1
0
mirror of https://github.com/actions/checkout.git synced 2026-06-29 18:13:51 +08:00

Compare commits

..

50 Commits

Author SHA1 Message Date
fortress-verified™️
dd74a91233 Merge 1d1e7b0d14 into ff7abcd0c3 2025-08-13 09:25:51 -04:00
Salman Chishti
ff7abcd0c3 Update README to include Node.js 24 support details and requirements (#2248)
* Update README to include Node.js 24 support details and requirements

* Update
2025-08-13 13:57:25 +01:00
Salman Chishti
08c6903cd8 Prepare v5.0.0 release (#2238) 2025-08-11 13:35:28 +01:00
Salman Chishti
9f265659d3 Update actions checkout to use node 24 (#2226)
* use node 24

* update other parts to node 24

* bump to major version, audit fix, changelog

* update licenses

* update dist

* update major version

* will do separate pr for v5 and will do a minor version for previous changes
2025-08-11 11:52:51 +01:00
Salman Chishti
08eba0b27e Prepare release v4.3.0 (#2237) 2025-08-11 11:30:37 +01:00
Salman Chishti
631c7dc4f8 Update package dependencies (#2236)
* package updates

* update dist

* Update license files
2025-08-11 11:22:41 +01:00
Tingluo Huang
8edcb1bdb4 Update CODEOWNERS for actions (#2224) 2025-07-23 09:20:20 -04:00
Fortress-Hub
1d1e7b0d14 Create codacy.yml 2025-07-20 12:58:05 +04:00
Fortress-Hub
4fbfd0616f Create codeql.yml 2025-07-13 15:09:47 +04:00
Fortress-Hub
2fe00dafc5 Merge pull request #12 from aqsa326/revert-11-revert-10-revert-9-revert-8-revert-7-dependabot/npm_and_yarn/npm_and_yarn-068f34462b
Revert "Revert "Revert "Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates"""""
2025-07-13 13:35:51 +04:00
Fortress-Hub
88f75d99cf Create main.yml 2025-07-13 12:56:32 +04:00
Fortress-Hub
4c9771d239 Create fortify.yml 2025-07-13 12:54:24 +04:00
Fortress-Hub
5273dc8b75 Create SECURITY.md 2025-07-13 12:51:46 +04:00
Fortress-Hub
2b3ba3731a Revert "Revert "Revert "Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates""""" 2025-07-13 12:48:55 +04:00
Fortress-Hub
69f65d8073 Merge pull request #11 from aqsa326/revert-10-revert-9-revert-8-revert-7-dependabot/npm_and_yarn/npm_and_yarn-068f34462b
Revert "Revert "Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates""""
2025-07-13 12:48:44 +04:00
Fortress-Hub
23f7367f17 Revert "Revert "Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates"""" 2025-07-13 12:48:21 +04:00
Fortress-Hub
0e43ec312b Merge pull request #10 from aqsa326/revert-9-revert-8-revert-7-dependabot/npm_and_yarn/npm_and_yarn-068f34462b
Revert "Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates"""
2025-07-13 12:48:15 +04:00
Fortress-Hub
3481f8bbc8 Revert "Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates""" 2025-07-13 12:47:59 +04:00
Fortress-Hub
2e5004252b Merge pull request #9 from aqsa326/revert-8-revert-7-dependabot/npm_and_yarn/npm_and_yarn-068f34462b
Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates""
2025-07-13 12:47:52 +04:00
Fortress-Hub
d0fb879b3f Revert "Revert "Bump the npm_and_yarn group across 1 directory with 5 updates"" 2025-07-13 12:47:36 +04:00
Fortress-Hub
12745083dd Merge pull request #8 from aqsa326/revert-7-dependabot/npm_and_yarn/npm_and_yarn-068f34462b
Revert "Bump the npm_and_yarn group across 1 directory with 5 updates"
2025-07-13 12:47:29 +04:00
Fortress-Hub
ef76a65b44 Revert "Bump the npm_and_yarn group across 1 directory with 5 updates" 2025-07-13 12:47:13 +04:00
Fortress-Hub
7ecec56e6d Merge pull request #7 from aqsa326/dependabot/npm_and_yarn/npm_and_yarn-068f34462b
Bump the npm_and_yarn group across 1 directory with 5 updates
2025-07-13 12:46:51 +04:00
Fortress-Hub
9e52bd2490 Create jekyll-gh-pages.yml 2025-07-13 12:46:29 +04:00
dependabot[bot]
90d97a43da Bump the npm_and_yarn group across 1 directory with 5 updates
Bumps the npm_and_yarn group with 4 updates in the / directory: [@octokit/endpoint](https://github.com/octokit/endpoint.js), [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js), [@octokit/request](https://github.com/octokit/request.js) and [undici](https://github.com/nodejs/undici).


Updates `@octokit/endpoint` from 9.0.5 to 9.0.6
- [Release notes](https://github.com/octokit/endpoint.js/releases)
- [Commits](https://github.com/octokit/endpoint.js/compare/v9.0.5...v9.0.6)

Updates `@octokit/plugin-paginate-rest` from 9.2.1 to 9.2.2
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](https://github.com/octokit/plugin-paginate-rest.js/compare/v9.2.1...v9.2.2)

Updates `@octokit/request` from 8.4.0 to 8.4.1
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](https://github.com/octokit/request.js/compare/v8.4.0...v8.4.1)

Updates `@octokit/request-error` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v5.1.0...v5.1.1)

Updates `undici` from 5.28.4 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.29.0)

---
updated-dependencies:
- dependency-name: "@octokit/endpoint"
  dependency-version: 9.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/plugin-paginate-rest"
  dependency-version: 9.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request"
  dependency-version: 8.4.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request-error"
  dependency-version: 5.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-07-13 08:46:11 +00:00
Fortress-Hub
1cf234d9d1 Merge pull request #1 from Aqsaa6146-gmail-com/main
Create docker-image.yml
2025-07-13 12:42:43 +04:00
Fortress-Hub
fe41cdfeaf Create docker-image.yml 2025-07-13 12:42:03 +04:00
Ben De St Paer-Gotch
09d2acae67 Update README.md (#2194) 2025-06-06 09:19:16 +01:00
Josh Gross
85e6279cec Adjust positioning of user email note and permissions heading (#2044) 2025-01-16 15:56:18 -05:00
Ben Wells
009b9ae9e4 Documentation update - add recommended permissions to Readme (#2043)
* Update README.md

* Update README.md

Co-authored-by: Josh Gross <joshmgross@github.com>

---------

Co-authored-by: Josh Gross <joshmgross@github.com>
2025-01-16 14:14:48 -05:00
Mohammad Ismail
cbb722410c Update README.md (#1977) 2024-11-14 10:41:00 -05:00
The web walker
3b9b8c884f docs: update README.md (#1971)
Add a scenario where it is necessary to push a commit to a pull request.
2024-11-08 10:32:54 -05:00
John Wesley Walker III
11bd71901b Prepare 4.2.2 Release (#1953)
* Prepare 4.2.2 Release

---------

Co-authored-by: Josh Gross <joshmgross@github.com>
2024-10-23 16:24:28 +02:00
John Wesley Walker III
e3d2460bbb Expand unit test coverage (#1946) 2024-10-23 15:59:08 +02:00
John Wesley Walker III
163217dfcd url-helper.ts now leverages well-known environment variables. (#1941)
* `utl-helper.ts` now leverages well-known environment variables.

---------
Co-authored-by: Erez Testiler <easyt@github.com>
2024-10-18 10:07:17 +02:00
Josh Gross
eef61447b9 Prepare 4.2.1 release (#1925) 2024-10-07 12:38:04 -04:00
Joel Ambass
6b42224f41 Add workflow file for publishing releases to immutable action package (#1919)
This workflow file publishes new action releases to the immutable action package of the same name as this repo.

