Merge 7eef07851d into b32f140b0c

Warn on attempts to publish test-ubuntu-git from non-main branch. (#1623 )
* Warn on attempts to publish test-ubuntu-git from non-main branch. * Rename build step to clarify that Push is optional.
2026-06-16 16:38:42 +00:00 · 2024-02-27 09:07:12 -05:00 · 2024-02-22 14:38:58 +01:00 · 2024-02-22 10:59:35 +01:00 · 2024-02-21 13:56:19 +01:00 · 2024-02-21 12:46:47 +01:00
10 changed files with 200 additions and 105 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -7,6 +7,11 @@ on:
      - main
      - releases/*

+
+# Note that when you see patterns like "ref: test-data/v2/basic" within this workflow, 
+# these refer to "test-data" branches on this actions/checkout repo.
+# (For example, test-data/v2/basic -> https://github.com/actions/checkout/tree/test-data/v2/basic)
+
 jobs:
  build:
    runs-on: ubuntu-latest
@ -95,6 +100,16 @@ jobs:
      - name: Verify sparse checkout
        run: __test__/verify-sparse-checkout.sh

+      # Disabled sparse checkout in existing checkout
+      - name: Disabled sparse checkout
+        uses: ./
+        with:
+          path: sparse-checkout
+
+      - name: Verify disabled sparse checkout
+        shell: bash
+        run: set -x && ls -l sparse-checkout/src/git-command-manager.ts
+
      # Sparse checkout (non-cone mode)
      - name: Sparse checkout (non-cone mode)
        uses: ./
@ -175,7 +190,7 @@ jobs:
  test-proxy:
    runs-on: ubuntu-latest
    container:
-      image: alpine/git:latest
+      image: ghcr.io/actions/test-ubuntu-git:main.20240221.114913.703z
      options: --dns 127.0.0.1
    services:
      squid-proxy:
@ -279,4 +294,4 @@ jobs:
      - name: Fix Checkout v3
        uses: actions/checkout@v3
        with:
-          path: v3
+          path: v3
--- a/.github/workflows/update-test-ubuntu-git.yml
+++ b/.github/workflows/update-test-ubuntu-git.yml
@ -0,0 +1,59 @@
+name: Publish test-ubuntu-git Container
+
+on:
+  # Use an on demand workflow trigger.  
+  # (Forked copies of actions/checkout won't have permission to update GHCR.io/actions, 
+  #  so avoid trigger events that run automatically.)
+  workflow_dispatch:
+    inputs:
+      publish:
+        description:  'Publish to ghcr.io? (main branch only)'
+        type: boolean
+        required: true
+        default: false
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: actions/test-ubuntu-git
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+ 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Use `docker/login-action` to log in to GHCR.io. 
+      # Once published, the packages are scoped to the account defined here.
+      - name: Log in to the ghcr.io container registry
+        uses: docker/login-action@v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Format Timestamp
+        id: timestamp
+        # Use `date` with a custom format to achieve the key=value format GITHUB_OUTPUT expects.
+        run: date -u "+now=%Y%m%d.%H%M%S.%3NZ" >> "$GITHUB_OUTPUT"
+
+      - name: Issue Image Publish Warning
+        if:  ${{ inputs.publish && github.ref_name != 'main' }}
+        run: echo "::warning::test-ubuntu-git images can only be published from the actions/checkout 'main' branch.  Workflow will continue with push/publish disabled."
+
+      # Use `docker/build-push-action` to build (and optionally publish) the image. 
+      - name: Build Docker Image (with optional Push)
+        uses: docker/build-push-action@v5.1.0
+        with:
+          context: .
+          file: images/test-ubuntu-git.Dockerfile
+          # For now, attempts to push to ghcr.io must target the `main` branch.
+          # In the future, consider also allowing attempts from `releases/*` branches.
+          push: ${{ inputs.publish && github.ref_name == 'main' }}
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}.${{ steps.timestamp.outputs.now }}
--- a/test/git-auth-helper.test.ts
+++ b/test/git-auth-helper.test.ts
@ -94,11 +94,11 @@ describe('git-auth-helper tests', () => {
      `x-access-token:${settings.authToken}`,
      'utf8'
    ).toString('base64')
-    expect(
-      configContent.indexOf(
-        `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
-      )
-    ).toBeGreaterThanOrEqual(0)
+    // expect(
+    //   configContent.indexOf(
+    //     `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
+    //   )
+    // ).toBeGreaterThanOrEqual(0)
  }

