mirror of
https://github.com/actions/checkout.git
synced 2026-07-11 19:23:49 +08:00
Compare commits
16 Commits
v6-beta
...
ce8654db7e
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
ce8654db7e | ||
|
|
0c366fd6a8 | ||
|
|
de0fac2e45 | ||
|
|
064fe7f331 | ||
|
|
14150cf66c | ||
|
|
8f2d56a328 | ||
|
|
7bbc85187c | ||
|
|
8e8c483db8 | ||
|
|
033fa0dc0b | ||
|
|
c2d88d3ecc | ||
|
|
1af3b93b68 | ||
|
|
94b4159221 | ||
|
|
84bd6b238a | ||
|
|
93a0983ecb | ||
|
|
4b4c83ea7a | ||
|
|
2272602ba7 |
121
.github/copilot-instructions.md
vendored
Normal file
121
.github/copilot-instructions.md
vendored
Normal file
@@ -0,0 +1,121 @@
|
|||||||
|
# GitHub Actions Checkout - AI Coding Instructions
|
||||||
|
|
||||||
|
## Project Overview
|
||||||
|
|
||||||
|
This is the official `actions/checkout` GitHub Action for checking out repositories in workflows. It's a TypeScript project that compiles to a single bundled JavaScript file (`dist/index.js`) and supports both git-based and REST API-based repository downloads.
|
||||||
|
|
||||||
|
## Architecture & Key Components
|
||||||
|
|
||||||
|
### Core Entry Points
|
||||||
|
- **`src/main.ts`**: Main entry point with `run()` and `cleanup()` functions, determined by `stateHelper.IsPost`
|
||||||
|
- **`src/git-source-provider.ts`**: Primary orchestrator for repository acquisition (git vs REST API fallback)
|
||||||
|
- **`src/input-helper.ts`**: Input validation and GitHub Actions input processing
|
||||||
|
- **`action.yml`**: Defines the action interface with comprehensive input/output schema
|
||||||
|
|
||||||
|
### Critical Data Flow
|
||||||
|
1. `main.ts` → `inputHelper.getInputs()` → validates and transforms action inputs
|
||||||
|
2. `main.ts` → `gitSourceProvider.getSource(settings)` → orchestrates repository download
|
||||||
|
3. `git-source-provider.ts` decides: use Git CLI or fallback to GitHub REST API
|
||||||
|
4. State management via `state-helper.ts` for POST action cleanup
|
||||||
|
|
||||||
|
### Authentication & Security Patterns
|
||||||
|
- **Token-based auth**: Uses `@actions/core` to handle GitHub tokens securely
|
||||||
|
- **SSH key management**: Configures temporary SSH keys in `git-auth-helper.ts`
|
||||||
|
- **Safe directory**: Automatically configures `git config safe.directory` for container compatibility
|
||||||
|
|
||||||
|
## Development Workflow
|
||||||
|
|
||||||
|
### Essential Commands
|
||||||
|
```bash
|
||||||
|
npm ci # Install dependencies
|
||||||
|
npm run build # TypeScript → JavaScript + bundle with ncc + generate docs
|
||||||
|
npm run format # Prettier formatting
|
||||||
|
npm run lint # ESLint validation
|
||||||
|
npm test # Jest test suite
|
||||||
|
```
|
||||||
|
|
||||||
|
### Build Process (Critical!)
|
||||||
|
- **`npm run build`** runs: `tsc && ncc build && node lib/misc/generate-docs.js`
|
||||||
|
- **Documentation sync**: `src/misc/generate-docs.ts` auto-updates README.md usage section from `action.yml`
|
||||||
|
- **Bundling**: Uses `@vercel/ncc` to create single `dist/index.js` file
|
||||||
|
- **Always run `npm run build` before commits** - the `dist/` directory must be up-to-date
|
||||||
|
|
||||||
|
### Testing Strategy
|
||||||
|
- **Unit tests**: Jest tests in `__test__/` for all core modules
|
||||||
|
- **Integration tests**: Shell scripts (`__test__/verify-*.sh`) test real git operations
|
||||||
|
- **E2E tests**: `.github/workflows/test.yml` tests across OS matrix with actual GitHub repos
|
||||||
|
|
||||||
|
## Project-Specific Conventions
|
||||||
|
|
||||||
|
### TypeScript Patterns
|
||||||
|
- **Interface-driven**: `IGitSourceSettings` centralizes all configuration
|
||||||
|
- **Async/await**: All I/O operations use async patterns, not promises
|
||||||
|
- **Error handling**: Use `core.setFailed()` for action failures, `core.warning()` for non-critical issues
|
||||||
|
|
||||||
|
### Git Operation Patterns
|
||||||
|
```typescript
|
||||||
|
// Check Git version and fallback pattern
|
||||||
|
const git = await getGitCommandManager(settings)
|
||||||
|
if (git) {
|
||||||
|
// Use Git CLI
|
||||||
|
await git.fetch(refSpec, fetchDepth)
|
||||||
|
} else {
|
||||||
|
// Fallback to REST API
|
||||||
|
await githubApiHelper.downloadRepository(...)
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### State Management (Unique Pattern!)
|
||||||
|
- **Dual-phase execution**: Same script runs twice (MAIN + POST) determined by `stateHelper.IsPost`
|
||||||
|
- **State persistence**: Use `core.saveState()` / `core.getState()` to pass data between phases
|
||||||
|
- **Cleanup responsibility**: POST phase cleans up auth tokens, SSH keys, etc.
|
||||||
|
|
||||||
|
### Input Validation Approach
|
||||||
|
- **GitHub context integration**: Defaults repository from `github.context.repo`
|
||||||
|
- **Path safety**: Validates paths are within `GITHUB_WORKSPACE`
|
||||||
|
- **Flexible refs**: Handles branches, tags, SHAs, and PR refs uniformly
|
||||||
|
|
||||||
|
## Integration Points
|
||||||
|
|
||||||
|
### GitHub Actions SDK Usage
|
||||||
|
- **`@actions/core`**: Input/output, logging, state management
|
||||||
|
- **`@actions/github`**: GitHub context and API access
|
||||||
|
- **`@actions/exec`**: Git command execution
|
||||||
|
- **`@actions/io`**: File system operations
|
||||||
|
|
||||||
|
### Git Integration
|
||||||
|
- **Version compatibility**: Minimum Git 2.18, with feature detection for sparse-checkout
|
||||||
|
- **Authentication modes**: Token-based (default) or SSH key-based
|
||||||
|
- **Advanced features**: LFS, submodules, sparse-checkout, partial clones
|
||||||
|
|
||||||
|
### Container Support
|
||||||
|
- **Safe directory**: Critical for container workflows - auto-configures git safe.directory
|
||||||
|
- **Credential persistence**: Configures git credential helper for authenticated operations
|
||||||
|
|
||||||
|
## Common Debugging Patterns
|
||||||
|
|
||||||
|
### Enable Debug Logging
|
||||||
|
```yaml
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v5
|
||||||
|
env:
