mirror of
https://code.forgejo.org/actions/checkout.git
synced 2024-11-24 04:29:16 +01:00
chore: upgrade Prettier to v2 and run on full repo
This commit is contained in:
parent
1f9a0c22da
commit
2f7f8896e5
27 changed files with 247 additions and 211 deletions
12
.editorconfig
Normal file
12
.editorconfig
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# EditorConfig is awesome: https://EditorConfig.org
|
||||||
|
|
||||||
|
# top-most EditorConfig file
|
||||||
|
root = true
|
||||||
|
|
||||||
|
[*]
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 2
|
||||||
|
end_of_line = lf
|
||||||
|
charset = utf-8
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
insert_final_newline = true
|
|
@ -12,12 +12,18 @@
|
||||||
"import/no-namespace": "off",
|
"import/no-namespace": "off",
|
||||||
"no-unused-vars": "off",
|
"no-unused-vars": "off",
|
||||||
"@typescript-eslint/no-unused-vars": "error",
|
"@typescript-eslint/no-unused-vars": "error",
|
||||||
"@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
|
"@typescript-eslint/explicit-member-accessibility": [
|
||||||
|
"error",
|
||||||
|
{"accessibility": "no-public"}
|
||||||
|
],
|
||||||
"@typescript-eslint/no-require-imports": "error",
|
"@typescript-eslint/no-require-imports": "error",
|
||||||
"@typescript-eslint/array-type": "error",
|
"@typescript-eslint/array-type": "error",
|
||||||
"@typescript-eslint/await-thenable": "error",
|
"@typescript-eslint/await-thenable": "error",
|
||||||
"camelcase": "off",
|
"camelcase": "off",
|
||||||
"@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
|
"@typescript-eslint/explicit-function-return-type": [
|
||||||
|
"error",
|
||||||
|
{"allowExpressions": true}
|
||||||
|
],
|
||||||
"@typescript-eslint/func-call-spacing": ["error", "never"],
|
"@typescript-eslint/func-call-spacing": ["error", "never"],
|
||||||
"@typescript-eslint/no-array-constructor": "error",
|
"@typescript-eslint/no-array-constructor": "error",
|
||||||
"@typescript-eslint/no-empty-interface": "error",
|
"@typescript-eslint/no-empty-interface": "error",
|
||||||
|
|
1
.gitattributes
vendored
1
.gitattributes
vendored
|
@ -1 +1,2 @@
|
||||||
|
* text=auto eol=lf
|
||||||
.licenses/** -diff linguist-generated=true
|
.licenses/** -diff linguist-generated=true
|
38
.github/workflows/codeql-analysis.yml
vendored
38
.github/workflows/codeql-analysis.yml
vendored
|
@ -9,14 +9,14 @@
|
||||||
# the `language` matrix defined below to confirm you have the correct set of
|
# the `language` matrix defined below to confirm you have the correct set of
|
||||||
# supported CodeQL languages.
|
# supported CodeQL languages.
|
||||||
#
|
#
|
||||||
name: "CodeQL"
|
name: 'CodeQL'
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: [ main ]
|
branches: [main]
|
||||||
pull_request:
|
pull_request:
|
||||||
# The branches below must be a subset of the branches above
|
# The branches below must be a subset of the branches above
|
||||||
branches: [ main ]
|
branches: [main]
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '28 9 * * 0'
|
- cron: '28 9 * * 0'
|
||||||
|
|
||||||
|
@ -32,27 +32,27 @@ jobs:
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
language: [ 'javascript' ]
|
language: ['javascript']
|
||||||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
|
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
|
||||||
# Learn more:
|
# Learn more:
|
||||||
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
|
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@v1
|
uses: github/codeql-action/init@v1
|
||||||
with:
|
with:
