1
0
mirror of https://github.com/actions/checkout.git synced 2026-07-11 19:23:49 +08:00

Compare commits

..

14 Commits

Author SHA1 Message Date
Kaido Kert
89d9914f17 Merge 1bf7689f6b into 09d2acae67 2025-06-06 10:47:37 +02:00
Ben De St Paer-Gotch
09d2acae67 Update README.md (#2194) 2025-06-06 09:19:16 +01:00
Josh Gross
85e6279cec Adjust positioning of user email note and permissions heading (#2044) 2025-01-16 15:56:18 -05:00
Ben Wells
009b9ae9e4 Documentation update - add recommended permissions to Readme (#2043)
* Update README.md

* Update README.md

Co-authored-by: Josh Gross <joshmgross@github.com>

---------

Co-authored-by: Josh Gross <joshmgross@github.com>
2025-01-16 14:14:48 -05:00
Mohammad Ismail
cbb722410c Update README.md (#1977) 2024-11-14 10:41:00 -05:00
The web walker
3b9b8c884f docs: update README.md (#1971)
Add a scenario where it is necessary to push a commit to a pull request.
2024-11-08 10:32:54 -05:00
John Wesley Walker III
11bd71901b Prepare 4.2.2 Release (#1953)
* Prepare 4.2.2 Release

---------

Co-authored-by: Josh Gross <joshmgross@github.com>
2024-10-23 16:24:28 +02:00
John Wesley Walker III
e3d2460bbb Expand unit test coverage (#1946) 2024-10-23 15:59:08 +02:00
John Wesley Walker III
163217dfcd url-helper.ts now leverages well-known environment variables. (#1941)
* `utl-helper.ts` now leverages well-known environment variables.

---------
Co-authored-by: Erez Testiler <easyt@github.com>
2024-10-18 10:07:17 +02:00
Kaido Kert
1bf7689f6b Update dist/index.js with changes 2023-05-15 13:31:08 -07:00
Cosimo Streppone
b9935aab1f Tried to fix the "unstaged changes" test failure
Error: Unstaged changes detected. Locally try running: git clean -ffdx && npm ci && npm run format && npm run build
Error: Process completed with exit code 1.

Rebased PR from #424
2023-05-15 12:26:26 -07:00
Cosimo Streppone
fbc745150c Revert "GH#354 Updated dist/index.js build"
This reverts commit c764e5eab9.
2023-05-15 12:25:28 -07:00
Cosimo Streppone
27cd406012 GH#354 Updated dist/index.js build 2023-05-15 12:25:25 -07:00
Cosimo Streppone
55709ffa1b GH#354 Disabled auth submodules config when related setting is false
This should help with https://github.com/actions/checkout/issues/354.
The problem is that I have no idea whether such auth submodules configuration
is required even when settings.submodules is false.
2023-05-15 12:23:41 -07:00
9 changed files with 258 additions and 38 deletions

View File

@@ -1,5 +1,9 @@
# Changelog
## v4.2.2
* `url-helper.ts` now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
* Expand unit test coverage for `isGhes` by @jww3 in https://github.com/actions/checkout/pull/1946
## v4.2.1
* Check out other refs/* by commit if provided, fall back to ref by @orhantoy in https://github.com/actions/checkout/pull/1924