|
||||||
|
ACTIONS_STEP_DEBUG: true
|
||||||
|
```
|
||||||
|
|
||||||
|
### REST API Fallback Testing
|
||||||
|
```bash
|
||||||
|
# Force REST API mode by overriding Git version
|
||||||
|
__test__/override-git-version.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
### Authentication Issues
|
||||||
|
- Check `GITHUB_TOKEN` permissions: needs `contents: read`
|
||||||
|
- For private repos: requires PAT with repo access
|
||||||
|
- Container issues: verify safe.directory configuration
|
||||||
|
|
||||||
|
## Key Files for Understanding
|
||||||
|
- `src/git-source-provider.ts` - Main orchestration logic
|
||||||
|
- `src/input-helper.ts` - Action interface and validation
|
||||||
|
- `src/git-auth-helper.ts` - Authentication and credential management
|
||||||
|
- `action.yml` - Complete input/output specification
|
||||||
|
- `.github/workflows/test.yml` - Comprehensive test scenarios
|
||||||
2
.github/workflows/check-dist.yml
vendored
2
.github/workflows/check-dist.yml
vendored
@@ -22,7 +22,7 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4.1.6
|
- uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Set Node.js 24.x
|
- name: Set Node.js 24.x
|
||||||
uses: actions/setup-node@v4
|
uses: actions/setup-node@v4
|
||||||
|
|||||||
2
.github/workflows/codeql-analysis.yml
vendored
2
.github/workflows/codeql-analysis.yml
vendored
@@ -39,7 +39,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4.1.6
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@v3
|
uses: github/codeql-action/init@v3
|
||||||
|
|||||||
41
.github/workflows/deno.yml
vendored
Normal file
41
.github/workflows/deno.yml
vendored
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
# This workflow uses actions that are not certified by GitHub.
|
||||||
|
# They are provided by a third-party and are governed by
|
||||||
|
# separate terms of service, privacy policy, and support
|
||||||
|
# documentation.
|
||||||
|
|
||||||
|
# This workflow will install Deno then run `deno lint` and `deno test`.
|
||||||
|
# For more information see: https://github.com/denoland/setup-deno
|
||||||
|
|
||||||
|
name: Deno
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: ["main"]
|
||||||
|
pull_request:
|
||||||
|
branches: ["main"]
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Setup repo
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Setup Deno
|
||||||
|
uses: denoland/setup-deno@v1.1.2
|
||||||
|
with:
|
||||||
|
deno-version: v1.x
|
||||||
|
|
||||||
|
# Uncomment this step to verify the use of 'deno fmt' on each commit.
|
||||||
|
# - name: Verify formatting
|
||||||
|
# run: deno fmt --check
|
||||||
|
|
||||||
|
- name: Run linter
|
||||||
|
run: deno lint
|
||||||
|
|
||||||
|
- name: Run tests
|
||||||
|
run: deno test -A
|
||||||
2
.github/workflows/licensed.yml
vendored
2
.github/workflows/licensed.yml
vendored
@@ -9,6 +9,6 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
name: Check licenses
|
name: Check licenses
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4.1.6
|
- uses: actions/checkout@v6
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
- run: npm run licensed-check
|
- run: npm run licensed-check
|
||||||
@@ -14,7 +14,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checking out
|
- name: Checking out
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
- name: Publish
|
- name: Publish
|
||||||
id: publish
|
id: publish
|
||||||
uses: actions/publish-immutable-action@0.0.3
|
uses: actions/publish-immutable-action@0.0.3
|
||||||
|
|||||||
43
.github/workflows/test.yml
vendored
43
.github/workflows/test.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
|||||||
- uses: actions/setup-node@v4
|
- uses: actions/setup-node@v4
|
||||||
with:
|
with:
|
||||||
node-version: 24.x
|
node-version: 24.x
|
||||||
- uses: actions/checkout@v4.1.6
|
- uses: actions/checkout@v6
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
- run: npm run build
|
- run: npm run build
|
||||||
- run: npm run format-check
|
- run: npm run format-check
|
||||||
@@ -37,7 +37,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
# Clone this repo
|
# Clone this repo
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4.1.6
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
# Basic checkout
|
# Basic checkout
|
||||||
- name: Checkout basic
|
- name: Checkout basic
|
||||||
@@ -87,6 +87,17 @@ jobs:
|
|||||||
- name: Verify fetch filter
|
- name: Verify fetch filter
|
||||||
run: __test__/verify-fetch-filter.sh
|
run: __test__/verify-fetch-filter.sh
|
||||||
|
|
||||||
|
# Fetch tags
|
||||||
|
- name: Checkout with fetch-tags
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
ref: test-data/v2/basic
|
||||||
|
path: fetch-tags-test
|
||||||
|
fetch-tags: true
|
||||||
|
- name: Verify fetch-tags
|
||||||
|
shell: bash
|
||||||
|
run: __test__/verify-fetch-tags.sh
|
||||||
|
|
||||||
# Sparse checkout
|
# Sparse checkout
|
||||||
- name: Sparse checkout
|
- name: Sparse checkout
|
||||||
uses: ./
|
uses: ./
|
||||||
@@ -165,6 +176,22 @@ jobs:
|
|||||||
- name: Verify submodules recursive
|
- name: Verify submodules recursive
|
||||||
run: __test__/verify-submodules-recursive.sh
|
run: __test__/verify-submodules-recursive.sh
|
||||||
|
|
||||||
|
# Worktree credentials
|
||||||
|
- name: Checkout for worktree test
|
||||||
|
uses: ./
|
||||||
|
with:
|
||||||
|
path: worktree-test
|
||||||
|
- name: Verify worktree credentials
|
||||||
|
shell: bash
|
||||||
|
run: __test__/verify-worktree.sh worktree-test worktree-branch
|
||||||
|
|
||||||
|
# Worktree credentials in container step
|
||||||
|
- name: Verify worktree credentials in container step
|
||||||
|
if: runner.os == 'Linux'
|
||||||
|
uses: docker://bitnami/git:latest
|
||||||
|
with:
|
||||||
|
args: bash __test__/verify-worktree.sh worktree-test container-worktree-branch
|
||||||
|
|
||||||
# Basic checkout using REST API
|
# Basic checkout using REST API
|
||||||
- name: Remove basic
|
- name: Remove basic
|
||||||
if: runner.os != 'windows'
|
if: runner.os != 'windows'
|
||||||
@@ -202,7 +229,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
# Clone this repo
|
# Clone this repo
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4.1.6
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
# Basic checkout using git
|
# Basic checkout using git
|
||||||
- name: Checkout basic
|
- name: Checkout basic
|
||||||
@@ -234,7 +261,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
# Clone this repo
|
# Clone this repo
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4.1.6
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
# Basic checkout using git
|
# Basic checkout using git
|
||||||
- name: Checkout basic
|
- name: Checkout basic
|
||||||
@@ -264,7 +291,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
# Clone this repo
|
# Clone this repo
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4.1.6
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
path: localClone
|
path: localClone
|
||||||
|
|
||||||
@@ -291,8 +318,8 @@ jobs:
|
|||||||
git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
|
git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
|
||||||
|
|
||||||
# needed to make checkout post cleanup succeed
|
# needed to make checkout post cleanup succeed
|
||||||
- name: Fix Checkout v4
|
- name: Fix Checkout v6
|
||||||
uses: actions/checkout@v4.1.6
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
path: localClone
|
path: localClone
|
||||||
|
|
||||||
@@ -301,7 +328,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
# Clone this repo
|
# Clone this repo
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4.1.6
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
path: actions-checkout
|
path: actions-checkout
|
||||||
|
|
||||||
|
|||||||
2
.github/workflows/update-main-version.yml
vendored
2
.github/workflows/update-main-version.yml
vendored
@@ -23,7 +23,7 @@ jobs:
|
|||||||
# Note this update workflow can also be used as a rollback tool.
|
# Note this update workflow can also be used as a rollback tool.
|
||||||
# For that reason, it's best to pin `actions/checkout` to a known, stable version
|
# For that reason, it's best to pin `actions/checkout` to a known, stable version
|
||||||
# (typically, about two releases back).
|
# (typically, about two releases back).
|
||||||
- uses: actions/checkout@v4.1.6
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Git config
|
- name: Git config
|
||||||
|
|||||||
2
.github/workflows/update-test-ubuntu-git.yml
vendored
2
.github/workflows/update-test-ubuntu-git.yml
vendored
@@ -26,7 +26,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
# Use `docker/login-action` to log in to GHCR.io.
|
# Use `docker/login-action` to log in to GHCR.io.
|
||||||
# Once published, the packages are scoped to the account defined here.
|
# Once published, the packages are scoped to the account defined here.
|
||||||
|
|||||||
19
CHANGELOG.md
19
CHANGELOG.md
@@ -1,10 +1,25 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
## V5.0.0
|
## v6.0.2
|
||||||
|
* Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in https://github.com/actions/checkout/pull/2356
|
||||||
|
|
||||||
|
## v6.0.1
|
||||||
|
* Add worktree support for persist-credentials includeIf by @ericsciple in https://github.com/actions/checkout/pull/2327
|
||||||
|
|
||||||
|
## v6.0.0
|
||||||
|
* Persist creds to a separate file by @ericsciple in https://github.com/actions/checkout/pull/2286
|
||||||
|
* Update README to include Node.js 24 support details and requirements by @salmanmkc in https://github.com/actions/checkout/pull/2248
|
||||||
|
|
||||||
|
## v5.0.1
|
||||||
|
* Port v6 cleanup to v5 by @ericsciple in https://github.com/actions/checkout/pull/2301
|
||||||
|
|
||||||
|
## v5.0.0
|
||||||
* Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226
|
* Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226
|
||||||
|
|
||||||
|
## v4.3.1
|
||||||
|
* Port v6 cleanup to v4 by @ericsciple in https://github.com/actions/checkout/pull/2305
|
||||||
|
|
||||||
## V4.3.0
|
## v4.3.0
|
||||||
* docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
|
* docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
|
||||||
* Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
|
* Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
|
||||||
* Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043
|
* Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043
|
||||||
|
|||||||
213
LICENSE
213
LICENSE
@@ -1,22 +1,201 @@
|
|||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
The MIT License (MIT)
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
Copyright (c) 2018 GitHub, Inc. and contributors
|
1. Definitions.
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is
|
|
||||||
furnished to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
all copies or substantial portions of the Software.
