actions/checkout
1
0
Fork 0
mirror of https://github.com/actions/checkout.git synced 2026-06-23 17:43:52 +08:00
Code Packages Projects Releases Activity

Compare commits

base: actions:v6.0.3
Branches Tags
actions:main actions:dependabot/github_actions/actions/upload-artifact-7 actions:dependabot/npm_and_yarn/eslint-plugin-github-6.0.0 actions:dependabot/npm_and_yarn/eslint-plugin-jest-29.15.2 actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.61.1 actions:dependabot/npm_and_yarn/types/node-26.0.0 actions:aiqiaoy/update-error actions:copilot/fix-prototype-pollution-vulnerability actions:fix-windows-includeif-case-sensitivity actions:copilot/research-release-tagging-strategy actions:releases/v4 actions:releases/v5 actions:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0 actions:jww3-patch-1 actions:jww3-minversion-v5 actions:releases/v4.0.0 actions:takost/test-package-update actions:test-show-progress actions:releases/v3 actions:users/vanzeben/lfs-credentials-helper actions:luketomlinson/tags actions:fhammerl/releasev3.6.0 actions:releases/v2 actions:users/vmjoseph/checkout-upgrade-1.1.3 actions:fhammerl/bump-gh-package-versions actions:users/vmjoseph/no-proxy actions:vmjoseph/toolkit-windows-exec actions:vmjoseph/silent-rev-parse actions:ericsciple-patch-1 actions:hross-zeit-vercel actions:master actions:users/ericsciple/m167workflow actions:users/ericsciple/m167sub actions:test-data/v2/submodule-ssh-url-level-2 actions:test-data/v2/submodule-ssh-url actions:test-data/v2/submodule-ssh-url-level-1 actions:test-data/v2/submodule actions:users/ericsciple/m166refs actions:users/tihuang/proxysupport actions:users/ericsciple/m164submodule actions:users/ericsciple/m163tarball_temp actions:users/ericsciple/m163tarball_efficient_download actions:users/ericsciple/m162pr actions:users/ericsciple/test-pr actions:test-data/v2/basic actions:test-data/v2/submodule-level-1 actions:test-data/v2/submodule-level-2 actions:test-data/v2/lfs actions:test-data/v2/side-by-side-2 actions:test-data/v2/side-by-side-1 actions:revert-56-users/tihuang/checkoutV1_1 actions:releases/v1 actions:Update-description
actions:v7.0.0 actions:v7 actions:v6.0.3 actions:v6 actions:v6.0.2 actions:v6.0.1 actions:v6.0.0 actions:v4.3.1 actions:v5.0.1 actions:v6-beta actions:v5 actions:v5.0.0 actions:v4.3.0 actions:v4.2.2 actions:v4.2.1 actions:v4.2.0 actions:v4.1.7 actions:v4 actions:v4.1.6 actions:v4.1.5 actions:v4.1.4 actions:v4.1.3 actions:v4.1.2 actions:v4.1.1 actions:v4.0.0 actions:v4.1.0 actions:v3.6.0 actions:v3 actions:v3.5.3 actions:v3.5.2 actions:v3.5.1 actions:v2 actions:v2.7.0 actions:v3.5.0 actions:v3.4.0 actions:v3.3.0 actions:v2.6.0 actions:v3.2.0 actions:v2.5.0 actions:v3.1.0 actions:v2.4.2 actions:v3.0.2 actions:v3.0.1 actions:v2.4.1 actions:v3.0.0 actions:v2.4.0 actions:v2.3.5 actions:v2.3.4 actions:v2.3.3 actions:v2.3.2 actions:v2.3.1 actions:v2.3.0 actions:v2.2.0 actions:v2.1.1 actions:v2.1.0 actions:v2.0.0 actions:v2-beta actions:v1 actions:v1.2.0 actions:v1.1.0 actions:1.0.0 actions:v1.0.0
..
compare: actions:e82203d42e5399c58fe3d235f16640cce28cdb07
Branches Tags
actions:main actions:dependabot/github_actions/actions/upload-artifact-7 actions:dependabot/npm_and_yarn/eslint-plugin-github-6.0.0 actions:dependabot/npm_and_yarn/eslint-plugin-jest-29.15.2 actions:dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-8.61.1 actions:dependabot/npm_and_yarn/types/node-26.0.0 actions:aiqiaoy/update-error actions:copilot/fix-prototype-pollution-vulnerability actions:fix-windows-includeif-case-sensitivity actions:copilot/research-release-tagging-strategy actions:releases/v4 actions:releases/v5 actions:dependabot/npm_and_yarn/typescript-eslint/parser-7.18.0 actions:jww3-patch-1 actions:jww3-minversion-v5 actions:releases/v4.0.0 actions:takost/test-package-update actions:test-show-progress actions:releases/v3 actions:users/vanzeben/lfs-credentials-helper actions:luketomlinson/tags actions:fhammerl/releasev3.6.0 actions:releases/v2 actions:users/vmjoseph/checkout-upgrade-1.1.3 actions:fhammerl/bump-gh-package-versions actions:users/vmjoseph/no-proxy actions:vmjoseph/toolkit-windows-exec actions:vmjoseph/silent-rev-parse actions:ericsciple-patch-1 actions:hross-zeit-vercel actions:master actions:users/ericsciple/m167workflow actions:users/ericsciple/m167sub actions:test-data/v2/submodule-ssh-url-level-2 actions:test-data/v2/submodule-ssh-url actions:test-data/v2/submodule-ssh-url-level-1 actions:test-data/v2/submodule actions:users/ericsciple/m166refs actions:users/tihuang/proxysupport actions:users/ericsciple/m164submodule actions:users/ericsciple/m163tarball_temp actions:users/ericsciple/m163tarball_efficient_download actions:users/ericsciple/m162pr actions:users/ericsciple/test-pr actions:test-data/v2/basic actions:test-data/v2/submodule-level-1 actions:test-data/v2/submodule-level-2 actions:test-data/v2/lfs actions:test-data/v2/side-by-side-2 actions:test-data/v2/side-by-side-1 actions:revert-56-users/tihuang/checkoutV1_1 actions:releases/v1 actions:Update-description
actions:v7.0.0 actions:v7 actions:v6.0.3 actions:v6 actions:v6.0.2 actions:v6.0.1 actions:v6.0.0 actions:v4.3.1 actions:v5.0.1 actions:v6-beta actions:v5 actions:v5.0.0 actions:v4.3.0 actions:v4.2.2 actions:v4.2.1 actions:v4.2.0 actions:v4.1.7 actions:v4 actions:v4.1.6 actions:v4.1.5 actions:v4.1.4 actions:v4.1.3 actions:v4.1.2 actions:v4.1.1 actions:v4.0.0 actions:v4.1.0 actions:v3.6.0 actions:v3 actions:v3.5.3 actions:v3.5.2 actions:v3.5.1 actions:v2 actions:v2.7.0 actions:v3.5.0 actions:v3.4.0 actions:v3.3.0 actions:v2.6.0 actions:v3.2.0 actions:v2.5.0 actions:v3.1.0 actions:v2.4.2 actions:v3.0.2 actions:v3.0.1 actions:v2.4.1 actions:v3.0.0 actions:v2.4.0 actions:v2.3.5 actions:v2.3.4 actions:v2.3.3 actions:v2.3.2 actions:v2.3.1 actions:v2.3.0 actions:v2.2.0 actions:v2.1.1 actions:v2.1.0 actions:v2.0.0 actions:v2-beta actions:v1 actions:v1.2.0 actions:v1.1.0 actions:1.0.0 actions:v1.0.0

4 Commits
v6.0.3 ... e82203d42e

Author SHA1 Message Date
Nicolas Schweitzer
e82203d42e Merge ab5d862ce8 into c2d88d3ecc 2025-11-24 13:56:36 +01:00
Nicolas Schweitzer
ab5d862ce8 fix tests and update index.js 2025-01-22 11:55:00 +01:00
Nicolas Schweitzer
5fba9eb899 codereview: define a git-user slug instead of a true/false config 2025-01-21 18:50:25 +01:00
Nicolas Schweitzer
f3b199b7ed feat(git config): Set default user.name and user.email in git config 2024-12-19 16:24:48 +01:00
21 changed files with 200 additions and 933 deletions
Expand all files Collapse all files

27
.github/workflows/test.yml vendored
View File

@@ -87,17 +87,6 @@ jobs:
- name: Verify fetch filter - name: Verify fetch filter
run: __test__/verify-fetch-filter.sh run: __test__/verify-fetch-filter.sh
# Fetch tags
- name: Checkout with fetch-tags
uses: ./
with:
ref: test-data/v2/basic
path: fetch-tags-test
fetch-tags: true
- name: Verify fetch-tags
shell: bash
run: __test__/verify-fetch-tags.sh
# Sparse checkout # Sparse checkout
- name: Sparse checkout - name: Sparse checkout
uses: ./ uses: ./
@@ -176,22 +165,6 @@ jobs:
- name: Verify submodules recursive - name: Verify submodules recursive
run: __test__/verify-submodules-recursive.sh run: __test__/verify-submodules-recursive.sh
# Worktree credentials
- name: Checkout for worktree test
uses: ./
with:
path: worktree-test
- name: Verify worktree credentials
shell: bash
run: __test__/verify-worktree.sh worktree-test worktree-branch
# Worktree credentials in container step
- name: Verify worktree credentials in container step
if: runner.os == 'Linux'
uses: docker://bitnami/git:latest
with:
args: bash __test__/verify-worktree.sh worktree-test container-worktree-branch
# Basic checkout using REST API # Basic checkout using REST API
- name: Remove basic - name: Remove basic
if: runner.os != 'windows' if: runner.os != 'windows'