This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature.
2024-10-03 11:03:35 +02:00
Orhan Toy
de5a000abf Check out other refs/* by commit if provided, fall back to ref (#1924) 2024-10-01 20:24:28 -04:00
Josh Gross
d632683dd7 Prepare 4.2.0 release (#1878)
* Bump package version to 4.1.8

* Add v4.1.8 changelog

* Bump version to `4.2.0`
2024-09-25 13:51:15 -04:00
dependabot[bot]
6d193bf280 Bump braces from 3.0.2 to 3.0.3 (#1777)
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-05 15:04:42 -04:00
dependabot[bot]
db0cee9a51 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
* Bump the minor-npm-dependencies group across 1 directory with 4 updates

Bumps the minor-npm-dependencies group with 4 updates in the / directory: [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest), [prettier](https://github.com/prettier/prettier), [ts-jest](https://github.com/kulshekhar/ts-jest) and [typescript](https://github.com/Microsoft/TypeScript).


Updates `eslint-plugin-jest` from 28.5.0 to 28.8.2
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v28.5.0...v28.8.2)

Updates `prettier` from 3.2.5 to 3.3.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.2.5...3.3.3)

Updates `ts-jest` from 29.1.2 to 29.2.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.2...v29.2.5)

Updates `typescript` from 5.4.5 to 5.5.4
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.4.5...v5.5.4)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* `npm run build`

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
2024-09-05 15:04:17 -04:00
Luca Comellini
b684943689 Add Ref and Commit outputs (#1180)
Signed-off-by: Luca Comellini <luca.com@gmail.com>
2024-09-05 11:57:13 -04:00
yasonk
2d7d9f7ff5 Provide explanation for where user email came from (#1869)
* Provide explanation for where user email came from

* bringing back the newline
2024-09-02 09:53:38 -04:00
dependabot[bot]
9a9194f871 Bump docker/build-push-action from 5.3.0 to 6.5.0 (#1832)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.3.0 to 6.5.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5.3.0...v6.5.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 16:10:36 -04:00
dependabot[bot]
dd960bd3c3 Bump docker/login-action in the minor-actions-dependencies group (#1831)
Bumps the minor-actions-dependencies group with 1 update: [docker/login-action](https://github.com/docker/login-action).


Updates `docker/login-action` from 3.1.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.1.0...v3.3.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 16:10:02 -04:00
Josh Gross
692973e3d9 Prepare 4.1.7 release (#1775)
* Prepare 4.1.7 release

* Include #1776 in 4.1.7 release
2024-06-12 14:41:43 -04:00
John Wesley Walker III
6ccd57f4c5 Pin actions/checkout's own workflows to a known, good, stable version. (#1776)
* Pin actions/checkout's own workflows to a known, good, stable version.

* fixed failing unit test

* fix unit test
2024-06-12 13:11:03 -04:00
Orhan Toy
b17fe1e4d5 Handle hidden refs (#1774)
Co-authored-by: Chris Gavin <chris@chrisgavin.me>
2024-06-12 11:01:40 -04:00
dependabot[bot]
b80ff79f17 Bump actions/checkout from 3 to 4 (#1697)
* Bump actions/checkout from 3 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Apply suggestions from code review

* .

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Cory Miller <13227161+cory-miller@users.noreply.github.com>
2024-05-20 14:25:59 -04:00
dependabot[bot]
b1ec3021b8 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)
Bumps the minor-npm-dependencies group with 4 updates in the / directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest).


Updates `@types/node` from 20.12.7 to 20.12.12
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 7.7.1 to 7.9.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.9.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 7.7.1 to 7.9.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.9.0/packages/parser)

Updates `eslint-plugin-jest` from 28.2.0 to 28.5.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v28.2.0...v28.5.0)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-npm-dependencies
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 09:56:19 -04:00
33 changed files with 1226 additions and 736 deletions

View File

@@ -22,12 +22,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4.1.6
- name: Set Node.js 20.x
- name: Set Node.js 24.x
uses: actions/setup-node@v4
with:
node-version: 20.x
node-version: 24.x
- name: Install dependencies
run: npm ci

61
.github/workflows/codacy.yml vendored Normal file
View File

@@ -0,0 +1,61 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature. For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '39 20 * * 1'
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v4
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif

View File

@@ -39,7 +39,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4.1.6
- name: Initialize CodeQL
uses: github/codeql-action/init@v3

100
.github/workflows/codeql.yml vendored Normal file
View File

@@ -0,0 +1,100 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL Advanced"
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '38 16 * * 5'
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: javascript-typescript
build-mode: none
# CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Add any setup steps before running the `github/codeql-action/init` action.
# This includes steps like installing compilers or runtimes (`actions/setup-node`
# or others). This is typically only required for manual builds.
# - name: Setup runtime (example)
# uses: actions/setup-example@v1
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- if: matrix.build-mode == 'manual'
shell: bash
run: |
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

18
.github/workflows/docker-image.yml vendored Normal file
View File

@@ -0,0 +1,18 @@
name: Docker Image CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)