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
other entities that control, are controlled by, or are under common
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
control with that entity. For the purposes of this definition,
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
direction or management of such entity, whether by contract or
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
THE SOFTWARE.
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright [yyyy] [name of copyright owner]
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
|||||||
41
README.md
41
README.md
@@ -1,11 +1,12 @@
|
|||||||
[](https://github.com/actions/checkout/actions/workflows/test.yml)
|
[](https://github.com/actions/checkout/actions/workflows/test.yml)
|
||||||
|
|
||||||
# Checkout v6-beta
|
# Checkout v6
|
||||||
|
|
||||||
## What's new
|
## What's new
|
||||||
|
|
||||||
- Updated `persist-credentials` to store the credentials under `$RUNNER_TEMP` instead of directly in the local git config.
|
- Improved credential security: `persist-credentials` now stores credentials in a separate file under `$RUNNER_TEMP` instead of directly in `.git/config`
|
||||||
- This requires a minimum Actions Runner version of [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) to access the persisted credentials for [Docker container action](https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action) scenarios.
|
- No workflow changes required — `git fetch`, `git push`, etc. continue to work automatically
|
||||||
|
- Running authenticated git commands from a [Docker container action](https://docs.github.com/actions/sharing-automations/creating-actions/creating-a-docker-container-action) requires Actions Runner [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) or later
|
||||||
|
|
||||||
# Checkout v5
|
# Checkout v5
|
||||||
|
|
||||||
@@ -51,7 +52,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
|
|
||||||
<!-- start usage -->
|
<!-- start usage -->
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
# Repository name with owner. For example, actions/checkout
|
# Repository name with owner. For example, actions/checkout
|
||||||
# Default: ${{ github.repository }}
|
# Default: ${{ github.repository }}
|
||||||
@@ -190,7 +191,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
## Fetch only the root files
|
## Fetch only the root files
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
sparse-checkout: .
|
sparse-checkout: .
|
||||||
```
|
```
|
||||||
@@ -198,7 +199,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
## Fetch only the root files and `.github` and `src` folder
|
## Fetch only the root files and `.github` and `src` folder
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
sparse-checkout: |
|
sparse-checkout: |
|
||||||
.github
|
.github
|
||||||
@@ -208,7 +209,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
## Fetch only a single file
|
## Fetch only a single file
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
sparse-checkout: |
|
sparse-checkout: |
|
||||||
README.md
|
README.md
|
||||||
@@ -218,7 +219,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
## Fetch all history for all tags and branches
|
## Fetch all history for all tags and branches
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
```
|
```
|
||||||
@@ -226,7 +227,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
## Checkout a different branch
|
## Checkout a different branch
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
ref: my-branch
|
ref: my-branch
|
||||||
```
|
```
|
||||||
@@ -234,7 +235,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
## Checkout HEAD^
|
## Checkout HEAD^
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
- run: git checkout HEAD^
|
- run: git checkout HEAD^
|
||||||
@@ -244,12 +245,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v5
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
path: main
|
path: main
|
||||||
|
|
||||||
- name: Checkout tools repo
|
- name: Checkout tools repo
|
||||||
uses: actions/checkout@v5
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
repository: my-org/my-tools
|
repository: my-org/my-tools
|
||||||
path: my-tools
|
path: my-tools
|
||||||
@@ -260,10 +261,10 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v5
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
- name: Checkout tools repo
|
- name: Checkout tools repo
|
||||||
uses: actions/checkout@v5
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
repository: my-org/my-tools
|
repository: my-org/my-tools
|
||||||
path: my-tools
|
path: my-tools
|
||||||
@@ -274,12 +275,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v5
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
path: main
|
path: main
|
||||||
|
|
||||||
- name: Checkout private tools
|
- name: Checkout private tools
|
||||||
uses: actions/checkout@v5
|
uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
repository: my-org/my-private-tools
|
repository: my-org/my-private-tools
|
||||||
token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
|
token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
|
||||||
@@ -292,7 +293,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
|
|||||||
## Checkout pull request HEAD commit instead of merge commit
|
## Checkout pull request HEAD commit instead of merge commit
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
ref: ${{ github.event.pull_request.head.sha }}
|
ref: ${{ github.event.pull_request.head.sha }}
|
||||||
```
|
```
|
||||||
@@ -308,7 +309,7 @@ jobs:
|
|||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
```
|
```
|
||||||
|
|
||||||
## Push a commit using the built-in token
|
## Push a commit using the built-in token
|
||||||
@@ -319,7 +320,7 @@ jobs:
|
|||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
- run: |
|
- run: |
|
||||||
date > generated.txt
|
date > generated.txt
|
||||||
# Note: the following account information will not work on GHES
|
# Note: the following account information will not work on GHES
|
||||||
@@ -341,7 +342,7 @@ jobs:
|
|||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v5
|
- uses: actions/checkout@v6
|
||||||
with:
|
with:
|
||||||
ref: ${{ github.head_ref }}
|
ref: ${{ github.head_ref }}
|
||||||
- run: |
|
- run: |
|
||||||
|
|||||||
@@ -108,7 +108,7 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
jest.restoreAllMocks()
|
jest.restoreAllMocks()
|
||||||
})
|
})
|
||||||
|
|
||||||
it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is true', async () => {
|
it('should call execGit with the correct arguments when fetchDepth is 0', async () => {
|
||||||
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
const workingDirectory = 'test'
|
const workingDirectory = 'test'
|
||||||
const lfs = false
|
const lfs = false
|
||||||
@@ -122,45 +122,7 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
const refSpec = ['refspec1', 'refspec2']
|
const refSpec = ['refspec1', 'refspec2']
|
||||||
const options = {
|
const options = {
|
||||||
filter: 'filterValue',
|
filter: 'filterValue',
|
||||||
fetchDepth: 0,
|
fetchDepth: 0
|
||||||
fetchTags: true
|
|
||||||
}
|
|
||||||
|
|
||||||
await git.fetch(refSpec, options)
|
|
||||||
|
|
||||||
expect(mockExec).toHaveBeenCalledWith(
|
|
||||||
expect.any(String),
|
|
||||||
[
|
|
||||||
'-c',
|
|
||||||
'protocol.version=2',
|
|
||||||
'fetch',
|
|
||||||
'--prune',
|
|
||||||
'--no-recurse-submodules',
|
|
||||||
'--filter=filterValue',
|
|
||||||
'origin',
|
|
||||||
'refspec1',
|
|
||||||
'refspec2'
|
|
||||||
],
|
|
||||||
expect.any(Object)
|
|
||||||
)
|
|
||||||
})
|
|
||||||
|
|
||||||
it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is false', async () => {