20
CHANGELOG.md
View File

@@ -1,29 +1,19 @@
# Changelog # Changelog
## v6.0.3 ## V6.0.0
* Fix checkout init for SHA-256 repositories by @yaananth in https://github.com/actions/checkout/pull/2439
* fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in https://github.com/actions/checkout/pull/2414
## v6.0.2
* Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in https://github.com/actions/checkout/pull/2356
## v6.0.1
* Add worktree support for persist-credentials includeIf by @ericsciple in https://github.com/actions/checkout/pull/2327
## v6.0.0
* Persist creds to a separate file by @ericsciple in https://github.com/actions/checkout/pull/2286 * Persist creds to a separate file by @ericsciple in https://github.com/actions/checkout/pull/2286
* Update README to include Node.js 24 support details and requirements by @salmanmkc in https://github.com/actions/checkout/pull/2248 * Update README to include Node.js 24 support details and requirements by @salmanmkc in https://github.com/actions/checkout/pull/2248
## v5.0.1 ## V5.0.1
* Port v6 cleanup to v5 by @ericsciple in https://github.com/actions/checkout/pull/2301 * Port v6 cleanup to v5 by @ericsciple in https://github.com/actions/checkout/pull/2301
## v5.0.0 ## V5.0.0
* Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226 * Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226
## v4.3.1 ## V4.3.1
* Port v6 cleanup to v4 by @ericsciple in https://github.com/actions/checkout/pull/2305 * Port v6 cleanup to v4 by @ericsciple in https://github.com/actions/checkout/pull/2305
## v4.3.0 ## V4.3.0
* docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971 * docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
* Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977 * Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
* Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043 * Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043

15
README.md
View File

@@ -4,9 +4,8 @@
## What's new ## What's new
- Improved credential security: `persist-credentials` now stores credentials in a separate file under `$RUNNER_TEMP` instead of directly in `.git/config` - Updated `persist-credentials` to store the credentials under `$RUNNER_TEMP` instead of directly in the local git config.
- No workflow changes required — `git fetch`, `git push`, etc. continue to work automatically - This requires a minimum Actions Runner version of [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) to access the persisted credentials for [Docker container action](https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action) scenarios.
- Running authenticated git commands from a [Docker container action](https://docs.github.com/actions/sharing-automations/creating-actions/creating-a-docker-container-action) requires Actions Runner [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) or later
# Checkout v5 # Checkout v5
@@ -75,6 +74,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
# Default: ${{ github.token }} # Default: ${{ github.token }}
token: '' token: ''
# Github slug used to configure local user.name and user.email for git. This is
# required to push a commit from a Github Action Workflow. Set to '' to disable
# this configuration.
# Default: github-action[bot]
git-user: ''
# SSH key used to fetch the repository. The SSH key is configured with the local # SSH key used to fetch the repository. The SSH key is configured with the local
# git config, which enables your scripts to run authenticated git commands. The # git config, which enables your scripts to run authenticated git commands. The
# post-job step removes the SSH key. # post-job step removes the SSH key.
@@ -324,8 +329,6 @@ jobs:
- run: | - run: |
date > generated.txt date > generated.txt
# Note: the following account information will not work on GHES # Note: the following account information will not work on GHES
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add . git add .
git commit -m "generated" git commit -m "generated"
git push git push
@@ -348,8 +351,6 @@ jobs:
- run: | - run: |
date > generated.txt date > generated.txt
# Note: the following account information will not work on GHES # Note: the following account information will not work on GHES
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add . git add .
git commit -m "generated" git commit -m "generated"
git push git push

11
__test__/git-auth-helper.test.ts
View File

@@ -1,12 +1,12 @@
import * as core from '@actions/core' import * as core from '@actions/core'
import * as fs from 'fs' import * as fs from 'fs'
import * as gitAuthHelper from '../lib/git-auth-helper' import * as gitAuthHelper from '../src/git-auth-helper'
import * as io from '@actions/io' import * as io from '@actions/io'
import * as os from 'os' import * as os from 'os'
import * as path from 'path' import * as path from 'path'
import * as stateHelper from '../lib/state-helper' import * as stateHelper from '../src/state-helper'
import {IGitCommandManager} from '../lib/git-command-manager' import {IGitCommandManager} from '../src/git-command-manager'
import {IGitSourceSettings} from '../lib/git-source-settings' import {IGitSourceSettings} from '../src/git-source-settings'
const isWindows = process.platform === 'win32' const isWindows = process.platform === 'win32'
const testWorkspace = path.join(__dirname, '_temp', 'git-auth-helper') const testWorkspace = path.join(__dirname, '_temp', 'git-auth-helper')
@@ -1173,7 +1173,8 @@ async function setup(testName: string): Promise<void> {
sshUser: '', sshUser: '',
workflowOrganizationId: 123456, workflowOrganizationId: 123456,
setSafeDirectory: true, setSafeDirectory: true,
githubServerUrl: githubServerUrl githubServerUrl: githubServerUrl,
gitUser: 'github-action[bot]'
} }
} }