129
.github/workflows/fortify.yml vendored Normal file
View File

@@ -0,0 +1,129 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
################################################################################################################################################
# Fortify Application Security provides your team with solutions to empower DevSecOps practices, enable cloud transformation, and secure your #
# software supply chain. To learn more about Fortify, start a free trial or contact our sales team, visit fortify.com. #
# #
# Use this starter workflow as a basis for integrating Fortify Application Security Testing into your GitHub workflows. This template #
# demonstrates the steps to package the code+dependencies, initiate a scan, and optionally import SAST vulnerabilities into GitHub Security #
# Code Scanning Alerts. Additional information is available in the workflow comments and the Fortify AST Action / fcli / Fortify product #
# documentation. If you need additional assistance, please contact Fortify support. #
################################################################################################################################################
name: Fortify AST Scan
# Customize trigger events based on your DevSecOps process and/or policy
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '40 23 * * 6'
workflow_dispatch:
jobs:
Fortify-AST-Scan:
# Use the appropriate runner for building your source code. Ensure dev tools required to build your code are present and configured appropriately (MSBuild, Python, etc).
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
# pull-requests: write # Required if DO_PR_COMMENT is set to true
steps:
# Check out source code
- name: Check Out Source Code
uses: actions/checkout@v4
# Perform SAST and/or SCA scan via Fortify on Demand/Fortify Hosted/ScanCentral SAST/Debricked. Based on
# configuration, the Fortify GitHub Action can optionally set up the application version/release, generate
# job summaries and Pull Request comments, and/or export SAST results to the GitHub code scanning dashboard.
# The Fortify GitHub Action provides many customization capabilities, but in case further customization is
# required, you can use sub-actions like fortify/github-action/setup@v1 to set up the various Fortify tools
# and run them directly from within your pipeline. It is recommended to review the Fortify GitHub Action
# documentation at https://github.com/fortify/github-action#readme for more information on the various
# configuration options and available sub-actions.
- name: Run Fortify Scan
# Specify Fortify GitHub Action version to run. As per GitHub starter workflow requirements, this example
# uses the commit id corresponding to version 1.6.2. It is recommended to check whether any later releases
# are available at https://github.com/fortify/github-action/releases. Depending on the amount of stability
# required, you may want to consider using fortify/github-action@v1 instead to use the latest 1.x.y version
# of this action, allowing your workflows to automatically benefit from any new features and bug fixes.
uses: fortify/github-action@ef5539bf4bd9c45c0bd971978f635a69eae55297
with:
sast-scan: true # Run a SAST scan; if not specified or set to false, no SAST scan will be run
debricked-sca-scan: true # For FoD, run an open-source scan as part of the SAST scan (ignored if SAST scan
# is disabled). For SSC, run a Debricked scan and import results into SSC.
env:
#############################################################
##### Fortify on Demand configuration
##### Remove this section if you're integrating with Fortify Hosted/Software Security Center (see below)
### Required configuration
FOD_URL: https://ams.fortify.com # Must be hardcoded or configured through GitHub variable, not secret
FOD_TENANT: ${{secrets.FOD_TENANT}} # Either tenant/user/password or client id/secret are required;
FOD_USER: ${{secrets.FOD_USER}} # these should be configured through GitHub secrets.
FOD_PASSWORD: ${{secrets.FOD_PAT}}
# FOD_CLIENT_ID: ${{secrets.FOD_CLIENT_ID}}
# FOD_CLIENT_SECRET: ${{secrets.FOD_CLIENT_SECRET}}
### Optional configuration
# FOD_LOGIN_EXTRA_OPTS: --socket-timeout=60s # Extra 'fcli fod session login' options
# FOD_RELEASE: MyApp:MyRelease # FoD release name, default: <org>/<repo>:<branch>
# DO_SETUP: true # Setup FoD application, release & static scan configuration
# SETUP_ACTION: <URL or file> # Customize setup action
# Pass extra options to setup action:
# SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"
# PACKAGE_EXTRA_OPTS: -oss -bt mvn # Extra 'scancentral package' options
# FOD_SAST_SCAN_EXTRA_OPTS: # Extra 'fcli fod sast-scan start' options
# DO_WAIT: true # Wait for successful scan completion (implied if post-scan actions enabled)
# DO_POLICY_CHECK: true # Fail pipeline if security policy outcome is FAIL
# POLICY_CHECK_ACTION: <URL or file> # Customize security policy checks
# POLICY_CHECK_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to policy check action
# DO_JOB_SUMMARY: true # Generate workflow job summary
# JOB_SUMMARY_ACTION: <URL or file> # Customize job summary
# JOB_SUMMARY_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to job summary action
# DO_PR_COMMENT: true # Generate PR comments, only used on pull_request triggers
# PR_COMMENT_ACTION: <URL or file> # Customize PR comments
# PR_COMMENT_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to PR comment action
# DO_EXPORT: true # Export vulnerability data to GitHub code scanning dashboard
# EXPORT_ACTION: <URL or file> # Customize export action
# EXPORT_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to export action
# TOOL_DEFINITIONS: <URL> # URL from where to retrieve Fortify tool definitions
#############################################################
##### Fortify Hosted / Software Security Center & ScanCentral
##### Remove this section if you're integrating with Fortify on Demand (see above)
### Required configuration
SSC_URL: ${{vars.SSC_URL}} # Must be hardcoded or configured through GitHub variable, not secret
SSC_TOKEN: ${{secrets.SSC_TOKEN}} # SSC CIToken; credentials should be configured through GitHub secrets
SC_SAST_TOKEN: ${{secrets.SC_CLIENT_AUTH_TOKEN}} # ScanCentral SAST client_auth_token, required if SAST scan is enabled
DEBRICKED_TOKEN: ${{secrets.DEBRICKED_TOKEN}} # Debricked token, required if Debricked scan is enabled
SC_SAST_SENSOR_VERSION: 24.4.0 # Sensor version to use for the scan, required if SAST scan is enabled
### Optional configuration
# SSC_LOGIN_EXTRA_OPTS: --socket-timeout=60s # Extra 'fcli ssc session login' options
# SC_SAST_LOGIN_EXTRA_OPTS: --socket-timeout=60s # Extra 'fcli sc-sast session login' options
# SSC_APPVERSION: MyApp:MyVersion # SSC application version name, default: <org>/<repo>:<branch>
# DO_SETUP: true # Set up SSC application & version
# SETUP_ACTION: <URL or file> # Customize setup action
# SETUP_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to setup action
# PACKAGE_EXTRA_OPTS: -bt mvn # Extra 'scancentral package' options
# EXTRA_SC_SAST_SCAN_OPTS: # Extra 'fcli sc-sast scan start' options
# DO_WAIT: true # Wait for successful scan completion (implied if post-scan actions enabled)
# DO_POLICY_CHECK: true # Fail pipeline if security policy outcome is FAIL
# POLICY_CHECK_ACTION: <URL or file> # Customize security policy checks
# POLICY_CHECK_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to policy check action
# DO_JOB_SUMMARY: true # Generate workflow job summary
# JOB_SUMMARY_ACTION: <URL or file> # Customize job summary
# JOB_SUMMARY_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to job summary action
# DO_PR_COMMENT: true # Generate PR comments, only used on pull_request triggers
# PR_COMMENT_ACTION: <URL or file> # Customize PR comments
# PR_COMMENT_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to PR comment action
# DO_EXPORT: true # Export vulnerability data to GitHub code scanning dashboard
# EXPORT_ACTION: <URL or file> # Customize export action
# EXPORT_EXTRA_OPTS: --on-unsigned=ignore # Pass extra options to export action
# TOOL_DEFINITIONS: <URL> # URL from where to retrieve Fortify tool definitions

51
.github/workflows/jekyll-gh-pages.yml vendored Normal file
View File

@@ -0,0 +1,51 @@
# Sample workflow for building and deploying a Jekyll site to GitHub Pages
name: Deploy Jekyll with GitHub Pages dependencies preinstalled
on:
# Runs on pushes targeting the default branch
push:
branches: ["main"]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
id-token: write
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
cancel-in-progress: false
jobs:
# Build job
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Pages
uses: actions/configure-pages@v5
- name: Build with Jekyll
uses: actions/jekyll-build-pages@v1
with:
source: ./
destination: ./_site
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
# Deployment job
deploy:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4

View File

@@ -9,6 +9,6 @@ jobs:
runs-on: ubuntu-latest
name: Check licenses
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4.1.6
- run: npm ci
- run: npm run licensed-check

16
.github/workflows/main.yml vendored Normal file
View File

@@ -0,0 +1,16 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "terraform"
directory: "/infra"
schedule:
interval: "daily"
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"

View File

@@ -0,0 +1,20 @@
name: 'Publish Immutable Action Version'
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Checking out
uses: actions/checkout@v4
- name: Publish
id: publish
uses: actions/publish-immutable-action@0.0.3

View File

@@ -18,8 +18,8 @@ jobs:
steps:
- uses: actions/setup-node@v4
with:
node-version: 20.x
- uses: actions/checkout@v3
node-version: 24.x
- uses: actions/checkout@v4.1.6
- run: npm ci
- run: npm run build
- run: npm run format-check
@@ -37,7 +37,7 @@ jobs:
steps:
# Clone this repo
- name: Checkout
uses: actions/checkout@v4.1.1
uses: actions/checkout@v4.1.6
# Basic checkout
- name: Checkout basic
@@ -202,7 +202,7 @@ jobs:
steps:
# Clone this repo
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4.1.6
# Basic checkout using git
- name: Checkout basic
@@ -234,7 +234,7 @@ jobs:
steps:
# Clone this repo
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4.1.6
# Basic checkout using git
- name: Checkout basic
@@ -264,13 +264,13 @@ jobs:
steps:
# Clone this repo
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4.1.6
with:
path: v3
path: localClone
# Basic checkout using git
- name: Checkout basic
uses: ./v3
uses: ./localClone
with:
ref: test-data/v2/basic
- name: Verify basic
@@ -291,7 +291,41 @@ jobs:
git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
# needed to make checkout post cleanup succeed
- name: Fix Checkout v3
uses: actions/checkout@v3
- name: Fix Checkout v4
uses: actions/checkout@v4.1.6
with:
path: v3
path: localClone
test-output:
runs-on: ubuntu-latest
steps:
# Clone this repo
- name: Checkout
uses: actions/checkout@v4.1.6
# Basic checkout using git
- name: Checkout basic
id: checkout
uses: ./
with:
ref: test-data/v2/basic
# Verify output
- name: Verify output
run: |
echo "Commit: ${{ steps.checkout.outputs.commit }}"
echo "Ref: ${{ steps.checkout.outputs.ref }}"
if [ "${{ steps.checkout.outputs.ref }}" != "test-data/v2/basic" ]; then
echo "Expected ref to be test-data/v2/basic"
exit 1
fi
if [ "${{ steps.checkout.outputs.commit }}" != "82f71901cf8c021332310dcc8cdba84c4193ff5d" ]; then
echo "Expected commit to be 82f71901cf8c021332310dcc8cdba84c4193ff5d"
exit 1
fi
# needed to make checkout post cleanup succeed
- name: Fix Checkout
uses: actions/checkout@v4.1.6

View File

@@ -11,6 +11,7 @@ on:
type: choice
description: The major version to update
options:
- v5
- v4
- v3
- v2
@@ -22,7 +23,7 @@ jobs:
# Note this update workflow can also be used as a rollback tool.
# For that reason, it's best to pin `actions/checkout` to a known, stable version
# (typically, about two releases back).
- uses: actions/checkout@v4.1.1
- uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
- name: Git config