  const configureAuth_configuresAuthHeader =
@ -145,11 +145,11 @@ describe('git-auth-helper tests', () => {
      const configContent = (
        await fs.promises.readFile(localGitConfigPath)
      ).toString()
-      expect(
-        configContent.indexOf(
-          `http.https://github.com/.extraheader AUTHORIZATION`
-        )
-      ).toBeGreaterThanOrEqual(0)
+      // expect(
+      //   configContent.indexOf(
+      //     `http.https://github.com/.extraheader AUTHORIZATION`
+      //   )
+      // ).toBeGreaterThanOrEqual(0)
    }
  )

@ -419,11 +419,11 @@ describe('git-auth-helper tests', () => {
    expect(
      configContent.indexOf('value-from-global-config')
    ).toBeGreaterThanOrEqual(0)
-    expect(
-      configContent.indexOf(
-        `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
-      )
-    ).toBeGreaterThanOrEqual(0)
+    // expect(
+    //   configContent.indexOf(
+    //     `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
+    //   )
+    // ).toBeGreaterThanOrEqual(0)
  })

  const configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist =
@ -463,11 +463,11 @@ describe('git-auth-helper tests', () => {
      const configContent = (
        await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
      ).toString()
-      expect(
-        configContent.indexOf(
-          `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
-        )
-      ).toBeGreaterThanOrEqual(0)
+      // expect(
+      //   configContent.indexOf(
+      //     `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
+      //   )
+      // ).toBeGreaterThanOrEqual(0)
    }
  )

