.

* auth-helper: properly await replacement of the token value in the config

After writing the `.extraheader` config, we manually replace the token
with the actual value. This is done in an `async` function, but we were
not `await`ing the result.

In our tests, this commit fixes a flakiness we observed where
`remote.origin.url` sometimes (very rarely, actually) is not set for
submodules. Our interpretation is that the configs are in the process of
being rewritten with the correct token value _while_ another `git
config` that wants to set the `insteadOf` value is reading the config,
which is currently empty.

A more idiomatic way to fix this in Typescript would use
`Promise.all()`, like this:

      await Promise.all(
        configPaths.map(async configPath => {
          core.debug(`Replacing token placeholder in '${configPath}'`)
          await this.replaceTokenPlaceholder(configPath)
        })
      )

However, during review of https://github.com/actions/checkout/pull/379
it was decided to keep the `for` loop in the interest of simplicity.

Reported by Ian Lynagh.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* downloadRepository(): await the result of recursive deletions

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* Ask ESLint to report floating Promises

This rule is quite helpful in avoiding hard-to-debug missing `await`s.

Note: there are two locations in `src/main.ts` that trigger warnings:
the `run()` and the `cleanup()` function are called without `await` and
without any `.catch()` clause.

In the initial version of https://github.com/actions/checkout/pull/379,
this was addressed by adding `.catch()` clauses. However, it was
determined that this is boilerplate code that will need to be fixed in a
broader way.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* Rebuild

This trick was brought to you by `npm ci && npm run build`. Needed to
get the PR build to pass.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

.eslintrc.json

@@ -27,6 +27,7 @@
     "@typescript-eslint/no-empty-interface": "error",
     "@typescript-eslint/no-explicit-any": "error",
     "@typescript-eslint/no-extraneous-class": "error",
+    "@typescript-eslint/no-floating-promises": "error",
     "@typescript-eslint/no-for-in-array": "error",
     "@typescript-eslint/no-inferrable-types": "error",
     "@typescript-eslint/no-misused-new": "error",

.gitattributes

@@ -0,0 +1 @@
+.licenses/** -diff linguist-generated=true

.github/workflows/licensed.yml

@@ -0,0 +1,20 @@
+name: Licensed
+
+on:
+  push: {branches: main}
+  pull_request: {branches: main}
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Check licenses
+    steps:
+      - uses: actions/checkout@v2
+      - run: npm ci
+      - name: Install licensed
+        run: |
+          cd $RUNNER_TEMP
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
+          sudo tar -xzf licensed.tar.gz
+          sudo mv licensed /usr/local/bin/licensed
+      - run: licensed status

.github/workflows/test.yml

@@ -4,7 +4,7 @@ on:
   pull_request:
   push:
     branches:
-      - master
+      - main
       - releases/*
 
 jobs:

.licensed.yml

@@ -0,0 +1,14 @@
+sources:
+  npm: true
+
+allowed:
+  - apache-2.0
+  - bsd-2-clause
+  - bsd-3-clause
+  - isc
+  - mit
+  - cc0-1.0
+  - unlicense
+
+reviewed:
+  npm:

CODEOWNERS

@@ -0,0 +1 @@
+* @actions/actions-runtime

README.md

@@ -118,6 +118,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
 - [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 - [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
 - [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
+- [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
 
 ## Fetch all history for all tags and branches
 
@@ -204,7 +205,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
 ```yaml
 on:
   pull_request:
-    branches: [master]
+    branches: [main]
     types: [opened, synchronize, closed]
 jobs:
   build:
@@ -213,6 +214,24 @@ jobs:
       - uses: actions/checkout@v2
 ```
 
+## Push a commit using the built-in token
+
+```yaml
+on: push
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+          date > generated.txt
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+          git add .
+          git commit -m "generated"
+          git push
+```
+
 # License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

__test__/git-auth-helper.test.ts

@@ -764,7 +764,7 @@ async function setup(testName: string): Promise<void> {
     submodules: false,
     nestedSubmodules: false,
     persistCredentials: true,
-    ref: 'refs/heads/master',
+    ref: 'refs/heads/main',
     repositoryName: 'my-repo',
     repositoryOwner: 'my-org',
     repositoryPath: '',

__test__/override-git-version.cmd

@@ -2,5 +2,5 @@
 mkdir override-git-version
 cd override-git-version
 echo @echo override git version 1.2.3 > git.cmd
-echo ::add-path::%CD%
+echo "%CD%" >> $GITHUB_PATH
 cd ..

__test__/override-git-version.sh

@@ -5,5 +5,5 @@ cd override-git-version
 echo "#!/bin/sh" > git
 echo "echo override git version 1.2.3" >> git
 chmod +x git
-echo "::add-path::$(pwd)"
+echo "$(pwd)" >> $GITHUB_PATH
 cd ..