|
||||||
languages: ${{ matrix.language }}
|
languages: ${{ matrix.language }}
|
||||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||||
# By default, queries listed here will override any specified in a config file.
|
# By default, queries listed here will override any specified in a config file.
|
||||||
# Prefix the list here with "+" to use these queries and those in the config file.
|
# Prefix the list here with "+" to use these queries and those in the config file.
|
||||||
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
||||||
|
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
- run: npm run build
|
- run: npm run build
|
||||||
- run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)
|
- run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
- name: Perform CodeQL Analysis
|
||||||
uses: github/codeql-action/analyze@v1
|
uses: github/codeql-action/analyze@v1
|
||||||
|
|
2
.github/workflows/licensed.yml
vendored
2
.github/workflows/licensed.yml
vendored
|
@ -11,4 +11,4 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- run: npm ci
|
- run: npm ci
|
||||||
- run: npm run licensed-check
|
- run: npm run licensed-check
|
||||||
|
|
4
.github/workflows/test.yml
vendored
4
.github/workflows/test.yml
vendored
|
@ -205,7 +205,7 @@ jobs:
|
||||||
path: basic
|
path: basic
|
||||||
- name: Verify basic
|
- name: Verify basic
|
||||||
run: __test__/verify-basic.sh --archive
|
run: __test__/verify-basic.sh --archive
|
||||||
|
|
||||||
test-git-container:
|
test-git-container:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: bitnami/git:latest
|
container: bitnami/git:latest
|
||||||
|
@ -242,4 +242,4 @@ jobs:
|
||||||
- name: Fix Checkout v3
|
- name: Fix Checkout v3
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: v3
|
path: v3
|
||||||
|
|
22
.github/workflows/update-main-version.yml
vendored
22
.github/workflows/update-main-version.yml
vendored
|
@ -17,14 +17,14 @@ jobs:
|
||||||
tag:
|
tag:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Git config
|
- name: Git config
|
||||||
run: |
|
run: |
|
||||||
git config user.name github-actions
|
git config user.name github-actions
|
||||||
git config user.email github-actions@github.com
|
git config user.email github-actions@github.com
|
||||||
- name: Tag new target
|
- name: Tag new target
|
||||||
run: git tag -f ${{ github.event.inputs.main_version }} ${{ github.event.inputs.target }}
|
run: git tag -f ${{ github.event.inputs.main_version }} ${{ github.event.inputs.target }}
|
||||||
- name: Push new tag
|
- name: Push new tag
|
||||||
run: git push origin ${{ github.event.inputs.main_version }} --force
|
run: git push origin ${{ github.event.inputs.main_version }} --force
|
||||||
|
|
|
@ -11,4 +11,4 @@ allowed:
|
||||||
- unlicense
|
- unlicense
|
||||||
|
|
||||||
reviewed:
|
reviewed:
|
||||||
npm:
|
npm:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
dist/
|
dist/
|
||||||
lib/
|
lib/
|
||||||
node_modules/
|
node_modules/
|
||||||
|
.licenses/
|
||||||
|
|
|
@ -6,6 +6,5 @@
|
||||||
"singleQuote": true,
|
"singleQuote": true,
|
||||||
"trailingComma": "none",
|
"trailingComma": "none",
|
||||||
"bracketSpacing": false,
|
"bracketSpacing": false,
|
||||||
"arrowParens": "avoid",
|
"arrowParens": "avoid"
|
||||||
"parser": "typescript"
|
}
|
||||||
}
|
|
||||||
|
|
|
@ -1,13 +1,16 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
## v3.1.0
|
## v3.1.0
|
||||||
|
|
||||||
- [Use @actions/core `saveState` and `getState`](https://github.com/actions/checkout/pull/939)
|
- [Use @actions/core `saveState` and `getState`](https://github.com/actions/checkout/pull/939)
|
||||||
- [Add `github-server-url` input](https://github.com/actions/checkout/pull/922)
|
- [Add `github-server-url` input](https://github.com/actions/checkout/pull/922)
|
||||||
|
|
||||||
## v3.0.2
|
## v3.0.2
|
||||||
|
|
||||||
- [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/770)
|
- [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/770)
|
||||||
|
|
||||||
## v3.0.1
|
## v3.0.1
|
||||||
|
|
||||||
- [Fixed an issue where checkout failed to run in container jobs due to the new git setting `safe.directory`](https://github.com/actions/checkout/pull/762)
|
- [Fixed an issue where checkout failed to run in container jobs due to the new git setting `safe.directory`](https://github.com/actions/checkout/pull/762)
|
||||||
- [Bumped various npm package versions](https://github.com/actions/checkout/pull/744)
|
- [Bumped various npm package versions](https://github.com/actions/checkout/pull/744)
|
||||||
|
|
||||||
|
@ -66,7 +69,6 @@
|
||||||
- Aligns better with container actions, where `github.workspace` gets mapped in
|
- Aligns better with container actions, where `github.workspace` gets mapped in
|
||||||
- Removed input `submodules`
|
- Removed input `submodules`
|
||||||
|
|
||||||
|
|
||||||
## v1
|
## v1
|
||||||
|
|
||||||
Refer [here](https://github.com/actions/checkout/blob/v1/CHANGELOG.md) for the V1 changelog
|
Refer [here](https://github.com/actions/checkout/blob/v1/CHANGELOG.md) for the V1 changelog
|
||||||
|
|
|
@ -18,6 +18,7 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
