Merge 2449f8bb0b into 8edcb1bdb4

* Update README.md

* Update README.md

Co-authored-by: Josh Gross <joshmgross@github.com>

---------

Co-authored-by: Josh Gross <joshmgross@github.com>

CODEOWNERS

@@ -1 +1 @@
-* @actions/actions-launch
+* @actions/actions-runtime

README.md

@@ -10,6 +10,24 @@ The auth token is persisted in the local git config. This enables your scripts t
 
 When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
 
+### Note
+
+Thank you for your interest in this GitHub action, however, right now we are not taking contributions. 
+
+We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in.
+
+We are taking the following steps to better direct requests related to GitHub Actions, including:
+
+1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)
+
+2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
+
+3. Security Issues should be handled as per our [security.md](security.md)
+
+We will still provide security updates for this project and fix major breaking changes during this time.
+
+You are welcome to still raise bugs in this repo.
+
 # What's new
 
 Please refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.
@@ -95,6 +113,9 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
     # Default: 1
     fetch-depth: ''
 
+    # Date like `2days` or `1970-01-01`. Fetch a history after the specified time.
+    shallow-since: ''
+
     # Whether to fetch tags, even if fetch-depth > 0.
     # Default: false
     fetch-tags: ''
@@ -143,6 +164,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 - [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
 - [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
 - [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
+- [Push a commit to a PR using the built-in token](#Push-a-commit-to-a-PR-using-the-built-in-token)
 
 ## Fetch only the root files
 
@@ -211,7 +233,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
     repository: my-org/my-tools
     path: my-tools
 ```
-> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
+> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 
 ## Checkout multiple repos (nested)
 
@@ -225,7 +247,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
     repository: my-org/my-tools
     path: my-tools
 ```
-> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
+> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 
 ## Checkout multiple repos (private)
 