279
__test__/git-command-manager.test.ts
View File

@@ -1,6 +1,6 @@
import * as exec from '@actions/exec' import * as exec from '@actions/exec'
import * as fshelper from '../lib/fs-helper' import * as fshelper from '../src/fs-helper'
import * as commandManager from '../lib/git-command-manager' import * as commandManager from '../src/git-command-manager'
let git: commandManager.IGitCommandManager let git: commandManager.IGitCommandManager
let mockExec = jest.fn() let mockExec = jest.fn()
@@ -108,7 +108,7 @@ describe('Test fetchDepth and fetchTags options', () => {
jest.restoreAllMocks() jest.restoreAllMocks()
}) })
it('should call execGit with the correct arguments when fetchDepth is 0', async () => { it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is true', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec) jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test' const workingDirectory = 'test'
const lfs = false const lfs = false
@@ -122,7 +122,45 @@ describe('Test fetchDepth and fetchTags options', () => {
const refSpec = ['refspec1', 'refspec2'] const refSpec = ['refspec1', 'refspec2']
const options = { const options = {
filter: 'filterValue', filter: 'filterValue',
fetchDepth: 0 fetchDepth: 0,
fetchTags: true
}
await git.fetch(refSpec, options)
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
[
'-c',
'protocol.version=2',
'fetch',
'--prune',
'--no-recurse-submodules',
'--filter=filterValue',
'origin',
'refspec1',
'refspec2'
],
expect.any(Object)
)
})
it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is false', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
const refSpec = ['refspec1', 'refspec2']
const options = {
filter: 'filterValue',
fetchDepth: 0,
fetchTags: false
} }
await git.fetch(refSpec, options) await git.fetch(refSpec, options)
@@ -145,45 +183,7 @@ describe('Test fetchDepth and fetchTags options', () => {
) )
}) })
it('should call execGit with the correct arguments when fetchDepth is 0 and refSpec includes tags', async () => { it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is false', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
const refSpec = ['refspec1', 'refspec2', '+refs/tags/*:refs/tags/*']
const options = {
filter: 'filterValue',
fetchDepth: 0
}
await git.fetch(refSpec, options)
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
[
'-c',
'protocol.version=2',
'fetch',
'--no-tags',
'--prune',
'--no-recurse-submodules',
'--filter=filterValue',
'origin',
'refspec1',
'refspec2',
'+refs/tags/*:refs/tags/*'
],
expect.any(Object)
)
})
it('should call execGit with the correct arguments when fetchDepth is 1', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec) jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test' const workingDirectory = 'test'
@@ -197,7 +197,8 @@ describe('Test fetchDepth and fetchTags options', () => {
const refSpec = ['refspec1', 'refspec2'] const refSpec = ['refspec1', 'refspec2']
const options = { const options = {
filter: 'filterValue', filter: 'filterValue',
fetchDepth: 1 fetchDepth: 1,
fetchTags: false
} }
await git.fetch(refSpec, options) await git.fetch(refSpec, options)
@@ -221,7 +222,7 @@ describe('Test fetchDepth and fetchTags options', () => {
) )
}) })
it('should call execGit with the correct arguments when fetchDepth is 1 and refSpec includes tags', async () => { it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is true', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec) jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test' const workingDirectory = 'test'
@@ -232,10 +233,11 @@ describe('Test fetchDepth and fetchTags options', () => {
lfs, lfs,
doSparseCheckout doSparseCheckout
) )
const refSpec = ['refspec1', 'refspec2', '+refs/tags/*:refs/tags/*'] const refSpec = ['refspec1', 'refspec2']
const options = { const options = {
filter: 'filterValue', filter: 'filterValue',
fetchDepth: 1 fetchDepth: 1,
fetchTags: true
} }
await git.fetch(refSpec, options) await git.fetch(refSpec, options)
@@ -246,15 +248,13 @@ describe('Test fetchDepth and fetchTags options', () => {
'-c', '-c',
'protocol.version=2', 'protocol.version=2',
'fetch', 'fetch',
'--no-tags',
'--prune', '--prune',
'--no-recurse-submodules', '--no-recurse-submodules',
'--filter=filterValue', '--filter=filterValue',
'--depth=1', '--depth=1',
'origin', 'origin',
'refspec1', 'refspec1',
'refspec2', 'refspec2'
'+refs/tags/*:refs/tags/*'
], ],
expect.any(Object) expect.any(Object)
) )
@@ -338,7 +338,7 @@ describe('Test fetchDepth and fetchTags options', () => {
) )
}) })
it('should call execGit with the correct arguments when showProgress is true and refSpec includes tags', async () => { it('should call execGit with the correct arguments when fetchTags is true and showProgress is true', async () => {
jest.spyOn(exec, 'exec').mockImplementation(mockExec) jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test' const workingDirectory = 'test'
@@ -349,9 +349,10 @@ describe('Test fetchDepth and fetchTags options', () => {
lfs, lfs,
doSparseCheckout doSparseCheckout
) )
const refSpec = ['refspec1', 'refspec2', '+refs/tags/*:refs/tags/*'] const refSpec = ['refspec1', 'refspec2']
const options = { const options = {
filter: 'filterValue', filter: 'filterValue',
fetchTags: true,
showProgress: true showProgress: true
} }
@@ -363,187 +364,15 @@ describe('Test fetchDepth and fetchTags options', () => {
'-c', '-c',
'protocol.version=2', 'protocol.version=2',
'fetch', 'fetch',
'--no-tags',
'--prune', '--prune',
'--no-recurse-submodules', '--no-recurse-submodules',
'--progress', '--progress',
'--filter=filterValue', '--filter=filterValue',
'origin', 'origin',
'refspec1', 'refspec1',
'refspec2', 'refspec2'
'+refs/tags/*:refs/tags/*'
], ],
expect.any(Object) expect.any(Object)
) )
}) })
}) })
describe('repository initialization object format', () => {
beforeEach(async () => {
jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn())
})
afterEach(() => {
jest.restoreAllMocks()
})
it('initializes SHA-256 repositories with the matching object format', async () => {
mockExec.mockImplementation((path, args, options) => {
if (args.includes('version')) {
options.listeners.stdout(Buffer.from('git version 2.50.1'))
}
return 0
})
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
git = await commandManager.createCommandManager('test', false, false)
await git.init('sha256')
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
['init', '--object-format=sha256', 'test'],
expect.any(Object)
)
})
it('initializes SHA-1 repositories with existing default arguments', async () => {
mockExec.mockImplementation((path, args, options) => {
if (args.includes('version')) {
options.listeners.stdout(Buffer.from('git version 2.50.1'))
}
return 0
})
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
git = await commandManager.createCommandManager('test', false, false)
await git.init('sha1')
expect(mockExec).toHaveBeenCalledWith(
expect.any(String),
['init', 'test'],
expect.any(Object)
)
})
})
describe('git user-agent with orchestration ID', () => {
beforeEach(async () => {
jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn())
})
afterEach(() => {
jest.restoreAllMocks()
// Clean up environment variable to prevent test pollution
delete process.env['ACTIONS_ORCHESTRATION_ID']
})
it('should include orchestration ID in user-agent when ACTIONS_ORCHESTRATION_ID is set', async () => {
const orchId = 'test-orch-id-12345'
process.env['ACTIONS_ORCHESTRATION_ID'] = orchId
let capturedEnv: any = null
mockExec.mockImplementation((path, args, options) => {
if (args.includes('version')) {
options.listeners.stdout(Buffer.from('2.18'))
}
// Capture env on any command
capturedEnv = options.env
return 0
})
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
// Call a git command to trigger env capture after user-agent is set
await git.init()
// Verify the user agent includes the orchestration ID
expect(git).toBeDefined()
expect(capturedEnv).toBeDefined()
expect(capturedEnv['GIT_HTTP_USER_AGENT']).toBe(
`git/2.18 (github-actions-checkout) actions_orchestration_id/${orchId}`
)
})
it('should sanitize invalid characters in orchestration ID', async () => {
const orchId = 'test (with) special/chars'
process.env['ACTIONS_ORCHESTRATION_ID'] = orchId
let capturedEnv: any = null
mockExec.mockImplementation((path, args, options) => {
if (args.includes('version')) {
options.listeners.stdout(Buffer.from('2.18'))
}
// Capture env on any command
capturedEnv = options.env
return 0
})
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
// Call a git command to trigger env capture after user-agent is set
await git.init()
// Verify the user agent has sanitized orchestration ID (spaces, parentheses, slash replaced)
expect(git).toBeDefined()
expect(capturedEnv).toBeDefined()
expect(capturedEnv['GIT_HTTP_USER_AGENT']).toBe(
'git/2.18 (github-actions-checkout) actions_orchestration_id/test__with__special_chars'
)
})
it('should not modify user-agent when ACTIONS_ORCHESTRATION_ID is not set', async () => {
delete process.env['ACTIONS_ORCHESTRATION_ID']
let capturedEnv: any = null
mockExec.mockImplementation((path, args, options) => {
if (args.includes('version')) {
options.listeners.stdout(Buffer.from('2.18'))
}
// Capture env on any command
capturedEnv = options.env
return 0
})
jest.spyOn(exec, 'exec').mockImplementation(mockExec)
const workingDirectory = 'test'
const lfs = false
const doSparseCheckout = false
git = await commandManager.createCommandManager(
workingDirectory,
lfs,
doSparseCheckout
)
// Call a git command to trigger env capture after user-agent is set
await git.init()
// Verify the user agent does NOT contain orchestration ID
expect(git).toBeDefined()
expect(capturedEnv).toBeDefined()
expect(capturedEnv['GIT_HTTP_USER_AGENT']).toBe(
'git/2.18 (github-actions-checkout)'
)
})
})

4
__test__/git-directory-helper.test.ts
View File

@@ -1,9 +1,9 @@
import * as core from '@actions/core' import * as core from '@actions/core'
import * as fs from 'fs' import * as fs from 'fs'
import * as gitDirectoryHelper from '../lib/git-directory-helper' import * as gitDirectoryHelper from '../src/git-directory-helper'
import * as io from '@actions/io' import * as io from '@actions/io'
import * as path from 'path' import * as path from 'path'
import {IGitCommandManager} from '../lib/git-command-manager' import {IGitCommandManager} from '../src/git-command-manager'
const testWorkspace = path.join(__dirname, '_temp', 'git-directory-helper') const testWorkspace = path.join(__dirname, '_temp', 'git-directory-helper')
let repositoryPath: string let repositoryPath: string

98
__test__/github-api-helper.test.ts
View File

@@ -1,98 +0,0 @@
import * as core from '@actions/core'
import * as github from '@actions/github'
import * as githubApiHelper from '../lib/github-api-helper'
describe('github-api-helper object format', () => {
let getOctokitSpy: jest.SpyInstance
let debugSpy: jest.SpyInstance
let request: jest.Mock
function mockHashAlgorithmApi(hashAlgorithm: string): void {
request = jest.fn(async () => ({
data: {
hash_algorithm: hashAlgorithm
}
}))
getOctokitSpy = jest.spyOn(github, 'getOctokit').mockReturnValue({
request
} as any)
}
beforeEach(() => {
debugSpy = jest.spyOn(core, 'debug').mockImplementation(jest.fn())
})
afterEach(() => {
jest.restoreAllMocks()
})
it('detects SHA-256 from the repository hash algorithm endpoint', async () => {
mockHashAlgorithmApi('sha256')
await expect(
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
).resolves.toEqual({format: 'sha256', succeeded: true})
expect(getOctokitSpy).toHaveBeenCalledWith(
'token',
expect.objectContaining({baseUrl: 'https://api.github.com'})
)
expect(request).toHaveBeenCalledWith(
'GET /repos/{owner}/{repo}/hash-algorithm',
{owner: 'owner', repo: 'repo'}
)
})
it('detects SHA-1 from the repository hash algorithm endpoint', async () => {
mockHashAlgorithmApi('sha1')
await expect(
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
).resolves.toEqual({format: 'sha1', succeeded: true})
})
it('detects object format from an existing commit without API calls', async () => {
const commitSha =
'9422233ca7ee1b17f1e905d0e141faf0c401556c41cdc6acd71c6bd685da2e92'
getOctokitSpy = jest.spyOn(github, 'getOctokit')
await expect(
githubApiHelper.tryGetRepositoryObjectFormat(
'token',
'owner',
'repo',
undefined,
commitSha
)
).resolves.toEqual({format: 'sha256', succeeded: true})
expect(getOctokitSpy).not.toHaveBeenCalled()
})
it('returns unsuccessful when the hash algorithm endpoint value is not recognized', async () => {
mockHashAlgorithmApi('unknown')
await expect(
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
).resolves.toEqual({format: '', succeeded: false})
expect(debugSpy).toHaveBeenCalledWith(
'Unable to determine repository object format from hash-algorithm endpoint'
)
})
it('returns unsuccessful when the hash algorithm API lookup fails', async () => {
request = jest.fn(async () => {
throw new Error('not found')
})
jest.spyOn(github, 'getOctokit').mockReturnValue({
request
} as any)
await expect(
githubApiHelper.tryGetRepositoryObjectFormat('token', 'owner', 'repo')
).resolves.toEqual({format: '', succeeded: false})
expect(debugSpy).toHaveBeenCalledWith(
'Unable to determine repository object format from hash-algorithm endpoint: not found'
)
})
})