View File

@@ -31,7 +31,7 @@ jobs:
# Use `docker/login-action` to log in to GHCR.io.
# Once published, the packages are scoped to the account defined here.
- name: Log in to the ghcr.io container registry
uses: docker/login-action@v3.1.0
uses: docker/login-action@v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
@@ -48,7 +48,7 @@ jobs:
# Use `docker/build-push-action` to build (and optionally publish) the image.
- name: Build Docker Image (with optional Push)
uses: docker/build-push-action@v5.3.0
uses: docker/build-push-action@v6.5.0
with:
context: .
file: images/test-ubuntu-git.Dockerfile

View File

@@ -1,9 +1,9 @@
---
name: "@octokit/endpoint"
version: 9.0.5
version: 9.0.6
type: npm
summary: Turns REST API endpoints into generic request options
homepage:
homepage:
license: mit
licenses:
- sources: LICENSE

View File

@@ -1,9 +1,9 @@
---
name: "@octokit/plugin-paginate-rest"
version: 9.2.1
version: 9.2.2
type: npm
summary: Octokit plugin to paginate REST API endpoint responses
homepage:
homepage:
license: mit
licenses:
- sources: LICENSE

View File

@@ -1,9 +1,9 @@
---
name: "@octokit/request-error"
version: 5.1.0
version: 5.1.1
type: npm
summary: Error class for Octokit request errors
homepage:
homepage:
license: mit
licenses:
- sources: LICENSE

View File

@@ -1,10 +1,10 @@
---
name: "@octokit/request"
version: 8.4.0
version: 8.4.1
type: npm
summary: Send parameterized requests to GitHub's APIs with sensible defaults in browsers
and Node
homepage:
homepage:
license: mit
licenses:
- sources: LICENSE

View File

@@ -1,6 +1,6 @@
---
name: undici
version: 5.28.4
version: 5.29.0
type: npm
summary: An HTTP/1.1 client, written from scratch for Node.js
homepage: https://undici.nodejs.org

View File

@@ -1,5 +1,36 @@
# Changelog
## V5.0.0
* Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226
## V4.3.0
* docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
* Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
* Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043
* Adjust positioning of user email note and permissions heading by @joshmgross in https://github.com/actions/checkout/pull/2044
* Update README.md by @nebuk89 in https://github.com/actions/checkout/pull/2194
* Update CODEOWNERS for actions by @TingluoHuang in https://github.com/actions/checkout/pull/2224
* Update package dependencies by @salmanmkc in https://github.com/actions/checkout/pull/2236
## v4.2.2
* `url-helper.ts` now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
* Expand unit test coverage for `isGhes` by @jww3 in https://github.com/actions/checkout/pull/1946
## v4.2.1
* Check out other refs/* by commit if provided, fall back to ref by @orhantoy in https://github.com/actions/checkout/pull/1924
## v4.2.0
* Add Ref and Commit outputs by @lucacome in https://github.com/actions/checkout/pull/1180
* Dependency updates by @dependabot- https://github.com/actions/checkout/pull/1777, https://github.com/actions/checkout/pull/1872
## v4.1.7
* Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in https://github.com/actions/checkout/pull/1739
* Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/actions/checkout/pull/1697
* Check out other refs/* by commit by @orhantoy in https://github.com/actions/checkout/pull/1774
* Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in https://github.com/actions/checkout/pull/1776
## v4.1.6
* Check platform to set archive extension appropriately by @cory-miller in https://github.com/actions/checkout/pull/1732

View File

@@ -1 +1 @@
* @actions/actions-launch
* @actions/actions-runtime

131
README.md
View File

@@ -1,5 +1,13 @@
[![Build and Test](https://github.com/actions/checkout/actions/workflows/test.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/test.yml)
# Checkout V5
## What's new
- Updated to the node24 runtime
- This requires a minimum Actions Runner version of [v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) to run.
# Checkout V4
This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
@@ -10,6 +18,24 @@ The auth token is persisted in the local git config. This enables your scripts t
When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
### Note
Thank you for your interest in this GitHub action, however, right now we are not taking contributions.
We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features were working on and what stage theyre in.
We are taking the following steps to better direct requests related to GitHub Actions, including:
1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)
2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
3. Security Issues should be handled as per our [security.md](security.md)
We will still provide security updates for this project and fix major breaking changes during this time.
You are welcome to still raise bugs in this repo.
# What's new
Please refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.
@@ -18,7 +44,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
<!-- start usage -->
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
# Repository name with owner. For example, actions/checkout
# Default: ${{ github.repository }}
@@ -131,23 +157,33 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
# Scenarios
- [Fetch only the root files](#Fetch-only-the-root-files)
- [Fetch only the root files and `.github` and `src` folder](#Fetch-only-the-root-files-and-github-and-src-folder)
- [Fetch only a single file](#Fetch-only-a-single-file)
- [Fetch all history for all tags and branches](#Fetch-all-history-for-all-tags-and-branches)
- [Checkout a different branch](#Checkout-a-different-branch)
- [Checkout HEAD^](#Checkout-HEAD)
- [Checkout multiple repos (side by side)](#Checkout-multiple-repos-side-by-side)
- [Checkout multiple repos (nested)](#Checkout-multiple-repos-nested)
- [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
- [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
- [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
- [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
- [Checkout V5](#checkout-v5)
- [What's new](#whats-new)
- [Checkout V4](#checkout-v4)
- [Note](#note)
- [What's new](#whats-new-1)
- [Usage](#usage)
- [Scenarios](#scenarios)
- [Fetch only the root files](#fetch-only-the-root-files)
- [Fetch only the root files and `.github` and `src` folder](#fetch-only-the-root-files-and-github-and-src-folder)
- [Fetch only a single file](#fetch-only-a-single-file)
- [Fetch all history for all tags and branches](#fetch-all-history-for-all-tags-and-branches)
- [Checkout a different branch](#checkout-a-different-branch)
- [Checkout HEAD^](#checkout-head)
- [Checkout multiple repos (side by side)](#checkout-multiple-repos-side-by-side)
- [Checkout multiple repos (nested)](#checkout-multiple-repos-nested)
- [Checkout multiple repos (private)](#checkout-multiple-repos-private)
- [Checkout pull request HEAD commit instead of merge commit](#checkout-pull-request-head-commit-instead-of-merge-commit)
- [Checkout pull request on closed event](#checkout-pull-request-on-closed-event)
- [Push a commit using the built-in token](#push-a-commit-using-the-built-in-token)
- [Push a commit to a PR using the built-in token](#push-a-commit-to-a-pr-using-the-built-in-token)
- [Recommended permissions](#recommended-permissions)
- [License](#license)
## Fetch only the root files
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
sparse-checkout: .
```
@@ -155,7 +191,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
## Fetch only the root files and `.github` and `src` folder
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
sparse-checkout: |
.github
@@ -165,7 +201,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
## Fetch only a single file
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
sparse-checkout: |
README.md
@@ -175,7 +211,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
## Fetch all history for all tags and branches
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
fetch-depth: 0
```
@@ -183,7 +219,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
## Checkout a different branch
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
ref: my-branch
```
@@ -191,7 +227,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
## Checkout HEAD^
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
fetch-depth: 2
- run: git checkout HEAD^
@@ -201,42 +237,42 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
```yaml
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
path: main
- name: Checkout tools repo
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
repository: my-org/my-tools
path: my-tools
```
> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
## Checkout multiple repos (nested)
```yaml
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Checkout tools repo
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
repository: my-org/my-tools
path: my-tools
```
> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
## Checkout multiple repos (private)
```yaml
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
path: main
- name: Checkout private tools
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
repository: my-org/my-private-tools
token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
@@ -249,7 +285,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
## Checkout pull request HEAD commit instead of merge commit
```yaml
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.head.sha }}
```
@@ -265,7 +301,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
```
## Push a commit using the built-in token
@@ -276,7 +312,31 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- run: |
date > generated.txt
# Note: the following account information will not work on GHES
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add .
git commit -m "generated"
git push
```
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
## Push a commit to a PR using the built-in token
In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesnt check out your branch by default.
```yaml
on: pull_request
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
ref: ${{ github.head_ref }}
- run: |
date > generated.txt
# Note: the following account information will not work on GHES
@@ -287,6 +347,17 @@ jobs:
git push
```
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
# Recommended permissions
When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
```yaml
permissions:
contents: read
```
# License
The scripts and documentation in this project are released under the [MIT License](LICENSE)

21
SECURITY.md Normal file
View File

@@ -0,0 +1,21 @@
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
## Reporting a Vulnerability
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.