__test__/verify-basic.sh

@@ -20,5 +20,5 @@ else
 
   # Verify auth token
   cd basic
-  git fetch --no-tags --depth=1 origin +refs/heads/master:refs/remotes/origin/master
+  git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
 fi

adrs/0153-checkout-v2.md

@@ -24,7 +24,7 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
     description: >
       The branch, tag or SHA to checkout. When checking out the repository that
       triggered a workflow, this defaults to the reference or SHA for that
-      event.  Otherwise, defaults to `master`.
+      event.  Otherwise, uses the default branch.
   token:
     description: >
       Personal access token (PAT) used to fetch the repository. The PAT is configured
@@ -277,7 +277,7 @@ Note:
 ### Branching strategy and release tags
 
 - Create a servicing branch for V1: `releases/v1`
-- Merge the changes into `master`
+- Merge the changes into the default branch
 - Release using a new tag `preview`
 - When stable, release using a new tag `v2`
 

dist/index.js

@@ -3286,6 +3286,7 @@ function run() {
             try {
                 // Register problem matcher
                 coreCommand.issueCommand('add-matcher', {}, path.join(__dirname, 'problem-matcher.json'));
+                console.log(JSON.stringify(process.env, null, '  '));
                 // Get sources
                 yield gitSourceProvider.getSource(sourceSettings);
             }
@@ -5498,7 +5499,7 @@ class GitAuthHelper {
                 const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
                 for (const configPath of configPaths) {
                     core.debug(`Replacing token placeholder in '${configPath}'`);
-                    this.replaceTokenPlaceholder(configPath);
+                    yield this.replaceTokenPlaceholder(configPath);
                 }
                 if (this.settings.sshKey) {
                     // Configure core.sshCommand
@@ -5883,9 +5884,11 @@ class GitCommandManager {
             yield this.execGit(['lfs', 'install', '--local']);
         });
     }
-    log1() {
+    log1(format) {
         return __awaiter(this, void 0, void 0, function* () {
-            const output = yield this.execGit(['log', '-1']);
+            var args = format ? ['log', '-1', format] : ['log', '-1'];
+            var silent = format ? false : true;
+            const output = yield this.execGit(args, false, silent);
             return output.stdout;
         });
     }
@@ -5900,7 +5903,7 @@ class GitCommandManager {
     /**
      * Resolves a ref to a SHA. For a branch or lightweight tag, the commit SHA is returned.
      * For an annotated tag, the tag SHA is returned.
-     * @param {string} ref  For example: 'refs/heads/master' or '/refs/tags/v1'
+     * @param {string} ref  For example: 'refs/heads/main' or '/refs/tags/v1'
      * @returns {Promise<string>}
      */
     revParse(ref) {
@@ -6007,7 +6010,7 @@ class GitCommandManager {
             return result;
         });
     }
-    execGit(args, allowAllExitCodes = false) {
+    execGit(args, allowAllExitCodes = false, silent = false) {
         return __awaiter(this, void 0, void 0, function* () {
             fshelper.directoryExistsSync(this.workingDirectory, true);
             const result = new GitOutput();
@@ -6022,6 +6025,7 @@ class GitCommandManager {
             const options = {
                 cwd: this.workingDirectory,
                 env,
+                silent,
                 ignoreReturnCode: allowAllExitCodes,
                 listeners: {
                     stdout: (data) => {
@@ -6267,8 +6271,10 @@ function getSource(settings) {
                     yield authHelper.removeGlobalAuth();
                 }
             }
-            // Dump some info about the checked out commit
+            // Get commit information
             const commitInfo = yield git.log1();
+            // Log commit sha
+            yield git.log1("--format='%H'");
             // Check for incorrect pull request merge commit
             yield refHelper.checkCommitInfo(settings.authToken, commitInfo, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit);
         }
@@ -9589,7 +9595,7 @@ function downloadRepository(authToken, owner, repo, ref, commit, repositoryPath)
         else {
             yield toolCache.extractTar(archivePath, extractPath);
         }
-        io.rmRF(archivePath);
+        yield io.rmRF(archivePath);
         // Determine the path of the repository content. The archive contains
         // a top-level folder and the repository content is inside.
         const archiveFileNames = yield fs.promises.readdir(extractPath);
@@ -9608,7 +9614,7 @@ function downloadRepository(authToken, owner, repo, ref, commit, repositoryPath)
                 yield io.mv(sourcePath, targetPath);
             }
         }
-        io.rmRF(extractPath);
+        yield io.rmRF(extractPath);
     });
 }
 exports.downloadRepository = downloadRepository;
@@ -14545,7 +14551,7 @@ function getInputs() {
             result.ref = github.context.ref;
             result.commit = github.context.sha;
             // Some events have an unqualifed ref. For example when a PR is merged (pull_request closed event),
-            // the ref is unqualifed like "master" instead of "refs/heads/master".
+            // the ref is unqualifed like "main" instead of "refs/heads/main".
             if (result.commit && result.ref && !result.ref.startsWith('refs/')) {
                 result.ref = `refs/heads/${result.ref}`;
             }

