Go to file
Johannes Schindelin 5a4ac9002d
Add missing awaits (#379)
* auth-helper: properly await replacement of the token value in the config

After writing the `.extraheader` config, we manually replace the token
with the actual value. This is done in an `async` function, but we were
not `await`ing the result.

In our tests, this commit fixes a flakiness we observed where
`remote.origin.url` sometimes (very rarely, actually) is not set for
submodules. Our interpretation is that the configs are in the process of
being rewritten with the correct token value _while_ another `git
config` that wants to set the `insteadOf` value is reading the config,
which is currently empty.

A more idiomatic way to fix this in Typescript would use
`Promise.all()`, like this:

      await Promise.all(
        configPaths.map(async configPath => {
          core.debug(`Replacing token placeholder in '${configPath}'`)
          await this.replaceTokenPlaceholder(configPath)
        })
      )

However, during review of https://github.com/actions/checkout/pull/379
it was decided to keep the `for` loop in the interest of simplicity.

Reported by Ian Lynagh.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* downloadRepository(): await the result of recursive deletions

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* Ask ESLint to report floating Promises

This rule is quite helpful in avoiding hard-to-debug missing `await`s.

Note: there are two locations in `src/main.ts` that trigger warnings:
the `run()` and the `cleanup()` function are called without `await` and
without any `.catch()` clause.

In the initial version of https://github.com/actions/checkout/pull/379,
this was addressed by adding `.catch()` clauses. However, it was
determined that this is boilerplate code that will need to be fixed in a
broader way.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* Rebuild

This trick was brought to you by `npm ci && npm run build`. Needed to
get the PR build to pass.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2020-11-03 09:44:09 -05:00
.github/workflows Add Licensed To Help Verify Prod Licenses (#326) 2020-09-10 09:24:29 -04:00
.licenses/npm Add Licensed To Help Verify Prod Licenses (#326) 2020-09-10 09:24:29 -04:00
__test__ Swap to Environment Files (#360) 2020-09-30 11:41:09 -04:00
adrs update default branch (#305) 2020-07-14 09:23:30 -04:00
dist Add missing awaits (#379) 2020-11-03 09:44:09 -05:00
src Add missing awaits (#379) 2020-11-03 09:44:09 -05:00
.eslintignore Convert checkout to a regular action (#70) 2019-12-03 10:28:59 -05:00
.eslintrc.json Add missing awaits (#379) 2020-11-03 09:44:09 -05:00
.gitattributes Add Licensed To Help Verify Prod Licenses (#326) 2020-09-10 09:24:29 -04:00
.gitignore more unit tests and corresponding refactoring (#174) 2020-03-02 11:33:30 -05:00
.licensed.yml Add Licensed To Help Verify Prod Licenses (#326) 2020-09-10 09:24:29 -04:00
.prettierignore Convert checkout to a regular action (#70) 2019-12-03 10:28:59 -05:00
.prettierrc.json Convert checkout to a regular action (#70) 2019-12-03 10:28:59 -05:00
action.yml improve description for fetch-depth (#301) 2020-07-12 21:02:24 -04:00
CHANGELOG.md changelog 2020-06-18 10:27:39 -04:00
jest.config.js Convert checkout to a regular action (#70) 2019-12-03 10:28:59 -05:00
LICENSE Add docs (#2) 2019-07-23 15:32:03 -04:00
package-lock.json consume new @actions/github for GHES support (#236) 2020-05-07 12:11:11 -04:00
package.json fix prettier glob pattern (#247) 2020-05-19 12:34:05 -04:00
README.md Update README.md 2020-07-14 16:30:57 -04:00
tsconfig.json Convert checkout to a regular action (#70) 2019-12-03 10:28:59 -05:00

GitHub Actions status

Checkout V2

This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.

Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set fetch-depth: 0 to fetch all history for all branches and tags. Refer here to learn which commit $GITHUB_SHA points to for different events.

The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set persist-credentials: false to opt-out.

When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.