View File

@@ -67,6 +67,26 @@ describe('ref-helper tests', () => {
expect(checkoutInfo.startPoint).toBeFalsy()
})
it('getCheckoutInfo refs/', async () => {
const checkoutInfo = await refHelper.getCheckoutInfo(
git,
'refs/gh/queue/main/pr-123',
commit
)
expect(checkoutInfo.ref).toBe(commit)
expect(checkoutInfo.startPoint).toBeFalsy()
})
it('getCheckoutInfo refs/ without commit', async () => {
const checkoutInfo = await refHelper.getCheckoutInfo(
git,
'refs/non-standard-ref',
''
)
expect(checkoutInfo.ref).toBe('refs/non-standard-ref')
expect(checkoutInfo.startPoint).toBeFalsy()
})
it('getCheckoutInfo unqualified branch only', async () => {
git.branchExists = jest.fn(async (remote: boolean, pattern: string) => {
return true

View File

@@ -0,0 +1,92 @@
import * as urlHelper from '../src/url-helper'
describe('getServerUrl tests', () => {
it('basics', async () => {
// Note that URL::toString will append a trailing / when passed just a domain name ...
expect(urlHelper.getServerUrl().toString()).toBe('https://github.com/')
expect(urlHelper.getServerUrl(' ').toString()).toBe('https://github.com/')
expect(urlHelper.getServerUrl(' ').toString()).toBe('https://github.com/')
expect(urlHelper.getServerUrl('http://contoso.com').toString()).toBe(
'http://contoso.com/'
)
expect(urlHelper.getServerUrl('https://contoso.com').toString()).toBe(
'https://contoso.com/'
)
expect(urlHelper.getServerUrl('https://contoso.com/').toString()).toBe(
'https://contoso.com/'
)
// ... but can't make that same assumption when passed an URL that includes some deeper path.
expect(urlHelper.getServerUrl('https://contoso.com/a/b').toString()).toBe(
'https://contoso.com/a/b'
)
})
})
describe('isGhes tests', () => {
const pristineEnv = process.env
beforeEach(() => {
jest.resetModules()
process.env = {...pristineEnv}
})
afterAll(() => {
process.env = pristineEnv
})
it('basics', async () => {
delete process.env['GITHUB_SERVER_URL']
expect(urlHelper.isGhes()).toBeFalsy()
expect(urlHelper.isGhes('https://github.com')).toBeFalsy()
expect(urlHelper.isGhes('https://contoso.ghe.com')).toBeFalsy()
expect(urlHelper.isGhes('https://test.github.localhost')).toBeFalsy()
expect(urlHelper.isGhes('https://src.onpremise.fabrikam.com')).toBeTruthy()
})
it('returns false when the GITHUB_SERVER_URL environment variable is not defined', async () => {
delete process.env['GITHUB_SERVER_URL']
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns false when the GITHUB_SERVER_URL environment variable is set to github.com', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://github.com'
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://contoso.ghe.com'
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://mock-github.localhost'
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns true when the GITHUB_SERVER_URL environment variable is set to some other URL', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://src.onpremise.fabrikam.com'
expect(urlHelper.isGhes()).toBeTruthy()
})
})
describe('getServerApiUrl tests', () => {
it('basics', async () => {
expect(urlHelper.getServerApiUrl()).toBe('https://api.github.com')
expect(urlHelper.getServerApiUrl('https://github.com')).toBe(
'https://api.github.com'
)
expect(urlHelper.getServerApiUrl('https://GitHub.com')).toBe(
'https://api.github.com'
)
expect(urlHelper.getServerApiUrl('https://contoso.ghe.com')).toBe(
'https://api.contoso.ghe.com'
)
expect(urlHelper.getServerApiUrl('https://fabrikam.GHE.COM')).toBe(
'https://api.fabrikam.ghe.com'
)
expect(
urlHelper.getServerApiUrl('https://src.onpremise.fabrikam.com')
).toBe('https://src.onpremise.fabrikam.com/api/v3')
})
})

View File

@@ -98,7 +98,12 @@ inputs:
github-server-url:
description: The base URL for the GitHub instance that you are trying to clone from, will use environment defaults to fetch from the same instance that the workflow is running from unless specified. Example URLs are https://github.com or https://my-ghes-server.example.com
required: false
outputs:
ref:
description: 'The branch, tag or SHA that was checked out'
commit:
description: 'The commit SHA that was checked out'
runs:
using: node20
using: node24
main: dist/index.js
post: dist/index.js