|
|
||||||
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
|
||||||
|
|
||||||
const workingDirectory = 'test'
|
|
||||||
const lfs = false
|
|
||||||
const doSparseCheckout = false
|
|
||||||
git = await commandManager.createCommandManager(
|
|
||||||
workingDirectory,
|
|
||||||
lfs,
|
|
||||||
doSparseCheckout
|
|
||||||
)
|
|
||||||
const refSpec = ['refspec1', 'refspec2']
|
|
||||||
const options = {
|
|
||||||
filter: 'filterValue',
|
|
||||||
fetchDepth: 0,
|
|
||||||
fetchTags: false
|
|
||||||
}
|
}
|
||||||
|
|
||||||
await git.fetch(refSpec, options)
|
await git.fetch(refSpec, options)
|
||||||
@@ -183,7 +145,45 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is false', async () => {
|
it('should call execGit with the correct arguments when fetchDepth is 0 and refSpec includes tags', async () => {
|
||||||
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
|
|
||||||
|
const workingDirectory = 'test'
|
||||||
|
const lfs = false
|
||||||
|
const doSparseCheckout = false
|
||||||
|
git = await commandManager.createCommandManager(
|
||||||
|
workingDirectory,
|
||||||
|
lfs,
|
||||||
|
doSparseCheckout
|
||||||
|
)
|
||||||
|
const refSpec = ['refspec1', 'refspec2', '+refs/tags/*:refs/tags/*']
|
||||||
|
const options = {
|
||||||
|
filter: 'filterValue',
|
||||||
|
fetchDepth: 0
|
||||||
|
}
|
||||||
|
|
||||||
|
await git.fetch(refSpec, options)
|
||||||
|
|
||||||
|
expect(mockExec).toHaveBeenCalledWith(
|
||||||
|
expect.any(String),
|
||||||
|
[
|
||||||
|
'-c',
|
||||||
|
'protocol.version=2',
|
||||||
|
'fetch',
|
||||||
|
'--no-tags',
|
||||||
|
'--prune',
|
||||||
|
'--no-recurse-submodules',
|
||||||
|
'--filter=filterValue',
|
||||||
|
'origin',
|
||||||
|
'refspec1',
|
||||||
|
'refspec2',
|
||||||
|
'+refs/tags/*:refs/tags/*'
|
||||||
|
],
|
||||||
|
expect.any(Object)
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
|
it('should call execGit with the correct arguments when fetchDepth is 1', async () => {
|
||||||
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
|
|
||||||
const workingDirectory = 'test'
|
const workingDirectory = 'test'
|
||||||
@@ -197,8 +197,7 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
const refSpec = ['refspec1', 'refspec2']
|
const refSpec = ['refspec1', 'refspec2']
|
||||||
const options = {
|
const options = {
|
||||||
filter: 'filterValue',
|
filter: 'filterValue',
|
||||||
fetchDepth: 1,
|
fetchDepth: 1
|
||||||
fetchTags: false
|
|
||||||
}
|
}
|
||||||
|
|
||||||
await git.fetch(refSpec, options)
|
await git.fetch(refSpec, options)
|
||||||
@@ -222,7 +221,7 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is true', async () => {
|
it('should call execGit with the correct arguments when fetchDepth is 1 and refSpec includes tags', async () => {
|
||||||
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
|
|
||||||
const workingDirectory = 'test'
|
const workingDirectory = 'test'
|
||||||
@@ -233,11 +232,10 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
lfs,
|
lfs,
|
||||||
doSparseCheckout
|
doSparseCheckout
|
||||||
)
|
)
|
||||||
const refSpec = ['refspec1', 'refspec2']
|
const refSpec = ['refspec1', 'refspec2', '+refs/tags/*:refs/tags/*']
|
||||||
const options = {
|
const options = {
|
||||||
filter: 'filterValue',
|
filter: 'filterValue',
|
||||||
fetchDepth: 1,
|
fetchDepth: 1
|
||||||
fetchTags: true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
await git.fetch(refSpec, options)
|
await git.fetch(refSpec, options)
|
||||||
@@ -248,13 +246,15 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
'-c',
|
'-c',
|
||||||
'protocol.version=2',
|
'protocol.version=2',
|
||||||
'fetch',
|
'fetch',
|
||||||
|
'--no-tags',
|
||||||
'--prune',
|
'--prune',
|
||||||
'--no-recurse-submodules',
|
'--no-recurse-submodules',
|
||||||
'--filter=filterValue',
|
'--filter=filterValue',
|
||||||
'--depth=1',
|
'--depth=1',
|
||||||
'origin',
|
'origin',
|
||||||
'refspec1',
|
'refspec1',
|
||||||
'refspec2'
|
'refspec2',
|
||||||
|
'+refs/tags/*:refs/tags/*'
|
||||||
],
|
],
|
||||||
expect.any(Object)
|
expect.any(Object)
|
||||||
)
|
)
|
||||||
@@ -338,7 +338,7 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('should call execGit with the correct arguments when fetchTags is true and showProgress is true', async () => {
|
it('should call execGit with the correct arguments when showProgress is true and refSpec includes tags', async () => {
|
||||||
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
|
|
||||||
const workingDirectory = 'test'
|
const workingDirectory = 'test'
|
||||||
@@ -349,10 +349,9 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
lfs,
|
lfs,
|
||||||
doSparseCheckout
|
doSparseCheckout
|
||||||
)
|
)
|
||||||
const refSpec = ['refspec1', 'refspec2']
|
const refSpec = ['refspec1', 'refspec2', '+refs/tags/*:refs/tags/*']
|
||||||
const options = {
|
const options = {
|
||||||
filter: 'filterValue',
|
filter: 'filterValue',
|
||||||
fetchTags: true,
|
|
||||||
showProgress: true
|
showProgress: true
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -364,15 +363,134 @@ describe('Test fetchDepth and fetchTags options', () => {
|
|||||||
'-c',
|
'-c',
|
||||||
'protocol.version=2',
|
'protocol.version=2',
|
||||||
'fetch',
|
'fetch',
|
||||||
|
'--no-tags',
|
||||||
'--prune',
|
'--prune',
|
||||||
'--no-recurse-submodules',
|
'--no-recurse-submodules',
|
||||||
'--progress',
|
'--progress',
|
||||||
'--filter=filterValue',
|
'--filter=filterValue',
|
||||||
'origin',
|
'origin',
|
||||||
'refspec1',
|
'refspec1',
|
||||||
'refspec2'
|
'refspec2',
|
||||||
|
'+refs/tags/*:refs/tags/*'
|
||||||
],
|
],
|
||||||
expect.any(Object)
|
expect.any(Object)
|
||||||
)
|
)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
describe('git user-agent with orchestration ID', () => {
|
||||||
|
beforeEach(async () => {
|
||||||
|
jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
|
||||||
|
jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn())
|
||||||
|
})
|
||||||
|
|
||||||
|
afterEach(() => {
|
||||||
|
jest.restoreAllMocks()
|
||||||
|
// Clean up environment variable to prevent test pollution
|
||||||
|
delete process.env['ACTIONS_ORCHESTRATION_ID']
|
||||||
|
})
|
||||||
|
|
||||||
|
it('should include orchestration ID in user-agent when ACTIONS_ORCHESTRATION_ID is set', async () => {
|
||||||
|
const orchId = 'test-orch-id-12345'
|
||||||
|
process.env['ACTIONS_ORCHESTRATION_ID'] = orchId
|
||||||
|
|
||||||
|
let capturedEnv: any = null
|
||||||
|
mockExec.mockImplementation((path, args, options) => {
|
||||||
|
if (args.includes('version')) {
|
||||||
|
options.listeners.stdout(Buffer.from('2.18'))
|
||||||
|
}
|
||||||
|
// Capture env on any command
|
||||||
|
capturedEnv = options.env
|
||||||
|
return 0
|
||||||
|
})
|
||||||
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
|
|
||||||
|
const workingDirectory = 'test'
|
||||||
|
const lfs = false
|
||||||
|
const doSparseCheckout = false
|
||||||
|
git = await commandManager.createCommandManager(
|
||||||
|
workingDirectory,
|
||||||
|
lfs,
|
||||||
|
doSparseCheckout
|
||||||
|
)
|
||||||
|
|
||||||
|
// Call a git command to trigger env capture after user-agent is set
|
||||||
|
await git.init()
|
||||||
|
|
||||||
|
// Verify the user agent includes the orchestration ID
|
||||||
|
expect(git).toBeDefined()
|
||||||
|
expect(capturedEnv).toBeDefined()
|
||||||
|
expect(capturedEnv['GIT_HTTP_USER_AGENT']).toBe(
|
||||||
|
`git/2.18 (github-actions-checkout) actions_orchestration_id/${orchId}`
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
|
it('should sanitize invalid characters in orchestration ID', async () => {
|
||||||
|
const orchId = 'test (with) special/chars'
|
||||||
|
