Merge 6b8be4cb30 into 1af3b93b68

Add a test
update action.yml and readme
2026-06-14 16:53:47 +08:00 · 2025-11-21 09:13:18 +01:00 · 2024-02-19 19:28:53 +02:00 · 2024-02-19 18:24:39 +02:00 · 2024-02-19 18:20:02 +02:00 · 2024-02-06 15:30:36 +02:00
19 changed files with 111 additions and 132 deletions
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4.1.6

      - name: Set Node.js 24.x
        uses: actions/setup-node@v4
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -39,7 +39,7 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v6
+      uses: actions/checkout@v4.1.6

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@@ -9,6 +9,6 @@ jobs:
    runs-on: ubuntu-latest
    name: Check licenses
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4.1.6
      - run: npm ci
      - run: npm run licensed-check
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@@ -14,7 +14,7 @@ jobs:

    steps:
      - name: Checking out
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
      - name: Publish
        id: publish
        uses: actions/publish-immutable-action@0.0.3
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
      - uses: actions/setup-node@v4
        with:
          node-version: 24.x
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4.1.6
      - run: npm ci
      - run: npm run build
      - run: npm run format-check
@@ -37,7 +37,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6

      # Basic checkout
      - name: Checkout basic
@@ -165,22 +165,6 @@ jobs:
      - name: Verify submodules recursive
        run: __test__/verify-submodules-recursive.sh

-      # Worktree credentials
-      - name: Checkout for worktree test
-        uses: ./
-        with:
-          path: worktree-test
-      - name: Verify worktree credentials
-        shell: bash
-        run: __test__/verify-worktree.sh worktree-test worktree-branch
-
-      # Worktree credentials in container step
-      - name: Verify worktree credentials in container step
-        if: runner.os == 'Linux'
-        uses: docker://bitnami/git:latest
-        with:
-          args: bash __test__/verify-worktree.sh worktree-test container-worktree-branch
-
      # Basic checkout using REST API
      - name: Remove basic
        if: runner.os != 'windows'
@@ -218,7 +202,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6

      # Basic checkout using git
      - name: Checkout basic
@@ -250,7 +234,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6

      # Basic checkout using git
      - name: Checkout basic
@@ -280,7 +264,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
        with:
          path: localClone

@@ -307,8 +291,8 @@ jobs:
          git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main

      # needed to make checkout post cleanup succeed
-      - name: Fix Checkout v6
-        uses: actions/checkout@v6
+      - name: Fix Checkout v4
+        uses: actions/checkout@v4.1.6
        with:
          path: localClone

@@ -317,7 +301,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
        with:
          path: actions-checkout

--- a/.github/workflows/update-main-version.yml
+++ b/.github/workflows/update-main-version.yml
@@ -23,7 +23,7 @@ jobs:
    # Note this update workflow can also be used as a rollback tool.
    # For that reason, it's best to pin `actions/checkout` to a known, stable version
    # (typically, about two releases back).
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v4.1.6
      with:
        fetch-depth: 0
    - name: Git config
--- a/.github/workflows/update-test-ubuntu-git.yml
+++ b/.github/workflows/update-test-ubuntu-git.yml
@@ -26,7 +26,7 @@ jobs:
 
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4

      # Use `docker/login-action` to log in to GHCR.io. 
      # Once published, the packages are scoped to the account defined here.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,19 +1,19 @@
 # Changelog

-## v6.0.0
+## V6.0.0
 * Persist creds to a separate file by @ericsciple in https://github.com/actions/checkout/pull/2286
 * Update README to include Node.js 24 support details and requirements by @salmanmkc in https://github.com/actions/checkout/pull/2248

-## v5.0.1
+## V5.0.1
 * Port v6 cleanup to v5 by @ericsciple in https://github.com/actions/checkout/pull/2301

-## v5.0.0
+## V5.0.0
 * Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226

-## v4.3.1
+## V4.3.1
 * Port v6 cleanup to v4 by @ericsciple in https://github.com/actions/checkout/pull/2305

-## v4.3.0
+## V4.3.0
 * docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
 * Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
 * Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043
--- a/README.md
+++ b/README.md
@@ -4,9 +4,8 @@

 ## What's new

- Improved credential security: `persist-credentials` now stores credentials in a separate file under `$RUNNER_TEMP` instead of directly in `.git/config`
- No workflow changes required — `git fetch`, `git push`, etc. continue to work automatically
- Running authenticated git commands from a [Docker container action](https://docs.github.com/actions/sharing-automations/creating-actions/creating-a-docker-container-action) requires Actions Runner [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) or later
+- Updated `persist-credentials` to store the credentials under `$RUNNER_TEMP` instead of directly in the local git config.
+  - This requires a minimum Actions Runner version of [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) to access the persisted credentials for [Docker container action](https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action) scenarios.