233
dist/index.js vendored
View File

@@ -30,7 +30,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.fileExistsSync = exports.existsSync = exports.directoryExistsSync = void 0;
exports.directoryExistsSync = directoryExistsSync;
exports.existsSync = existsSync;
exports.fileExistsSync = fileExistsSync;
const fs = __importStar(__nccwpck_require__(7147));
function directoryExistsSync(path, required) {
var _a;
@@ -58,7 +60,6 @@ function directoryExistsSync(path, required) {
}
throw new Error(`Directory '${path}' does not exist`);
}
exports.directoryExistsSync = directoryExistsSync;
function existsSync(path) {
var _a;
if (!path) {
@@ -75,7 +76,6 @@ function existsSync(path) {
}
return true;
}
exports.existsSync = existsSync;
function fileExistsSync(path) {
var _a;
if (!path) {
@@ -96,7 +96,6 @@ function fileExistsSync(path) {
}
return false;
}
exports.fileExistsSync = fileExistsSync;
/***/ }),
@@ -139,7 +138,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.createAuthHelper = void 0;
exports.createAuthHelper = createAuthHelper;
const assert = __importStar(__nccwpck_require__(9491));
const core = __importStar(__nccwpck_require__(2186));
const exec = __importStar(__nccwpck_require__(1514));
@@ -156,7 +155,6 @@ const SSH_COMMAND_KEY = 'core.sshCommand';
function createAuthHelper(git, settings) {
return new GitAuthHelper(git, settings);
}
exports.createAuthHelper = createAuthHelper;
class GitAuthHelper {
constructor(gitCommandManager, gitSourceSettings) {
this.insteadOfValues = [];
@@ -475,7 +473,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.createCommandManager = exports.MinimumGitSparseCheckoutVersion = exports.MinimumGitVersion = void 0;
exports.MinimumGitSparseCheckoutVersion = exports.MinimumGitVersion = void 0;
exports.createCommandManager = createCommandManager;
const core = __importStar(__nccwpck_require__(2186));
const exec = __importStar(__nccwpck_require__(1514));
const fs = __importStar(__nccwpck_require__(7147));
@@ -496,7 +495,6 @@ function createCommandManager(workingDirectory, lfs, doSparseCheckout) {
return yield GitCommandManager.createCommandManager(workingDirectory, lfs, doSparseCheckout);
});
}
exports.createCommandManager = createCommandManager;
class GitCommandManager {
// Private constructor; use createCommandManager()
constructor() {
@@ -1020,7 +1018,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.prepareExistingDirectory = void 0;
exports.prepareExistingDirectory = prepareExistingDirectory;
const assert = __importStar(__nccwpck_require__(9491));
const core = __importStar(__nccwpck_require__(2186));
const fs = __importStar(__nccwpck_require__(7147));
@@ -1124,7 +1122,6 @@ function prepareExistingDirectory(git, repositoryPath, repositoryUrl, clean, ref
}
});
}
exports.prepareExistingDirectory = prepareExistingDirectory;
/***/ }),
@@ -1167,7 +1164,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.cleanup = exports.getSource = void 0;
exports.getSource = getSource;
exports.cleanup = cleanup;
const core = __importStar(__nccwpck_require__(2186));
const fsHelper = __importStar(__nccwpck_require__(7219));
const gitAuthHelper = __importStar(__nccwpck_require__(2565));
@@ -1355,7 +1353,8 @@ function getSource(settings) {
// Get commit information
const commitInfo = yield git.log1();
// Log commit sha
yield git.log1("--format='%H'");
const commitSHA = yield git.log1('--format=%H');
core.setOutput('commit', commitSHA.trim());
// Check for incorrect pull request merge commit
yield refHelper.checkCommitInfo(settings.authToken, commitInfo, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit, settings.githubServerUrl);
}
@@ -1372,7 +1371,6 @@ function getSource(settings) {
}
});
}
exports.getSource = getSource;
function cleanup(repositoryPath) {
return __awaiter(this, void 0, void 0, function* () {
// Repo exists?
@@ -1408,7 +1406,6 @@ function cleanup(repositoryPath) {
}
});
}
exports.cleanup = cleanup;
function getGitCommandManager(settings) {
return __awaiter(this, void 0, void 0, function* () {
core.info(`Working directory is '${settings.repositoryPath}'`);
@@ -1547,7 +1544,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getDefaultBranch = exports.downloadRepository = void 0;
exports.downloadRepository = downloadRepository;
exports.getDefaultBranch = getDefaultBranch;
const assert = __importStar(__nccwpck_require__(9491));
const core = __importStar(__nccwpck_require__(2186));
const fs = __importStar(__nccwpck_require__(7147));
@@ -1611,7 +1609,6 @@ function downloadRepository(authToken, owner, repo, ref, commit, repositoryPath,
yield io.rmRF(extractPath);
});
}
exports.downloadRepository = downloadRepository;
/**
* Looks up the default branch name
*/
@@ -1650,7 +1647,6 @@ function getDefaultBranch(authToken, owner, repo, baseUrl) {
}));
});
}
exports.getDefaultBranch = getDefaultBranch;
function downloadArchive(authToken, owner, repo, ref, commit, baseUrl) {
return __awaiter(this, void 0, void 0, function* () {
const octokit = github.getOctokit(authToken, {
@@ -1709,7 +1705,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getInputs = void 0;
exports.getInputs = getInputs;
const core = __importStar(__nccwpck_require__(2186));
const fsHelper = __importStar(__nccwpck_require__(7219));
const github = __importStar(__nccwpck_require__(5438));
@@ -1838,7 +1834,6 @@ function getInputs() {
return result;
});
}
exports.getInputs = getInputs;
/***/ }),
@@ -1897,6 +1892,7 @@ function run() {
coreCommand.issueCommand('add-matcher', {}, path.join(__dirname, 'problem-matcher.json'));
// Get sources
yield gitSourceProvider.getSource(sourceSettings);
core.setOutput('ref', sourceSettings.ref);
}
finally {
// Unregister problem matcher
@@ -1969,7 +1965,12 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.checkCommitInfo = exports.testRef = exports.getRefSpec = exports.getRefSpecForAllHistory = exports.getCheckoutInfo = exports.tagsRefSpec = void 0;
exports.tagsRefSpec = void 0;
exports.getCheckoutInfo = getCheckoutInfo;
exports.getRefSpecForAllHistory = getRefSpecForAllHistory;
exports.getRefSpec = getRefSpec;
exports.testRef = testRef;
exports.checkCommitInfo = checkCommitInfo;
const core = __importStar(__nccwpck_require__(2186));
const github = __importStar(__nccwpck_require__(5438));
const url_helper_1 = __nccwpck_require__(9437);
@@ -2000,9 +2001,13 @@ function getCheckoutInfo(git, ref, commit) {
result.ref = `refs/remotes/pull/${branch}`;
}
// refs/tags/
else if (upperRef.startsWith('REFS/')) {
else if (upperRef.startsWith('REFS/TAGS/')) {
result.ref = ref;
}
// refs/
else if (upperRef.startsWith('REFS/')) {
result.ref = commit ? commit : ref;
}
// Unqualified ref, check for a matching branch or tag
else {
if (yield git.branchExists(true, `origin/${ref}`)) {
@@ -2019,7 +2024,6 @@ function getCheckoutInfo(git, ref, commit) {
return result;
});
}
exports.getCheckoutInfo = getCheckoutInfo;
function getRefSpecForAllHistory(ref, commit) {
const result = ['+refs/heads/*:refs/remotes/origin/*', exports.tagsRefSpec];
if (ref && ref.toUpperCase().startsWith('REFS/PULL/')) {
@@ -2028,7 +2032,6 @@ function getRefSpecForAllHistory(ref, commit) {
}
return result;
}
exports.getRefSpecForAllHistory = getRefSpecForAllHistory;
function getRefSpec(ref, commit) {
if (!ref && !commit) {
throw new Error('Args ref and commit cannot both be empty');
@@ -2077,7 +2080,6 @@ function getRefSpec(ref, commit) {
return [`+${ref}:${ref}`];
}
}
exports.getRefSpec = getRefSpec;
/**
* Tests whether the initial fetch created the ref at the expected commit
*/
@@ -2121,7 +2123,6 @@ function testRef(git, ref, commit) {
}
});
}
exports.testRef = testRef;
function checkCommitInfo(token, commitInfo, repositoryOwner, repositoryName, ref, commit, baseUrl) {
return __awaiter(this, void 0, void 0, function* () {
var _a;
@@ -2187,7 +2188,6 @@ function checkCommitInfo(token, commitInfo, repositoryOwner, repositoryName, ref
}
});
}
exports.checkCommitInfo = checkCommitInfo;
function fromPayload(path) {
return select(github.context.payload, path);
}
@@ -2212,13 +2212,12 @@ function select(obj, path) {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.escape = void 0;
exports.escape = escape;
function escape(value) {
return value.replace(/[^a-zA-Z0-9_]/g, x => {
return `\\${x}`;
});
}
exports.escape = escape;
/***/ }),
@@ -2261,7 +2260,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.execute = exports.RetryHelper = void 0;
exports.RetryHelper = void 0;
exports.execute = execute;
const core = __importStar(__nccwpck_require__(2186));
const defaultMaxAttempts = 3;
const defaultMinSeconds = 10;
@@ -2313,7 +2313,6 @@ function execute(action) {
return yield retryHelper.execute(action);
});
}
exports.execute = execute;
/***/ }),
@@ -2347,7 +2346,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.setSafeDirectory = exports.setSshKnownHostsPath = exports.setSshKeyPath = exports.setRepositoryPath = exports.SshKnownHostsPath = exports.SshKeyPath = exports.PostSetSafeDirectory = exports.RepositoryPath = exports.IsPost = void 0;
exports.SshKnownHostsPath = exports.SshKeyPath = exports.PostSetSafeDirectory = exports.RepositoryPath = exports.IsPost = void 0;
exports.setRepositoryPath = setRepositoryPath;
exports.setSshKeyPath = setSshKeyPath;
exports.setSshKnownHostsPath = setSshKnownHostsPath;
exports.setSafeDirectory = setSafeDirectory;
const core = __importStar(__nccwpck_require__(2186));
/**
* Indicates whether the POST action is running
@@ -2375,28 +2378,24 @@ exports.SshKnownHostsPath = core.getState('sshKnownHostsPath');
function setRepositoryPath(repositoryPath) {
core.saveState('repositoryPath', repositoryPath);
}
exports.setRepositoryPath = setRepositoryPath;
/**
* Save the SSH key path so the POST action can retrieve the value.
*/
function setSshKeyPath(sshKeyPath) {
core.saveState('sshKeyPath', sshKeyPath);
}
exports.setSshKeyPath = setSshKeyPath;
/**
* Save the SSH known hosts path so the POST action can retrieve the value.
*/
function setSshKnownHostsPath(sshKnownHostsPath) {
core.saveState('sshKnownHostsPath', sshKnownHostsPath);
}
exports.setSshKnownHostsPath = setSshKnownHostsPath;
/**
* Save the set-safe-directory input so the POST action can retrieve the value.
*/
function setSafeDirectory() {
core.saveState('setSafeDirectory', 'true');
}
exports.setSafeDirectory = setSafeDirectory;
// Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