|
||||||
# Usage
|
# Usage
|
||||||
|
|
||||||
<!-- start usage -->
|
<!-- start usage -->
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
|
@ -102,6 +103,7 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
|
||||||
# https://my-ghes-server.example.com
|
# https://my-ghes-server.example.com
|
||||||
github-server-url: ''
|
github-server-url: ''
|
||||||
```
|
```
|
||||||
|
|
||||||
<!-- end usage -->
|
<!-- end usage -->
|
||||||
|
|
||||||
# Scenarios
|
# Scenarios
|
||||||
|
@ -187,7 +189,6 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
|
||||||
|
|
||||||
> - `${{ github.token }}` is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
|
> - `${{ github.token }}` is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
|
||||||
|
|
||||||
|
|
||||||
## Checkout pull request HEAD commit instead of merge commit
|
## Checkout pull request HEAD commit instead of merge commit
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
|
|
@ -169,8 +169,9 @@ describe('git-auth-helper tests', () => {
|
||||||
|
|
||||||
// Mock fs.promises.readFile
|
// Mock fs.promises.readFile
|
||||||
const realReadFile = fs.promises.readFile
|
const realReadFile = fs.promises.readFile
|
||||||
jest.spyOn(fs.promises, 'readFile').mockImplementation(
|
jest
|
||||||
async (file: any, options: any): Promise<Buffer> => {
|
.spyOn(fs.promises, 'readFile')
|
||||||
|
.mockImplementation(async (file: any, options: any): Promise<Buffer> => {
|
||||||
const userKnownHostsPath = path.join(
|
const userKnownHostsPath = path.join(
|
||||||
os.homedir(),
|
os.homedir(),
|
||||||
'.ssh',
|
'.ssh',
|
||||||
|
@ -181,8 +182,7 @@ describe('git-auth-helper tests', () => {
|
||||||
}
|
}
|
||||||
|
|
||||||
return await realReadFile(file, options)
|
return await realReadFile(file, options)
|
||||||
}
|
})
|
||||||
)
|
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
const authHelper = gitAuthHelper.createAuthHelper(git, settings)
|
||||||
|
|
|
@ -7,11 +7,11 @@ let git: IGitCommandManager
|
||||||
|
|
||||||
describe('ref-helper tests', () => {
|
describe('ref-helper tests', () => {
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
git = ({} as unknown) as IGitCommandManager
|
git = {} as unknown as IGitCommandManager
|
||||||
})
|
})
|
||||||
|
|
||||||
it('getCheckoutInfo requires git', async () => {
|
it('getCheckoutInfo requires git', async () => {
|
||||||
const git = (null as unknown) as IGitCommandManager
|
const git = null as unknown as IGitCommandManager
|
||||||
try {
|
try {
|
||||||
await refHelper.getCheckoutInfo(git, 'refs/heads/my/branch', commit)
|
await refHelper.getCheckoutInfo(git, 'refs/heads/my/branch', commit)
|
||||||
throw new Error('Should not reach here')
|
throw new Error('Should not reach here')
|
||||||
|
|
|
@ -68,7 +68,7 @@ describe('retry-helper tests', () => {
|
||||||
|
|
||||||
it('all attempts fail succeeds', async () => {
|
it('all attempts fail succeeds', async () => {
|
||||||
let attempts = 0
|
let attempts = 0
|
||||||
let error: Error = (null as unknown) as Error
|
let error: Error = null as unknown as Error
|
||||||
try {
|
try {
|
||||||
await retryHelper.execute(() => {
|
await retryHelper.execute(() => {
|
||||||
throw new Error(`some error ${++attempts}`)
|
throw new Error(`some error ${++attempts}`)
|
||||||
|
|
160
action.yml
160
action.yml
|
@ -1,80 +1,80 @@
|
||||||
name: 'Checkout'
|
name: 'Checkout'
|
||||||
description: 'Checkout a Git repository at a particular version'
|
description: 'Checkout a Git repository at a particular version'
|
||||||
inputs:
|
inputs:
|
||||||
repository:
|
repository:
|
||||||
description: 'Repository name with owner. For example, actions/checkout'
|
description: 'Repository name with owner. For example, actions/checkout'
|
||||||
default: ${{ github.repository }}
|
default: ${{ github.repository }}
|
||||||
ref:
|
ref:
|
||||||
description: >
|
description: >
|
||||||
The branch, tag or SHA to checkout. When checking out the repository that
|
The branch, tag or SHA to checkout. When checking out the repository that
|
||||||
triggered a workflow, this defaults to the reference or SHA for that
|
triggered a workflow, this defaults to the reference or SHA for that
|
||||||
event. Otherwise, uses the default branch.
|
event. Otherwise, uses the default branch.
|
||||||
token:
|
token:
|
||||||
description: >
|
description: >
|
||||||
Personal access token (PAT) used to fetch the repository. The PAT is configured
|
Personal access token (PAT) used to fetch the repository. The PAT is configured
|
||||||
with the local git config, which enables your scripts to run authenticated git
|
with the local git config, which enables your scripts to run authenticated git
|
||||||
commands. The post-job step removes the PAT.
|
commands. The post-job step removes the PAT.
|
||||||
|
|
||||||
|
|
||||||
We recommend using a service account with the least permissions necessary.
|
We recommend using a service account with the least permissions necessary.
|
||||||
Also when generating a new PAT, select the least scopes necessary.
|
Also when generating a new PAT, select the least scopes necessary.
|
||||||
|
|
||||||
|
|
||||||
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
default: ${{ github.token }}
|
default: ${{ github.token }}
|
||||||
ssh-key:
|
ssh-key:
|
||||||
description: >
|
description: >
|
||||||
SSH key used to fetch the repository. The SSH key is configured with the local
|
SSH key used to fetch the repository. The SSH key is configured with the local
|
||||||
git config, which enables your scripts to run authenticated git commands.
|
git config, which enables your scripts to run authenticated git commands.
|
||||||
The post-job step removes the SSH key.
|
The post-job step removes the SSH key.
|
||||||
|
|
||||||
|
|
||||||
We recommend using a service account with the least permissions necessary.
|
We recommend using a service account with the least permissions necessary.
|
||||||
|
|
||||||
|
|
||||||
[Learn more about creating and using
|
[Learn more about creating and using
|
||||||
encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
ssh-known-hosts:
|
ssh-known-hosts:
|
||||||
description: >
|
description: >
|
||||||
Known hosts in addition to the user and global host key database. The public
|
Known hosts in addition to the user and global host key database. The public
|
||||||
SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
|
SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
|
||||||
`ssh-keyscan github.com`. The public key for github.com is always implicitly added.
|
`ssh-keyscan github.com`. The public key for github.com is always implicitly added.
|
||||||
ssh-strict:
|
ssh-strict:
|
||||||
description: >
|
description: >
|
||||||
Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
|
Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
|
||||||
and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
|
and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
|
||||||
configure additional hosts.
|
configure additional hosts.
|
||||||
default: true
|
default: true
|
||||||
persist-credentials:
|
persist-credentials:
|
||||||
description: 'Whether to configure the token or SSH key with the local git config'
|
description: 'Whether to configure the token or SSH key with the local git config'
|
||||||
default: true
|
default: true
|
||||||
path:
|
path:
|
||||||
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
||||||
clean:
|
clean:
|
||||||
description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
|
description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
|
||||||
default: true
|
default: true
|
||||||
fetch-depth:
|
fetch-depth:
|
||||||
description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.'
|
description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.'
|
||||||
default: 1
|
default: 1
|
||||||
lfs:
|
lfs:
|
||||||
description: 'Whether to download Git-LFS files'
|
description: 'Whether to download Git-LFS files'
|
||||||
default: false
|
default: false
|
||||||
submodules:
|
submodules:
|
||||||
description: >
|
description: >
|
||||||
Whether to checkout submodules: `true` to checkout submodules or `recursive` to
|
Whether to checkout submodules: `true` to checkout submodules or `recursive` to
|
||||||
recursively checkout submodules.
|
recursively checkout submodules.
|
||||||
|
|
||||||
|
|
||||||
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
||||||
converted to HTTPS.
|
converted to HTTPS.
|
||||||
default: false
|
default: false
|
||||||
set-safe-directory:
|
set-safe-directory:
|
||||||
description: Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory <path>`
|
description: Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory <path>`
|
||||||
default: true
|
default: true
|
||||||
github-server-url:
|
github-server-url:
|
||||||
description: The base URL for the GitHub instance that you are trying to clone from, will use environment defaults to fetch from the same instance that the workflow is running from unless specified. Example URLs are https://github.com or https://my-ghes-server.example.com
|
description: The base URL for the GitHub instance that you are trying to clone from, will use environment defaults to fetch from the same instance that the workflow is running from unless specified. Example URLs are https://github.com or https://my-ghes-server.example.com
|
||||||
required: false
|
required: false
|
||||||
runs:
|
runs:
|
||||||
using: node16
|
using: node16
|
||||||
main: dist/index.js
|
main: dist/index.js
|
||||||
post: dist/index.js
|
post: dist/index.js
|
||||||
|
|
|
@ -17,76 +17,77 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
|
||||||
### Inputs
|
### Inputs
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
repository:
|
repository:
|
||||||
description: 'Repository name with owner. For example, actions/checkout'
|
description: 'Repository name with owner. For example, actions/checkout'
|
||||||
default: ${{ github.repository }}
|
default: ${{ github.repository }}
|
||||||
ref:
|
ref:
|
||||||
description: >
|
description: >
|
||||||
The branch, tag or SHA to checkout. When checking out the repository that
|
The branch, tag or SHA to checkout. When checking out the repository that
|
||||||
triggered a workflow, this defaults to the reference or SHA for that
|
triggered a workflow, this defaults to the reference or SHA for that
|
||||||
event. Otherwise, uses the default branch.
|
event. Otherwise, uses the default branch.
|
||||||
token:
|
token:
|
||||||
description: >
|
description: >
|
||||||
Personal access token (PAT) used to fetch the repository. The PAT is configured
|
Personal access token (PAT) used to fetch the repository. The PAT is configured
|
||||||
with the local git config, which enables your scripts to run authenticated git
|
with the local git config, which enables your scripts to run authenticated git
|
||||||
commands. The post-job step removes the PAT.
|
commands. The post-job step removes the PAT.
|
||||||
|
|
||||||
|
|
||||||
We recommend using a service account with the least permissions necessary.
|
We recommend using a service account with the least permissions necessary.
|
||||||
Also when generating a new PAT, select the least scopes necessary.
|
Also when generating a new PAT, select the least scopes necessary.
|
||||||
|
|
||||||
|
|
||||||
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
default: ${{ github.token }}
|
default: ${{ github.token }}
|
||||||
ssh-key:
|
ssh-key:
|
||||||
description: >
|
description: >
|
||||||
SSH key used to fetch the repository. The SSH key is configured with the local
|
SSH key used to fetch the repository. The SSH key is configured with the local
|
||||||
git config, which enables your scripts to run authenticated git commands.
|
git config, which enables your scripts to run authenticated git commands.
|
||||||
The post-job step removes the SSH key.
|
The post-job step removes the SSH key.
|
||||||
|
|
||||||
|
|
||||||
We recommend using a service account with the least permissions necessary.
|
We recommend using a service account with the least permissions necessary.
|
||||||
|
|
||||||
|
|
||||||
[Learn more about creating and using
|
[Learn more about creating and using
|
||||||
encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
|
||||||
ssh-known-hosts:
|
ssh-known-hosts:
|
||||||
description: >
|
description: >
|
||||||
Known hosts in addition to the user and global host key database. The public
|
Known hosts in addition to the user and global host key database. The public
|
||||||
SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
|
SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example,
|
||||||
`ssh-keyscan github.com`. The public key for github.com is always implicitly added.
|
`ssh-keyscan github.com`. The public key for github.com is always implicitly added.
|
||||||
ssh-strict:
|
ssh-strict:
|
||||||
description: >
|
description: >
|
||||||
Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
|
Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes`
|
||||||
and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
|
and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
|
||||||
configure additional hosts.
|
configure additional hosts.
|
||||||
default: true
|
default: true
|
||||||
persist-credentials:
|
persist-credentials:
|
||||||
description: 'Whether to configure the token or SSH key with the local git config'
|
description: 'Whether to configure the token or SSH key with the local git config'
|
||||||
default: true
|
default: true
|
||||||
path:
|
path:
|
||||||
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
|
||||||
clean:
|
clean:
|
||||||
description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
|
description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
|
||||||
default: true
|
default: true
|
||||||
fetch-depth:
|
fetch-depth:
|
||||||
description: 'Number of commits to fetch. 0 indicates all history for all tags and branches.'
|
description: 'Number of commits to fetch. 0 indicates all history for all tags and branches.'
|
||||||
default: 1
|
default: 1
|
||||||
lfs:
|
lfs:
|
||||||
description: 'Whether to download Git-LFS files'
|
description: 'Whether to download Git-LFS files'
|
||||||
default: false
|
default: false
|
||||||
submodules:
|
submodules:
|
||||||
description: >
|
description: >
|
||||||
Whether to checkout submodules: `true` to checkout submodules or `recursive` to
|
Whether to checkout submodules: `true` to checkout submodules or `recursive` to
|
||||||
recursively checkout submodules.
|
recursively checkout submodules.
|
||||||
|
|
||||||
|
|
||||||
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
|
||||||
converted to HTTPS.
|
converted to HTTPS.
|
||||||
default: false
|
default: false
|
||||||
```
|
```
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- SSH support is new
|
- SSH support is new
|
||||||
- `persist-credentials` is new
|
- `persist-credentials` is new
|
||||||
- `path` behavior is different (refer [below](#path) for details)
|
- `path` behavior is different (refer [below](#path) for details)
|
||||||
|
@ -96,6 +97,7 @@ Note:
|
||||||
When a sufficient version of git is not in the PATH, fallback to the [web API](https://developer.github.com/v3/repos/contents/#get-archive-link) to download a tarball/zipball.
|
When a sufficient version of git is not in the PATH, fallback to the [web API](https://developer.github.com/v3/repos/contents/#get-archive-link) to download a tarball/zipball.
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- LFS files are not included in the archive. Therefore fail if LFS is set to true.
|
- LFS files are not included in the archive. Therefore fail if LFS is set to true.
|
||||||
- Submodules are also not included in the archive.
|
- Submodules are also not included in the archive.
|
||||||
|
|
||||||
|
@ -108,6 +110,7 @@ A post script will remove the credentials (cleanup for self-hosted).
|
||||||
Users may opt-out by specifying `persist-credentials: false`
|
Users may opt-out by specifying `persist-credentials: false`
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- Users scripting `git commit` may need to set the username and email. The service does not provide any reasonable default value. Users can add `git config user.name <NAME>` and `git config user.email <EMAIL>`. We will document this guidance.
|
- Users scripting `git commit` may need to set the username and email. The service does not provide any reasonable default value. Users can add `git config user.name <NAME>` and `git config user.email <EMAIL>`. We will document this guidance.
|
||||||
|
|
||||||
#### PAT
|
#### PAT
|
||||||
|
@ -115,6 +118,7 @@ Note:
|
||||||
When using the `${{github.token}}` or a PAT, the token will be persisted in the local git config. The config key `http.https://github.com/.extraheader` enables an auth header to be specified on all authenticated commands `AUTHORIZATION: basic <BASE64_U:P>`.
|
When using the `${{github.token}}` or a PAT, the token will be persisted in the local git config. The config key `http.https://github.com/.extraheader` enables an auth header to be specified on all authenticated commands `AUTHORIZATION: basic <BASE64_U:P>`.