 # Checkout v5

@@ -52,7 +51,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 <!-- start usage -->
 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    # Repository name with owner. For example, actions/checkout
    # Default: ${{ github.repository }}
@@ -63,6 +62,11 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
    # Otherwise, uses the default branch.
    ref: ''

+    # Indicates whether to checkout the default repository branch if the requested ref
+    # does not exist
+    # Default: false
+    default-branch-checkout: ''
+
    # Personal access token (PAT) used to fetch the repository. The PAT is configured
    # with the local git config, which enables your scripts to run authenticated git
    # commands. The post-job step removes the PAT.
@@ -191,7 +195,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only the root files

 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    sparse-checkout: .
 ```
@@ -199,7 +203,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only the root files and `.github` and `src` folder

 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    sparse-checkout: |
      .github
@@ -209,7 +213,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only a single file

 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    sparse-checkout: |
      README.md
@@ -219,7 +223,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch all history for all tags and branches

 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    fetch-depth: 0
 ```
@@ -227,7 +231,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout a different branch

 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    ref: my-branch
 ```
@@ -235,7 +239,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout HEAD^

 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    fetch-depth: 2
 - run: git checkout HEAD^
@@ -245,12 +249,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 ```yaml
 - name: Checkout
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
  with:
    path: main

 - name: Checkout tools repo
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
  with:
    repository: my-org/my-tools
    path: my-tools
@@ -261,10 +265,10 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 ```yaml
 - name: Checkout
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5

 - name: Checkout tools repo
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
  with:
    repository: my-org/my-tools
    path: my-tools
@@ -275,12 +279,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/

 ```yaml
 - name: Checkout
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
  with:
    path: main

 - name: Checkout private tools
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
  with:
    repository: my-org/my-private-tools
    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
@@ -293,7 +297,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout pull request HEAD commit instead of merge commit

 ```yaml
- uses: actions/checkout@v6
+- uses: actions/checkout@v5
  with:
    ref: ${{ github.event.pull_request.head.sha }}
 ```
@@ -309,7 +313,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
 ```

 ## Push a commit using the built-in token
@@ -320,7 +324,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - run: |
          date > generated.txt
          # Note: the following account information will not work on GHES
@@ -342,7 +346,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          ref: ${{ github.head_ref }}
      - run: |
--- a/test/git-auth-helper.test.ts
+++ b/test/git-auth-helper.test.ts
@@ -1164,6 +1164,7 @@ async function setup(testName: string): Promise<void> {
    nestedSubmodules: false,
    persistCredentials: true,
    ref: 'refs/heads/main',
+    defaultBranchCheckout: false,
    repositoryName: 'my-repo',
    repositoryOwner: 'my-org',
    repositoryPath: '',
--- a/test/input-helper.test.ts
+++ b/test/input-helper.test.ts
@@ -80,6 +80,7 @@ describe('input-helper tests', () => {
    expect(settings.commit).toBeTruthy()
    expect(settings.commit).toBe('1234567890123456789012345678901234567890')
    expect(settings.filter).toBe(undefined)
+    expect(settings.defaultBranchCheckout).toBe(false)
    expect(settings.sparseCheckout).toBe(undefined)
    expect(settings.sparseCheckoutConeMode).toBe(true)
    expect(settings.fetchDepth).toBe(1)
--- a/test/verify-worktree.sh
+++ b/test/verify-worktree.sh
@@ -1,51 +0,0 @@
-#!/bin/bash
-set -e
-
-# Verify worktree credentials
-# This test verifies that git credentials work in worktrees created after checkout
-# Usage: verify-worktree.sh <checkout-path> <worktree-name>
-
-CHECKOUT_PATH="$1"
-WORKTREE_NAME="$2"
-
-if [ -z "$CHECKOUT_PATH" ] || [ -z "$WORKTREE_NAME" ]; then
-  echo "Usage: verify-worktree.sh <checkout-path> <worktree-name>"
-  exit 1
-fi
-
-cd "$CHECKOUT_PATH"
-
-# Add safe directory for container environments
-git config --global --add safe.directory "*" 2>/dev/null || true
-
-# Show the includeIf configuration
-echo "Git config includeIf entries:"
-git config --list --show-origin | grep -i include || true
-
-# Create the worktree
-echo "Creating worktree..."
-git worktree add "../$WORKTREE_NAME" HEAD --detach
-
-# Change to worktree directory
-cd "../$WORKTREE_NAME"
-
-# Verify we're in a worktree
-echo "Verifying worktree gitdir:"
-cat .git
-
-# Verify credentials are available in worktree by checking extraheader is configured
-echo "Checking credentials in worktree..."
-if git config --list --show-origin | grep -q "extraheader"; then
-  echo "Credentials are configured in worktree"
-else
-  echo "ERROR: Credentials are NOT configured in worktree"
-  echo "Full git config:"
-  git config --list --show-origin
-  exit 1
-fi
-
-# Verify fetch works in the worktree
-echo "Fetching in worktree..."
-git fetch origin
-
-echo "Worktree credentials test passed!"
--- a/action.yml
+++ b/action.yml
@@ -9,6 +9,9 @@ inputs:
      The branch, tag or SHA to checkout. When checking out the repository that
      triggered a workflow, this defaults to the reference or SHA for that
      event.  Otherwise, uses the default branch.
+  default-branch-checkout:
+    description: 'Indicates whether to checkout the default repository branch if the requested ref does not exist'
+    default: false
  token:
    description: >
      Personal access token (PAT) used to fetch the repository. The PAT is configured
--- a/dist/index.js
+++ b/dist/index.js
@@ -412,9 +412,6 @@ class GitAuthHelper {
                // Configure host includeIf
                const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
                yield this.git.config(hostIncludeKey, credentialsConfigPath);
-                // Configure host includeIf for worktrees
-                const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`;
-                yield this.git.config(hostWorktreeIncludeKey, credentialsConfigPath);
                // Container git directory
                const workingDirectory = this.git.getWorkingDirectory();
                const githubWorkspace = process.env['GITHUB_WORKSPACE'];
@@ -427,9 +424,6 @@ class GitAuthHelper {
                // Configure container includeIf
                const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
                yield this.git.config(containerIncludeKey, containerCredentialsPath);
-                // Configure container includeIf for worktrees
-                const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`;
-                yield this.git.config(containerWorktreeIncludeKey, containerCredentialsPath);
            }
        });
    }
@@ -1520,7 +1514,7 @@ function getSource(settings) {
            else if (settings.sparseCheckout) {
                fetchOptions.filter = 'blob:none';
            }
-            if (settings.fetchDepth <= 0) {
+            if (settings.fetchDepth <= 0 || settings.defaultBranchCheckout) {
                // Fetch all branches and tags
                let refSpec = refHelper.getRefSpecForAllHistory(settings.ref, settings.commit);
                yield git.fetch(refSpec, fetchOptions);
@@ -1540,7 +1534,22 @@ function getSource(settings) {
            core.endGroup();
            // Checkout info
            core.startGroup('Determining the checkout info');
-            const checkoutInfo = yield refHelper.getCheckoutInfo(git, settings.ref, settings.commit);
+            let checkoutInfo;