View File

@@ -10,6 +10,24 @@ The auth token is persisted in the local git config. This enables your scripts t
When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
### Note
Thank you for your interest in this GitHub action, however, right now we are not taking contributions.
We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features were working on and what stage theyre in.
We are taking the following steps to better direct requests related to GitHub Actions, including:
1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)
2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
3. Security Issues should be handled as per our [security.md](security.md)
We will still provide security updates for this project and fix major breaking changes during this time.
You are welcome to still raise bugs in this repo.
# What's new
Please refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.
@@ -143,6 +161,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
- [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
- [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
- [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
- [Push a commit to a PR using the built-in token](#Push-a-commit-to-a-PR-using-the-built-in-token)
## Fetch only the root files
@@ -211,7 +230,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
repository: my-org/my-tools
path: my-tools
```
> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
## Checkout multiple repos (nested)
@@ -225,7 +244,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
repository: my-org/my-tools
path: my-tools
```
> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
## Checkout multiple repos (private)
@@ -288,6 +307,40 @@ jobs:
```
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
## Push a commit to a PR using the built-in token
In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesnt check out your branch by default.
```yaml
on: pull_request
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- run: |
date > generated.txt
# Note: the following account information will not work on GHES
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add .
git commit -m "generated"
git push
```
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
# Recommended permissions
When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
```yaml
permissions:
contents: read
```
# License
The scripts and documentation in this project are released under the [MIT License](LICENSE)

View File

@@ -482,6 +482,7 @@ describe('git-auth-helper tests', () => {
)
settings.persistCredentials = false
settings.sshKey = ''
settings.submodules = true
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
await authHelper.configureAuth()
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
@@ -515,6 +516,7 @@ describe('git-auth-helper tests', () => {
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet
)
settings.persistCredentials = false
settings.submodules = true
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
await authHelper.configureAuth()
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
@@ -541,6 +543,7 @@ describe('git-auth-helper tests', () => {
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeyNotSet
)
settings.sshKey = ''
settings.submodules = true
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
await authHelper.configureAuth()
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
@@ -580,6 +583,7 @@ describe('git-auth-helper tests', () => {
await setup(
configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet
)
settings.submodules = true
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
await authHelper.configureAuth()
const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>

View File

@@ -0,0 +1,92 @@
import * as urlHelper from '../src/url-helper'
describe('getServerUrl tests', () => {
it('basics', async () => {
// Note that URL::toString will append a trailing / when passed just a domain name ...
expect(urlHelper.getServerUrl().toString()).toBe('https://github.com/')
expect(urlHelper.getServerUrl(' ').toString()).toBe('https://github.com/')
expect(urlHelper.getServerUrl(' ').toString()).toBe('https://github.com/')
expect(urlHelper.getServerUrl('http://contoso.com').toString()).toBe(
'http://contoso.com/'
)
expect(urlHelper.getServerUrl('https://contoso.com').toString()).toBe(
'https://contoso.com/'
)
expect(urlHelper.getServerUrl('https://contoso.com/').toString()).toBe(
'https://contoso.com/'
)
// ... but can't make that same assumption when passed an URL that includes some deeper path.
expect(urlHelper.getServerUrl('https://contoso.com/a/b').toString()).toBe(
'https://contoso.com/a/b'
)
})
})
describe('isGhes tests', () => {
const pristineEnv = process.env
beforeEach(() => {
jest.resetModules()
process.env = {...pristineEnv}
})
afterAll(() => {
process.env = pristineEnv
})
it('basics', async () => {
delete process.env['GITHUB_SERVER_URL']
expect(urlHelper.isGhes()).toBeFalsy()
expect(urlHelper.isGhes('https://github.com')).toBeFalsy()
expect(urlHelper.isGhes('https://contoso.ghe.com')).toBeFalsy()
expect(urlHelper.isGhes('https://test.github.localhost')).toBeFalsy()
expect(urlHelper.isGhes('https://src.onpremise.fabrikam.com')).toBeTruthy()
})
it('returns false when the GITHUB_SERVER_URL environment variable is not defined', async () => {
delete process.env['GITHUB_SERVER_URL']
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns false when the GITHUB_SERVER_URL environment variable is set to github.com', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://github.com'
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://contoso.ghe.com'
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://mock-github.localhost'
expect(urlHelper.isGhes()).toBeFalsy()
})
it('returns true when the GITHUB_SERVER_URL environment variable is set to some other URL', async () => {
process.env['GITHUB_SERVER_URL'] = 'https://src.onpremise.fabrikam.com'
expect(urlHelper.isGhes()).toBeTruthy()
})
})
describe('getServerApiUrl tests', () => {
it('basics', async () => {
expect(urlHelper.getServerApiUrl()).toBe('https://api.github.com')