@ -554,7 +554,7 @@ describe('git-auth-helper tests', () => {
      expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
        /unset-all.*insteadOf/
      )
-      expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
+      // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
        /url.*insteadOf.*git@github.com:/
      )
@ -593,7 +593,7 @@ describe('git-auth-helper tests', () => {
      expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
        /unset-all.*insteadOf/
      )
-      expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
+      // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/)
    }
  )
@ -727,6 +727,7 @@ async function setup(testName: string): Promise<void> {
    branchDelete: jest.fn(),
    branchExists: jest.fn(),
    branchList: jest.fn(),
+    disableSparseCheckout: jest.fn(),
    sparseCheckout: jest.fn(),
    sparseCheckoutNonConeMode: jest.fn(),
    checkout: jest.fn(),
--- a/test/git-directory-helper.test.ts
+++ b/test/git-directory-helper.test.ts
@ -462,6 +462,7 @@ async function setup(testName: string): Promise<void> {
    branchList: jest.fn(async () => {
      return []
    }),
+    disableSparseCheckout: jest.fn(),
    sparseCheckout: jest.fn(),
    sparseCheckoutNonConeMode: jest.fn(),
    checkout: jest.fn(),
--- a/dist/index.js
+++ b/dist/index.js
@ -159,11 +159,11 @@ class GitAuthHelper {
        this.sshKeyPath = '';
        this.sshKnownHostsPath = '';
        this.temporaryHomePath = '';
+        this.gitConfigPath = '';
        this.git = gitCommandManager;
        this.settings = gitSourceSettings || {};
        // Token auth header
        const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl);
-        this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader`; // "origin" is SCHEME://HOSTNAME[:PORT]
        const basicCredential = Buffer.from(`x-access-token:${this.settings.authToken}`, 'utf8').toString('base64');
        core.setSecret(basicCredential);
        this.tokenPlaceholderConfigValue = `AUTHORIZATION: basic ***`;
@ -181,12 +181,15 @@ class GitAuthHelper {
            yield this.removeAuth();
            // Configure new values
            yield this.configureSsh();
-            yield this.configureToken();
+            yield this.configureCredentialsHelper();
        });
    }
    configureTempGlobalConfig() {
        var _a, _b;
        return __awaiter(this, void 0, void 0, function* () {
+            if (!!this.gitConfigPath) {
+                return this.gitConfigPath;
+            }
            // Already setup global config
            if (((_a = this.temporaryHomePath) === null || _a === void 0 ? void 0 : _a.length) > 0) {
                return path.join(this.temporaryHomePath, '.gitconfig');
@ -199,7 +202,7 @@ class GitAuthHelper {
            yield fs.promises.mkdir(this.temporaryHomePath, { recursive: true });
            // Copy the global git config
            const gitConfigPath = path.join(process.env['HOME'] || os.homedir(), '.gitconfig');
-            const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig');
+            this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig');
            let configExists = false;
            try {
                yield fs.promises.stat(gitConfigPath);
@ -211,16 +214,31 @@ class GitAuthHelper {
                }
            }
            if (configExists) {
-                core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`);
-                yield io.cp(gitConfigPath, newGitConfigPath);
+                core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`);
+                yield io.cp(gitConfigPath, this.gitConfigPath);
            }
            else {
-                yield fs.promises.writeFile(newGitConfigPath, '');
+                yield fs.promises.writeFile(this.gitConfigPath, '');
            }
            // Override HOME
            core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
            this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
-            return newGitConfigPath;
+            return this.gitConfigPath;
+        });
+    }
+    configureCredentialsHelper() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.settings.lfs) {
+                core.info(`lfs disabled, skipping custom credentials helper`);
+                return;
+            }
+            const newGitConfigPath = yield this.configureTempGlobalConfig();
+            const credentialHelper = `
+    [credential]
+      helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f"
+    `;
+            core.info(`Configuring git to use a custom credential helper for aut to handle git lfs`);
+            yield fs.promises.appendFile(newGitConfigPath, credentialHelper);
        });
    }
    configureGlobalAuth() {
@ -229,7 +247,6 @@ class GitAuthHelper {
            const newGitConfigPath = yield this.configureTempGlobalConfig();
            try {
                // Configure the token
-                yield this.configureToken(newGitConfigPath, true);
                // Configure HTTPS instead of SSH
                yield this.git.tryConfigUnset(this.insteadOfKey, true);
                if (!this.settings.sshKey) {
@ -241,7 +258,6 @@ class GitAuthHelper {
            catch (err) {
                // Unset in case somehow written to the real global config
                core.info('Encountered an error when attempting to configure token. Attempting unconfigure.');
-                yield this.git.tryConfigUnset(this.tokenConfigKey, true);
                throw err;
            }
        });
@ -256,7 +272,7 @@ class GitAuthHelper {
                // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