@@ -288,6 +310,40 @@ jobs:
 ```
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
 
+## Push a commit to a PR using the built-in token
+
+In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesn’t check out your branch by default.
+
+```yaml
+on: pull_request
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+      - run: |
+          date > generated.txt
+          # Note: the following account information will not work on GHES
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add .
+          git commit -m "generated"
+          git push
+```
+
+*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
+
+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```
+
 # License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

__test__/git-auth-helper.test.ts

@@ -808,6 +808,7 @@ async function setup(testName: string): Promise<void> {
     sparseCheckout: [],
     sparseCheckoutConeMode: true,
     fetchDepth: 1,
+    shallowSince: '',
     fetchTags: false,
     showProgress: true,
     lfs: false,

action.yml

@@ -74,6 +74,8 @@ inputs:
   fetch-depth:
     description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.'
     default: 1
+  shallow-since:
+    description: 'Date like `2days` or `1970-01-01`. Fetch a history after the specified time.'
   fetch-tags:
     description: 'Whether to fetch tags, even if fetch-depth > 0.'
     default: false

adrs/0153-checkout-v2.md

@@ -72,6 +72,8 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
   fetch-depth:
     description: 'Number of commits to fetch. 0 indicates all history for all tags and branches.'
     default: 1
+  shallow-since:
+    description: 'Date like `2days` or `1970-01-01`. Fetch a history after the specified time.'
   lfs:
     description: 'Whether to download Git-LFS files'
     default: false
@@ -155,7 +157,7 @@ Fetch only the SHA being built and set depth=1. This significantly reduces the f
 
 If a SHA isn't available (e.g. multi repo), then fetch only the specified ref with depth=1.
 
-The input `fetch-depth` can be used to control the depth.
+The input `fetch-depth` and `shallow-since` can be used to control the depth.
 
 Note:
 - Fetching a single commit is supported by Git wire protocol version 2. The git client uses protocol version 0 by default. The desired protocol version can be overridden in the git config or on the fetch command line invocation (`-c protocol.version=2`). We will override on the fetch command line, for transparency.

dist/index.js

@@ -663,6 +663,9 @@ class GitCommandManager {
             if (options.filter) {
                 args.push(`--filter=${options.filter}`);
             }
+            if (options.shallowSince) {
+                args.push(`--shallow-since=${options.shallowSince}`);
+            }
             if (options.fetchDepth && options.fetchDepth > 0) {
                 args.push(`--depth=${options.fetchDepth}`);
             }
@@ -793,13 +796,16 @@ class GitCommandManager {
             yield this.execGit(args);
         });
     }
-    submoduleUpdate(fetchDepth, recursive) {
+    submoduleUpdate(fetchDepth, recursive, shallowSince) {
         return __awaiter(this, void 0, void 0, function* () {
             const args = ['-c', 'protocol.version=2'];
             args.push('submodule', 'update', '--init', '--force');
             if (fetchDepth > 0) {
                 args.push(`--depth=${fetchDepth}`);
             }
+            if (shallowSince) {
+                args.push(`--shallow-since=${shallowSince}`);
+            }
             if (recursive) {
                 args.push('--recursive');
             }
@@ -1787,6 +1793,12 @@ function getInputs() {
             result.fetchDepth = 0;
         }
         core.debug(`fetch depth = ${result.fetchDepth}`);
+        // Shallow since
+        if (core.getInput('fetch-depth') && core.getInput('shallow-since')) {
+            throw new Error('`fetch-depth` and `shallow-since` cannot be used at the same time');
+        }
+        result.shallowSince = core.getInput('shallow-since');
+        core.debug(`shallow since = ${result.shallowSince}`);
         // Fetch tags
         result.fetchTags =
             (core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE';

src/git-command-manager.ts

@@ -36,6 +36,7 @@ export interface IGitCommandManager {
     options: {
       filter?: string
       fetchDepth?: number
+      shallowSince?: string
       fetchTags?: boolean
       showProgress?: boolean
     }
@@ -54,8 +55,12 @@ export interface IGitCommandManager {
   shaExists(sha: string): Promise<boolean>
   submoduleForeach(command: string, recursive: boolean): Promise<string>
   submoduleSync(recursive: boolean): Promise<void>
-  submoduleUpdate(fetchDepth: number, recursive: boolean): Promise<void>
   submoduleStatus(): Promise<boolean>
+  submoduleUpdate(
+    fetchDepth: number,
+    recursive: boolean,
+    shallowSince?: string
+  ): Promise<void>
   tagExists(pattern: string): Promise<boolean>
   tryClean(): Promise<boolean>
   tryConfigUnset(configKey: string, globalConfig?: boolean): Promise<boolean>
@@ -256,6 +261,7 @@ class GitCommandManager {
     options: {
       filter?: string
       fetchDepth?: number
+      shallowSince?: string
       fetchTags?: boolean
       showProgress?: boolean
     }
@@ -274,6 +280,10 @@ class GitCommandManager {
       args.push(`--filter=${options.filter}`)
     }
 
+    if (options.shallowSince) {
+      args.push(`--shallow-since=${options.shallowSince}`)
+    }
+
     if (options.fetchDepth && options.fetchDepth > 0) {
       args.push(`--depth=${options.fetchDepth}`)
     } else if (
@@ -409,13 +419,21 @@ class GitCommandManager {
     await this.execGit(args)
   }
 
-  async submoduleUpdate(fetchDepth: number, recursive: boolean): Promise<void> {
+  async submoduleUpdate(
+    fetchDepth: number,
+    recursive: boolean,
+    shallowSince?: string
+  ): Promise<void> {
     const args = ['-c', 'protocol.version=2']
     args.push('submodule', 'update', '--init', '--force')
     if (fetchDepth > 0) {
       args.push(`--depth=${fetchDepth}`)
     }
 
+    if (shallowSince) {
+      args.push(`--shallow-since=${shallowSince}`)
+    }
+
     if (recursive) {
       args.push('--recursive')
     }

src/git-source-settings.ts

@@ -50,7 +50,12 @@ export interface IGitSourceSettings {
   fetchDepth: number
 
   /**
-   * Fetch tags, even if fetchDepth > 0 (default: false)
+   * Deepen or shorten the history of a shallow repository to include all reachable commits after
+   */
+  shallowSince: string
+
+  /**
+   *  Fetch tags, even if fetchDepth > 0 (default: false)
    */
   fetchTags: boolean
 

src/input-helper.ts

@@ -108,6 +108,15 @@ export async function getInputs(): Promise<IGitSourceSettings> {
   }
   core.debug(`fetch depth = ${result.fetchDepth}`)
 
+  // Shallow since
+  if (core.getInput('fetch-depth') && core.getInput('shallow-since')) {
+    throw new Error(
+      '`fetch-depth` and `shallow-since` cannot be used at the same time'
+    )
+  }
+  result.shallowSince = core.getInput('shallow-since')
+  core.debug(`shallow since = ${result.shallowSince}`)
+
   // Fetch tags
   result.fetchTags =
     (core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE'