Bump MinimumGitVersion to 2.28 due to #1386

* Add v4.1.2 and v4.1.1 to CHANGELOG.md
* Bump version in package.json to 4.1.2
* Ran `npm i` to regenerate package-lock.json

.github/workflows/test.yml

@@ -7,6 +7,11 @@ on:
       - main
       - releases/*
 
+
+# Note that when you see patterns like "ref: test-data/v2/basic" within this workflow, 
+# these refer to "test-data" branches on this actions/checkout repo.
+# (For example, test-data/v2/basic -> https://github.com/actions/checkout/tree/test-data/v2/basic)
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -95,6 +100,16 @@ jobs:
       - name: Verify sparse checkout
         run: __test__/verify-sparse-checkout.sh
 
+      # Disabled sparse checkout in existing checkout
+      - name: Disabled sparse checkout
+        uses: ./
+        with:
+          path: sparse-checkout
+
+      - name: Verify disabled sparse checkout
+        shell: bash
+        run: set -x && ls -l sparse-checkout/src/git-command-manager.ts
+
       # Sparse checkout (non-cone mode)
       - name: Sparse checkout (non-cone mode)
         uses: ./
@@ -175,7 +190,7 @@ jobs:
   test-proxy:
     runs-on: ubuntu-latest
     container:
-      image: alpine/git:latest
+      image: ghcr.io/actions/test-ubuntu-git:main.20240221.114913.703z
       options: --dns 127.0.0.1
     services:
       squid-proxy:
@@ -279,4 +294,4 @@ jobs:
       - name: Fix Checkout v3
         uses: actions/checkout@v3
         with:
-          path: v3
+          path: v3

.github/workflows/update-main-version.yml

@@ -19,7 +19,10 @@ jobs:
   tag:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    # Note this update workflow can also be used as a rollback tool.
+    # For that reason, it's best to pin `actions/checkout` to a known, stable version
+    # (typically, about two releases back).
+    - uses: actions/checkout@v4.1.1
       with:
         fetch-depth: 0
     - name: Git config

.github/workflows/update-test-ubuntu-git.yml

@@ -0,0 +1,59 @@
+name: Publish test-ubuntu-git Container
+
+on:
+  # Use an on demand workflow trigger.  
+  # (Forked copies of actions/checkout won't have permission to update GHCR.io/actions, 
+  #  so avoid trigger events that run automatically.)
+  workflow_dispatch:
+    inputs:
+      publish:
+        description:  'Publish to ghcr.io? (main branch only)'
+        type: boolean
+        required: true
+        default: false
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: actions/test-ubuntu-git
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+ 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Use `docker/login-action` to log in to GHCR.io. 
+      # Once published, the packages are scoped to the account defined here.
+      - name: Log in to the ghcr.io container registry
+        uses: docker/login-action@v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Format Timestamp
+        id: timestamp
+        # Use `date` with a custom format to achieve the key=value format GITHUB_OUTPUT expects.
+        run: date -u "+now=%Y%m%d.%H%M%S.%3NZ" >> "$GITHUB_OUTPUT"
+
+      - name: Issue Image Publish Warning
+        if:  ${{ inputs.publish && github.ref_name != 'main' }}
+        run: echo "::warning::test-ubuntu-git images can only be published from the actions/checkout 'main' branch.  Workflow will continue with push/publish disabled."
+
+      # Use `docker/build-push-action` to build (and optionally publish) the image. 
+      - name: Build Docker Image (with optional Push)
+        uses: docker/build-push-action@v5.1.0
+        with:
+          context: .
+          file: images/test-ubuntu-git.Dockerfile
+          # For now, attempts to push to ghcr.io must target the `main` branch.
+          # In the future, consider also allowing attempts from `releases/*` branches.
+          push: ${{ inputs.publish && github.ref_name == 'main' }}
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}.${{ steps.timestamp.outputs.now }}

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## v4.1.2
+- Fix: Disable sparse checkout whenever `sparse-checkout` option is not present @dscho in https://github.com/actions/checkout/pull/1598
+
+## v4.1.1
+- Correct link to GitHub Docs by @peterbe in https://github.com/actions/checkout/pull/1511
+- Link to release page from what's new section by @cory-miller in https://github.com/actions/checkout/pull/1514
+
 ## v4.1.0
 - [Add support for partial checkout filters](https://github.com/actions/checkout/pull/1396)
 

CODEOWNERS

@@ -1 +1 @@
-* @actions/actions-runtime
+* @actions/actions-launch

README.md

@@ -4,17 +4,15 @@
 
 This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
 
-Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
+Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://docs.github.com/actions/using-workflows/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
 
 The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
 
-When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
+When Git 2.28 or higher is not in your PATH, falls back to the REST API to download the files.
 