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- The auth header is scoped to all of github `http.https://github.com/.extraheader`
|
- The auth header is scoped to all of github `http.https://github.com/.extraheader`
|
||||||
- Additional public remotes also just work.
|
- Additional public remotes also just work.
|
||||||
- If users want to authenticate to an additional private remote, they should provide the `token` input.
|
- If users want to authenticate to an additional private remote, they should provide the `token` input.
|
||||||
|
@ -140,6 +144,7 @@ git config core.sshCommand 'ssh -i "$RUNNER_TEMP/path-to-ssh-key" -o StrictHostK
|
||||||
When the input `ssh-strict` is set to `false`, the options `CheckHostIP` and `StrictHostKeyChecking` will not be overridden.
|
When the input `ssh-strict` is set to `false`, the options `CheckHostIP` and `StrictHostKeyChecking` will not be overridden.
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- When `ssh-strict` is set to `true` (default), the SSH option `CheckHostIP` can safely be disabled.
|
- When `ssh-strict` is set to `true` (default), the SSH option `CheckHostIP` can safely be disabled.
|
||||||
Strict host checking verifies the server's public key. Therefore, IP verification is unnecessary
|
Strict host checking verifies the server's public key. Therefore, IP verification is unnecessary
|
||||||
and noisy. For example:
|
and noisy. For example:
|
||||||
|
@ -158,6 +163,7 @@ If a SHA isn't available (e.g. multi repo), then fetch only the specified ref wi
|
||||||
The input `fetch-depth` can be used to control the depth.
|
The input `fetch-depth` can be used to control the depth.
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- Fetching a single commit is supported by Git wire protocol version 2. The git client uses protocol version 0 by default. The desired protocol version can be overridden in the git config or on the fetch command line invocation (`-c protocol.version=2`). We will override on the fetch command line, for transparency.
|
- Fetching a single commit is supported by Git wire protocol version 2. The git client uses protocol version 0 by default. The desired protocol version can be overridden in the git config or on the fetch command line invocation (`-c protocol.version=2`). We will override on the fetch command line, for transparency.
|
||||||
- Git client version 2.18+ (released June 2018) is required for wire protocol version 2.
|
- Git client version 2.18+ (released June 2018) is required for wire protocol version 2.
|
||||||
|
|
||||||
|
@ -168,6 +174,7 @@ For CI, checkout will create a local ref with the upstream set. This allows user
|
||||||
For PR, continue to checkout detached head. The PR branch is special - the branch and merge commit are created by the server. It doesn't match a users' local workflow.
|
For PR, continue to checkout detached head. The PR branch is special - the branch and merge commit are created by the server. It doesn't match a users' local workflow.
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- Consider deleting all local refs during cleanup if that helps avoid collisions. More testing required.
|
- Consider deleting all local refs during cleanup if that helps avoid collisions. More testing required.
|
||||||
|
|
||||||
### Path
|
### Path
|
||||||
|
@ -192,6 +199,7 @@ These behavioral changes align better with container actions. The [documented fi
|
||||||
- `/github/workflow`
|
- `/github/workflow`
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- The tracking config will not be updated to reflect the path of the workflow repo.
|
- The tracking config will not be updated to reflect the path of the workflow repo.
|
||||||
- Any existing workflow repo will not be moved when the checkout path changes. In fact some customers want to checkout the workflow repo twice, side by side against different branches.
|
- Any existing workflow repo will not be moved when the checkout path changes. In fact some customers want to checkout the workflow repo twice, side by side against different branches.
|
||||||
- Actions that need to operate only against the root of the self repo, should expose a `path` input.
|
- Actions that need to operate only against the root of the self repo, should expose a `path` input.
|
||||||
|
@ -205,6 +213,7 @@ This default fits the mainline scenario well: single checkout
|
||||||
For multi-checkout, users must specify the `path` input for at least one of the repositories.
|
For multi-checkout, users must specify the `path` input for at least one of the repositories.
