1
0
mirror of https://github.com/actions/checkout.git synced 2026-06-29 18:13:51 +08:00

Compare commits

..

9 Commits

Author SHA1 Message Date
Nicolas Schweitzer
165e4fbb74 Merge ab5d862ce8 into 09d2acae67 2025-06-06 10:25:41 +02:00
Ben De St Paer-Gotch
09d2acae67 Update README.md (#2194) 2025-06-06 09:19:16 +01:00
Nicolas Schweitzer
ab5d862ce8 fix tests and update index.js 2025-01-22 11:55:00 +01:00
Nicolas Schweitzer
5fba9eb899 codereview: define a git-user slug instead of a true/false config 2025-01-21 18:50:25 +01:00
Josh Gross
85e6279cec Adjust positioning of user email note and permissions heading (#2044) 2025-01-16 15:56:18 -05:00
Ben Wells
009b9ae9e4 Documentation update - add recommended permissions to Readme (#2043)
* Update README.md

* Update README.md

Co-authored-by: Josh Gross <joshmgross@github.com>

---------

Co-authored-by: Josh Gross <joshmgross@github.com>
2025-01-16 14:14:48 -05:00
Nicolas Schweitzer
f3b199b7ed feat(git config): Set default user.name and user.email in git config 2024-12-19 16:24:48 +01:00
Mohammad Ismail
cbb722410c Update README.md (#1977) 2024-11-14 10:41:00 -05:00
The web walker
3b9b8c884f docs: update README.md (#1971)
Add a scenario where it is necessary to push a commit to a pull request.
2024-11-08 10:32:54 -05:00
14 changed files with 149 additions and 27 deletions