// This is necessary since we don't have a separate entry point.
if (!exports.IsPost) {
@@ -2435,7 +2434,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.isGhes = exports.getServerApiUrl = exports.getServerUrl = exports.getFetchUrl = void 0;
exports.getFetchUrl = getFetchUrl;
exports.getServerUrl = getServerUrl;
exports.getServerApiUrl = getServerApiUrl;
exports.isGhes = isGhes;
const assert = __importStar(__nccwpck_require__(9491));
const url_1 = __nccwpck_require__(7310);
function getFetchUrl(settings) {
@@ -2451,28 +2453,52 @@ function getFetchUrl(settings) {
// "origin" is SCHEME://HOSTNAME[:PORT]
return `${serviceUrl.origin}/${encodedOwner}/${encodedName}`;
}
exports.getFetchUrl = getFetchUrl;
function getServerUrl(url) {
let urlValue = url && url.trim().length > 0
? url
: process.env['GITHUB_SERVER_URL'] || 'https://github.com';
return new url_1.URL(urlValue);
}
exports.getServerUrl = getServerUrl;
function getServerApiUrl(url) {
let apiUrl = 'https://api.github.com';
if (isGhes(url)) {
const serverUrl = getServerUrl(url);
apiUrl = new url_1.URL(`${serverUrl.origin}/api/v3`).toString();
let resolvedUrl = process.env['GITHUB_SERVER_URL'] || 'https://github.com';
if (hasContent(url, WhitespaceMode.Trim)) {
resolvedUrl = url;
}
return apiUrl;
return new url_1.URL(resolvedUrl);
}
function getServerApiUrl(url) {
if (hasContent(url, WhitespaceMode.Trim)) {
let serverUrl = getServerUrl(url);
if (isGhes(url)) {
serverUrl.pathname = 'api/v3';
}
else {
serverUrl.hostname = 'api.' + serverUrl.hostname;
}
return pruneSuffix(serverUrl.toString(), '/');
}
return process.env['GITHUB_API_URL'] || 'https://api.github.com';
}
exports.getServerApiUrl = getServerApiUrl;
function isGhes(url) {
const ghUrl = getServerUrl(url);
return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM';
const ghUrl = new url_1.URL(url || process.env['GITHUB_SERVER_URL'] || 'https://github.com');
const hostname = ghUrl.hostname.trimEnd().toUpperCase();
const isGitHubHost = hostname === 'GITHUB.COM';
const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM');
const isLocalHost = hostname.endsWith('.LOCALHOST');
return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
}
function pruneSuffix(text, suffix) {
if (hasContent(suffix, WhitespaceMode.Preserve) && (text === null || text === void 0 ? void 0 : text.endsWith(suffix))) {
return text.substring(0, text.length - suffix.length);
}
return text;
}
var WhitespaceMode;
(function (WhitespaceMode) {
WhitespaceMode[WhitespaceMode["Trim"] = 0] = "Trim";
WhitespaceMode[WhitespaceMode["Preserve"] = 1] = "Preserve";
})(WhitespaceMode || (WhitespaceMode = {}));
function hasContent(text, whitespaceMode) {
let refinedText = text !== null && text !== void 0 ? text : '';
if (whitespaceMode == WhitespaceMode.Trim) {
refinedText = refinedText.trim();
}
return refinedText.length > 0;
}
exports.isGhes = isGhes;
/***/ }),
@@ -2515,7 +2541,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
});
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.getOrganizationId = void 0;
exports.getOrganizationId = getOrganizationId;
const core = __importStar(__nccwpck_require__(2186));
const fs = __importStar(__nccwpck_require__(7147));
/**
@@ -2544,7 +2570,6 @@ function getOrganizationId() {
}
});
}
exports.getOrganizationId = getOrganizationId;
/***/ }),
@@ -7777,7 +7802,7 @@ module.exports = __toCommonJS(dist_src_exports);
var import_universal_user_agent = __nccwpck_require__(5030);
// pkg/dist-src/version.js
var VERSION = "9.0.5";
var VERSION = "9.0.6";
// pkg/dist-src/defaults.js
var userAgent = `octokit-endpoint.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}`;
@@ -7882,9 +7907,9 @@ function addQueryParameters(url, parameters) {
}
// pkg/dist-src/util/extract-url-variable-names.js
var urlVariableRegex = /\{[^}]+\}/g;
var urlVariableRegex = /\{[^{}}]+\}/g;
function removeNonChars(variableName) {
return variableName.replace(/^\W+|\W+$/g, "").split(/,/);
return variableName.replace(/(?:^\W+)|(?:(?<!\W)\W+$)/g, "").split(/,/);
}
function extractUrlVariableNames(url) {
const matches = url.match(urlVariableRegex);
@@ -8070,7 +8095,7 @@ function parse(options) {
}
if (url.endsWith("/graphql")) {
if (options.mediaType.previews?.length) {
const previewsFromAcceptHeader = headers.accept.match(/[\w-]+(?=-preview)/g) || [];
const previewsFromAcceptHeader = headers.accept.match(/(?<![\w-])[\w-]+(?=-preview)/g) || [];
headers.accept = previewsFromAcceptHeader.concat(options.mediaType.previews).map((preview) => {
const format = options.mediaType.format ? `.${options.mediaType.format}` : "+json";
return `application/vnd.github.${preview}-preview${format}`;
@@ -8319,7 +8344,7 @@ __export(dist_src_exports, {
module.exports = __toCommonJS(dist_src_exports);
// pkg/dist-src/version.js
var VERSION = "9.2.1";
var VERSION = "9.2.2";
// pkg/dist-src/normalize-paginated-list-response.js
function normalizePaginatedListResponse(response) {
@@ -8367,7 +8392,7 @@ function iterator(octokit, route, parameters) {
const response = await requestMethod({ method, url, headers });
const normalizedResponse = normalizePaginatedListResponse(response);
url = ((normalizedResponse.headers.link || "").match(
/<([^>]+)>;\s*rel="next"/
/<([^<>]+)>;\s*rel="next"/
) || [])[1];
return { value: normalizedResponse };
} catch (error) {
@@ -10919,7 +10944,7 @@ var RequestError = class extends Error {
if (options.request.headers.authorization) {
requestCopy.headers = Object.assign({}, options.request.headers, {
authorization: options.request.headers.authorization.replace(
/ .*$/,
/(?<! ) .*$/,
" [REDACTED]"
)
});
@@ -10987,7 +11012,7 @@ var import_endpoint = __nccwpck_require__(9440);
var import_universal_user_agent = __nccwpck_require__(5030);
// pkg/dist-src/version.js
var VERSION = "8.4.0";
var VERSION = "8.4.1";
// pkg/dist-src/is-plain-object.js
function isPlainObject(value) {
@@ -11046,7 +11071,7 @@ function fetchWrapper(requestOptions) {
headers[keyAndValue[0]] = keyAndValue[1];
}
if ("deprecation" in headers) {
const matches = headers.link && headers.link.match(/<([^>]+)>; rel="deprecation"/);
const matches = headers.link && headers.link.match(/<([^<>]+)>; rel="deprecation"/);
const deprecationLink = matches && matches.pop();
log.warn(
`[@octokit/request] "${requestOptions.method} ${requestOptions.url}" is deprecated. It is scheduled to be removed on ${headers.sunset}${deprecationLink ? `. See ${deprecationLink}` : ""}`
@@ -18700,7 +18725,7 @@ module.exports = {
const { parseSetCookie } = __nccwpck_require__(4408)
const { stringify, getHeadersList } = __nccwpck_require__(3121)
const { stringify } = __nccwpck_require__(3121)
const { webidl } = __nccwpck_require__(1744)
const { Headers } = __nccwpck_require__(554)
@@ -18776,14 +18801,13 @@ function getSetCookies (headers) {
webidl.brandCheck(headers, Headers, { strict: false })
const cookies = getHeadersList(headers).cookies
const cookies = headers.getSetCookie()
if (!cookies) {
return []
}
// In older versions of undici, cookies is a list of name:value.
return cookies.map((pair) => parseSetCookie(Array.isArray(pair) ? pair[1] : pair))
return cookies.map((pair) => parseSetCookie(pair))
}
/**
@@ -19211,14 +19235,15 @@ module.exports = {
/***/ }),
/***/ 3121:
/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
/***/ ((module) => {
"use strict";
const assert = __nccwpck_require__(9491)
const { kHeadersList } = __nccwpck_require__(2785)
/**
* @param {string} value
* @returns {boolean}
*/
function isCTLExcludingHtab (value) {
if (value.length === 0) {
return false
@@ -19479,31 +19504,13 @@ function stringify (cookie) {
return out.join('; ')
}
let kHeadersListNode
function getHeadersList (headers) {
if (headers[kHeadersList]) {
return headers[kHeadersList]
}
if (!kHeadersListNode) {
kHeadersListNode = Object.getOwnPropertySymbols(headers).find(
(symbol) => symbol.description === 'headers list'
)
assert(kHeadersListNode, 'Headers cannot be parsed')
}
const headersList = headers[kHeadersListNode]
assert(headersList)
return headersList
}
module.exports = {
isCTLExcludingHtab,
stringify,
getHeadersList
validateCookieName,
validateCookiePath,
validateCookieValue,
toIMFDate,
stringify
}
@@ -21432,6 +21439,14 @@ const { isUint8Array, isArrayBuffer } = __nccwpck_require__(9830)
const { File: UndiciFile } = __nccwpck_require__(8511)
const { parseMIMEType, serializeAMimeType } = __nccwpck_require__(685)
let random
try {
const crypto = __nccwpck_require__(6005)
random = (max) => crypto.randomInt(0, max)
} catch {
random = (max) => Math.floor(Math.random(max))
}
let ReadableStream = globalThis.ReadableStream
/** @type {globalThis['File']} */
@@ -21517,7 +21532,7 @@ function extractBody (object, keepalive = false) {
// Set source to a copy of the bytes held by object.
source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))
} else if (util.isFormDataLike(object)) {
const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}`
const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`
const prefix = `--${boundary}\r\nContent-Disposition: form-data`
/*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
@@ -23499,6 +23514,7 @@ const {
isValidHeaderName,
isValidHeaderValue
} = __nccwpck_require__(2538)
const util = __nccwpck_require__(3837)
const { webidl } = __nccwpck_require__(1744)
const assert = __nccwpck_require__(9491)
@@ -24052,6 +24068,9 @@ Object.defineProperties(Headers.prototype, {
[Symbol.toStringTag]: {
value: 'Headers',
configurable: true
},
[util.inspect.custom]: {
enumerable: false
}
})
@@ -33228,6 +33247,20 @@ class Pool extends PoolBase {
? { ...options.interceptors }
: undefined
this[kFactory] = factory
this.on('connectionError', (origin, targets, error) => {
// If a connection error occurs, we remove the client from the pool,
// and emit a connectionError event. They will not be re-used.
// Fixes https://github.com/nodejs/undici/issues/3895
for (const target of targets) {
// Do not use kRemoveClient here, as it will close the client,
// but the client cannot be closed in this state.
const idx = this[kClients].indexOf(target)
if (idx !== -1) {
this[kClients].splice(idx, 1)
}
}
})
}
[kGetDispatcher] () {
@@ -36383,6 +36416,14 @@ module.exports = require("net");
/***/ }),
/***/ 6005:
/***/ ((module) => {
"use strict";
module.exports = require("node:crypto");
/***/ }),
/***/ 5673:
/***/ ((module) => {