 # What's new
 
-- Updated default runtime to node20
-  - This requires a minimum Actions Runner version of [v2.308.0](https://github.com/actions/runner/releases/tag/v2.308.0).
-- Added support for fetching without the `--progress` option
+Please refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.
 
 # Usage
 

__test__/git-auth-helper.test.ts

@@ -169,9 +169,8 @@ describe('git-auth-helper tests', () => {
 
     // Mock fs.promises.readFile
     const realReadFile = fs.promises.readFile
-    jest
-      .spyOn(fs.promises, 'readFile')
-      .mockImplementation(async (file: any, options: any): Promise<Buffer> => {
+    jest.spyOn(fs.promises, 'readFile').mockImplementation(
+      async (file: any, options: any): Promise<Buffer> => {
         const userKnownHostsPath = path.join(
           os.homedir(),
           '.ssh',
@@ -182,7 +181,8 @@ describe('git-auth-helper tests', () => {
         }
 
         return await realReadFile(file, options)
-      })
+      }
+    )
 
     // Act
     const authHelper = gitAuthHelper.createAuthHelper(git, settings)
@@ -727,6 +727,7 @@ async function setup(testName: string): Promise<void> {
     branchDelete: jest.fn(),
     branchExists: jest.fn(),
     branchList: jest.fn(),
+    disableSparseCheckout: jest.fn(),
     sparseCheckout: jest.fn(),
     sparseCheckoutNonConeMode: jest.fn(),
     checkout: jest.fn(),

__test__/git-command-manager.test.ts

@@ -24,7 +24,7 @@ describe('git-auth-helper tests', () => {
       console.log(args, options.listeners.stdout)
 
       if (args.includes('version')) {
-        options.listeners.stdout(Buffer.from('2.18'))
+        options.listeners.stdout(Buffer.from('2.28'))
         return 0
       }
 
@@ -57,7 +57,7 @@ describe('git-auth-helper tests', () => {
       console.log(args, options.listeners.stdout)
 
       if (args.includes('version')) {
-        options.listeners.stdout(Buffer.from('2.18'))
+        options.listeners.stdout(Buffer.from('2.28'))
         return 0
       }
 
@@ -97,7 +97,7 @@ describe('Test fetchDepth and fetchTags options', () => {
       console.log(args, options.listeners.stdout)
 
       if (args.includes('version')) {
-        options.listeners.stdout(Buffer.from('2.18'))
+        options.listeners.stdout(Buffer.from('2.28'))
       }
 
       return 0

__test__/git-directory-helper.test.ts

@@ -462,6 +462,7 @@ async function setup(testName: string): Promise<void> {
     branchList: jest.fn(async () => {
       return []
     }),
+    disableSparseCheckout: jest.fn(),
     sparseCheckout: jest.fn(),
     sparseCheckoutNonConeMode: jest.fn(),
     checkout: jest.fn(),

__test__/ref-helper.test.ts

@@ -7,11 +7,11 @@ let git: IGitCommandManager
 
 describe('ref-helper tests', () => {
   beforeEach(() => {
-    git = {} as unknown as IGitCommandManager
+    git = ({} as unknown) as IGitCommandManager
   })
 
   it('getCheckoutInfo requires git', async () => {
-    const git = null as unknown as IGitCommandManager
+    const git = (null as unknown) as IGitCommandManager
     try {
       await refHelper.getCheckoutInfo(git, 'refs/heads/my/branch', commit)
       throw new Error('Should not reach here')

__test__/retry-helper.test.ts

@@ -68,7 +68,7 @@ describe('retry-helper tests', () => {
 
   it('all attempts fail succeeds', async () => {
     let attempts = 0
-    let error: Error = null as unknown as Error
+    let error: Error = (null as unknown) as Error
     try {
       await retryHelper.execute(() => {
         throw new Error(`some error ${++attempts}`)

images/test-ubuntu-git.Dockerfile

@@ -0,0 +1,12 @@
+# Defines the test-ubuntu-git Container Image.
+# Consumed by actions/checkout CI/CD validation workflows.
+
+FROM ubuntu:latest
+
+RUN apt update
+RUN apt install -y git
+
+LABEL org.opencontainers.image.title="Ubuntu + git (validation image)"
+LABEL org.opencontainers.image.description="Ubuntu image with git pre-installed. Intended primarily for testing `actions/checkout` during CI/CD workflows."
+LABEL org.opencontainers.image.documentation="https://github.com/actions/checkout/tree/main/images/test-ubuntu-git.md"
+LABEL org.opencontainers.image.licenses=MIT

images/test-ubuntu-git.md

@@ -0,0 +1,15 @@
+# `test-ubuntu-git` Container Image
+
+[![Publish test-ubuntu-git Container](https://github.com/actions/checkout/actions/workflows/update-test-ubuntu-git.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/update-test-ubuntu-git.yml)
+
+## Purpose
+
+`test-ubuntu-git` is a container image hosted on the GitHub Container Registry, `ghcr.io`.  
+
+It is intended primarily for testing the [`actions/checkout` repository](https://github.com/actions/checkout) as part of `actions/checkout`'s CI/CD workflows.
+
+The composition of `test-ubuntu-git` is intentionally minimal.  It is comprised of [git](https://git-scm.com/) installed on top of a [base-level ubuntu image](https://hub.docker.com/_/ubuntu/tags).
+
+# License
+
+`test-ubuntu-git` is released under the [MIT License](/LICENSE).

