diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index c7d4962..db3e37f 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v4.1.6 - name: Set Node.js 24.x uses: actions/setup-node@v4 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 377fae9..778d474 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v4.1.6 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index 36e70e2..1f71aa7 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest name: Check licenses steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v4.1.6 - run: npm ci - run: npm run licensed-check \ No newline at end of file diff --git a/.github/workflows/publish-immutable-actions.yml b/.github/workflows/publish-immutable-actions.yml index 44d571b..87c0207 100644 --- a/.github/workflows/publish-immutable-actions.yml +++ b/.github/workflows/publish-immutable-actions.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checking out - uses: actions/checkout@v6 + uses: actions/checkout@v4 - name: Publish id: publish uses: actions/publish-immutable-action@0.0.3 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fe2539f..7c47d7b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/setup-node@v4 with: node-version: 24.x - - uses: actions/checkout@v6 + - uses: actions/checkout@v4.1.6 - run: npm ci - run: npm run build - run: npm run format-check @@ -37,7 +37,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v4.1.6 # Basic checkout - name: Checkout basic @@ -165,22 +165,6 @@ jobs: - name: Verify submodules recursive run: __test__/verify-submodules-recursive.sh - # Worktree credentials - - name: Checkout for worktree test - uses: ./ - with: - path: worktree-test - - name: Verify worktree credentials - shell: bash - run: __test__/verify-worktree.sh worktree-test worktree-branch - - # Worktree credentials in container step - - name: Verify worktree credentials in container step - if: runner.os == 'Linux' - uses: docker://bitnami/git:latest - with: - args: bash __test__/verify-worktree.sh worktree-test container-worktree-branch - # Basic checkout using REST API - name: Remove basic if: runner.os != 'windows' @@ -218,7 +202,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v4.1.6 # Basic checkout using git - name: Checkout basic @@ -250,7 +234,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v4.1.6 # Basic checkout using git - name: Checkout basic @@ -280,7 +264,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v4.1.6 with: path: localClone @@ -307,8 +291,8 @@ jobs: git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main # needed to make checkout post cleanup succeed - - name: Fix Checkout v6 - uses: actions/checkout@v6 + - name: Fix Checkout v4 + uses: actions/checkout@v4.1.6 with: path: localClone @@ -317,7 +301,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v4.1.6 with: path: actions-checkout diff --git a/.github/workflows/update-main-version.yml b/.github/workflows/update-main-version.yml index b3b23fe..643b954 100644 --- a/.github/workflows/update-main-version.yml +++ b/.github/workflows/update-main-version.yml @@ -23,7 +23,7 @@ jobs: # Note this update workflow can also be used as a rollback tool. # For that reason, it's best to pin `actions/checkout` to a known, stable version # (typically, about two releases back). - - uses: actions/checkout@v6 + - uses: actions/checkout@v4.1.6 with: fetch-depth: 0 - name: Git config diff --git a/.github/workflows/update-test-ubuntu-git.yml b/.github/workflows/update-test-ubuntu-git.yml index 10e4dac..5c252b9 100644 --- a/.github/workflows/update-test-ubuntu-git.yml +++ b/.github/workflows/update-test-ubuntu-git.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v4 # Use `docker/login-action` to log in to GHCR.io. # Once published, the packages are scoped to the account defined here. diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d5a6f3..25befb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,19 +1,19 @@ # Changelog -## v6.0.0 +## V6.0.0 * Persist creds to a separate file by @ericsciple in https://github.com/actions/checkout/pull/2286 * Update README to include Node.js 24 support details and requirements by @salmanmkc in https://github.com/actions/checkout/pull/2248 -## v5.0.1 +## V5.0.1 * Port v6 cleanup to v5 by @ericsciple in https://github.com/actions/checkout/pull/2301 -## v5.0.0 +## V5.0.0 * Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226 -## v4.3.1 +## V4.3.1 * Port v6 cleanup to v4 by @ericsciple in https://github.com/actions/checkout/pull/2305 -## v4.3.0 +## V4.3.0 * docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971 * Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977 * Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043 diff --git a/README.md b/README.md index f0f65f9..5ad476f 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,8 @@ ## What's new -- Improved credential security: `persist-credentials` now stores credentials in a separate file under `$RUNNER_TEMP` instead of directly in `.git/config` -- No workflow changes required — `git fetch`, `git push`, etc. continue to work automatically -- Running authenticated git commands from a [Docker container action](https://docs.github.com/actions/sharing-automations/creating-actions/creating-a-docker-container-action) requires Actions Runner [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) or later +- Updated `persist-credentials` to store the credentials under `$RUNNER_TEMP` instead of directly in the local git config. + - This requires a minimum Actions Runner version of [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) to access the persisted credentials for [Docker container action](https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action) scenarios. # Checkout v5 @@ -52,7 +51,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: # Repository name with owner. For example, actions/checkout # Default: ${{ github.repository }} @@ -191,7 +190,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ## Fetch only the root files ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: sparse-checkout: . ``` @@ -199,7 +198,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ## Fetch only the root files and `.github` and `src` folder ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: sparse-checkout: | .github @@ -209,7 +208,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ## Fetch only a single file ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: sparse-checkout: | README.md @@ -219,7 +218,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ## Fetch all history for all tags and branches ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: fetch-depth: 0 ``` @@ -227,7 +226,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ## Checkout a different branch ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: ref: my-branch ``` @@ -235,7 +234,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ## Checkout HEAD^ ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: fetch-depth: 2 - run: git checkout HEAD^ @@ -245,12 +244,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ```yaml - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v5 with: path: main - name: Checkout tools repo - uses: actions/checkout@v6 + uses: actions/checkout@v5 with: repository: my-org/my-tools path: my-tools @@ -261,10 +260,10 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ```yaml - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v5 - name: Checkout tools repo - uses: actions/checkout@v6 + uses: actions/checkout@v5 with: repository: my-org/my-tools path: my-tools @@ -275,12 +274,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ```yaml - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v5 with: path: main - name: Checkout private tools - uses: actions/checkout@v6 + uses: actions/checkout@v5 with: repository: my-org/my-private-tools token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT @@ -293,7 +292,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ ## Checkout pull request HEAD commit instead of merge commit ```yaml -- uses: actions/checkout@v6 +- uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.sha }} ``` @@ -309,7 +308,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v5 ``` ## Push a commit using the built-in token @@ -320,7 +319,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v5 - run: | date > generated.txt # Note: the following account information will not work on GHES @@ -342,7 +341,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v5 with: ref: ${{ github.head_ref }} - run: | diff --git a/__test__/verify-worktree.sh b/__test__/verify-worktree.sh deleted file mode 100755 index 3a4d3e4..0000000 --- a/__test__/verify-worktree.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -set -e - -# Verify worktree credentials -# This test verifies that git credentials work in worktrees created after checkout -# Usage: verify-worktree.sh - -CHECKOUT_PATH="$1" -WORKTREE_NAME="$2" - -if [ -z "$CHECKOUT_PATH" ] || [ -z "$WORKTREE_NAME" ]; then - echo "Usage: verify-worktree.sh " - exit 1 -fi - -cd "$CHECKOUT_PATH" - -# Add safe directory for container environments -git config --global --add safe.directory "*" 2>/dev/null || true - -# Show the includeIf configuration -echo "Git config includeIf entries:" -git config --list --show-origin | grep -i include || true - -# Create the worktree -echo "Creating worktree..." -git worktree add "../$WORKTREE_NAME" HEAD --detach - -# Change to worktree directory -cd "../$WORKTREE_NAME" - -# Verify we're in a worktree -echo "Verifying worktree gitdir:" -cat .git - -# Verify credentials are available in worktree by checking extraheader is configured -echo "Checking credentials in worktree..." -if git config --list --show-origin | grep -q "extraheader"; then - echo "Credentials are configured in worktree" -else - echo "ERROR: Credentials are NOT configured in worktree" - echo "Full git config:" - git config --list --show-origin - exit 1 -fi - -# Verify fetch works in the worktree -echo "Fetching in worktree..." -git fetch origin - -echo "Worktree credentials test passed!" diff --git a/dist/index.js b/dist/index.js index b9b34d3..a251a19 100644 --- a/dist/index.js +++ b/dist/index.js @@ -412,9 +412,6 @@ class GitAuthHelper { // Configure host includeIf const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`; yield this.git.config(hostIncludeKey, credentialsConfigPath); - // Configure host includeIf for worktrees - const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`; - yield this.git.config(hostWorktreeIncludeKey, credentialsConfigPath); // Container git directory const workingDirectory = this.git.getWorkingDirectory(); const githubWorkspace = process.env['GITHUB_WORKSPACE']; @@ -427,9 +424,6 @@ class GitAuthHelper { // Configure container includeIf const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`; yield this.git.config(containerIncludeKey, containerCredentialsPath); - // Configure container includeIf for worktrees - const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`; - yield this.git.config(containerWorktreeIncludeKey, containerCredentialsPath); } }); } diff --git a/src/git-auth-helper.ts b/src/git-auth-helper.ts index e67db14..a1950a6 100644 --- a/src/git-auth-helper.ts +++ b/src/git-auth-helper.ts @@ -374,10 +374,6 @@ class GitAuthHelper { const hostIncludeKey = `includeIf.gitdir:${gitDir}.path` await this.git.config(hostIncludeKey, credentialsConfigPath) - // Configure host includeIf for worktrees - const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path` - await this.git.config(hostWorktreeIncludeKey, credentialsConfigPath) - // Container git directory const workingDirectory = this.git.getWorkingDirectory() const githubWorkspace = process.env['GITHUB_WORKSPACE'] @@ -399,13 +395,6 @@ class GitAuthHelper { // Configure container includeIf const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path` await this.git.config(containerIncludeKey, containerCredentialsPath) - - // Configure container includeIf for worktrees - const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path` - await this.git.config( - containerWorktreeIncludeKey, - containerCredentialsPath - ) } } diff --git a/src/misc/generate-docs.ts b/src/misc/generate-docs.ts index b78f035..6d4816f 100644 --- a/src/misc/generate-docs.ts +++ b/src/misc/generate-docs.ts @@ -120,7 +120,7 @@ function updateUsage( } updateUsage( - 'actions/checkout@v6', + 'actions/checkout@v5', path.join(__dirname, '..', '..', 'action.yml'), path.join(__dirname, '..', '..', 'README.md') )