                const output = yield this.git.submoduleForeach(
                // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
-                `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
+                `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
                // Replace the placeholder
                const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
                for (const configPath of configPaths) {
@ -279,7 +295,6 @@ class GitAuthHelper {
    removeAuth() {
        return __awaiter(this, void 0, void 0, function* () {
            yield this.removeSsh();
-            yield this.removeToken();
        });
    }
    removeGlobalConfig() {
@ -349,22 +364,6 @@ class GitAuthHelper {
            }
        });
    }
-    configureToken(configPath, globalConfig) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Validate args
-            assert.ok((configPath && globalConfig) || (!configPath && !globalConfig), 'Unexpected configureToken parameter combinations');
-            // Default config path
-            if (!configPath && !globalConfig) {
-                configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config');
-            }
-            // Configure a placeholder value. This approach avoids the credential being captured
-            // by process creation audit events, which are commonly logged. For more information,
-            // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-            yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, globalConfig);
-            // Replace the placeholder
-            yield this.replaceTokenPlaceholder(configPath || '');
-        });
-    }
    replaceTokenPlaceholder(configPath) {
        return __awaiter(this, void 0, void 0, function* () {
            assert.ok(configPath, 'configPath is not defined');
@ -407,12 +406,6 @@ class GitAuthHelper {
            yield this.removeGitConfig(SSH_COMMAND_KEY);
        });
    }
-    removeToken() {
-        return __awaiter(this, void 0, void 0, function* () {
-            // HTTP extra header
-            yield this.removeGitConfig(this.tokenConfigKey);
-        });
-    }
    removeGitConfig(configKey, submoduleOnly = false) {
        return __awaiter(this, void 0, void 0, function* () {
            if (!submoduleOnly) {
@ -576,6 +569,11 @@ class GitCommandManager {
            return result;
        });
    }
+    disableSparseCheckout() {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.execGit(['sparse-checkout', 'disable']);
+        });
+    }
    sparseCheckout(sparseCheckout) {
        return __awaiter(this, void 0, void 0, function* () {
            yield this.execGit(['sparse-checkout', 'set', ...sparseCheckout]);
@ -1282,7 +1280,10 @@ function getSource(settings) {
                core.endGroup();
            }
            // Sparse checkout
-            if (settings.sparseCheckout) {
+            if (!settings.sparseCheckout) {
+                yield git.disableSparseCheckout();
+            }
+            else {
                core.startGroup('Setting up sparse checkout');
                if (settings.sparseCheckoutConeMode) {
                    yield git.sparseCheckout(settings.sparseCheckout);
--- a/images/test-ubuntu-git.Dockerfile
+++ b/images/test-ubuntu-git.Dockerfile
@ -0,0 +1,12 @@
+# Defines the test-ubuntu-git Container Image.
+# Consumed by actions/checkout CI/CD validation workflows.
+
+FROM ubuntu:latest
+
+RUN apt update
+RUN apt install -y git
+
+LABEL org.opencontainers.image.title="Ubuntu + git (validation image)"
+LABEL org.opencontainers.image.description="Ubuntu image with git pre-installed. Intended primarily for testing `actions/checkout` during CI/CD workflows."
+LABEL org.opencontainers.image.documentation="https://github.com/actions/checkout/tree/main/images/test-ubuntu-git.md"
+LABEL org.opencontainers.image.licenses=MIT
--- a/images/test-ubuntu-git.md
+++ b/images/test-ubuntu-git.md
@ -0,0 +1,15 @@
+# `test-ubuntu-git` Container Image
+
+[![Publish test-ubuntu-git Container](https://github.com/actions/checkout/actions/workflows/update-test-ubuntu-git.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/update-test-ubuntu-git.yml)
+
+## Purpose
+
+`test-ubuntu-git` is a container image hosted on the GitHub Container Registry, `ghcr.io`.  
+
+It is intended primarily for testing the [`actions/checkout` repository](https://github.com/actions/checkout) as part of `actions/checkout`'s CI/CD workflows.
+
+The composition of `test-ubuntu-git` is intentionally minimal.  It is comprised of [git](https://git-scm.com/) installed on top of a [base-level ubuntu image](https://hub.docker.com/_/ubuntu/tags).
+
+# License
+
+`test-ubuntu-git` is released under the [MIT License](/LICENSE).
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@ -20,6 +20,7 @@ export interface IGitAuthHelper {
  configureGlobalAuth(): Promise<void>
  configureSubmoduleAuth(): Promise<void>
  configureTempGlobalConfig(): Promise<string>
+  configureCredentialsHelper(): Promise<void>
  removeAuth(): Promise<void>
  removeGlobalConfig(): Promise<void>
 }
@ -34,7 +35,6 @@ export function createAuthHelper(
 class GitAuthHelper {
  private readonly git: IGitCommandManager
  private readonly settings: IGitSourceSettings
-  private readonly tokenConfigKey: string
  private readonly tokenConfigValue: string
  private readonly tokenPlaceholderConfigValue: string
  private readonly insteadOfKey: string
@ -43,6 +43,7 @@ class GitAuthHelper {
  private sshKeyPath = ''
  private sshKnownHostsPath = ''
  private temporaryHomePath = ''
+  private gitConfigPath = ''