process.env['ACTIONS_ORCHESTRATION_ID'] = orchId
|
||||||
|
|
||||||
|
let capturedEnv: any = null
|
||||||
|
mockExec.mockImplementation((path, args, options) => {
|
||||||
|
if (args.includes('version')) {
|
||||||
|
options.listeners.stdout(Buffer.from('2.18'))
|
||||||
|
}
|
||||||
|
// Capture env on any command
|
||||||
|
capturedEnv = options.env
|
||||||
|
return 0
|
||||||
|
})
|
||||||
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
|
|
||||||
|
const workingDirectory = 'test'
|
||||||
|
const lfs = false
|
||||||
|
const doSparseCheckout = false
|
||||||
|
git = await commandManager.createCommandManager(
|
||||||
|
workingDirectory,
|
||||||
|
lfs,
|
||||||
|
doSparseCheckout
|
||||||
|
)
|
||||||
|
|
||||||
|
// Call a git command to trigger env capture after user-agent is set
|
||||||
|
await git.init()
|
||||||
|
|
||||||
|
// Verify the user agent has sanitized orchestration ID (spaces, parentheses, slash replaced)
|
||||||
|
expect(git).toBeDefined()
|
||||||
|
expect(capturedEnv).toBeDefined()
|
||||||
|
expect(capturedEnv['GIT_HTTP_USER_AGENT']).toBe(
|
||||||
|
'git/2.18 (github-actions-checkout) actions_orchestration_id/test__with__special_chars'
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
|
it('should not modify user-agent when ACTIONS_ORCHESTRATION_ID is not set', async () => {
|
||||||
|
delete process.env['ACTIONS_ORCHESTRATION_ID']
|
||||||
|
|
||||||
|
let capturedEnv: any = null
|
||||||
|
mockExec.mockImplementation((path, args, options) => {
|
||||||
|
if (args.includes('version')) {
|
||||||
|
options.listeners.stdout(Buffer.from('2.18'))
|
||||||
|
}
|
||||||
|
// Capture env on any command
|
||||||
|
capturedEnv = options.env
|
||||||
|
return 0
|
||||||
|
})
|
||||||
|
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
|
||||||
|
|
||||||
|
const workingDirectory = 'test'
|
||||||
|
const lfs = false
|
||||||
|
const doSparseCheckout = false
|
||||||
|
git = await commandManager.createCommandManager(
|
||||||
|
workingDirectory,
|
||||||
|
lfs,
|
||||||
|
doSparseCheckout
|
||||||
|
)
|
||||||
|
|
||||||
|
// Call a git command to trigger env capture after user-agent is set
|
||||||
|
await git.init()
|
||||||
|
|
||||||
|
// Verify the user agent does NOT contain orchestration ID
|
||||||
|
expect(git).toBeDefined()
|
||||||
|
expect(capturedEnv).toBeDefined()
|
||||||
|
expect(capturedEnv['GIT_HTTP_USER_AGENT']).toBe(
|
||||||
|
'git/2.18 (github-actions-checkout)'
|
||||||
|
)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|||||||
@@ -152,7 +152,22 @@ describe('ref-helper tests', () => {
|
|||||||
it('getRefSpec sha + refs/tags/', async () => {
|
it('getRefSpec sha + refs/tags/', async () => {
|
||||||
const refSpec = refHelper.getRefSpec('refs/tags/my-tag', commit)
|
const refSpec = refHelper.getRefSpec('refs/tags/my-tag', commit)
|
||||||
expect(refSpec.length).toBe(1)
|
expect(refSpec.length).toBe(1)
|
||||||
expect(refSpec[0]).toBe(`+${commit}:refs/tags/my-tag`)
|
expect(refSpec[0]).toBe(`+refs/tags/my-tag:refs/tags/my-tag`)
|
||||||
|
})
|
||||||
|
|
||||||
|
it('getRefSpec sha + refs/tags/ with fetchTags', async () => {
|
||||||
|
// When fetchTags is true, only include tags wildcard (specific tag is redundant)
|
||||||
|
const refSpec = refHelper.getRefSpec('refs/tags/my-tag', commit, true)
|
||||||
|
expect(refSpec.length).toBe(1)
|
||||||
|
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
|
||||||
|
})
|
||||||
|
|
||||||
|
it('getRefSpec sha + refs/heads/ with fetchTags', async () => {
|
||||||
|
// When fetchTags is true, include both the branch refspec and tags wildcard
|
||||||
|
const refSpec = refHelper.getRefSpec('refs/heads/my/branch', commit, true)
|
||||||
|
expect(refSpec.length).toBe(2)
|
||||||
|
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
|
||||||
|
expect(refSpec[1]).toBe(`+${commit}:refs/remotes/origin/my/branch`)
|
||||||
})
|
})
|
||||||
|
|
||||||
it('getRefSpec sha only', async () => {
|
it('getRefSpec sha only', async () => {
|
||||||
@@ -168,6 +183,14 @@ describe('ref-helper tests', () => {
|
|||||||
expect(refSpec[1]).toBe('+refs/tags/my-ref*:refs/tags/my-ref*')
|
expect(refSpec[1]).toBe('+refs/tags/my-ref*:refs/tags/my-ref*')
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('getRefSpec unqualified ref only with fetchTags', async () => {
|
||||||
|
// When fetchTags is true, skip specific tag pattern since wildcard covers all
|
||||||
|
const refSpec = refHelper.getRefSpec('my-ref', '', true)
|
||||||
|
expect(refSpec.length).toBe(2)
|
||||||
|
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
|
||||||
|
expect(refSpec[1]).toBe('+refs/heads/my-ref*:refs/remotes/origin/my-ref*')
|
||||||
|
})
|
||||||
|
|
||||||
it('getRefSpec refs/heads/ only', async () => {
|
it('getRefSpec refs/heads/ only', async () => {
|
||||||
const refSpec = refHelper.getRefSpec('refs/heads/my/branch', '')
|
const refSpec = refHelper.getRefSpec('refs/heads/my/branch', '')
|
||||||
expect(refSpec.length).toBe(1)
|
expect(refSpec.length).toBe(1)
|
||||||
@@ -187,4 +210,21 @@ describe('ref-helper tests', () => {
|
|||||||
expect(refSpec.length).toBe(1)
|
expect(refSpec.length).toBe(1)
|
||||||
expect(refSpec[0]).toBe('+refs/tags/my-tag:refs/tags/my-tag')
|
expect(refSpec[0]).toBe('+refs/tags/my-tag:refs/tags/my-tag')
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('getRefSpec refs/tags/ only with fetchTags', async () => {
|
||||||
|
// When fetchTags is true, only include tags wildcard (specific tag is redundant)
|
||||||
|
const refSpec = refHelper.getRefSpec('refs/tags/my-tag', '', true)
|
||||||
|
expect(refSpec.length).toBe(1)
|
||||||
|
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
|
||||||
|
})
|
||||||
|
|
||||||
|
it('getRefSpec refs/heads/ only with fetchTags', async () => {
|
||||||
|
// When fetchTags is true, include both the branch refspec and tags wildcard
|
||||||
|
const refSpec = refHelper.getRefSpec('refs/heads/my/branch', '', true)
|
||||||
|
expect(refSpec.length).toBe(2)
|
||||||
|
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
|
||||||
|
expect(refSpec[1]).toBe(
|
||||||
|
'+refs/heads/my/branch:refs/remotes/origin/my/branch'
|
||||||
|
)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
9
__test__/verify-fetch-tags.sh
Executable file
9
__test__/verify-fetch-tags.sh
Executable file
@@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Verify tags were fetched
|
||||||
|
TAG_COUNT=$(git -C ./fetch-tags-test tag | wc -l)
|
||||||
|
if [ "$TAG_COUNT" -eq 0 ]; then
|
||||||
|
echo "Expected tags to be fetched, but found none"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "Found $TAG_COUNT tags"
|
||||||
51
__test__/verify-worktree.sh
Executable file
51
__test__/verify-worktree.sh
Executable file
@@ -0,0 +1,51 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Verify worktree credentials
|
||||||
|
# This test verifies that git credentials work in worktrees created after checkout
|
||||||
|
# Usage: verify-worktree.sh <checkout-path> <worktree-name>
|
||||||
|
|
||||||
|
CHECKOUT_PATH="$1"
|
||||||
|
WORKTREE_NAME="$2"
|
||||||
|
|
||||||
|
if [ -z "$CHECKOUT_PATH" ] || [ -z "$WORKTREE_NAME" ]; then
|
||||||
|
echo "Usage: verify-worktree.sh <checkout-path> <worktree-name>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "$CHECKOUT_PATH"
|
||||||
|
|
||||||
|
# Add safe directory for container environments
|
||||||
|
git config --global --add safe.directory "*" 2>/dev/null || true
|
||||||
|
|
||||||
|
# Show the includeIf configuration
|
||||||
|
echo "Git config includeIf entries:"
|
||||||
|
git config --list --show-origin | grep -i include || true
|
||||||
|
|
||||||
|
# Create the worktree
|
||||||
|
echo "Creating worktree..."