What's new

  • Improved performance
    • Fetches only a single commit by default
  • Script authenticated git commands
    • Auth token persisted in the local git config
  • Supports SSH
  • Creates a local branch
    • No longer detached HEAD when checking out a branch
  • Improved layout
    • The input path is always relative to $GITHUB_WORKSPACE
    • Aligns better with container actions, where $GITHUB_WORKSPACE gets mapped in
  • Fallback to REST API download
    • When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
    • When using a job container, the container's PATH is used

Refer here for previous versions.

Usage

- uses: actions/checkout@v2
  with:
    # Repository name with owner. For example, actions/checkout
    # Default: ${{ github.repository }}
    repository: ''

    # The branch, tag or SHA to checkout. When checking out the repository that
    # triggered a workflow, this defaults to the reference or SHA for that event.
    # Otherwise, uses the default branch.
    ref: ''

    # Personal access token (PAT) used to fetch the repository. The PAT is configured
    # with the local git config, which enables your scripts to run authenticated git
    # commands. The post-job step removes the PAT.
    #
    # We recommend using a service account with the least permissions necessary. Also
    # when generating a new PAT, select the least scopes necessary.
    #
    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    #
    # Default: ${{ github.token }}
    token: ''

    # SSH key used to fetch the repository. The SSH key is configured with the local
    # git config, which enables your scripts to run authenticated git commands. The
    # post-job step removes the SSH key.
    #
    # We recommend using a service account with the least permissions necessary.
    #
    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    ssh-key: ''

    # Known hosts in addition to the user and global host key database. The public SSH
    # keys for a host may be obtained using the utility `ssh-keyscan`. For example,
    # `ssh-keyscan github.com`. The public key for github.com is always implicitly
    # added.
    ssh-known-hosts: ''

    # Whether to perform strict host key checking. When true, adds the options
    # `StrictHostKeyChecking=yes` and `CheckHostIP=no` to the SSH command line. Use
    # the input `ssh-known-hosts` to configure additional hosts.
    # Default: true
    ssh-strict: ''

    # Whether to configure the token or SSH key with the local git config
    # Default: true
    persist-credentials: ''

    # Relative path under $GITHUB_WORKSPACE to place the repository
    path: ''

    # Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching
    # Default: true
    clean: ''

    # Number of commits to fetch. 0 indicates all history for all branches and tags.
    # Default: 1
    fetch-depth: ''

    # Whether to download Git-LFS files
    # Default: false
    lfs: ''

    # Whether to checkout submodules: `true` to checkout submodules or `recursive` to
    # recursively checkout submodules.
    #
    # When the `ssh-key` input is not provided, SSH URLs beginning with
    # `git@github.com:` are converted to HTTPS.
    #
    # Default: false
    submodules: ''

Scenarios

Fetch all history for all tags and branches

- uses: actions/checkout@v2
  with:
    fetch-depth: 0

Checkout a different branch

- uses: actions/checkout@v2
  with:
    ref: my-branch

Checkout HEAD^

- uses: actions/checkout@v2
  with:
    fetch-depth: 2
- run: git checkout HEAD^

Checkout multiple repos (side by side)

- name: Checkout
  uses: actions/checkout@v2
  with:
    path: main

- name: Checkout tools repo
  uses: actions/checkout@v2
  with:
    repository: my-org/my-tools
    path: my-tools

Checkout multiple repos (nested)

- name: Checkout
  uses: actions/checkout@v2

- name: Checkout tools repo
  uses: actions/checkout@v2
  with:
    repository: my-org/my-tools
    path: my-tools

Checkout multiple repos (private)

- name: Checkout
  uses: actions/checkout@v2
  with:
    path: main

- name: Checkout private tools
  uses: actions/checkout@v2
  with:
    repository: my-org/my-private-tools
    token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret that contains your PAT
    path: my-tools
  • ${{ github.token }} is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own PAT.

Checkout pull request HEAD commit instead of merge commit

- uses: actions/checkout@v2
  with:
    ref: ${{ github.event.pull_request.head.sha }}

Checkout pull request on closed event

on:
  pull_request:
    branches: [main]
    types: [opened, synchronize, closed]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

Push a commit using the built-in token

on: push
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - run: |
          date > generated.txt
          git config user.name github-actions
          git config user.email github-actions@github.com
          git add .
          git commit -m "generated"
          git push          

License

The scripts and documentation in this project are released under the MIT License