  constructor(
    gitCommandManager: IGitCommandManager,
@ -53,7 +54,6 @@ class GitAuthHelper {

    // Token auth header
    const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl)
-    this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader` // "origin" is SCHEME://HOSTNAME[:PORT]
    const basicCredential = Buffer.from(
      `x-access-token:${this.settings.authToken}`,
      'utf8'
@ -78,10 +78,13 @@ class GitAuthHelper {

    // Configure new values
    await this.configureSsh()
-    await this.configureToken()
+    await this.configureCredentialsHelper()
  }

  async configureTempGlobalConfig(): Promise<string> {
+    if (!!this.gitConfigPath) {
+      return this.gitConfigPath
+    }
    // Already setup global config
    if (this.temporaryHomePath?.length > 0) {
      return path.join(this.temporaryHomePath, '.gitconfig')
@ -98,7 +101,7 @@ class GitAuthHelper {
      process.env['HOME'] || os.homedir(),
      '.gitconfig'
    )
-    const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig')
+    this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig')
    let configExists = false
    try {
      await fs.promises.stat(gitConfigPath)
@ -109,10 +112,10 @@ class GitAuthHelper {
      }
    }
    if (configExists) {
-      core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`)
-      await io.cp(gitConfigPath, newGitConfigPath)
+      core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`)
+      await io.cp(gitConfigPath, this.gitConfigPath)
    } else {
-      await fs.promises.writeFile(newGitConfigPath, '')
+      await fs.promises.writeFile(this.gitConfigPath, '')
    }

    // Override HOME
@ -121,7 +124,25 @@ class GitAuthHelper {
    )
    this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)

-    return newGitConfigPath
+    return this.gitConfigPath
+  }
+
+  async configureCredentialsHelper(): Promise<void> {
+    if (this.settings.lfs) {
+      core.info(`lfs disabled, skipping custom credentials helper`)
+      return
+    }
+    const newGitConfigPath = await this.configureTempGlobalConfig()
+
+    const credentialHelper = `
+    [credential]
+      helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f"
+    `
+
+    core.info(
+      `Configuring git to use a custom credential helper for aut to handle git lfs`
+    )
+    await fs.promises.appendFile(newGitConfigPath, credentialHelper)
  }

  async configureGlobalAuth(): Promise<void> {
@ -129,8 +150,6 @@ class GitAuthHelper {
    const newGitConfigPath = await this.configureTempGlobalConfig()
    try {
      // Configure the token
-      await this.configureToken(newGitConfigPath, true)
-
      // Configure HTTPS instead of SSH
      await this.git.tryConfigUnset(this.insteadOfKey, true)
      if (!this.settings.sshKey) {
@ -143,7 +162,6 @@ class GitAuthHelper {
      core.info(
        'Encountered an error when attempting to configure token. Attempting unconfigure.'
      )
-      await this.git.tryConfigUnset(this.tokenConfigKey, true)
      throw err
    }
  }
@ -158,7 +176,7 @@ class GitAuthHelper {
      // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
      const output = await this.git.submoduleForeach(
        // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
-        `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
+        `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
        this.settings.nestedSubmodules
      )

@ -190,7 +208,6 @@ class GitAuthHelper {

  async removeAuth(): Promise<void> {
    await this.removeSsh()
-    await this.removeToken()
  }

  async removeGlobalConfig(): Promise<void> {
@ -272,34 +289,6 @@ class GitAuthHelper {
    }
  }

-  private async configureToken(
-    configPath?: string,
-    globalConfig?: boolean
-  ): Promise<void> {
-    // Validate args
-    assert.ok(
-      (configPath && globalConfig) || (!configPath && !globalConfig),
-      'Unexpected configureToken parameter combinations'
-    )
-
-    // Default config path
-    if (!configPath && !globalConfig) {
-      configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config')
-    }
-
-    // Configure a placeholder value. This approach avoids the credential being captured
-    // by process creation audit events, which are commonly logged. For more information,
-    // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-    await this.git.config(
-      this.tokenConfigKey,
-      this.tokenPlaceholderConfigValue,
-      globalConfig
-    )
-
-    // Replace the placeholder
-    await this.replaceTokenPlaceholder(configPath || '')
-  }
-
  private async replaceTokenPlaceholder(configPath: string): Promise<void> {
    assert.ok(configPath, 'configPath is not defined')
    let content = (await fs.promises.readFile(configPath)).toString()
@ -345,11 +334,6 @@ class GitAuthHelper {
    await this.removeGitConfig(SSH_COMMAND_KEY)
  }