852
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@@ -1,6 +1,6 @@
{
"name": "checkout",
"version": "4.1.6",
"version": "5.0.0",
"description": "checkout action",
"main": "lib/main.js",
"scripts": {
@@ -37,19 +37,19 @@
},
"devDependencies": {
"@types/jest": "^29.5.12",
"@types/node": "^20.12.7",
"@types/node": "^24.1.0",
"@types/uuid": "^9.0.8",
"@typescript-eslint/eslint-plugin": "^7.7.1",
"@typescript-eslint/parser": "^7.7.1",
"@typescript-eslint/eslint-plugin": "^7.9.0",
"@typescript-eslint/parser": "^7.9.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-plugin-github": "^4.10.2",
"eslint-plugin-jest": "^28.2.0",
"eslint-plugin-jest": "^28.8.2",
"jest": "^29.7.0",
"jest-circus": "^29.7.0",
"js-yaml": "^4.1.0",
"prettier": "^3.2.5",
"ts-jest": "^29.1.2",
"typescript": "^5.4.5"
"prettier": "^3.3.3",
"ts-jest": "^29.2.5",
"typescript": "^5.5.4"
}
}

View File

@@ -261,7 +261,8 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
const commitInfo = await git.log1()
// Log commit sha
await git.log1("--format='%H'")
const commitSHA = await git.log1('--format=%H')
core.setOutput('commit', commitSHA.trim())
// Check for incorrect pull request merge commit
await refHelper.checkCommitInfo(

View File

@@ -19,6 +19,7 @@ async function run(): Promise<void> {
// Get sources
await gitSourceProvider.getSource(sourceSettings)
core.setOutput('ref', sourceSettings.ref)
} finally {
// Unregister problem matcher
coreCommand.issueCommand('remove-matcher', {owner: 'checkout-git'}, '')

View File

@@ -120,7 +120,7 @@ function updateUsage(
}
updateUsage(
'actions/checkout@v4',
'actions/checkout@v5',
path.join(__dirname, '..', '..', 'action.yml'),
path.join(__dirname, '..', '..', 'README.md')
)

View File

@@ -42,9 +42,13 @@ export async function getCheckoutInfo(
result.ref = `refs/remotes/pull/${branch}`
}
// refs/tags/
else if (upperRef.startsWith('REFS/')) {
else if (upperRef.startsWith('REFS/TAGS/')) {
result.ref = ref
}
// refs/
else if (upperRef.startsWith('REFS/')) {
result.ref = commit ? commit : ref
}
// Unqualified ref, check for a matching branch or tag
else {
if (await git.branchExists(true, `origin/${ref}`)) {

View File

@@ -21,26 +21,61 @@ export function getFetchUrl(settings: IGitSourceSettings): string {
}
export function getServerUrl(url?: string): URL {
let urlValue =
url && url.trim().length > 0
? url
: process.env['GITHUB_SERVER_URL'] || 'https://github.com'
return new URL(urlValue)
let resolvedUrl = process.env['GITHUB_SERVER_URL'] || 'https://github.com'
if (hasContent(url, WhitespaceMode.Trim)) {
resolvedUrl = url!
}
return new URL(resolvedUrl)
}
export function getServerApiUrl(url?: string): string {
let apiUrl = 'https://api.github.com'
if (hasContent(url, WhitespaceMode.Trim)) {
let serverUrl = getServerUrl(url)
if (isGhes(url)) {
serverUrl.pathname = 'api/v3'
} else {
serverUrl.hostname = 'api.' + serverUrl.hostname
}
if (isGhes(url)) {
const serverUrl = getServerUrl(url)
apiUrl = new URL(`${serverUrl.origin}/api/v3`).toString()
return pruneSuffix(serverUrl.toString(), '/')
}
return apiUrl
return process.env['GITHUB_API_URL'] || 'https://api.github.com'
}
export function isGhes(url?: string): boolean {
const ghUrl = getServerUrl(url)
const ghUrl = new URL(
url || process.env['GITHUB_SERVER_URL'] || 'https://github.com'
)
return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM'
const hostname = ghUrl.hostname.trimEnd().toUpperCase()
const isGitHubHost = hostname === 'GITHUB.COM'
const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM')
const isLocalHost = hostname.endsWith('.LOCALHOST')
return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost
}
function pruneSuffix(text: string, suffix: string) {
if (hasContent(suffix, WhitespaceMode.Preserve) && text?.endsWith(suffix)) {
return text.substring(0, text.length - suffix.length)
}
return text
}
enum WhitespaceMode {
Trim,
Preserve
}
function hasContent(
text: string | undefined,
whitespaceMode: WhitespaceMode
): boolean {
let refinedText = text ?? ''
if (whitespaceMode == WhitespaceMode.Trim) {
refinedText = refinedText.trim()
}
return refinedText.length > 0
}