expect(urlHelper.getServerApiUrl('https://github.com')).toBe(
'https://api.github.com'
)
expect(urlHelper.getServerApiUrl('https://GitHub.com')).toBe(
'https://api.github.com'
)
expect(urlHelper.getServerApiUrl('https://contoso.ghe.com')).toBe(
'https://api.contoso.ghe.com'
)
expect(urlHelper.getServerApiUrl('https://fabrikam.GHE.COM')).toBe(
'https://api.fabrikam.ghe.com'
)
expect(
urlHelper.getServerApiUrl('https://src.onpremise.fabrikam.com')
).toBe('https://src.onpremise.fabrikam.com/api/v3')
})
})

60
dist/index.js vendored
View File

@@ -424,10 +424,12 @@ class GitAuthHelper {
core.warning(`Failed to remove '${configKey}' from the git config`);
}
}
const pattern = regexpHelper.escape(configKey);
yield this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
`sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true);
if (this.settings.submodules) {
const pattern = regexpHelper.escape(configKey);
yield this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
`sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true);
}
});
}
}
@@ -2454,22 +2456,50 @@ function getFetchUrl(settings) {
return `${serviceUrl.origin}/${encodedOwner}/${encodedName}`;
}
function getServerUrl(url) {
let urlValue = url && url.trim().length > 0
? url
: process.env['GITHUB_SERVER_URL'] || 'https://github.com';
return new url_1.URL(urlValue);
let resolvedUrl = process.env['GITHUB_SERVER_URL'] || 'https://github.com';
if (hasContent(url, WhitespaceMode.Trim)) {
resolvedUrl = url;
}
return new url_1.URL(resolvedUrl);
}
function getServerApiUrl(url) {
let apiUrl = 'https://api.github.com';
if (isGhes(url)) {
const serverUrl = getServerUrl(url);
apiUrl = new url_1.URL(`${serverUrl.origin}/api/v3`).toString();
if (hasContent(url, WhitespaceMode.Trim)) {
let serverUrl = getServerUrl(url);
if (isGhes(url)) {
serverUrl.pathname = 'api/v3';
}
else {
serverUrl.hostname = 'api.' + serverUrl.hostname;
}
return pruneSuffix(serverUrl.toString(), '/');
}
return apiUrl;
return process.env['GITHUB_API_URL'] || 'https://api.github.com';
}
function isGhes(url) {
const ghUrl = getServerUrl(url);
return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM';
const ghUrl = new url_1.URL(url || process.env['GITHUB_SERVER_URL'] || 'https://github.com');
const hostname = ghUrl.hostname.trimEnd().toUpperCase();
const isGitHubHost = hostname === 'GITHUB.COM';
const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM');
const isLocalHost = hostname.endsWith('.LOCALHOST');
return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost;
}
function pruneSuffix(text, suffix) {
if (hasContent(suffix, WhitespaceMode.Preserve) && (text === null || text === void 0 ? void 0 : text.endsWith(suffix))) {
return text.substring(0, text.length - suffix.length);
}
return text;
}
var WhitespaceMode;
(function (WhitespaceMode) {
WhitespaceMode[WhitespaceMode["Trim"] = 0] = "Trim";
WhitespaceMode[WhitespaceMode["Preserve"] = 1] = "Preserve";
})(WhitespaceMode || (WhitespaceMode = {}));
function hasContent(text, whitespaceMode) {
let refinedText = text !== null && text !== void 0 ? text : '';
if (whitespaceMode == WhitespaceMode.Trim) {
refinedText = refinedText.trim();
}
return refinedText.length > 0;
}

4
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{
"name": "checkout",
"version": "4.2.1",
"version": "4.2.2",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "checkout",
"version": "4.2.1",
"version": "4.2.2",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.10.1",

View File

@@ -1,6 +1,6 @@
{
"name": "checkout",
"version": "4.2.1",
"version": "4.2.2",
"description": "checkout action",
"main": "lib/main.js",
"scripts": {

View File

@@ -364,11 +364,13 @@ class GitAuthHelper {
}
}
const pattern = regexpHelper.escape(configKey)
await this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
`sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
true
)
if (this.settings.submodules) {
const pattern = regexpHelper.escape(configKey)
await this.git.submoduleForeach(
// wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
`sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
true
)
}
}
}

View File

@@ -21,26 +21,61 @@ export function getFetchUrl(settings: IGitSourceSettings): string {
}
export function getServerUrl(url?: string): URL {
let urlValue =
url && url.trim().length > 0
? url
: process.env['GITHUB_SERVER_URL'] || 'https://github.com'
return new URL(urlValue)
let resolvedUrl = process.env['GITHUB_SERVER_URL'] || 'https://github.com'
if (hasContent(url, WhitespaceMode.Trim)) {
resolvedUrl = url!
}
return new URL(resolvedUrl)
}
export function getServerApiUrl(url?: string): string {
let apiUrl = 'https://api.github.com'
if (hasContent(url, WhitespaceMode.Trim)) {
let serverUrl = getServerUrl(url)
if (isGhes(url)) {
serverUrl.pathname = 'api/v3'
} else {
serverUrl.hostname = 'api.' + serverUrl.hostname
}
if (isGhes(url)) {
const serverUrl = getServerUrl(url)
apiUrl = new URL(`${serverUrl.origin}/api/v3`).toString()
return pruneSuffix(serverUrl.toString(), '/')
}
return apiUrl
return process.env['GITHUB_API_URL'] || 'https://api.github.com'
}
export function isGhes(url?: string): boolean {
const ghUrl = getServerUrl(url)
const ghUrl = new URL(
url || process.env['GITHUB_SERVER_URL'] || 'https://github.com'
)
return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM'
const hostname = ghUrl.hostname.trimEnd().toUpperCase()
const isGitHubHost = hostname === 'GITHUB.COM'
const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM')
const isLocalHost = hostname.endsWith('.LOCALHOST')
return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost
}
function pruneSuffix(text: string, suffix: string) {
if (hasContent(suffix, WhitespaceMode.Preserve) && text?.endsWith(suffix)) {
return text.substring(0, text.length - suffix.length)
}
return text
}
enum WhitespaceMode {
Trim,
Preserve
}
function hasContent(
text: string | undefined,
whitespaceMode: WhitespaceMode
): boolean {
let refinedText = text ?? ''
if (whitespaceMode == WhitespaceMode.Trim) {
refinedText = refinedText.trim()
}
return refinedText.length > 0
}