18
__test__/input-helper.test.ts
View File

@@ -1,10 +1,10 @@
import * as core from '@actions/core' import * as core from '@actions/core'
import * as fsHelper from '../lib/fs-helper' import * as fsHelper from '../src/fs-helper'
import * as github from '@actions/github' import * as github from '@actions/github'
import * as inputHelper from '../lib/input-helper' import * as inputHelper from '../src/input-helper'
import * as path from 'path' import * as path from 'path'
import * as workflowContextHelper from '../lib/workflow-context-helper' import * as workflowContextHelper from '../src/workflow-context-helper'
import {IGitSourceSettings} from '../lib/git-source-settings' import {IGitSourceSettings} from '../src/git-source-settings'
const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE'] const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
const gitHubWorkspace = path.resolve('/checkout-tests/workspace') const gitHubWorkspace = path.resolve('/checkout-tests/workspace')
@@ -133,16 +133,6 @@ describe('input-helper tests', () => {
expect(settings.commit).toBe('1111111111222222222233333333334444444444') expect(settings.commit).toBe('1111111111222222222233333333334444444444')
}) })
it('sets ref to empty when explicit sha-256', async () => {
inputs.ref =
'1111111111222222222233333333334444444444555555555566666666667777'
const settings: IGitSourceSettings = await inputHelper.getInputs()
expect(settings.ref).toBeFalsy()
expect(settings.commit).toBe(
'1111111111222222222233333333334444444444555555555566666666667777'
)
})
it('sets sha to empty when explicit ref', async () => { it('sets sha to empty when explicit ref', async () => {
inputs.ref = 'refs/heads/some-other-ref' inputs.ref = 'refs/heads/some-other-ref'
const settings: IGitSourceSettings = await inputHelper.getInputs() const settings: IGitSourceSettings = await inputHelper.getInputs()

194
__test__/ref-helper.test.ts
View File

@@ -1,12 +1,8 @@
import * as assert from 'assert' import * as assert from 'assert'
import * as core from '@actions/core' import * as refHelper from '../src/ref-helper'
import * as github from '@actions/github' import {IGitCommandManager} from '../src/git-command-manager'
import * as refHelper from '../lib/ref-helper'
import {IGitCommandManager} from '../lib/git-command-manager'
const commit = '1234567890123456789012345678901234567890' const commit = '1234567890123456789012345678901234567890'
const sha256Commit =
'1234567890123456789012345678901234567890123456789012345678901234'
let git: IGitCommandManager let git: IGitCommandManager
describe('ref-helper tests', () => { describe('ref-helper tests', () => {
@@ -41,12 +37,6 @@ describe('ref-helper tests', () => {
expect(checkoutInfo.startPoint).toBeFalsy() expect(checkoutInfo.startPoint).toBeFalsy()
}) })
it('getCheckoutInfo sha-256 only', async () => {
const checkoutInfo = await refHelper.getCheckoutInfo(git, '', sha256Commit)
expect(checkoutInfo.ref).toBe(sha256Commit)
expect(checkoutInfo.startPoint).toBeFalsy()
})
it('getCheckoutInfo refs/heads/', async () => { it('getCheckoutInfo refs/heads/', async () => {
const checkoutInfo = await refHelper.getCheckoutInfo( const checkoutInfo = await refHelper.getCheckoutInfo(
git, git,
@@ -162,22 +152,7 @@ describe('ref-helper tests', () => {
it('getRefSpec sha + refs/tags/', async () => { it('getRefSpec sha + refs/tags/', async () => {
const refSpec = refHelper.getRefSpec('refs/tags/my-tag', commit) const refSpec = refHelper.getRefSpec('refs/tags/my-tag', commit)
expect(refSpec.length).toBe(1) expect(refSpec.length).toBe(1)
expect(refSpec[0]).toBe(`+refs/tags/my-tag:refs/tags/my-tag`) expect(refSpec[0]).toBe(`+${commit}:refs/tags/my-tag`)
})
it('getRefSpec sha + refs/tags/ with fetchTags', async () => {
// When fetchTags is true, only include tags wildcard (specific tag is redundant)
const refSpec = refHelper.getRefSpec('refs/tags/my-tag', commit, true)
expect(refSpec.length).toBe(1)
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
})
it('getRefSpec sha + refs/heads/ with fetchTags', async () => {
// When fetchTags is true, include both the branch refspec and tags wildcard
const refSpec = refHelper.getRefSpec('refs/heads/my/branch', commit, true)
expect(refSpec.length).toBe(2)
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
expect(refSpec[1]).toBe(`+${commit}:refs/remotes/origin/my/branch`)
}) })
it('getRefSpec sha only', async () => { it('getRefSpec sha only', async () => {
@@ -193,14 +168,6 @@ describe('ref-helper tests', () => {
expect(refSpec[1]).toBe('+refs/tags/my-ref*:refs/tags/my-ref*') expect(refSpec[1]).toBe('+refs/tags/my-ref*:refs/tags/my-ref*')
}) })
it('getRefSpec unqualified ref only with fetchTags', async () => {
// When fetchTags is true, skip specific tag pattern since wildcard covers all
const refSpec = refHelper.getRefSpec('my-ref', '', true)
expect(refSpec.length).toBe(2)
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
expect(refSpec[1]).toBe('+refs/heads/my-ref*:refs/remotes/origin/my-ref*')
})
it('getRefSpec refs/heads/ only', async () => { it('getRefSpec refs/heads/ only', async () => {
const refSpec = refHelper.getRefSpec('refs/heads/my/branch', '') const refSpec = refHelper.getRefSpec('refs/heads/my/branch', '')
expect(refSpec.length).toBe(1) expect(refSpec.length).toBe(1)
@@ -220,159 +187,4 @@ describe('ref-helper tests', () => {
expect(refSpec.length).toBe(1) expect(refSpec.length).toBe(1)
expect(refSpec[0]).toBe('+refs/tags/my-tag:refs/tags/my-tag') expect(refSpec[0]).toBe('+refs/tags/my-tag:refs/tags/my-tag')
}) })
it('getRefSpec refs/tags/ only with fetchTags', async () => {
// When fetchTags is true, only include tags wildcard (specific tag is redundant)
const refSpec = refHelper.getRefSpec('refs/tags/my-tag', '', true)
expect(refSpec.length).toBe(1)
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
})
it('getRefSpec refs/heads/ only with fetchTags', async () => {
// When fetchTags is true, include both the branch refspec and tags wildcard
const refSpec = refHelper.getRefSpec('refs/heads/my/branch', '', true)
expect(refSpec.length).toBe(2)
expect(refSpec[0]).toBe('+refs/tags/*:refs/tags/*')
expect(refSpec[1]).toBe(
'+refs/heads/my/branch:refs/remotes/origin/my/branch'
)
})
describe('checkCommitInfo', () => {
const repositoryOwner = 'some-owner'
const repositoryName = 'some-repo'
const ref = 'refs/pull/123/merge'
const sha1Head = '1111111111222222222233333333334444444444'
const sha1Base = 'aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd'
const sha256Head =
'1111111111222222222233333333334444444444555555555566666666667777'
const sha256Base =
'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeeeffffffffff0000'
let debugSpy: jest.SpyInstance
let getOctokitSpy: jest.SpyInstance
let repoGetSpy: jest.Mock
let originalEventName: string
let originalPayload: unknown
let originalRef: string
let originalSha: string
function setPullRequestContext(
expectedHeadSha: string,
expectedBaseSha: string,
mergeCommit: string
): void {
;(github.context as any).eventName = 'pull_request'
github.context.ref = ref
github.context.sha = mergeCommit
;(github.context as any).payload = {
action: 'synchronize',
after: expectedHeadSha,
number: 123,
pull_request: {
base: {
sha: expectedBaseSha
}
},
repository: {
private: false
}
}
}
beforeEach(() => {
originalEventName = github.context.eventName
originalPayload = github.context.payload
originalRef = github.context.ref
originalSha = github.context.sha
jest.spyOn(github.context, 'repo', 'get').mockReturnValue({
owner: repositoryOwner,
repo: repositoryName
})
debugSpy = jest.spyOn(core, 'debug').mockImplementation(jest.fn())
repoGetSpy = jest.fn(async () => ({}))
getOctokitSpy = jest.spyOn(github, 'getOctokit').mockReturnValue({
rest: {
repos: {
get: repoGetSpy
}
}
} as any)
})
afterEach(() => {
;(github.context as any).eventName = originalEventName
;(github.context as any).payload = originalPayload
github.context.ref = originalRef
github.context.sha = originalSha
jest.restoreAllMocks()
})
it('returns early for SHA-1 merge commit', async () => {
setPullRequestContext(sha1Head, sha1Base, commit)
await refHelper.checkCommitInfo(
'token',
`Merge ${sha1Head} into ${sha1Base}`,
repositoryOwner,
repositoryName,
ref,
commit
)
expect(getOctokitSpy).not.toHaveBeenCalled()
expect(repoGetSpy).not.toHaveBeenCalled()
})
it('matches SHA-256 merge commit info', async () => {
const actualHeadSha =
'9999999999888888888877777777776666666666555555555544444444443333'
setPullRequestContext(sha256Head, sha256Base, sha256Commit)
await refHelper.checkCommitInfo(
'token',
`Merge ${actualHeadSha} into ${sha256Base}`,
repositoryOwner,
repositoryName,
ref,
sha256Commit
)
expect(getOctokitSpy).toHaveBeenCalledWith(
'token',
expect.objectContaining({
userAgent: expect.stringContaining(
`expected_head_sha=${sha256Head};actual_head_sha=${actualHeadSha}`
)
})
)
expect(repoGetSpy).toHaveBeenCalledWith({
owner: repositoryOwner,
repo: repositoryName
})
expect(debugSpy).toHaveBeenCalledWith(
`Expected head sha ${sha256Head}; actual head sha ${actualHeadSha}`
)
expect(debugSpy).not.toHaveBeenCalledWith('Unexpected message format')
})
it('does not match 50-char hex as a valid merge', async () => {
const invalidHeadSha =
'99999999998888888888777777777766666666665555555555'
setPullRequestContext(sha1Head, sha1Base, commit)
await refHelper.checkCommitInfo(
'token',
`Merge ${invalidHeadSha} into ${sha1Base}`,
repositoryOwner,
repositoryName,
ref,
commit
)
expect(getOctokitSpy).not.toHaveBeenCalled()
expect(repoGetSpy).not.toHaveBeenCalled()
expect(debugSpy).toHaveBeenCalledWith('Unexpected message format')
})
})
}) })