+            try {
+                checkoutInfo = yield refHelper.getCheckoutInfo(git, settings.ref, settings.commit);
+            }
+            catch (error) {
+                if (settings.defaultBranchCheckout) {
+                    core.info('Could not determine the checkout info. Trying the default repository branch');
+                    const repositoryDefaultBranch = settings.sshKey
+                        ? yield git.getDefaultBranch(repositoryUrl)
+                        : yield githubApiHelper.getDefaultBranch(settings.authToken, settings.repositoryOwner, settings.repositoryName);
+                    checkoutInfo = yield refHelper.getCheckoutInfo(git, repositoryDefaultBranch, settings.commit);
+                }
+                else {
+                    throw error;
+                }
+            }
            core.endGroup();
            // LFS fetch
            // Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
@@ -2005,6 +2014,11 @@ function getInputs() {
        }
        core.debug(`ref = '${result.ref}'`);
        core.debug(`commit = '${result.commit}'`);
+        // Default branch checkout
+        result.defaultBranchCheckout =
+            (core.getInput('default-branch-checkout') || 'false').toUpperCase() ===
+                'TRUE';
+        core.debug(`default-branch-checkout = '${result.defaultBranchCheckout}'`);
        // Clean
        result.clean = (core.getInput('clean') || 'true').toUpperCase() === 'TRUE';
        core.debug(`clean = ${result.clean}`);
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@@ -374,10 +374,6 @@ class GitAuthHelper {
      const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
      await this.git.config(hostIncludeKey, credentialsConfigPath)

-      // Configure host includeIf for worktrees
-      const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`
-      await this.git.config(hostWorktreeIncludeKey, credentialsConfigPath)
-
      // Container git directory
      const workingDirectory = this.git.getWorkingDirectory()
      const githubWorkspace = process.env['GITHUB_WORKSPACE']
@@ -399,13 +395,6 @@ class GitAuthHelper {
      // Configure container includeIf
      const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
      await this.git.config(containerIncludeKey, containerCredentialsPath)
-
-      // Configure container includeIf for worktrees
-      const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`
-      await this.git.config(
-        containerWorktreeIncludeKey,
-        containerCredentialsPath
-      )
    }
  }

--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@@ -169,7 +169,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
      fetchOptions.filter = 'blob:none'
    }

-    if (settings.fetchDepth <= 0) {
+    if (settings.fetchDepth <= 0 || settings.defaultBranchCheckout) {
      // Fetch all branches and tags
      let refSpec = refHelper.getRefSpecForAllHistory(
        settings.ref,
@@ -193,11 +193,34 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {

    // Checkout info
    core.startGroup('Determining the checkout info')
-    const checkoutInfo = await refHelper.getCheckoutInfo(
-      git,
-      settings.ref,
-      settings.commit
-    )
+    let checkoutInfo: refHelper.ICheckoutInfo
+    try {
+      checkoutInfo = await refHelper.getCheckoutInfo(
+        git,
+        settings.ref,
+        settings.commit
+      )
+    } catch (error) {
+      if (settings.defaultBranchCheckout) {
+        core.info(
+          'Could not determine the checkout info. Trying the default repository branch'
+        )
+        const repositoryDefaultBranch = settings.sshKey
+          ? await git.getDefaultBranch(repositoryUrl)
+          : await githubApiHelper.getDefaultBranch(
+              settings.authToken,
+              settings.repositoryOwner,
+              settings.repositoryName
+            )
+        checkoutInfo = await refHelper.getCheckoutInfo(
+          git,
+          repositoryDefaultBranch,
+          settings.commit
+        )
+      } else {
+        throw error
+      }
+    }
    core.endGroup()

    // LFS fetch
--- a/src/git-source-settings.ts
+++ b/src/git-source-settings.ts
@@ -19,6 +19,11 @@ export interface IGitSourceSettings {
   */
  ref: string

+  /**
+   * Indicates whether to checkout the default repository branch if the requested ref does not exist
+   */
+  defaultBranchCheckout: boolean
+
  /**
   * The commit to checkout
   */
--- a/src/input-helper.ts
+++ b/src/input-helper.ts
@@ -78,6 +78,12 @@ export async function getInputs(): Promise<IGitSourceSettings> {
  core.debug(`ref = '${result.ref}'`)
  core.debug(`commit = '${result.commit}'`)

+  // Default branch checkout
+  result.defaultBranchCheckout =
+    (core.getInput('default-branch-checkout') || 'false').toUpperCase() ===
+    'TRUE'
+  core.debug(`default-branch-checkout = '${result.defaultBranchCheckout}'`)
+
  // Clean
  result.clean = (core.getInput('clean') || 'true').toUpperCase() === 'TRUE'
  core.debug(`clean = ${result.clean}`)
--- a/src/misc/generate-docs.ts
+++ b/src/misc/generate-docs.ts
@@ -120,7 +120,7 @@ function updateUsage(
 }

 updateUsage(
-  'actions/checkout@v6',
+  'actions/checkout@v5',
  path.join(__dirname, '..', '..', 'action.yml'),
  path.join(__dirname, '..', '..', 'README.md')
 )
Author	SHA1	Message	Date
Alexander Cranga	1e3259f0bc	Merge `6b8be4cb30` into `1af3b93b68`	2025-11-21 09:13:18 +01:00
alexanderkranga	6b8be4cb30	Add a test	2024-02-19 19:28:53 +02:00
alexanderkranga	47b9382799	update action.yml and readme	2024-02-19 18:24:39 +02:00
alexanderkranga	5bbdf118df	Default branch checkout option	2024-02-19 18:20:02 +02:00
alexanderkranga	e72243fb91	add our feature	2024-02-06 15:30:36 +02:00