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- An alternative is for the self repo to default to `./` and other repos default to `<REPO_NAME>`. However nested layout is an atypical git layout and therefore is not a good default. Users should supply the path info.
|
- An alternative is for the self repo to default to `./` and other repos default to `<REPO_NAME>`. However nested layout is an atypical git layout and therefore is not a good default. Users should supply the path info.
|
||||||
|
|
||||||
#### Example - Nested layout
|
#### Example - Nested layout
|
||||||
|
@ -265,6 +274,7 @@ Credentials will be persisted in the submodules local git config too.
|
||||||
### Port to typescript
|
### Port to typescript
|
||||||
|
|
||||||
The checkout action should be a typescript action on the GitHub graph, for the following reasons:
|
The checkout action should be a typescript action on the GitHub graph, for the following reasons:
|
||||||
|
|
||||||
- Enables customers to fork the checkout repo and modify
|
- Enables customers to fork the checkout repo and modify
|
||||||
- Serves as an example for customers
|
- Serves as an example for customers
|
||||||
- Demystifies the checkout action manifest
|
- Demystifies the checkout action manifest
|
||||||
|
@ -272,6 +282,7 @@ The checkout action should be a typescript action on the GitHub graph, for the f
|
||||||
- Reduce the amount of runner code to port (if we ever do)
|
- Reduce the amount of runner code to port (if we ever do)
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
|
|
||||||
- This means job-container images will need git in the PATH, for checkout.
|
- This means job-container images will need git in the PATH, for checkout.
|
||||||
|
|
||||||
### Branching strategy and release tags
|
### Branching strategy and release tags
|
||||||
|
@ -287,4 +298,4 @@ Note:
|
||||||
- Update samples to consume `actions/checkout@v2`
|
- Update samples to consume `actions/checkout@v2`
|
||||||
- Job containers now require git in the PATH for checkout, otherwise fallback to REST API
|
- Job containers now require git in the PATH for checkout, otherwise fallback to REST API
|
||||||
- Minimum git version 2.18
|
- Minimum git version 2.18
|
||||||
- Update problem matcher logic regarding source file verification (runner)
|
- Update problem matcher logic regarding source file verification (runner)
|
||||||
|
|
|
@ -8,4 +8,4 @@ module.exports = {
|
||||||
'^.+\\.ts$': 'ts-jest'
|
'^.+\\.ts$': 'ts-jest'
|
||||||
},
|
},
|
||||||
verbose: true
|
verbose: true
|
||||||
}
|
}
|
||||||
|
|
6
package-lock.json
generated
6
package-lock.json
generated
|
@ -16160,9 +16160,9 @@
|
||||||
"dev": true
|
"dev": true
|
||||||
},
|
},
|
||||||
"prettier": {
|
"prettier": {
|
||||||
"version": "1.19.1",
|
"version": "2.7.1",
|
||||||
"resolved": "https://registry.npmjs.org/prettier/-/prettier-1.19.1.tgz",
|
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
|
||||||
"integrity": "sha512-s7PoyDv/II1ObgQunCbB9PdLmUcBZcnWOcxDh7O0N/UwDEsHyqkW+Qh28jW+mVuCdx7gLB0BotYI1Y6uI9iyew==",
|
"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
|
||||||
"dev": true
|
"dev": true
|
||||||
},
|
},
|
||||||
"prettier-linter-helpers": {
|
"prettier-linter-helpers": {
|
||||||
|
|
|
@ -5,8 +5,8 @@
|
||||||
"main": "lib/main.js",
|
"main": "lib/main.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"build": "tsc && ncc build && node lib/misc/generate-docs.js",
|
"build": "tsc && ncc build && node lib/misc/generate-docs.js",
|
||||||
"format": "prettier --write '**/*.ts'",
|
"format": "prettier --write .",
|
||||||
"format-check": "prettier --check '**/*.ts'",
|
"format-check": "prettier --check .",
|
||||||
"lint": "eslint src/**/*.ts",
|
"lint": "eslint src/**/*.ts",
|
||||||
"test": "jest",
|
"test": "jest",
|
||||||
"licensed-check": "src/misc/licensed-check.sh",
|
"licensed-check": "src/misc/licensed-check.sh",
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
"jest": "^27.3.0",
|
"jest": "^27.3.0",
|
||||||
"jest-circus": "^27.3.0",
|
"jest-circus": "^27.3.0",
|
||||||
"js-yaml": "^3.13.1",
|
"js-yaml": "^3.13.1",
|
||||||
"prettier": "^1.19.1",
|
"prettier": "^2.7.1",
|
||||||
"ts-jest": "^27.0.7",
|
"ts-jest": "^27.0.7",
|
||||||
"typescript": "^4.4.4"
|
"typescript": "^4.4.4"
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,8 +18,9 @@ export function directoryExistsSync(path: string, required?: boolean): boolean {
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Encountered an error when checking whether path '${path}' exists: ${(error as any)
|
`Encountered an error when checking whether path '${path}' exists: ${
|
||||||
?.message ?? error}`
|
(error as any)?.message ?? error
|
||||||
|
}`
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -45,8 +46,9 @@ export function existsSync(path: string): boolean {
