mirror of https://github.com/actions/checkout.git
1d3fa26c9e
Currently, a check is done after fetch to ensure that the repo state has not changed since the workflow was triggered. This check will reset the checkout to the commit that triggered the workflow, even if the branch or tag has moved since. The issue is that the check currently sees what "object" the ref points to. For an annotated tag, that is the annotation, not the commit. This means the check always fails for annotated tags, and they are reset to the commit, losing the annotation. Losing the annotation can be fatal, as `git describe` will only match annotated tags. The fix is simple: check if the tag points at the right commit, ignoring any other type of object. This is done with the <rev>^{commit} syntax. From the git-rev-parse docs: > <rev>^{<type>}, e.g. v0.99.8^{commit} > A suffix ^ followed by an object type name enclosed in brace pair > means dereference the object at <rev> recursively until an object of > type <type> is found or the object cannot be dereferenced anymore (in > which case, barf). For example, if <rev> is a commit-ish, > <rev>^{commit} describes the corresponding commit object. Similarly, > if <rev> is a tree-ish, <rev>^{tree} describes the corresponding tree > object. <rev>^0 is a short-hand for <rev>^{commit}. If the check still fails, we will still reset the tag to the commit, losing the annotation. However, there is no way to truly recover in this situtation, as GitHub does not capture the annotation on workflow start, and since the history has changed, we can not trust the new tag to contain the same data as it did before. Fixes #290 Closes #697 |
||
---|---|---|
.github/workflows | ||
.licenses/npm | ||
__test__ | ||
adrs | ||
dist | ||
src | ||
.eslintignore | ||
.eslintrc.json | ||
.gitattributes | ||
.gitignore | ||
.licensed.yml | ||
.prettierignore | ||
.prettierrc.json | ||
CHANGELOG.md | ||
CODEOWNERS | ||
CONTRIBUTING.md | ||
LICENSE | ||
README.md | ||
action.yml | ||
jest.config.js | ||
package-lock.json | ||
package.json | ||
tsconfig.json |
README.md
Checkout V4
This action checks-out your repository under $GITHUB_WORKSPACE
, so your workflow can access it.
Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set fetch-depth: 0
to fetch all history for all branches and tags. Refer here to learn which commit $GITHUB_SHA
points to for different events.
The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set persist-credentials: false
to opt-out.
When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
What's new
- Updated default runtime to node20
- This requires a minimum Actions Runner version of v2.308.0.
- Added support for fetching without the
--progress
option
Usage
- uses: actions/checkout@v4
with:
# Repository name with owner. For example, actions/checkout
# Default: ${{ github.repository }}
repository: ''
# The branch, tag or SHA to checkout. When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Otherwise, uses the default branch.
ref: ''
# Personal access token (PAT) used to fetch the repository. The PAT is configured
# with the local git config, which enables your scripts to run authenticated git
# commands. The post-job step removes the PAT.
#
# We recommend using a service account with the least permissions necessary. Also
# when generating a new PAT, select the least scopes necessary.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
#
# Default: ${{ github.token }}
token: ''
# SSH key used to fetch the repository. The SSH key is configured with the local
# git config, which enables your scripts to run authenticated git commands. The
# post-job step removes the SSH key.
#
# We recommend using a service account with the least permissions necessary.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
ssh-key: ''
# Known hosts in addition to the user and global host key database. The public SSH
# keys for a host may be obtained using the utility `ssh-keyscan`. For example,
# `ssh-keyscan github.com`. The public key for github.com is always implicitly
# added.
ssh-known-hosts: ''
# Whether to perform strict host key checking. When true, adds the options
# `StrictHostKeyChecking=yes` and `CheckHostIP=no` to the SSH command line. Use
# the input `ssh-known-hosts` to configure additional hosts.
# Default: true
ssh-strict: ''
# Whether to configure the token or SSH key with the local git config
# Default: true
persist-credentials: ''
# Relative path under $GITHUB_WORKSPACE to place the repository
path: ''
# Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching
# Default: true
clean: ''
# Partially clone against a given filter. Overrides sparse-checkout if set.
# Default: null
filter: ''
# Do a sparse checkout on given patterns. Each pattern should be separated with
# new lines.
# Default: null
sparse-checkout: ''
# Specifies whether to use cone-mode when doing a sparse checkout.
# Default: true
sparse-checkout-cone-mode: ''
# Number of commits to fetch. 0 indicates all history for all branches and tags.
# Default: 1
fetch-depth: ''
# Whether to fetch tags, even if fetch-depth > 0.
# Default: false
fetch-tags: ''
# Whether to show progress status output when fetching.
# Default: true
show-progress: ''
# Whether to download Git-LFS files
# Default: false
lfs: ''
# Whether to checkout submodules: `true` to checkout submodules or `recursive` to
# recursively checkout submodules.
#
# When the `ssh-key` input is not provided, SSH URLs beginning with
# `git@github.com:` are converted to HTTPS.
#
# Default: false
submodules: ''
# Add repository path as safe.directory for Git global config by running `git
# config --global --add safe.directory <path>`
# Default: true
set-safe-directory: ''
# The base URL for the GitHub instance that you are trying to clone from, will use
# environment defaults to fetch from the same instance that the workflow is
# running from unless specified. Example URLs are https://github.com or
# https://my-ghes-server.example.com
github-server-url: ''
Scenarios
- Fetch only the root files
- Fetch only the root files and
.github
andsrc
folder - Fetch only a single file
- Fetch all history for all tags and branches
- Checkout a different branch
- Checkout HEAD^
- Checkout multiple repos (side by side)
- Checkout multiple repos (nested)
- Checkout multiple repos (private)
- Checkout pull request HEAD commit instead of merge commit
- Checkout pull request on closed event
- Push a commit using the built-in token
Fetch only the root files
- uses: actions/checkout@v4
with:
sparse-checkout: .
Fetch only the root files and .github
and src
folder
- uses: actions/checkout@v4
with:
sparse-checkout: |
.github
src
Fetch only a single file
- uses: actions/checkout@v4
with:
sparse-checkout: |
README.md
sparse-checkout-cone-mode: false
Fetch all history for all tags and branches
- uses: actions/checkout@v4
with:
fetch-depth: 0
Checkout a different branch
- uses: actions/checkout@v4
with:
ref: my-branch
Checkout HEAD^
- uses: actions/checkout@v4
with:
fetch-depth: 2
- run: git checkout HEAD^
Checkout multiple repos (side by side)
- name: Checkout
uses: actions/checkout@v4
with:
path: main
- name: Checkout tools repo
uses: actions/checkout@v4
with:
repository: my-org/my-tools
path: my-tools
- If your secondary repository is private you will need to add the option noted in Checkout multiple repos (private)
Checkout multiple repos (nested)
- name: Checkout
uses: actions/checkout@v4
- name: Checkout tools repo
uses: actions/checkout@v4
with:
repository: my-org/my-tools
path: my-tools
- If your secondary repository is private you will need to add the option noted in Checkout multiple repos (private)
Checkout multiple repos (private)
- name: Checkout
uses: actions/checkout@v4
with:
path: main
- name: Checkout private tools
uses: actions/checkout@v4
with:
repository: my-org/my-private-tools
token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
path: my-tools
${{ github.token }}
is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own PAT.
Checkout pull request HEAD commit instead of merge commit
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
Checkout pull request on closed event
on:
pull_request:
branches: [main]
types: [opened, synchronize, closed]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Push a commit using the built-in token
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: |
date > generated.txt
git config user.name github-actions
git config user.email github-actions@github.com
git add .
git commit -m "generated"
git push
License
The scripts and documentation in this project are released under the MIT License