2
__test__/retry-helper.test.ts
View File

@@ -1,5 +1,5 @@
import * as core from '@actions/core' import * as core from '@actions/core'
import {RetryHelper} from '../lib/retry-helper' import {RetryHelper} from '../src/retry-helper'
let info: string[] let info: string[]
let retryHelper: any let retryHelper: any

9
__test__/verify-fetch-tags.sh
View File

@@ -1,9 +0,0 @@
#!/bin/sh
# Verify tags were fetched
TAG_COUNT=$(git -C ./fetch-tags-test tag | wc -l)
if [ "$TAG_COUNT" -eq 0 ]; then
echo "Expected tags to be fetched, but found none"
exit 1
fi
echo "Found $TAG_COUNT tags"

51
__test__/verify-worktree.sh
View File

@@ -1,51 +0,0 @@
#!/bin/bash
set -e
# Verify worktree credentials
# This test verifies that git credentials work in worktrees created after checkout
# Usage: verify-worktree.sh <checkout-path> <worktree-name>
CHECKOUT_PATH="$1"
WORKTREE_NAME="$2"
if [ -z "$CHECKOUT_PATH" ] || [ -z "$WORKTREE_NAME" ]; then
echo "Usage: verify-worktree.sh <checkout-path> <worktree-name>"
exit 1
fi
cd "$CHECKOUT_PATH"
# Add safe directory for container environments
git config --global --add safe.directory "*" 2>/dev/null || true
# Show the includeIf configuration
echo "Git config includeIf entries:"
git config --list --show-origin | grep -i include || true
# Create the worktree
echo "Creating worktree..."
git worktree add "../$WORKTREE_NAME" HEAD --detach
# Change to worktree directory
cd "../$WORKTREE_NAME"
# Verify we're in a worktree
echo "Verifying worktree gitdir:"
cat .git
# Verify credentials are available in worktree by checking extraheader is configured
echo "Checking credentials in worktree..."
if git config --list --show-origin | grep -q "extraheader"; then
echo "Credentials are configured in worktree"
else
echo "ERROR: Credentials are NOT configured in worktree"
echo "Full git config:"
git config --list --show-origin
exit 1
fi
# Verify fetch works in the worktree
echo "Fetching in worktree..."
git fetch origin
echo "Worktree credentials test passed!"

6
action.yml
View File

@@ -22,6 +22,12 @@ inputs:
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets) [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
default: ${{ github.token }} default: ${{ github.token }}
git-user:
description: >
Github slug used to configure local user.name and user.email for git.
This is required to push a commit from a Github Action Workflow.
Set to '' to disable this configuration.
default: "github-action[bot]"
ssh-key: ssh-key:
description: > description: >
SSH key used to fetch the repository. The SSH key is configured with the local SSH key used to fetch the repository. The SSH key is configured with the local