View File

@@ -10,6 +10,24 @@ The auth token is persisted in the local git config. This enables your scripts t
When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
### Note
Thank you for your interest in this GitHub action, however, right now we are not taking contributions.
We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features were working on and what stage theyre in.
We are taking the following steps to better direct requests related to GitHub Actions, including:
1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)
2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
3. Security Issues should be handled as per our [security.md](security.md)
We will still provide security updates for this project and fix major breaking changes during this time.
You are welcome to still raise bugs in this repo.
# What's new
Please refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.
@@ -41,6 +59,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
# Default: ${{ github.token }}
token: ''
# Github slug used to configure local user.name and user.email for git. This is
# required to push a commit from a Github Action Workflow. Set to '' to disable
# this configuration.
# Default: github-action[bot]
git-user: ''
# SSH key used to fetch the repository. The SSH key is configured with the local
# git config, which enables your scripts to run authenticated git commands. The
# post-job step removes the SSH key.
@@ -143,6 +167,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
- [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
- [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
- [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
- [Push a commit to a PR using the built-in token](#Push-a-commit-to-a-PR-using-the-built-in-token)
## Fetch only the root files
@@ -211,7 +236,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
repository: my-org/my-tools
path: my-tools
```
> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
## Checkout multiple repos (nested)
@@ -225,7 +250,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
repository: my-org/my-tools
path: my-tools
```
> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
## Checkout multiple repos (private)
@@ -280,14 +305,44 @@ jobs:
- run: |
date > generated.txt
# Note: the following account information will not work on GHES
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add .
git commit -m "generated"
git push
```
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
## Push a commit to a PR using the built-in token
In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesnt check out your branch by default.
```yaml
on: pull_request
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- run: |
date > generated.txt
# Note: the following account information will not work on GHES
git add .
git commit -m "generated"
git push
```
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
# Recommended permissions
When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
```yaml
permissions:
contents: read
```
# License
The scripts and documentation in this project are released under the [MIT License](LICENSE)

View File

@@ -1,12 +1,12 @@
import * as core from '@actions/core'
import * as fs from 'fs'
import * as gitAuthHelper from '../lib/git-auth-helper'
import * as gitAuthHelper from '../src/git-auth-helper'
import * as io from '@actions/io'
import * as os from 'os'
import * as path from 'path'
import * as stateHelper from '../lib/state-helper'
import {IGitCommandManager} from '../lib/git-command-manager'
import {IGitSourceSettings} from '../lib/git-source-settings'
import * as stateHelper from '../src/state-helper'
import {IGitCommandManager} from '../src/git-command-manager'
import {IGitSourceSettings} from '../src/git-source-settings'
const isWindows = process.platform === 'win32'
const testWorkspace = path.join(__dirname, '_temp', 'git-auth-helper')
@@ -824,7 +824,8 @@ async function setup(testName: string): Promise<void> {
sshUser: '',
workflowOrganizationId: 123456,
setSafeDirectory: true,
githubServerUrl: githubServerUrl
githubServerUrl: githubServerUrl,
gitUser: 'github-action[bot]'
}
}

View File

@@ -1,6 +1,6 @@
import * as exec from '@actions/exec'
import * as fshelper from '../lib/fs-helper'
import * as commandManager from '../lib/git-command-manager'
import * as fshelper from '../src/fs-helper'
import * as commandManager from '../src/git-command-manager'
let git: commandManager.IGitCommandManager
let mockExec = jest.fn()

View File

@@ -1,9 +1,9 @@
import * as core from '@actions/core'
import * as fs from 'fs'
import * as gitDirectoryHelper from '../lib/git-directory-helper'
import * as gitDirectoryHelper from '../src/git-directory-helper'
import * as io from '@actions/io'
import * as path from 'path'
import {IGitCommandManager} from '../lib/git-command-manager'
import {IGitCommandManager} from '../src/git-command-manager'
const testWorkspace = path.join(__dirname, '_temp', 'git-directory-helper')
let repositoryPath: string

View File

@@ -1,10 +1,10 @@
import * as core from '@actions/core'
import * as fsHelper from '../lib/fs-helper'
import * as fsHelper from '../src/fs-helper'
import * as github from '@actions/github'
import * as inputHelper from '../lib/input-helper'
import * as inputHelper from '../src/input-helper'
import * as path from 'path'
import * as workflowContextHelper from '../lib/workflow-context-helper'
import {IGitSourceSettings} from '../lib/git-source-settings'
import * as workflowContextHelper from '../src/workflow-context-helper'
import {IGitSourceSettings} from '../src/git-source-settings'