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Encountered an error when checking whether path '${path}' exists: ${(error as any)
|
`Encountered an error when checking whether path '${path}' exists: ${
|
||||||
?.message ?? error}`
|
(error as any)?.message ?? error
|
||||||
|
}`
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -67,8 +69,9 @@ export function fileExistsSync(path: string): boolean {
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Encountered an error when checking whether path '${path}' exists: ${(error as any)
|
`Encountered an error when checking whether path '${path}' exists: ${
|
||||||
?.message ?? error}`
|
(error as any)?.message ?? error
|
||||||
|
}`
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -49,7 +49,7 @@ class GitAuthHelper {
|
||||||
gitSourceSettings: IGitSourceSettings | undefined
|
gitSourceSettings: IGitSourceSettings | undefined
|
||||||
) {
|
) {
|
||||||
this.git = gitCommandManager
|
this.git = gitCommandManager
|
||||||
this.settings = gitSourceSettings || (({} as unknown) as IGitSourceSettings)
|
this.settings = gitSourceSettings || ({} as unknown as IGitSourceSettings)
|
||||||
|
|
||||||
// Token auth header
|
// Token auth header
|
||||||
const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl)
|
const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl)
|
||||||
|
|
|
@ -6,7 +6,7 @@ import * as workflowContextHelper from './workflow-context-helper'
|
||||||
import {IGitSourceSettings} from './git-source-settings'
|
import {IGitSourceSettings} from './git-source-settings'
|
||||||
|
|
||||||
export async function getInputs(): Promise<IGitSourceSettings> {
|
export async function getInputs(): Promise<IGitSourceSettings> {
|
||||||
const result = ({} as unknown) as IGitSourceSettings
|
const result = {} as unknown as IGitSourceSettings
|
||||||
|
|
||||||
// GitHub workspace
|
// GitHub workspace
|
||||||
let githubWorkspacePath = process.env['GITHUB_WORKSPACE']
|
let githubWorkspacePath = process.env['GITHUB_WORKSPACE']
|
||||||
|
@ -120,7 +120,8 @@ export async function getInputs(): Promise<IGitSourceSettings> {
|
||||||
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
|
(core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
|
||||||
|
|
||||||
// Workflow organization ID
|
// Workflow organization ID
|
||||||
result.workflowOrganizationId = await workflowContextHelper.getOrganizationId()
|
result.workflowOrganizationId =
|
||||||
|
await workflowContextHelper.getOrganizationId()
|
||||||
|
|
||||||
// Set safe.directory in git global config.
|
// Set safe.directory in git global config.
|
||||||
result.setSafeDirectory =
|
result.setSafeDirectory =
|
||||||
|
|
|
@ -12,8 +12,8 @@ function updateUsage(
|
||||||
actionReference: string,
|
actionReference: string,
|
||||||
actionYamlPath = 'action.yml',
|
actionYamlPath = 'action.yml',
|
||||||
readmePath = 'README.md',
|
readmePath = 'README.md',
|
||||||
startToken = '<!-- start usage -->',
|
startToken = '<!-- start usage -->\n',
|
||||||
endToken = '<!-- end usage -->'
|
endToken = '\n<!-- end usage -->'
|
||||||
): void {
|
): void {
|
||||||
if (!actionReference) {
|
if (!actionReference) {
|
||||||
throw new Error('Parameter actionReference must not be empty')
|
throw new Error('Parameter actionReference must not be empty')
|
||||||
|
|
|
@ -24,7 +24,7 @@ export async function getCheckoutInfo(
|
||||||
throw new Error('Args ref and commit cannot both be empty')
|
throw new Error('Args ref and commit cannot both be empty')
|
||||||
}
|
}
|
||||||
|
|
||||||
const result = ({} as unknown) as ICheckoutInfo
|
const result = {} as unknown as ICheckoutInfo
|
||||||
const upperRef = (ref || '').toUpperCase()
|
const upperRef = (ref || '').toUpperCase()
|
||||||
|
|
||||||
// SHA only
|
// SHA only
|
||||||
|
|
|
@ -23,8 +23,9 @@ export async function getOrganizationId(): Promise<number | undefined> {
|
||||||
return id as number
|
return id as number
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
core.debug(
|
core.debug(
|
||||||
`Unable to load organization ID from GITHUB_EVENT_PATH: ${(err as any)
|
`Unable to load organization ID from GITHUB_EVENT_PATH: ${
|
||||||
.message || err}`
|
(err as any).message || err
|
||||||
|
}`
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,9 +2,7 @@
|
||||||
"compilerOptions": {
|
"compilerOptions": {
|
||||||
"target": "es6",
|
"target": "es6",
|
||||||
"module": "commonjs",
|
"module": "commonjs",
|
||||||
"lib": [
|
"lib": ["es6"],
|
||||||
"es6"
|
|
||||||
],
|
|
||||||
"outDir": "./lib",
|
"outDir": "./lib",
|
||||||
"rootDir": "./src",
|
"rootDir": "./src",
|
||||||
"declaration": true,
|
"declaration": true,
|
||||||
|
|
Loading…
Reference in a new issue