|
||||||
|
git worktree add "../$WORKTREE_NAME" HEAD --detach
|
||||||
|
|
||||||
|
# Change to worktree directory
|
||||||
|
cd "../$WORKTREE_NAME"
|
||||||
|
|
||||||
|
# Verify we're in a worktree
|
||||||
|
echo "Verifying worktree gitdir:"
|
||||||
|
cat .git
|
||||||
|
|
||||||
|
# Verify credentials are available in worktree by checking extraheader is configured
|
||||||
|
echo "Checking credentials in worktree..."
|
||||||
|
if git config --list --show-origin | grep -q "extraheader"; then
|
||||||
|
echo "Credentials are configured in worktree"
|
||||||
|
else
|
||||||
|
echo "ERROR: Credentials are NOT configured in worktree"
|
||||||
|
echo "Full git config:"
|
||||||
|
git config --list --show-origin
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Verify fetch works in the worktree
|
||||||
|
echo "Fetching in worktree..."
|
||||||
|
git fetch origin
|
||||||
|
|
||||||
|
echo "Worktree credentials test passed!"
|
||||||
86
dist/index.js
vendored
86
dist/index.js
vendored
@@ -412,6 +412,9 @@ class GitAuthHelper {
|
|||||||
// Configure host includeIf
|
// Configure host includeIf
|
||||||
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
|
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
|
||||||
yield this.git.config(hostIncludeKey, credentialsConfigPath);
|
yield this.git.config(hostIncludeKey, credentialsConfigPath);
|
||||||
|
// Configure host includeIf for worktrees
|
||||||
|
const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`;
|
||||||
|
yield this.git.config(hostWorktreeIncludeKey, credentialsConfigPath);
|
||||||
// Container git directory
|
// Container git directory
|
||||||
const workingDirectory = this.git.getWorkingDirectory();
|
const workingDirectory = this.git.getWorkingDirectory();
|
||||||
const githubWorkspace = process.env['GITHUB_WORKSPACE'];
|
const githubWorkspace = process.env['GITHUB_WORKSPACE'];
|
||||||
@@ -424,6 +427,9 @@ class GitAuthHelper {
|
|||||||
// Configure container includeIf
|
// Configure container includeIf
|
||||||
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
|
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
|
||||||
yield this.git.config(containerIncludeKey, containerCredentialsPath);
|
yield this.git.config(containerIncludeKey, containerCredentialsPath);
|
||||||
|
// Configure container includeIf for worktrees
|
||||||
|
const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`;
|
||||||
|
yield this.git.config(containerWorktreeIncludeKey, containerCredentialsPath);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
@@ -647,7 +653,6 @@ const fs = __importStar(__nccwpck_require__(7147));
|
|||||||
const fshelper = __importStar(__nccwpck_require__(7219));
|
const fshelper = __importStar(__nccwpck_require__(7219));
|
||||||
const io = __importStar(__nccwpck_require__(7436));
|
const io = __importStar(__nccwpck_require__(7436));
|
||||||
const path = __importStar(__nccwpck_require__(1017));
|
const path = __importStar(__nccwpck_require__(1017));
|
||||||
const refHelper = __importStar(__nccwpck_require__(8601));
|
|
||||||
const regexpHelper = __importStar(__nccwpck_require__(3120));
|
const regexpHelper = __importStar(__nccwpck_require__(3120));
|
||||||
const retryHelper = __importStar(__nccwpck_require__(2155));
|
const retryHelper = __importStar(__nccwpck_require__(2155));
|
||||||
const git_version_1 = __nccwpck_require__(3142);
|
const git_version_1 = __nccwpck_require__(3142);
|
||||||
@@ -825,9 +830,9 @@ class GitCommandManager {
|
|||||||
fetch(refSpec, options) {
|
fetch(refSpec, options) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
const args = ['-c', 'protocol.version=2', 'fetch'];
|
const args = ['-c', 'protocol.version=2', 'fetch'];
|
||||||
if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) {
|
// Always use --no-tags for explicit control over tag fetching
|
||||||
args.push('--no-tags');
|
// Tags are fetched explicitly via refspec when needed
|
||||||
}
|
args.push('--no-tags');
|
||||||
args.push('--prune', '--no-recurse-submodules');
|
args.push('--prune', '--no-recurse-submodules');
|
||||||
if (options.showProgress) {
|
if (options.showProgress) {
|
||||||
args.push('--progress');
|
args.push('--progress');
|
||||||
@@ -1200,7 +1205,17 @@ class GitCommandManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Set the user agent
|
// Set the user agent
|
||||||
const gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`;
|
let gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`;
|
||||||
|
// Append orchestration ID if set
|
||||||
|
const orchId = process.env['ACTIONS_ORCHESTRATION_ID'];
|
||||||
|
if (orchId) {
|
||||||
|
// Sanitize the orchestration ID to ensure it contains only valid characters
|
||||||
|
// Valid characters: 0-9, a-z, _, -, .
|
||||||
|
const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_');
|
||||||
|
if (sanitizedId) {
|
||||||
|
gitHttpUserAgent = `${gitHttpUserAgent} actions_orchestration_id/${sanitizedId}`;
|
||||||
|
}
|
||||||
|
}
|
||||||
core.debug(`Set git useragent to: ${gitHttpUserAgent}`);
|
core.debug(`Set git useragent to: ${gitHttpUserAgent}`);
|
||||||
this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent;
|
this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent;
|
||||||
});
|
});
|
||||||
@@ -1523,13 +1538,26 @@ function getSource(settings) {
|
|||||||
if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) {
|
if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) {
|
||||||
refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
|
refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
|
||||||
yield git.fetch(refSpec, fetchOptions);
|
yield git.fetch(refSpec, fetchOptions);
|
||||||
|
// Verify the ref now matches. For branches, the targeted fetch above brings
|
||||||
|
// in the specific commit. For tags (fetched by ref), this will fail if
|
||||||
|
// the tag was moved after the workflow was triggered.
|
||||||
|
if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) {
|
||||||
|
throw new Error(`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
|
||||||
|
`The ref may have been updated after the workflow was triggered.`);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
fetchOptions.fetchDepth = settings.fetchDepth;
|
fetchOptions.fetchDepth = settings.fetchDepth;
|
||||||
fetchOptions.fetchTags = settings.fetchTags;
|
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit, settings.fetchTags);
|
||||||
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
|
|
||||||
yield git.fetch(refSpec, fetchOptions);
|
yield git.fetch(refSpec, fetchOptions);
|
||||||
|
// For tags, verify the ref still points to the expected commit.
|
||||||
|
// Tags are fetched by ref (not commit), so if a tag was moved after the
|
||||||
|
// workflow was triggered, we would silently check out the wrong commit.