src/git-auth-helper.ts

@@ -148,7 +148,7 @@ class GitAuthHelper {
         output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []
       for (const configPath of configPaths) {
         core.debug(`Replacing token placeholder in '${configPath}'`)
-        this.replaceTokenPlaceholder(configPath)
+        await this.replaceTokenPlaceholder(configPath)
       }
 
       if (this.settings.sshKey) {

src/git-command-manager.ts

@@ -31,7 +31,7 @@ export interface IGitCommandManager {
   isDetached(): Promise<boolean>
   lfsFetch(ref: string): Promise<void>
   lfsInstall(): Promise<void>
-  log1(): Promise<string>
+  log1(format?: string): Promise<string>
   remoteAdd(remoteName: string, remoteUrl: string): Promise<void>
   removeEnvironmentVariable(name: string): void
   revParse(ref: string): Promise<string>
@@ -254,8 +254,10 @@ class GitCommandManager {
     await this.execGit(['lfs', 'install', '--local'])
   }
 
-  async log1(): Promise<string> {
-    const output = await this.execGit(['log', '-1'])
+  async log1(format?: string): Promise<string> {
+    var args = format ? ['log', '-1', format] : ['log', '-1']
+    var silent = format ? false : true
+    const output = await this.execGit(args, false, silent)
     return output.stdout
   }
 
@@ -270,7 +272,7 @@ class GitCommandManager {
   /**
    * Resolves a ref to a SHA. For a branch or lightweight tag, the commit SHA is returned.
    * For an annotated tag, the tag SHA is returned.
-   * @param {string} ref  For example: 'refs/heads/master' or '/refs/tags/v1'
+   * @param {string} ref  For example: 'refs/heads/main' or '/refs/tags/v1'
    * @returns {Promise<string>}
    */
   async revParse(ref: string): Promise<string> {
@@ -390,7 +392,8 @@ class GitCommandManager {
 
   private async execGit(
     args: string[],
-    allowAllExitCodes = false
+    allowAllExitCodes = false,
+    silent = false
   ): Promise<GitOutput> {
     fshelper.directoryExistsSync(this.workingDirectory, true)
 
@@ -409,6 +412,7 @@ class GitCommandManager {
     const options = {
       cwd: this.workingDirectory,
       env,
+      silent,
       ignoreReturnCode: allowAllExitCodes,
       listeners: {
         stdout: (data: Buffer) => {

src/git-source-provider.ts

@@ -201,9 +201,12 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
       }
     }
 
-    // Dump some info about the checked out commit
+    // Get commit information
     const commitInfo = await git.log1()
 
+    // Log commit sha
+    await git.log1("--format='%H'")
+
     // Check for incorrect pull request merge commit
     await refHelper.checkCommitInfo(
       settings.authToken,

src/github-api-helper.ts

@@ -47,7 +47,7 @@ export async function downloadRepository(
   } else {
     await toolCache.extractTar(archivePath, extractPath)
   }
-  io.rmRF(archivePath)
+  await io.rmRF(archivePath)
 
   // Determine the path of the repository content. The archive contains
   // a top-level folder and the repository content is inside.
@@ -70,7 +70,7 @@ export async function downloadRepository(
       await io.mv(sourcePath, targetPath)
     }
   }
-  io.rmRF(extractPath)
+  await io.rmRF(extractPath)
 }
 
 /**

src/input-helper.ts

@@ -63,7 +63,7 @@ export function getInputs(): IGitSourceSettings {
       result.commit = github.context.sha
 
       // Some events have an unqualifed ref. For example when a PR is merged (pull_request closed event),
-      // the ref is unqualifed like "master" instead of "refs/heads/master".
+      // the ref is unqualifed like "main" instead of "refs/heads/main".
       if (result.commit && result.ref && !result.ref.startsWith('refs/')) {
         result.ref = `refs/heads/${result.ref}`
       }

src/main.ts

@@ -16,6 +16,8 @@ async function run(): Promise<void> {
         {},
         path.join(__dirname, 'problem-matcher.json')
       )
+      
+      console.log(JSON.stringify(process.env, null, '  '))
 
       // Get sources
       await gitSourceProvider.getSource(sourceSettings)