const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
const gitHubWorkspace = path.resolve('/checkout-tests/workspace')

View File

@@ -1,6 +1,6 @@
import * as assert from 'assert'
import * as refHelper from '../lib/ref-helper'
import {IGitCommandManager} from '../lib/git-command-manager'
import * as refHelper from '../src/ref-helper'
import {IGitCommandManager} from '../src/git-command-manager'
const commit = '1234567890123456789012345678901234567890'
let git: IGitCommandManager

View File

@@ -1,5 +1,5 @@
import * as core from '@actions/core'
import {RetryHelper} from '../lib/retry-helper'
import {RetryHelper} from '../src/retry-helper'
let info: string[]
let retryHelper: any

View File

@@ -22,6 +22,12 @@ inputs:
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
default: ${{ github.token }}
git-user:
description: >
Github slug used to configure local user.name and user.email for git.
This is required to push a commit from a Github Action Workflow.
Set to '' to disable this configuration.
default: "github-action[bot]"
ssh-key:
description: >
SSH key used to fetch the repository. The SSH key is configured with the local

21
dist/index.js vendored
View File

@@ -1357,6 +1357,15 @@ function getSource(settings) {
core.setOutput('commit', commitSHA.trim());
// Check for incorrect pull request merge commit
yield refHelper.checkCommitInfo(settings.authToken, commitInfo, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit, settings.githubServerUrl);
if (settings.gitUser) {
if (!(yield git.configExists('user.name', true))) {
yield git.config('user.name', settings.gitUser, true);
}
if (!(yield git.configExists('user.email', true))) {
const userId = yield githubApiHelper.getUserId(settings.gitUser, settings.authToken, settings.githubServerUrl);
yield git.config('user.email', `${userId}+${settings.gitUser}@users.noreply.github.com`, true);
}
}
}
finally {
// Remove auth
@@ -1546,6 +1555,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.downloadRepository = downloadRepository;
exports.getDefaultBranch = getDefaultBranch;
exports.getUserId = getUserId;
const assert = __importStar(__nccwpck_require__(9491));
const core = __importStar(__nccwpck_require__(2186));
const fs = __importStar(__nccwpck_require__(7147));
@@ -1663,6 +1673,15 @@ function downloadArchive(authToken, owner, repo, ref, commit, baseUrl) {
return Buffer.from(response.data); // response.data is ArrayBuffer
});
}
function getUserId(username, authToken, baseUrl) {
return __awaiter(this, void 0, void 0, function* () {
const octokit = github.getOctokit(authToken, {
baseUrl: (0, url_helper_1.getServerApiUrl)(baseUrl)
});
const user = yield octokit.rest.users.getByUsername({ username, });
return user.data.id;
});
}
/***/ }),
@@ -1813,6 +1832,8 @@ function getInputs() {
core.debug(`recursive submodules = ${result.nestedSubmodules}`);
// Auth token
result.authToken = core.getInput('token', { required: true });
// Git user
result.gitUser = core.getInput('git-user') || 'github-action[bot]';
// SSH
result.sshKey = core.getInput('ssh-key');
result.sshKnownHosts = core.getInput('ssh-known-hosts');

16
package-lock.json generated
View File

@@ -2502,10 +2502,11 @@
}
},
"node_modules/cross-spawn": {
"version": "7.0.3",
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
"integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
"version": "7.0.6",
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
"integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"license": "MIT",
"dependencies": {
"path-key": "^3.1.0",
"shebang-command": "^2.0.0",
@@ -5528,12 +5529,13 @@
}
},
"node_modules/micromatch": {
"version": "4.0.5",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
"integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
"version": "4.0.8",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
"integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
"dev": true,
"license": "MIT",
"dependencies": {
"braces": "^3.0.2",
"braces": "^3.0.3",
"picomatch": "^2.3.1"
},
"engines": {

View File

@@ -274,6 +274,23 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
settings.commit,
settings.githubServerUrl
)
if (settings.gitUser) {
if (!(await git.configExists('user.name', true))) {
await git.config('user.name', settings.gitUser, true)
}
if (!(await git.configExists('user.email', true))) {
const userId = await githubApiHelper.getUserId(
settings.gitUser,
settings.authToken,
settings.githubServerUrl
)
await git.config(
'user.email',
`${userId}+${settings.gitUser}@users.noreply.github.com`,
true
)
}
}
} finally {
// Remove auth
if (authHelper) {

View File

@@ -79,6 +79,11 @@ export interface IGitSourceSettings {
*/
authToken: string
/**
* A github user slug to set a default user name and email in the local git config
*/
gitUser: string
/**
* The SSH key to configure
*/

View File

@@ -143,3 +143,15 @@ async function downloadArchive(
})
return Buffer.from(response.data as ArrayBuffer) // response.data is ArrayBuffer
}
export async function getUserId(
username: string,
authToken: string,
baseUrl?: string
): Promise<number> {
const octokit = github.getOctokit(authToken, {
baseUrl: getServerApiUrl(baseUrl)
})
const user = await octokit.rest.users.getByUsername({username})
return user.data.id
}

View File

@@ -138,6 +138,9 @@ export async function getInputs(): Promise<IGitSourceSettings> {
// Auth token
result.authToken = core.getInput('token', {required: true})
// Git user
result.gitUser = core.getInput('git-user') || 'github-action[bot]'
// SSH
result.sshKey = core.getInput('ssh-key')
result.sshKnownHosts = core.getInput('ssh-known-hosts')