164
dist/index.js vendored
View File

@@ -412,9 +412,6 @@ class GitAuthHelper {
// Configure host includeIf // Configure host includeIf
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`; const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
yield this.git.config(hostIncludeKey, credentialsConfigPath); yield this.git.config(hostIncludeKey, credentialsConfigPath);
// Configure host includeIf for worktrees
const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`;
yield this.git.config(hostWorktreeIncludeKey, credentialsConfigPath);
// Container git directory // Container git directory
const workingDirectory = this.git.getWorkingDirectory(); const workingDirectory = this.git.getWorkingDirectory();
const githubWorkspace = process.env['GITHUB_WORKSPACE']; const githubWorkspace = process.env['GITHUB_WORKSPACE'];
@@ -427,9 +424,6 @@ class GitAuthHelper {
// Configure container includeIf // Configure container includeIf
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`; const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
yield this.git.config(containerIncludeKey, containerCredentialsPath); yield this.git.config(containerIncludeKey, containerCredentialsPath);
// Configure container includeIf for worktrees
const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`;
yield this.git.config(containerWorktreeIncludeKey, containerCredentialsPath);
} }
}); });
} }
@@ -653,6 +647,7 @@ const fs = __importStar(__nccwpck_require__(7147));
const fshelper = __importStar(__nccwpck_require__(7219)); const fshelper = __importStar(__nccwpck_require__(7219));
const io = __importStar(__nccwpck_require__(7436)); const io = __importStar(__nccwpck_require__(7436));
const path = __importStar(__nccwpck_require__(1017)); const path = __importStar(__nccwpck_require__(1017));
const refHelper = __importStar(__nccwpck_require__(8601));
const regexpHelper = __importStar(__nccwpck_require__(3120)); const regexpHelper = __importStar(__nccwpck_require__(3120));
const retryHelper = __importStar(__nccwpck_require__(2155)); const retryHelper = __importStar(__nccwpck_require__(2155));
const git_version_1 = __nccwpck_require__(3142); const git_version_1 = __nccwpck_require__(3142);
@@ -830,9 +825,9 @@ class GitCommandManager {
fetch(refSpec, options) { fetch(refSpec, options) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const args = ['-c', 'protocol.version=2', 'fetch']; const args = ['-c', 'protocol.version=2', 'fetch'];
// Always use --no-tags for explicit control over tag fetching if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) {
// Tags are fetched explicitly via refspec when needed args.push('--no-tags');
args.push('--no-tags'); }
args.push('--prune', '--no-recurse-submodules'); args.push('--prune', '--no-recurse-submodules');
if (options.showProgress) { if (options.showProgress) {
args.push('--progress'); args.push('--progress');
@@ -896,14 +891,9 @@ class GitCommandManager {
getWorkingDirectory() { getWorkingDirectory() {
return this.workingDirectory; return this.workingDirectory;
} }
init(objectFormat) { init() {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const args = ['init']; yield this.execGit(['init', this.workingDirectory]);
if (objectFormat === 'sha256') {
args.push('--object-format=sha256');
}
args.push(this.workingDirectory);
yield this.execGit(args);
}); });
} }
isDetached() { isDetached() {
@@ -1210,17 +1200,7 @@ class GitCommandManager {
} }
} }
// Set the user agent // Set the user agent
let gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`; const gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`;
// Append orchestration ID if set
const orchId = process.env['ACTIONS_ORCHESTRATION_ID'];
if (orchId) {
// Sanitize the orchestration ID to ensure it contains only valid characters
// Valid characters: 0-9, a-z, _, -, .
const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_');
if (sanitizedId) {
gitHttpUserAgent = `${gitHttpUserAgent} actions_orchestration_id/${sanitizedId}`;
}
}
core.debug(`Set git useragent to: ${gitHttpUserAgent}`); core.debug(`Set git useragent to: ${gitHttpUserAgent}`);
this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent; this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent;
}); });
@@ -1491,17 +1471,8 @@ function getSource(settings) {
stateHelper.setRepositoryPath(settings.repositoryPath); stateHelper.setRepositoryPath(settings.repositoryPath);
// Initialize the repository // Initialize the repository
if (!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))) { if (!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))) {
core.startGroup('Determining repository object format');
const objectFormatResult = yield githubApiHelper.tryGetRepositoryObjectFormat(settings.authToken, settings.repositoryOwner, settings.repositoryName, settings.githubServerUrl, settings.commit);
const objectFormat = objectFormatResult.succeeded
? objectFormatResult.format
: '';
if (objectFormat === 'sha256') {
core.info('Detected SHA-256 repository object format');
}
core.endGroup();
core.startGroup('Initializing the repository'); core.startGroup('Initializing the repository');
yield git.init(objectFormat); yield git.init();
yield git.remoteAdd('origin', repositoryUrl); yield git.remoteAdd('origin', repositoryUrl);
core.endGroup(); core.endGroup();
} }
@@ -1552,26 +1523,13 @@ function getSource(settings) {
if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) { if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) {
refSpec = refHelper.getRefSpec(settings.ref, settings.commit); refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
yield git.fetch(refSpec, fetchOptions); yield git.fetch(refSpec, fetchOptions);
// Verify the ref now matches. For branches, the targeted fetch above brings
// in the specific commit. For tags (fetched by ref), this will fail if
// the tag was moved after the workflow was triggered.
if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) {
throw new Error(`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
`The ref may have been updated after the workflow was triggered.`);
}
} }
} }
else { else {
fetchOptions.fetchDepth = settings.fetchDepth; fetchOptions.fetchDepth = settings.fetchDepth;
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit, settings.fetchTags); fetchOptions.fetchTags = settings.fetchTags;
const refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
yield git.fetch(refSpec, fetchOptions); yield git.fetch(refSpec, fetchOptions);
// For tags, verify the ref still points to the expected commit.
// Tags are fetched by ref (not commit), so if a tag was moved after the
// workflow was triggered, we would silently check out the wrong commit.
if (!(yield refHelper.testRef(git, settings.ref, settings.commit))) {
throw new Error(`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
`The ref may have been updated after the workflow was triggered.`);
}
} }
core.endGroup(); core.endGroup();
// Checkout info // Checkout info
@@ -1635,6 +1593,15 @@ function getSource(settings) {
core.setOutput('commit', commitSHA.trim()); core.setOutput('commit', commitSHA.trim());
// Check for incorrect pull request merge commit // Check for incorrect pull request merge commit
yield refHelper.checkCommitInfo(settings.authToken, commitInfo, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit, settings.githubServerUrl); yield refHelper.checkCommitInfo(settings.authToken, commitInfo, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit, settings.githubServerUrl);
if (settings.gitUser) {
if (!(yield git.configExists('user.name', true))) {
yield git.config('user.name', settings.gitUser, true);
}
if (!(yield git.configExists('user.email', true))) {
const userId = yield githubApiHelper.getUserId(settings.gitUser, settings.authToken, settings.githubServerUrl);
yield git.config('user.email', `${userId}+${settings.gitUser}@users.noreply.github.com`, true);
}
}
} }
finally { finally {
// Remove auth // Remove auth
@@ -1824,7 +1791,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
Object.defineProperty(exports, "__esModule", ({ value: true })); Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.downloadRepository = downloadRepository; exports.downloadRepository = downloadRepository;
exports.getDefaultBranch = getDefaultBranch; exports.getDefaultBranch = getDefaultBranch;
exports.tryGetRepositoryObjectFormat = tryGetRepositoryObjectFormat; exports.getUserId = getUserId;
const assert = __importStar(__nccwpck_require__(9491)); const assert = __importStar(__nccwpck_require__(9491));
const core = __importStar(__nccwpck_require__(2186)); const core = __importStar(__nccwpck_require__(2186));
const fs = __importStar(__nccwpck_require__(7147)); const fs = __importStar(__nccwpck_require__(7147));
@@ -1926,40 +1893,6 @@ function getDefaultBranch(authToken, owner, repo, baseUrl) {
})); }));
}); });
} }
function tryGetRepositoryObjectFormat(authToken, owner, repo, baseUrl, commit) {
return __awaiter(this, void 0, void 0, function* () {
var _a;
const commitFormat = getObjectFormat(commit);
if (commitFormat) {
return { format: commitFormat, succeeded: true };
}
try {
const octokit = github.getOctokit(authToken, {
baseUrl: (0, url_helper_1.getServerApiUrl)(baseUrl)
});
const response = yield octokit.request('GET /repos/{owner}/{repo}/hash-algorithm', { owner, repo });
const hashAlgorithm = response.data.hash_algorithm;
if (hashAlgorithm === 'sha256' || hashAlgorithm === 'sha1') {
return { format: hashAlgorithm, succeeded: true };
}
core.debug('Unable to determine repository object format from hash-algorithm endpoint');
return { format: '', succeeded: false };
}
catch (err) {
core.debug(`Unable to determine repository object format from hash-algorithm endpoint: ${(_a = err === null || err === void 0 ? void 0 : err.message) !== null && _a !== void 0 ? _a : err}`);
return { format: '', succeeded: false };
}
});
}
function getObjectFormat(sha) {
if (/^[0-9a-fA-F]{64}$/.test(sha || '')) {
return 'sha256';
}
if (/^[0-9a-fA-F]{40}$/.test(sha || '')) {
return 'sha1';
}
return '';
}
function downloadArchive(authToken, owner, repo, ref, commit, baseUrl) { function downloadArchive(authToken, owner, repo, ref, commit, baseUrl) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
const octokit = github.getOctokit(authToken, { const octokit = github.getOctokit(authToken, {
@@ -1976,6 +1909,15 @@ function downloadArchive(authToken, owner, repo, ref, commit, baseUrl) {
return Buffer.from(response.data); // response.data is ArrayBuffer return Buffer.from(response.data); // response.data is ArrayBuffer
}); });
} }
function getUserId(username, authToken, baseUrl) {
return __awaiter(this, void 0, void 0, function* () {
const octokit = github.getOctokit(authToken, {
baseUrl: (0, url_helper_1.getServerApiUrl)(baseUrl)
});
const user = yield octokit.rest.users.getByUsername({ username, });
return user.data.id;
});
}
/***/ }), /***/ }),
@@ -2070,7 +2012,7 @@ function getInputs() {
} }
} }
// SHA? // SHA?
else if (result.ref.match(/^(?:[0-9a-fA-F]{40}|[0-9a-fA-F]{64})$/)) { else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
result.commit = result.ref; result.commit = result.ref;
result.ref = ''; result.ref = '';
} }
@@ -2126,6 +2068,8 @@ function getInputs() {
core.debug(`recursive submodules = ${result.nestedSubmodules}`); core.debug(`recursive submodules = ${result.nestedSubmodules}`);
// Auth token // Auth token
result.authToken = core.getInput('token', { required: true }); result.authToken = core.getInput('token', { required: true });
// Git user
result.gitUser = core.getInput('git-user') || 'github-action[bot]';
// SSH // SSH
result.sshKey = core.getInput('ssh-key'); result.sshKey = core.getInput('ssh-key');
result.sshKnownHosts = core.getInput('ssh-known-hosts'); result.sshKnownHosts = core.getInput('ssh-known-hosts');
@@ -2345,67 +2289,53 @@ function getRefSpecForAllHistory(ref, commit) {
} }
return result; return result;
} }
function getRefSpec(ref, commit, fetchTags) { function getRefSpec(ref, commit) {
if (!ref && !commit) { if (!ref && !commit) {
throw new Error('Args ref and commit cannot both be empty'); throw new Error('Args ref and commit cannot both be empty');
} }
const upperRef = (ref || '').toUpperCase(); const upperRef = (ref || '').toUpperCase();
const result = [];
// When fetchTags is true, always include the tags refspec
if (fetchTags) {
result.push(exports.tagsRefSpec);
}
// SHA // SHA
if (commit) { if (commit) {
// refs/heads // refs/heads
if (upperRef.startsWith('REFS/HEADS/')) { if (upperRef.startsWith('REFS/HEADS/')) {
const branch = ref.substring('refs/heads/'.length); const branch = ref.substring('refs/heads/'.length);
result.push(`+${commit}:refs/remotes/origin/${branch}`); return [`+${commit}:refs/remotes/origin/${branch}`];
} }
// refs/pull/ // refs/pull/
else if (upperRef.startsWith('REFS/PULL/')) { else if (upperRef.startsWith('REFS/PULL/')) {
const branch = ref.substring('refs/pull/'.length); const branch = ref.substring('refs/pull/'.length);
result.push(`+${commit}:refs/remotes/pull/${branch}`); return [`+${commit}:refs/remotes/pull/${branch}`];
} }
// refs/tags/ // refs/tags/
else if (upperRef.startsWith('REFS/TAGS/')) { else if (upperRef.startsWith('REFS/TAGS/')) {
if (!fetchTags) { return [`+${commit}:${ref}`];
result.push(`+${ref}:${ref}`);
}
} }
// Otherwise no destination ref // Otherwise no destination ref
else { else {
result.push(commit); return [commit];
} }
} }
// Unqualified ref, check for a matching branch or tag // Unqualified ref, check for a matching branch or tag
else if (!upperRef.startsWith('REFS/')) { else if (!upperRef.startsWith('REFS/')) {
result.push(`+refs/heads/${ref}*:refs/remotes/origin/${ref}*`); return [
if (!fetchTags) { `+refs/heads/${ref}*:refs/remotes/origin/${ref}*`,
result.push(`+refs/tags/${ref}*:refs/tags/${ref}*`); `+refs/tags/${ref}*:refs/tags/${ref}*`
} ];
} }
// refs/heads/ // refs/heads/
else if (upperRef.startsWith('REFS/HEADS/')) { else if (upperRef.startsWith('REFS/HEADS/')) {
const branch = ref.substring('refs/heads/'.length); const branch = ref.substring('refs/heads/'.length);
result.push(`+${ref}:refs/remotes/origin/${branch}`); return [`+${ref}:refs/remotes/origin/${branch}`];
} }
// refs/pull/ // refs/pull/
else if (upperRef.startsWith('REFS/PULL/')) { else if (upperRef.startsWith('REFS/PULL/')) {
const branch = ref.substring('refs/pull/'.length); const branch = ref.substring('refs/pull/'.length);
result.push(`+${ref}:refs/remotes/pull/${branch}`); return [`+${ref}:refs/remotes/pull/${branch}`];
} }
// refs/tags/ // refs/tags/
else if (upperRef.startsWith('REFS/TAGS/')) {
if (!fetchTags) {
result.push(`+${ref}:${ref}`);
}
}
// Other refs
else { else {
result.push(`+${ref}:${ref}`); return [`+${ref}:${ref}`];
} }
return result;
} }
/** /**
* Tests whether the initial fetch created the ref at the expected commit * Tests whether the initial fetch created the ref at the expected commit
@@ -2441,9 +2371,7 @@ function testRef(git, ref, commit) {
// refs/tags/ // refs/tags/
else if (upperRef.startsWith('REFS/TAGS/')) { else if (upperRef.startsWith('REFS/TAGS/')) {
const tagName = ref.substring('refs/tags/'.length); const tagName = ref.substring('refs/tags/'.length);
// Use ^{commit} to dereference annotated tags to their underlying commit return ((yield git.tagExists(tagName)) && commit === (yield git.revParse(ref)));
return ((yield git.tagExists(tagName)) &&
commit === (yield git.revParse(`${ref}^{commit}`)));
} }
// Unexpected // Unexpected
else { else {
@@ -2493,7 +2421,7 @@ function checkCommitInfo(token, commitInfo, repositoryOwner, repositoryName, ref
return; return;
} }
// Extract details from message // Extract details from message
const match = commitInfo.match(/Merge ([0-9a-f]{40}|[0-9a-f]{64}) into ([0-9a-f]{40}|[0-9a-f]{64})/); const match = commitInfo.match(/Merge ([0-9a-f]{40}) into ([0-9a-f]{40})/);
if (!match) { if (!match) {
core.debug('Unexpected message format'); core.debug('Unexpected message format');
return; return;