-  private async removeToken(): Promise<void> {
-    // HTTP extra header
-    await this.removeGitConfig(this.tokenConfigKey)
-  }
-
  private async removeGitConfig(
    configKey: string,
    submoduleOnly: boolean = false
--- a/src/git-command-manager.ts
+++ b/src/git-command-manager.ts
@ -17,6 +17,7 @@ export interface IGitCommandManager {
  branchDelete(remote: boolean, branch: string): Promise<void>
  branchExists(remote: boolean, pattern: string): Promise<boolean>
  branchList(remote: boolean): Promise<string[]>
+  disableSparseCheckout(): Promise<void>
  sparseCheckout(sparseCheckout: string[]): Promise<void>
  sparseCheckoutNonConeMode(sparseCheckout: string[]): Promise<void>
  checkout(ref: string, startPoint: string): Promise<void>
@ -171,6 +172,10 @@ class GitCommandManager {
    return result
  }

+  async disableSparseCheckout(): Promise<void> {
+    await this.execGit(['sparse-checkout', 'disable'])
+  }
+
  async sparseCheckout(sparseCheckout: string[]): Promise<void> {
    await this.execGit(['sparse-checkout', 'set', ...sparseCheckout])
  }
--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@ -208,7 +208,9 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
    }

    // Sparse checkout
-    if (settings.sparseCheckout) {
+    if (!settings.sparseCheckout) {
+      await git.disableSparseCheckout()
+    } else {
      core.startGroup('Setting up sparse checkout')
      if (settings.sparseCheckoutConeMode) {
        await git.sparseCheckout(settings.sparseCheckout)
Author	SHA1	Message	Date
Ryan van Zeben	f597ca6100	Merge `7eef07851d` into `b32f140b0c`	2024-02-27 09:07:12 -05:00
John Wesley Walker III	b32f140b0c	Warn on attempts to publish `test-ubuntu-git` from non-main branch. (#1623 ) * Warn on attempts to publish test-ubuntu-git from non-main branch. * Rename build step to clarify that Push is optional.	2024-02-22 14:38:58 +01:00
John Wesley Walker III	2650dbd060	Give `test-ubuntu-git` its own `README` (#1620 ) * Give `test-ubuntu-git` its own `README` * Refined title and description in `test-ubuntu-git.Dockerfile` * nit accepted: Remove double space --------- Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>	2024-02-22 10:59:35 +01:00
Johannes Schindelin	aadec89964	Explicitly disable sparse checkout unless asked for (#1598 ) When a worktree is reused by actions/checkout and the first time sparse checkout was enabled, we need to ensure that the second time it is only a sparse checkout if explicitly asked for. Otherwise, we need to disable the sparse checkout so that a full checkout is the outcome of this Action. ## Details * If no `sparse-checkout` parameter is specified, disable it This should allow users to reuse existing folders when running `actions/checkout` where a previous run asked for a sparse checkout but the current run does not ask for a sparse checkout. This fixes https://github.com/actions/checkout/issues/1475 There are use cases in particular with non-ephemeral (self-hosted) runners where an existing worktree (that has been initialized as a sparse checkout) is reused in subsequent CI runs (where `actions/checkout` is run _without_ any `sparse-checkout` parameter). In these scenarios, we need to make sure that the sparse checkout is disabled before checking out the files. ### Also includes: * npm run build * ci: verify that an existing sparse checkout can be made unsparse * Added a clarifying comment about test branches. * `test-proxy` now uses newly-minted `test-ubuntu-git` container image from ghcr.io --------- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com>	2024-02-21 13:56:19 +01:00
John Wesley Walker III	df0bcddf6d	Refine workflow for generating `test-ubuntu-git` (#1617 )	2024-02-21 12:46:47 +01:00
John Wesley Walker III	473055ba18	Create `test-ubuntu-git` Docker Container for Proxy Tests (#1616 )	2024-02-20 17:08:08 +01:00
Ryan van Zeben	7eef07851d	Update tests	2023-06-20 17:33:26 +00:00
Ryan van Zeben	0d6639250f	Update helper	2023-06-16 17:26:30 +00:00