yaml
 - name: Checkout
-  uses: actions/checkout@v5
+  uses: actions/checkout@v6
  with:
    path: main

 - name: Checkout tools repo
-  uses: actions/checkout@v5
+  uses: actions/checkout@v6
  with:
    repository: my-org/my-tools
    path: my-tools
@ -260,10 +260,10 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 ```yaml
 - name: Checkout
-  uses: actions/checkout@v5
+  uses: actions/checkout@v6

 - name: Checkout tools repo
-  uses: actions/checkout@v5
+  uses: actions/checkout@v6
  with:
    repository: my-org/my-tools
    path: my-tools
@ -274,12 +274,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 ```yaml
 - name: Checkout
-  uses: actions/checkout@v5
+  uses: actions/checkout@v6
  with:
    path: main

 - name: Checkout private tools
-  uses: actions/checkout@v5
+  uses: actions/checkout@v6
  with:
    repository: my-org/my-private-tools
    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
@ -292,7 +292,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout pull request HEAD commit instead of merge commit

 ```yaml
- uses: actions/checkout@v5
+- uses: actions/checkout@v6
  with:
    ref: ${{ github.event.pull_request.head.sha }}
 ```
@ -308,7 +308,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 ```

 ## Push a commit using the built-in token
@ -319,7 +319,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - run: |
          date > generated.txt
          # Note: the following account information will not work on GHES
@ -341,7 +341,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          ref: ${{ github.head_ref }}
      - run: |
--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@ -179,7 +179,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {

      // When all history is fetched, the ref we're interested in may have moved to a different
      // commit (push or force push). If so, fetch again with a targeted refspec.
-      if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
+      if (!settings.refs.startsWith("refs/tags") && !(await refHelper.testRef(git, settings.ref, settings.commit))) {
        refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
        await git.fetch(refSpec, fetchOptions)
      }
--- a/src/misc/generate-docs.ts
+++ b/src/misc/generate-docs.ts
@ -120,7 +120,7 @@ function updateUsage(
 }

 updateUsage(
-  'actions/checkout@v5',
+  'actions/checkout@v6',
  path.join(__dirname, '..', '..', 'action.yml'),
  path.join(__dirname, '..', '..', 'README.md')
 )
Author	SHA1	Message	Date
brian m. carlson	6e40528eb1	Merge `02ade5d400` into `c2d88d3ecc`	2025-11-24 14:04:25 +01:00
eric sciple	c2d88d3ecc	Update all references from v5 and v4 to v6 (#2314 ) - Updated README.md examples to reference @v6 - Updated all workflow files to use actions/checkout@v6	2025-11-23 19:32:55 -06:00
eric sciple	1af3b93b68	update readme/changelog for v6 (#2311 )	2025-11-20 10:20:04 -06:00
brian m. carlson	02ade5d400	Don't overwrite annotated tags with commit object When checking out a repository with full history, a full clone is done and then the ref is finally updated to point to the commit that caused the workflow to be run. Normally, this is a good protection against someone pushing to the repository twice in short succession, but it causes problems with annotated tags. Specifically, because the entry in refs/tags is set to the commit hash, if an annotated tag was used, the tag is turned merely into a lightweight one, which breaks `git describe`. Every other tag in the repository will continue to remain a valid annotated tag except the one for which the workflow was invoked, which is not what the user expected. Let's work around this by not performing a fetch if what we're fetching is a tag. Technically, annotated tags can be anywhere in the hierarchy at any ref, but this should work as a suitable heuristic for now. Note that the proper solution would be to expose the revision of the actual object and check against that instead of the commit, but it doesn't presently appear that that information is exposed. Also, we explicitly do not case-fold since Git refs are case sensitive.	2022-02-14 23:18:53 +00:00