From 3b9b8c884f6b4bb4d5be2779c26374abadae0871 Mon Sep 17 00:00:00 2001 From: The web walker Date: Fri, 8 Nov 2024 23:32:54 +0800 Subject: [PATCH 1/5] docs: update README.md (#1971) Add a scenario where it is necessary to push a commit to a pull request. --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index e1ea032..a43e887 100644 --- a/README.md +++ b/README.md @@ -143,6 +143,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ - [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit) - [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event) - [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token) +- [Push a commit to a PR using the built-in token](#Push-a-commit-to-a-PR-using-the-built-in-token) ## Fetch only the root files @@ -288,6 +289,31 @@ jobs: ``` *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D +## Push a commit to a PR using the built-in token + +In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesn’t check out your branch by default. + +```yaml +on: pull_request +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + - run: | + date > generated.txt + # Note: the following account information will not work on GHES + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add . + git commit -m "generated" + git push +``` +*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D + + # License The scripts and documentation in this project are released under the [MIT License](LICENSE) From cbb722410c2e876e24abbe8de2cc27693e501dcb Mon Sep 17 00:00:00 2001 From: Mohammad Ismail <96207520+mouismail@users.noreply.github.com> Date: Thu, 14 Nov 2024 16:41:00 +0100 Subject: [PATCH 2/5] Update README.md (#1977) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a43e887..b0f6224 100644 --- a/README.md +++ b/README.md @@ -212,7 +212,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ repository: my-org/my-tools path: my-tools ``` -> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private) +> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private) ## Checkout multiple repos (nested) @@ -226,7 +226,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ repository: my-org/my-tools path: my-tools ``` -> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private) +> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private) ## Checkout multiple repos (private) From 009b9ae9e446ad8d9b8c809870b0fbcc5e03573e Mon Sep 17 00:00:00 2001 From: Ben Wells Date: Thu, 16 Jan 2025 14:14:48 -0500 Subject: [PATCH 3/5] Documentation update - add recommended permissions to Readme (#2043) * Update README.md * Update README.md Co-authored-by: Josh Gross --------- Co-authored-by: Josh Gross --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index b0f6224..f28fec7 100644 --- a/README.md +++ b/README.md @@ -311,6 +311,16 @@ jobs: git commit -m "generated" git push ``` + +## Recommended permissions + +When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs: + +```yaml +permissions: + contents: read +``` + *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D From 85e6279cec87321a52edac9c87bce653a07cf6c2 Mon Sep 17 00:00:00 2001 From: Josh Gross Date: Thu, 16 Jan 2025 15:56:18 -0500 Subject: [PATCH 4/5] Adjust positioning of user email note and permissions heading (#2044) --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f28fec7..64dc025 100644 --- a/README.md +++ b/README.md @@ -312,7 +312,9 @@ jobs: git push ``` -## Recommended permissions +*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D + +# Recommended permissions When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs: @@ -321,9 +323,6 @@ permissions: contents: read ``` -*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D - - # License The scripts and documentation in this project are released under the [MIT License](LICENSE) From 3fb169a615380bca6e925dbbb47a43c309f94d58 Mon Sep 17 00:00:00 2001 From: Yang Zhao Date: Fri, 23 Aug 2024 00:23:06 -0700 Subject: [PATCH 5/5] Add objectFormat setting to allow init()ing a repo with sha256 --- README.md | 14 ++++++++++++++ __test__/git-auth-helper.test.ts | 3 ++- __test__/git-command-manager.test.ts | 21 +++++++++++++++++++++ action.yml | 5 +++++ dist/index.js | 18 +++++++++++++++--- src/git-command-manager.ts | 12 +++++++++--- src/git-source-provider.ts | 2 +- src/git-source-settings.ts | 5 +++++ src/input-helper.ts | 9 +++++++++ 9 files changed, 81 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 64dc025..b654dce 100644 --- a/README.md +++ b/README.md @@ -126,6 +126,11 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ # running from unless specified. Example URLs are https://github.com or # https://my-ghes-server.example.com github-server-url: '' + + # Use the given object format when creating local repository. Specifically, use + # 'sha256' to checkout a SHA-256 repository. + # Default: null + object-format: '' ``` @@ -144,6 +149,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/ - [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event) - [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token) - [Push a commit to a PR using the built-in token](#Push-a-commit-to-a-PR-using-the-built-in-token) +- [Checkout SHA-256 repository](#checkout-sha-256-repository) ## Fetch only the root files @@ -323,6 +329,14 @@ permissions: contents: read ``` +## Checkout SHA-256 repository + +```yaml +- uses: actions/checkout@v4 + with: + object-format: sha256 +``` + # License The scripts and documentation in this project are released under the [MIT License](LICENSE) diff --git a/__test__/git-auth-helper.test.ts b/__test__/git-auth-helper.test.ts index 7633704..26f0330 100644 --- a/__test__/git-auth-helper.test.ts +++ b/__test__/git-auth-helper.test.ts @@ -824,7 +824,8 @@ async function setup(testName: string): Promise { sshUser: '', workflowOrganizationId: 123456, setSafeDirectory: true, - githubServerUrl: githubServerUrl + githubServerUrl: githubServerUrl, + objectFormat: undefined } } diff --git a/__test__/git-command-manager.test.ts b/__test__/git-command-manager.test.ts index cea73d4..d36a9a3 100644 --- a/__test__/git-command-manager.test.ts +++ b/__test__/git-command-manager.test.ts @@ -375,4 +375,25 @@ describe('Test fetchDepth and fetchTags options', () => { expect.any(Object) ) }) + + it('should call execGit wiwth the correct arguments when sha256 is used', async () => { + jest.spyOn(exec, 'exec').mockImplementation(mockExec) + + const workingDirectory = 'test' + const lfs = false + const doSparseCheckout = false + git = await commandManager.createCommandManager( + workingDirectory, + lfs, + doSparseCheckout + ) + + await git.init({objectFormat: 'sha256'}) + + expect(mockExec).toHaveBeenCalledWith( + expect.any(String), + ['init', '--object-format=sha256', 'test'], + expect.any(Object) + ) + }) }) diff --git a/action.yml b/action.yml index 6842eb8..0aa8f94 100644 --- a/action.yml +++ b/action.yml @@ -98,6 +98,11 @@ inputs: github-server-url: description: The base URL for the GitHub instance that you are trying to clone from, will use environment defaults to fetch from the same instance that the workflow is running from unless specified. Example URLs are https://github.com or https://my-ghes-server.example.com required: false + object-format: + description: > + Use the given object format when creating local repository. Specifically, use + 'sha256' to checkout a SHA-256 repository. + default: null outputs: ref: description: 'The branch, tag or SHA that was checked out' diff --git a/dist/index.js b/dist/index.js index b0db713..31bde7b 100644 --- a/dist/index.js +++ b/dist/index.js @@ -709,9 +709,13 @@ class GitCommandManager { getWorkingDirectory() { return this.workingDirectory; } - init() { + init(options) { return __awaiter(this, void 0, void 0, function* () { - yield this.execGit(['init', this.workingDirectory]); + yield this.execGit([ + 'init', + ...((options === null || options === void 0 ? void 0 : options.objectFormat) ? [`--object-format=${options.objectFormat}`] : []), + this.workingDirectory + ]); }); } isDetached() { @@ -1236,7 +1240,7 @@ function getSource(settings) { // Initialize the repository if (!fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))) { core.startGroup('Initializing the repository'); - yield git.init(); + yield git.init({ objectFormat: settings.objectFormat }); yield git.remoteAdd('origin', repositoryUrl); core.endGroup(); } @@ -1831,6 +1835,14 @@ function getInputs() { // Determine the GitHub URL that the repository is being hosted from result.githubServerUrl = core.getInput('github-server-url'); core.debug(`GitHub Host URL = ${result.githubServerUrl}`); + // Object format + const objectFormat = core.getInput('object-format'); + if (objectFormat) { + if (objectFormat != 'sha1' && objectFormat != 'sha256') { + throw Error(`Invalid object format '${objectFormat}'`); + } + result.objectFormat = objectFormat; + } return result; }); } diff --git a/src/git-command-manager.ts b/src/git-command-manager.ts index 8e42a38..976bc24 100644 --- a/src/git-command-manager.ts +++ b/src/git-command-manager.ts @@ -42,7 +42,7 @@ export interface IGitCommandManager { ): Promise getDefaultBranch(repositoryUrl: string): Promise getWorkingDirectory(): string - init(): Promise + init(options?: {objectFormat?: string}): Promise isDetached(): Promise lfsFetch(ref: string): Promise lfsInstall(): Promise @@ -327,8 +327,14 @@ class GitCommandManager { return this.workingDirectory } - async init(): Promise { - await this.execGit(['init', this.workingDirectory]) + async init(options?: {objectFormat?: string}): Promise { + await this.execGit([ + 'init', + ...(options?.objectFormat + ? [`--object-format=${options.objectFormat}`] + : []), + this.workingDirectory + ]) } async isDetached(): Promise { diff --git a/src/git-source-provider.ts b/src/git-source-provider.ts index 2d35138..d84d455 100644 --- a/src/git-source-provider.ts +++ b/src/git-source-provider.ts @@ -110,7 +110,7 @@ export async function getSource(settings: IGitSourceSettings): Promise { !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git')) ) { core.startGroup('Initializing the repository') - await git.init() + await git.init({objectFormat: settings.objectFormat}) await git.remoteAdd('origin', repositoryUrl) core.endGroup() } diff --git a/src/git-source-settings.ts b/src/git-source-settings.ts index 4e41ac3..f6434e8 100644 --- a/src/git-source-settings.ts +++ b/src/git-source-settings.ts @@ -118,4 +118,9 @@ export interface IGitSourceSettings { * User override on the GitHub Server/Host URL that hosts the repository to be cloned */ githubServerUrl: string | undefined + + /** + * Object format used for the repo, if it is not default + */ + objectFormat: 'sha1' | 'sha256' | undefined } diff --git a/src/input-helper.ts b/src/input-helper.ts index 059232f..bb5657f 100644 --- a/src/input-helper.ts +++ b/src/input-helper.ts @@ -161,5 +161,14 @@ export async function getInputs(): Promise { result.githubServerUrl = core.getInput('github-server-url') core.debug(`GitHub Host URL = ${result.githubServerUrl}`) + // Object format + const objectFormat = core.getInput('object-format') + if (objectFormat) { + if (objectFormat != 'sha1' && objectFormat != 'sha256') { + throw Error(`Invalid object format '${objectFormat}'`) + } + result.objectFormat = objectFormat + } + return result }