11
src/git-auth-helper.ts
View File

@@ -374,10 +374,6 @@ class GitAuthHelper {
const hostIncludeKey = `includeIf.gitdir:${gitDir}.path` const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
await this.git.config(hostIncludeKey, credentialsConfigPath) await this.git.config(hostIncludeKey, credentialsConfigPath)
// Configure host includeIf for worktrees
const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`
await this.git.config(hostWorktreeIncludeKey, credentialsConfigPath)
// Container git directory // Container git directory
const workingDirectory = this.git.getWorkingDirectory() const workingDirectory = this.git.getWorkingDirectory()
const githubWorkspace = process.env['GITHUB_WORKSPACE'] const githubWorkspace = process.env['GITHUB_WORKSPACE']
@@ -399,13 +395,6 @@ class GitAuthHelper {
// Configure container includeIf // Configure container includeIf
const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path` const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
await this.git.config(containerIncludeKey, containerCredentialsPath) await this.git.config(containerIncludeKey, containerCredentialsPath)
// Configure container includeIf for worktrees
const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`
await this.git.config(
containerWorktreeIncludeKey,
containerCredentialsPath
)
} }
} }

34
src/git-command-manager.ts
View File

@@ -37,13 +37,14 @@ export interface IGitCommandManager {
options: { options: {
filter?: string filter?: string
fetchDepth?: number fetchDepth?: number
fetchTags?: boolean
showProgress?: boolean showProgress?: boolean
} }
): Promise<void> ): Promise<void>
getDefaultBranch(repositoryUrl: string): Promise<string> getDefaultBranch(repositoryUrl: string): Promise<string>
getSubmoduleConfigPaths(recursive: boolean): Promise<string[]> getSubmoduleConfigPaths(recursive: boolean): Promise<string[]>
getWorkingDirectory(): string getWorkingDirectory(): string
init(objectFormat?: string): Promise<void> init(): Promise<void>
isDetached(): Promise<boolean> isDetached(): Promise<boolean>
lfsFetch(ref: string): Promise<void> lfsFetch(ref: string): Promise<void>
lfsInstall(): Promise<void> lfsInstall(): Promise<void>
@@ -279,13 +280,14 @@ class GitCommandManager {
options: { options: {
filter?: string filter?: string
fetchDepth?: number fetchDepth?: number
fetchTags?: boolean
showProgress?: boolean showProgress?: boolean
} }
): Promise<void> { ): Promise<void> {
const args = ['-c', 'protocol.version=2', 'fetch'] const args = ['-c', 'protocol.version=2', 'fetch']
// Always use --no-tags for explicit control over tag fetching if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) {
// Tags are fetched explicitly via refspec when needed args.push('--no-tags')
args.push('--no-tags') }
args.push('--prune', '--no-recurse-submodules') args.push('--prune', '--no-recurse-submodules')
if (options.showProgress) { if (options.showProgress) {
@@ -364,14 +366,8 @@ class GitCommandManager {
return this.workingDirectory return this.workingDirectory
} }
async init(objectFormat?: string): Promise<void> { async init(): Promise<void> {
const args = ['init'] await this.execGit(['init', this.workingDirectory])
if (objectFormat === 'sha256') {
args.push('--object-format=sha256')
}
args.push(this.workingDirectory)
await this.execGit(args)
} }
async isDetached(): Promise<boolean> { async isDetached(): Promise<boolean> {
@@ -734,19 +730,7 @@ class GitCommandManager {
} }
} }
// Set the user agent // Set the user agent
let gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)` const gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`
// Append orchestration ID if set
const orchId = process.env['ACTIONS_ORCHESTRATION_ID']
if (orchId) {
// Sanitize the orchestration ID to ensure it contains only valid characters
// Valid characters: 0-9, a-z, _, -, .
const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_')
if (sanitizedId) {
gitHttpUserAgent = `${gitHttpUserAgent} actions_orchestration_id/${sanitizedId}`
}
}
core.debug(`Set git useragent to: ${gitHttpUserAgent}`) core.debug(`Set git useragent to: ${gitHttpUserAgent}`)
this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent
} }

64
src/git-source-provider.ts
View File

@@ -109,25 +109,8 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
if ( if (
!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git')) !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
) { ) {
core.startGroup('Determining repository object format')
const objectFormatResult =
await githubApiHelper.tryGetRepositoryObjectFormat(
settings.authToken,
settings.repositoryOwner,
settings.repositoryName,
settings.githubServerUrl,
settings.commit
)
const objectFormat = objectFormatResult.succeeded
? objectFormatResult.format
: ''
if (objectFormat === 'sha256') {
core.info('Detected SHA-256 repository object format')
}
core.endGroup()
core.startGroup('Initializing the repository') core.startGroup('Initializing the repository')
await git.init(objectFormat) await git.init()
await git.remoteAdd('origin', repositoryUrl) await git.remoteAdd('origin', repositoryUrl)
core.endGroup() core.endGroup()
} }
@@ -176,6 +159,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
const fetchOptions: { const fetchOptions: {
filter?: string filter?: string
fetchDepth?: number fetchDepth?: number
fetchTags?: boolean
showProgress?: boolean showProgress?: boolean
} = {} } = {}
@@ -198,35 +182,12 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) { if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
refSpec = refHelper.getRefSpec(settings.ref, settings.commit) refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
await git.fetch(refSpec, fetchOptions) await git.fetch(refSpec, fetchOptions)
// Verify the ref now matches. For branches, the targeted fetch above brings
// in the specific commit. For tags (fetched by ref), this will fail if
// the tag was moved after the workflow was triggered.
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
throw new Error(
`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
`The ref may have been updated after the workflow was triggered.`
)
}
} }
} else { } else {
fetchOptions.fetchDepth = settings.fetchDepth fetchOptions.fetchDepth = settings.fetchDepth
const refSpec = refHelper.getRefSpec( fetchOptions.fetchTags = settings.fetchTags
settings.ref, const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
settings.commit,
settings.fetchTags
)
await git.fetch(refSpec, fetchOptions) await git.fetch(refSpec, fetchOptions)
// For tags, verify the ref still points to the expected commit.
// Tags are fetched by ref (not commit), so if a tag was moved after the
// workflow was triggered, we would silently check out the wrong commit.
if (!(await refHelper.testRef(git, settings.ref, settings.commit))) {
throw new Error(
`The ref '${settings.ref}' does not point to the expected commit '${settings.commit}'. ` +
`The ref may have been updated after the workflow was triggered.`
)
}
} }
core.endGroup() core.endGroup()
@@ -313,6 +274,23 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
settings.commit, settings.commit,
settings.githubServerUrl settings.githubServerUrl
) )
if (settings.gitUser) {
if (!(await git.configExists('user.name', true))) {
await git.config('user.name', settings.gitUser, true)
}
if (!(await git.configExists('user.email', true))) {
const userId = await githubApiHelper.getUserId(
settings.gitUser,
settings.authToken,
settings.githubServerUrl
)
await git.config(
'user.email',
`${userId}+${settings.gitUser}@users.noreply.github.com`,
true
)
}
}
} finally { } finally {
// Remove auth // Remove auth
if (authHelper) { if (authHelper) {