|
||||||
|
if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) {
|
||||||
|
throw new Error(`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
|
||||||
|
`The ref may have been updated after the workflow was triggered.`);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
core.endGroup();
|
core.endGroup();
|
||||||
// Checkout info
|
// Checkout info
|
||||||
@@ -2268,53 +2296,67 @@ function getRefSpecForAllHistory(ref, commit) {
|
|||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
function getRefSpec(ref, commit) {
|
function getRefSpec(ref, commit, fetchTags) {
|
||||||
if (!ref && !commit) {
|
if (!ref && !commit) {
|
||||||
throw new Error('Args ref and commit cannot both be empty');
|
throw new Error('Args ref and commit cannot both be empty');
|
||||||
}
|
}
|
||||||
const upperRef = (ref || '').toUpperCase();
|
const upperRef = (ref || '').toUpperCase();
|
||||||
|
const result = [];
|
||||||
|
// When fetchTags is true, always include the tags refspec
|
||||||
|
if (fetchTags) {
|
||||||
|
result.push(exports.tagsRefSpec);
|
||||||
|
}
|
||||||
// SHA
|
// SHA
|
||||||
if (commit) {
|
if (commit) {
|
||||||
// refs/heads
|
// refs/heads
|
||||||
if (upperRef.startsWith('REFS/HEADS/')) {
|
if (upperRef.startsWith('REFS/HEADS/')) {
|
||||||
const branch = ref.substring('refs/heads/'.length);
|
const branch = ref.substring('refs/heads/'.length);
|
||||||
return [`+${commit}:refs/remotes/origin/${branch}`];
|
result.push(`+${commit}:refs/remotes/origin/${branch}`);
|
||||||
}
|
}
|
||||||
// refs/pull/
|
// refs/pull/
|
||||||
else if (upperRef.startsWith('REFS/PULL/')) {
|
else if (upperRef.startsWith('REFS/PULL/')) {
|
||||||
const branch = ref.substring('refs/pull/'.length);
|
const branch = ref.substring('refs/pull/'.length);
|
||||||
return [`+${commit}:refs/remotes/pull/${branch}`];
|
result.push(`+${commit}:refs/remotes/pull/${branch}`);
|
||||||
}
|
}
|
||||||
// refs/tags/
|
// refs/tags/
|
||||||
else if (upperRef.startsWith('REFS/TAGS/')) {
|
else if (upperRef.startsWith('REFS/TAGS/')) {
|
||||||
return [`+${commit}:${ref}`];
|
if (!fetchTags) {
|
||||||
|
result.push(`+${ref}:${ref}`);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// Otherwise no destination ref
|
// Otherwise no destination ref
|
||||||
else {
|
else {
|
||||||
return [commit];
|
result.push(commit);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Unqualified ref, check for a matching branch or tag
|
// Unqualified ref, check for a matching branch or tag
|
||||||
else if (!upperRef.startsWith('REFS/')) {
|
else if (!upperRef.startsWith('REFS/')) {
|
||||||
return [
|
result.push(`+refs/heads/${ref}*:refs/remotes/origin/${ref}*`);
|
||||||
`+refs/heads/${ref}*:refs/remotes/origin/${ref}*`,
|
if (!fetchTags) {
|
||||||
`+refs/tags/${ref}*:refs/tags/${ref}*`
|
result.push(`+refs/tags/${ref}*:refs/tags/${ref}*`);
|
||||||
];
|
}
|
||||||
}
|
}
|
||||||
// refs/heads/
|
// refs/heads/
|
||||||
else if (upperRef.startsWith('REFS/HEADS/')) {
|
else if (upperRef.startsWith('REFS/HEADS/')) {
|
||||||
const branch = ref.substring('refs/heads/'.length);
|
const branch = ref.substring('refs/heads/'.length);
|
||||||
return [`+${ref}:refs/remotes/origin/${branch}`];
|
result.push(`+${ref}:refs/remotes/origin/${branch}`);
|
||||||
}
|
}
|
||||||
// refs/pull/
|
// refs/pull/
|
||||||
else if (upperRef.startsWith('REFS/PULL/')) {
|
else if (upperRef.startsWith('REFS/PULL/')) {
|
||||||
const branch = ref.substring('refs/pull/'.length);
|
const branch = ref.substring('refs/pull/'.length);
|
||||||
return [`+${ref}:refs/remotes/pull/${branch}`];
|
result.push(`+${ref}:refs/remotes/pull/${branch}`);
|
||||||
}
|
}
|
||||||
// refs/tags/
|
// refs/tags/
|
||||||
else {
|
else if (upperRef.startsWith('REFS/TAGS/')) {
|
||||||
return [`+${ref}:${ref}`];
|
if (!fetchTags) {
|
||||||
|
result.push(`+${ref}:${ref}`);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
// Other refs
|
||||||
|
else {
|
||||||
|
result.push(`+${ref}:${ref}`);
|
||||||
|
}
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Tests whether the initial fetch created the ref at the expected commit
|
* Tests whether the initial fetch created the ref at the expected commit
|
||||||
@@ -2350,7 +2392,9 @@ function testRef(git, ref, commit) {
|
|||||||
// refs/tags/
|
// refs/tags/
|
||||||
else if (upperRef.startsWith('REFS/TAGS/')) {
|
else if (upperRef.startsWith('REFS/TAGS/')) {
|
||||||
const tagName = ref.substring('refs/tags/'.length);
|
const tagName = ref.substring('refs/tags/'.length);
|
||||||
return ((yield git.tagExists(tagName)) && commit === (yield git.revParse(ref)));
|
// Use ^{commit} to dereference annotated tags to their underlying commit
|
||||||
|
return ((yield git.tagExists(tagName)) &&
|
||||||
|
commit === (yield git.revParse(`${ref}^{commit}`)));
|
||||||
}
|
}
|
||||||
// Unexpected
|
// Unexpected
|
||||||
else {
|
else {
|
||||||
|
|||||||
@@ -374,6 +374,10 @@ class GitAuthHelper {
|
|||||||
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
|
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
|
||||||
await this.git.config(hostIncludeKey, credentialsConfigPath)
|
await this.git.config(hostIncludeKey, credentialsConfigPath)
|
||||||
|
|
||||||
|
// Configure host includeIf for worktrees
|
||||||
|
const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`
|
||||||
|
await this.git.config(hostWorktreeIncludeKey, credentialsConfigPath)
|
||||||
|
|
||||||
// Container git directory
|
// Container git directory
|
||||||
const workingDirectory = this.git.getWorkingDirectory()
|
const workingDirectory = this.git.getWorkingDirectory()
|
||||||
const githubWorkspace = process.env['GITHUB_WORKSPACE']
|
const githubWorkspace = process.env['GITHUB_WORKSPACE']
|
||||||
@@ -395,6 +399,13 @@ class GitAuthHelper {
|
|||||||
// Configure container includeIf
|
// Configure container includeIf
|
||||||
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
|
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
|
||||||
await this.git.config(containerIncludeKey, containerCredentialsPath)
|
await this.git.config(containerIncludeKey, containerCredentialsPath)
|
||||||
|
|
||||||
|
// Configure container includeIf for worktrees
|
||||||
|
const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`
|
||||||
|
await this.git.config(
|
||||||
|
containerWorktreeIncludeKey,
|
||||||
|
containerCredentialsPath
|
||||||
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,6 @@ export interface IGitCommandManager {
|
|||||||
options: {
|
options: {
|
||||||
filter?: string
|
filter?: string
|
||||||
fetchDepth?: number
|
fetchDepth?: number
|
||||||
fetchTags?: boolean
|
|
||||||
showProgress?: boolean
|
showProgress?: boolean
|
||||||
}
|
}
|
||||||
): Promise<void>
|
): Promise<void>
|
||||||
@@ -280,14 +279,13 @@ class GitCommandManager {
|
|||||||
options: {
|
options: {
|
||||||
filter?: string
|
filter?: string
|
||||||
fetchDepth?: number
|
fetchDepth?: number
|
||||||
fetchTags?: boolean
|
|
||||||
showProgress?: boolean
|
showProgress?: boolean
|
||||||
}
|
}
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
const args = ['-c', 'protocol.version=2', 'fetch']
|
const args = ['-c', 'protocol.version=2', 'fetch']
|
||||||
if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) {
|
// Always use --no-tags for explicit control over tag fetching
|
||||||
args.push('--no-tags')
|
// Tags are fetched explicitly via refspec when needed
|
||||||
}
|
args.push('--no-tags')
|
||||||
|
|
||||||
args.push('--prune', '--no-recurse-submodules')
|
args.push('--prune', '--no-recurse-submodules')
|
||||||
if (options.showProgress) {
|
if (options.showProgress) {
|
||||||
@@ -730,7 +728,19 @@ class GitCommandManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Set the user agent
|
// Set the user agent
|
||||||
const gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`
|
let gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`
|
||||||
|
|
||||||
|
// Append orchestration ID if set
|
||||||
|
const orchId = process.env['ACTIONS_ORCHESTRATION_ID']
|
||||||
|
if (orchId) {
|
||||||
|
// Sanitize the orchestration ID to ensure it contains only valid characters
|
||||||
|
// Valid characters: 0-9, a-z, _, -, .
