Merge d03156b5b8 into 6b42224f41

Add workflow file for publishing releases to immutable action package (#1919 )
This workflow file publishes new action releases to the immutable action package of the same name as this repo. This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature.
2026-03-07 08:51:46 +08:00 · 2024-10-03 11:31:15 -07:00 · 2024-10-03 11:03:35 +02:00 · 2024-10-01 20:24:28 -04:00 · 2021-12-15 10:17:09 +00:00
5 changed files with 48 additions and 8 deletions
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@ -0,0 +1,20 @@
 name: 'Publish Immutable Action Version'
 on:
  release:
    types: [published]
 jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    steps:
      - name: Checking out
        uses: actions/checkout@v4
      - name: Publish
        id: publish
        uses: actions/publish-immutable-action@0.0.3
--- a/README.md
+++ b/README.md
@ -33,6 +33,9 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
    # with the local git config, which enables your scripts to run authenticated git
    # commands. The post-job step removes the PAT.
    #
    # If any of the submodules are private GitHub repos, pass in a PAT with read-access 
    # to them. 
    #
    # We recommend using a service account with the least permissions necessary. Also
    # when generating a new PAT, select the least scopes necessary.
    #
@ -110,8 +113,8 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
    # Whether to checkout submodules: `true` to checkout submodules or `recursive` to
    # recursively checkout submodules.
    #
-    # When the `ssh-key` input is not provided, SSH URLs beginning with
+    # When neither the `ssh-key` nor the `token` inputs are provided, SSH URLs 
-    # `git@github.com:` are converted to HTTPS.
+    # beginning with `git@github.com:` are converted to HTTPS. 
    #
    # Default: false
    submodules: ''
@ -239,12 +242,19 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
  uses: actions/checkout@v4
  with:
    repository: my-org/my-private-tools
-    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
+    token: ${{ secrets.GH_PAT }}  # `GH_PAT` is a secret that contains a PAT with read-access to this private repository
    path: my-tools
 ```
-> - `${{ github.token }}` is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
+## Checkout a repo and its private submodules
 ```yaml
 - name: Checkout
  uses: actions/checkout@v2
  with:
    submodules: true
    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains a PAT with read-access to the private submodules
 ```
 ## Checkout pull request HEAD commit instead of merge commit
--- a/test/ref-helper.test.ts
+++ b/test/ref-helper.test.ts
@ -77,6 +77,16 @@ describe('ref-helper tests', () => {
    expect(checkoutInfo.startPoint).toBeFalsy()
  })
  it('getCheckoutInfo refs/ without commit', async () => {
    const checkoutInfo = await refHelper.getCheckoutInfo(
      git,
      'refs/non-standard-ref',
      ''
    )
    expect(checkoutInfo.ref).toBe('refs/non-standard-ref')
    expect(checkoutInfo.startPoint).toBeFalsy()
  })
  it('getCheckoutInfo unqualified branch only', async () => {
    git.branchExists = jest.fn(async (remote: boolean, pattern: string) => {
      return true
--- a/dist/index.js
+++ b/dist/index.js
@ -2005,8 +2005,8 @@ function getCheckoutInfo(git, ref, commit) {
            result.ref = ref;
        }
        // refs/
-        else if (upperRef.startsWith('REFS/') && commit) {
+        else if (upperRef.startsWith('REFS/')) {
-            result.ref = commit;
+            result.ref = commit ? commit : ref;
        }
        // Unqualified ref, check for a matching branch or tag
        else {
--- a/src/ref-helper.ts
+++ b/src/ref-helper.ts
@ -46,8 +46,8 @@ export async function getCheckoutInfo(
    result.ref = ref
  }
  // refs/
-  else if (upperRef.startsWith('REFS/') && commit) {
+  else if (upperRef.startsWith('REFS/')) {
-    result.ref = commit
+    result.ref = commit ? commit : ref
  }
  // Unqualified ref, check for a matching branch or tag
  else {
Author	SHA1	Message	Date
Ariel Elkin	5e5c94a1cd	Merge `d03156b5b8` into `6b42224f41`	2024-10-03 11:31:15 -07:00
Joel Ambass	6b42224f41	Add workflow file for publishing releases to immutable action package (#1919 ) This workflow file publishes new action releases to the immutable action package of the same name as this repo. This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature.	2024-10-03 11:03:35 +02:00
Orhan Toy	de5a000abf	Check out other refs/* by commit if provided, fall back to ref (#1924 )	2024-10-01 20:24:28 -04:00
Ariel Elkin	d03156b5b8	Update README.md	2021-12-15 10:17:09 +00:00