5
src/git-source-settings.ts
View File

@@ -79,6 +79,11 @@ export interface IGitSourceSettings {
*/ */
authToken: string authToken: string
/**
* A github user slug to set a default user name and email in the local git config
*/
gitUser: string
/** /**
* The SSH key to configure * The SSH key to configure
*/ */

64
src/github-api-helper.ts
View File

@@ -11,11 +11,6 @@ import {getServerApiUrl} from './url-helper'
const IS_WINDOWS = process.platform === 'win32' const IS_WINDOWS = process.platform === 'win32'
export interface RepositoryObjectFormatResult {
format: string
succeeded: boolean
}
export async function downloadRepository( export async function downloadRepository(
authToken: string, authToken: string,
owner: string, owner: string,
@@ -127,53 +122,6 @@ export async function getDefaultBranch(
}) })
} }
export async function tryGetRepositoryObjectFormat(
authToken: string,
owner: string,
repo: string,
baseUrl?: string,
commit?: string
): Promise<RepositoryObjectFormatResult> {
const commitFormat = getObjectFormat(commit)
if (commitFormat) {
return {format: commitFormat, succeeded: true}
}
try {
const octokit = github.getOctokit(authToken, {
baseUrl: getServerApiUrl(baseUrl)
})
const response = await octokit.request(
'GET /repos/{owner}/{repo}/hash-algorithm',
{owner, repo}
)
const hashAlgorithm = response.data.hash_algorithm
if (hashAlgorithm === 'sha256' || hashAlgorithm === 'sha1') {
return {format: hashAlgorithm, succeeded: true}
}
core.debug(
'Unable to determine repository object format from hash-algorithm endpoint'
)
return {format: '', succeeded: false}
} catch (err) {
core.debug(
`Unable to determine repository object format from hash-algorithm endpoint: ${(err as any)?.message ?? err}`
)
return {format: '', succeeded: false}
}
}
function getObjectFormat(sha?: string): string {
if (/^[0-9a-fA-F]{64}$/.test(sha || '')) {
return 'sha256'
}
if (/^[0-9a-fA-F]{40}$/.test(sha || '')) {
return 'sha1'
}
return ''
}
async function downloadArchive( async function downloadArchive(
authToken: string, authToken: string,
owner: string, owner: string,
@@ -195,3 +143,15 @@ async function downloadArchive(
}) })
return Buffer.from(response.data as ArrayBuffer) // response.data is ArrayBuffer return Buffer.from(response.data as ArrayBuffer) // response.data is ArrayBuffer
} }
export async function getUserId(
username: string,
authToken: string,
baseUrl?: string
): Promise<number> {
const octokit = github.getOctokit(authToken, {
baseUrl: getServerApiUrl(baseUrl)
})
const user = await octokit.rest.users.getByUsername({username})
return user.data.id
}

5
src/input-helper.ts
View File

@@ -71,7 +71,7 @@ export async function getInputs(): Promise<IGitSourceSettings> {
} }
} }
// SHA? // SHA?
else if (result.ref.match(/^(?:[0-9a-fA-F]{40}|[0-9a-fA-F]{64})$/)) { else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
result.commit = result.ref result.commit = result.ref
result.ref = '' result.ref = ''
} }
@@ -138,6 +138,9 @@ export async function getInputs(): Promise<IGitSourceSettings> {
// Auth token // Auth token
result.authToken = core.getInput('token', {required: true}) result.authToken = core.getInput('token', {required: true})
// Git user
result.gitUser = core.getInput('git-user') || 'github-action[bot]'
// SSH // SSH
result.sshKey = core.getInput('ssh-key') result.sshKey = core.getInput('ssh-key')
result.sshKnownHosts = core.getInput('ssh-known-hosts') result.sshKnownHosts = core.getInput('ssh-known-hosts')

52
src/ref-helper.ts
View File

@@ -76,75 +76,55 @@ export function getRefSpecForAllHistory(ref: string, commit: string): string[] {
return result return result
} }
export function getRefSpec( export function getRefSpec(ref: string, commit: string): string[] {
ref: string,
commit: string,
fetchTags?: boolean
): string[] {
if (!ref && !commit) { if (!ref && !commit) {
throw new Error('Args ref and commit cannot both be empty') throw new Error('Args ref and commit cannot both be empty')
} }
const upperRef = (ref || '').toUpperCase() const upperRef = (ref || '').toUpperCase()
const result: string[] = []
// When fetchTags is true, always include the tags refspec
if (fetchTags) {
result.push(tagsRefSpec)
}
// SHA // SHA
if (commit) { if (commit) {
// refs/heads // refs/heads
if (upperRef.startsWith('REFS/HEADS/')) { if (upperRef.startsWith('REFS/HEADS/')) {
const branch = ref.substring('refs/heads/'.length) const branch = ref.substring('refs/heads/'.length)
result.push(`+${commit}:refs/remotes/origin/${branch}`) return [`+${commit}:refs/remotes/origin/${branch}`]
} }
// refs/pull/ // refs/pull/
else if (upperRef.startsWith('REFS/PULL/')) { else if (upperRef.startsWith('REFS/PULL/')) {
const branch = ref.substring('refs/pull/'.length) const branch = ref.substring('refs/pull/'.length)
result.push(`+${commit}:refs/remotes/pull/${branch}`) return [`+${commit}:refs/remotes/pull/${branch}`]
} }
// refs/tags/ // refs/tags/
else if (upperRef.startsWith('REFS/TAGS/')) { else if (upperRef.startsWith('REFS/TAGS/')) {
if (!fetchTags) { return [`+${commit}:${ref}`]
result.push(`+${ref}:${ref}`)
}
} }
// Otherwise no destination ref // Otherwise no destination ref
else { else {
result.push(commit) return [commit]
} }
} }
// Unqualified ref, check for a matching branch or tag // Unqualified ref, check for a matching branch or tag
else if (!upperRef.startsWith('REFS/')) { else if (!upperRef.startsWith('REFS/')) {
result.push(`+refs/heads/${ref}*:refs/remotes/origin/${ref}*`) return [
if (!fetchTags) { `+refs/heads/${ref}*:refs/remotes/origin/${ref}*`,
result.push(`+refs/tags/${ref}*:refs/tags/${ref}*`) `+refs/tags/${ref}*:refs/tags/${ref}*`
} ]
} }
// refs/heads/ // refs/heads/
else if (upperRef.startsWith('REFS/HEADS/')) { else if (upperRef.startsWith('REFS/HEADS/')) {
const branch = ref.substring('refs/heads/'.length) const branch = ref.substring('refs/heads/'.length)
result.push(`+${ref}:refs/remotes/origin/${branch}`) return [`+${ref}:refs/remotes/origin/${branch}`]
} }
// refs/pull/ // refs/pull/
else if (upperRef.startsWith('REFS/PULL/')) { else if (upperRef.startsWith('REFS/PULL/')) {
const branch = ref.substring('refs/pull/'.length) const branch = ref.substring('refs/pull/'.length)
result.push(`+${ref}:refs/remotes/pull/${branch}`) return [`+${ref}:refs/remotes/pull/${branch}`]
} }
// refs/tags/ // refs/tags/
else if (upperRef.startsWith('REFS/TAGS/')) {
if (!fetchTags) {
result.push(`+${ref}:${ref}`)
}
}
// Other refs
else { else {
result.push(`+${ref}:${ref}`) return [`+${ref}:${ref}`]
} }
return result
} }
/** /**
@@ -190,10 +170,8 @@ export async function testRef(
// refs/tags/ // refs/tags/
else if (upperRef.startsWith('REFS/TAGS/')) { else if (upperRef.startsWith('REFS/TAGS/')) {
const tagName = ref.substring('refs/tags/'.length) const tagName = ref.substring('refs/tags/'.length)
// Use ^{commit} to dereference annotated tags to their underlying commit
return ( return (
(await git.tagExists(tagName)) && (await git.tagExists(tagName)) && commit === (await git.revParse(ref))
commit === (await git.revParse(`${ref}^{commit}`))
) )
} }
// Unexpected // Unexpected
@@ -258,9 +236,7 @@ export async function checkCommitInfo(
} }
// Extract details from message // Extract details from message
const match = commitInfo.match( const match = commitInfo.match(/Merge ([0-9a-f]{40}) into ([0-9a-f]{40})/)
/Merge ([0-9a-f]{40}|[0-9a-f]{64}) into ([0-9a-f]{40}|[0-9a-f]{64})/
)
if (!match) { if (!match) {
core.debug('Unexpected message format') core.debug('Unexpected message format')
return return