|
||||||
|
const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_')
|
||||||
|
if (sanitizedId) {
|
||||||
|
gitHttpUserAgent = `${gitHttpUserAgent} actions_orchestration_id/${sanitizedId}`
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
core.debug(`Set git useragent to: ${gitHttpUserAgent}`)
|
core.debug(`Set git useragent to: ${gitHttpUserAgent}`)
|
||||||
this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent
|
this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -159,7 +159,6 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
|
|||||||
const fetchOptions: {
|
const fetchOptions: {
|
||||||
filter?: string
|
filter?: string
|
||||||
fetchDepth?: number
|
fetchDepth?: number
|
||||||
fetchTags?: boolean
|
|
||||||
showProgress?: boolean
|
showProgress?: boolean
|
||||||
} = {}
|
} = {}
|
||||||
|
|
||||||
@@ -182,12 +181,35 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
|
|||||||
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
|
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
|
||||||
refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
||||||
await git.fetch(refSpec, fetchOptions)
|
await git.fetch(refSpec, fetchOptions)
|
||||||
|
|
||||||
|
// Verify the ref now matches. For branches, the targeted fetch above brings
|
||||||
|
// in the specific commit. For tags (fetched by ref), this will fail if
|
||||||
|
// the tag was moved after the workflow was triggered.
|
||||||
|
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
|
||||||
|
throw new Error(
|
||||||
|
`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
|
||||||
|
`The ref may have been updated after the workflow was triggered.`
|
||||||
|
)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
fetchOptions.fetchDepth = settings.fetchDepth
|
fetchOptions.fetchDepth = settings.fetchDepth
|
||||||
fetchOptions.fetchTags = settings.fetchTags
|
const refSpec = refHelper.getRefSpec(
|
||||||
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
|
settings.ref,
|
||||||
|
settings.commit,
|
||||||
|
settings.fetchTags
|
||||||
|
)
|
||||||
await git.fetch(refSpec, fetchOptions)
|
await git.fetch(refSpec, fetchOptions)
|
||||||
|
|
||||||
|
// For tags, verify the ref still points to the expected commit.
|
||||||
|
// Tags are fetched by ref (not commit), so if a tag was moved after the
|
||||||
|
// workflow was triggered, we would silently check out the wrong commit.
|
||||||
|
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
|
||||||
|
throw new Error(
|
||||||
|
`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
|
||||||
|
`The ref may have been updated after the workflow was triggered.`
|
||||||
|
)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
core.endGroup()
|
core.endGroup()
|
||||||
|
|
||||||
|
|||||||
@@ -120,7 +120,7 @@ function updateUsage(
|
|||||||
}
|
}
|
||||||
|
|
||||||
updateUsage(
|
updateUsage(
|
||||||
'actions/checkout@v5',
|
'actions/checkout@v6',
|
||||||
path.join(__dirname, '..', '..', 'action.yml'),
|
path.join(__dirname, '..', '..', 'action.yml'),
|
||||||
path.join(__dirname, '..', '..', 'README.md')
|
path.join(__dirname, '..', '..', 'README.md')
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -76,55 +76,75 @@ export function getRefSpecForAllHistory(ref: string, commit: string): string[] {
|
|||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
export function getRefSpec(ref: string, commit: string): string[] {
|
export function getRefSpec(
|
||||||
|
ref: string,
|
||||||
|
commit: string,
|
||||||
|
fetchTags?: boolean
|
||||||
|
): string[] {
|
||||||
if (!ref && !commit) {
|
if (!ref && !commit) {
|
||||||
throw new Error('Args ref and commit cannot both be empty')
|
throw new Error('Args ref and commit cannot both be empty')
|
||||||
}
|
}
|
||||||
|
|
||||||
const upperRef = (ref || '').toUpperCase()
|
const upperRef = (ref || '').toUpperCase()
|
||||||
|
const result: string[] = []
|
||||||
|
|
||||||
|
// When fetchTags is true, always include the tags refspec
|
||||||
|
if (fetchTags) {
|
||||||
|
result.push(tagsRefSpec)
|
||||||
|
}
|
||||||
|
|
||||||
// SHA
|
// SHA
|
||||||
if (commit) {
|
if (commit) {
|
||||||
// refs/heads
|
// refs/heads
|
||||||
if (upperRef.startsWith('REFS/HEADS/')) {
|
if (upperRef.startsWith('REFS/HEADS/')) {
|
||||||
const branch = ref.substring('refs/heads/'.length)
|
const branch = ref.substring('refs/heads/'.length)
|
||||||
return [`+${commit}:refs/remotes/origin/${branch}`]
|
result.push(`+${commit}:refs/remotes/origin/${branch}`)
|
||||||
}
|
}
|
||||||
// refs/pull/
|
// refs/pull/
|
||||||
else if (upperRef.startsWith('REFS/PULL/')) {
|
else if (upperRef.startsWith('REFS/PULL/')) {
|
||||||
const branch = ref.substring('refs/pull/'.length)
|
const branch = ref.substring('refs/pull/'.length)
|
||||||
return [`+${commit}:refs/remotes/pull/${branch}`]
|
result.push(`+${commit}:refs/remotes/pull/${branch}`)
|
||||||
}
|
}
|
||||||
// refs/tags/
|
// refs/tags/
|
||||||
else if (upperRef.startsWith('REFS/TAGS/')) {
|
else if (upperRef.startsWith('REFS/TAGS/')) {
|
||||||
return [`+${commit}:${ref}`]
|
if (!fetchTags) {
|
||||||
|
result.push(`+${ref}:${ref}`)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// Otherwise no destination ref
|
// Otherwise no destination ref
|
||||||
else {
|
else {
|
||||||
return [commit]
|
result.push(commit)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Unqualified ref, check for a matching branch or tag
|
// Unqualified ref, check for a matching branch or tag
|
||||||
else if (!upperRef.startsWith('REFS/')) {
|
else if (!upperRef.startsWith('REFS/')) {
|
||||||
return [
|
result.push(`+refs/heads/${ref}*:refs/remotes/origin/${ref}*`)
|
||||||
`+refs/heads/${ref}*:refs/remotes/origin/${ref}*`,
|
if (!fetchTags) {
|
||||||
`+refs/tags/${ref}*:refs/tags/${ref}*`
|
result.push(`+refs/tags/${ref}*:refs/tags/${ref}*`)
|
||||||
]
|
}
|
||||||
}
|
}
|
||||||
// refs/heads/
|
// refs/heads/
|
||||||
else if (upperRef.startsWith('REFS/HEADS/')) {
|
else if (upperRef.startsWith('REFS/HEADS/')) {
|
||||||
const branch = ref.substring('refs/heads/'.length)
|
const branch = ref.substring('refs/heads/'.length)
|
||||||
return [`+${ref}:refs/remotes/origin/${branch}`]
|
result.push(`+${ref}:refs/remotes/origin/${branch}`)
|
||||||
}
|
}
|
||||||
// refs/pull/
|
// refs/pull/
|
||||||
else if (upperRef.startsWith('REFS/PULL/')) {
|
else if (upperRef.startsWith('REFS/PULL/')) {
|
||||||
const branch = ref.substring('refs/pull/'.length)
|
const branch = ref.substring('refs/pull/'.length)
|
||||||
return [`+${ref}:refs/remotes/pull/${branch}`]
|
result.push(`+${ref}:refs/remotes/pull/${branch}`)
|
||||||
}
|
}
|
||||||
// refs/tags/
|
// refs/tags/
|
||||||
else {
|
else if (upperRef.startsWith('REFS/TAGS/')) {
|
||||||
return [`+${ref}:${ref}`]
|
if (!fetchTags) {
|
||||||
|
result.push(`+${ref}:${ref}`)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
// Other refs
|
||||||
|
else {
|
||||||
|
result.push(`+${ref}:${ref}`)
|
||||||
|
}
|
||||||
|
|
||||||
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -170,8 +190,10 @@ export async function testRef(
|
|||||||
// refs/tags/
|
// refs/tags/
|
||||||
else if (upperRef.startsWith('REFS/TAGS/')) {
|
else if (upperRef.startsWith('REFS/TAGS/')) {
|
||||||
const tagName = ref.substring('refs/tags/'.length)
|
const tagName = ref.substring('refs/tags/'.length)
|
||||||
|
// Use ^{commit} to dereference annotated tags to their underlying commit
|
||||||
return (
|
return (
|
||||||
(await git.tagExists(tagName)) && commit === (await git.revParse(ref))
|
(await git.tagExists(tagName)) &&
|
||||||
|
commit === (await git.revParse(`${ref}^{commit}`))
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
// Unexpected
|
// Unexpected
|
||||||
|
|||||||
Reference in New Issue
Block a user