package.json

@@ -1,6 +1,6 @@
 {
   "name": "checkout",
-  "version": "4.1.0",
+  "version": "5.0.0",
   "description": "checkout action",
   "main": "lib/main.js",
   "scripts": {
@@ -28,28 +28,28 @@
   },
   "homepage": "https://github.com/actions/checkout#readme",
   "dependencies": {
-    "@actions/core": "^1.10.1",
-    "@actions/exec": "^1.1.1",
-    "@actions/github": "file:actions-github-6.0.2.tgz",
+    "@actions/core": "^1.10.0",
+    "@actions/exec": "^1.0.1",
+    "@actions/github": "^5.0.0",
     "@actions/io": "^1.1.3",
-    "@actions/tool-cache": "^2.0.1",
+    "@actions/tool-cache": "^1.1.2",
     "uuid": "^3.3.3"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.5",
-    "@types/node": "^20.8.2",
+    "@types/jest": "^27.0.2",
+    "@types/node": "^20.5.3",
     "@types/uuid": "^3.4.6",
-    "@typescript-eslint/eslint-plugin": "^6.7.4",
-    "@typescript-eslint/parser": "^6.7.4",
-    "@vercel/ncc": "^0.38.0",
-    "eslint": "^8.50.0",
-    "eslint-plugin-github": "^4.10.1",
-    "eslint-plugin-jest": "^27.4.2",
-    "jest": "^29.7.0",
-    "jest-circus": "^29.7.0",
+    "@typescript-eslint/eslint-plugin": "^5.45.0",
+    "@typescript-eslint/parser": "^5.45.0",
+    "@vercel/ncc": "^0.36.1",
+    "eslint": "^7.32.0",
+    "eslint-plugin-github": "^4.3.2",
+    "eslint-plugin-jest": "^25.7.0",
+    "jest": "^27.3.0",
+    "jest-circus": "^27.3.0",
     "js-yaml": "^3.13.1",
-    "prettier": "^3.0.3",
-    "ts-jest": "^29.1.1",
-    "typescript": "^5.2.2"
+    "prettier": "^1.19.1",
+    "ts-jest": "^27.0.7",
+    "typescript": "^4.4.4"
   }
 }

src/fs-helper.ts

@@ -18,9 +18,8 @@ export function directoryExistsSync(path: string, required?: boolean): boolean {
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${
-        (error as any)?.message ?? error
-      }`
+      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
+        ?.message ?? error}`
     )
   }
 
@@ -46,9 +45,8 @@ export function existsSync(path: string): boolean {
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${
-        (error as any)?.message ?? error
-      }`
+      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
+        ?.message ?? error}`
     )
   }
 
@@ -69,9 +67,8 @@ export function fileExistsSync(path: string): boolean {
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${
-        (error as any)?.message ?? error
-      }`
+      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
+        ?.message ?? error}`
     )
   }
 

src/git-auth-helper.ts

@@ -49,7 +49,7 @@ class GitAuthHelper {
     gitSourceSettings: IGitSourceSettings | undefined
   ) {
     this.git = gitCommandManager
-    this.settings = gitSourceSettings || ({} as unknown as IGitSourceSettings)
+    this.settings = gitSourceSettings || (({} as unknown) as IGitSourceSettings)
 
     // Token auth header
     const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl)

src/git-command-manager.ts

@@ -11,12 +11,14 @@ import {GitVersion} from './git-version'
 
 // Auth header not supported before 2.9
 // Wire protocol v2 not supported before 2.18
-export const MinimumGitVersion = new GitVersion('2.18')
+// sparse-checkout not [well-]supported before 2.28 (see https://github.com/actions/checkout/issues/1386)
+export const MinimumGitVersion = new GitVersion('2.28')
 
 export interface IGitCommandManager {
   branchDelete(remote: boolean, branch: string): Promise<void>
   branchExists(remote: boolean, pattern: string): Promise<boolean>
   branchList(remote: boolean): Promise<string[]>
+  disableSparseCheckout(): Promise<void>
   sparseCheckout(sparseCheckout: string[]): Promise<void>
   sparseCheckoutNonConeMode(sparseCheckout: string[]): Promise<void>
   checkout(ref: string, startPoint: string): Promise<void>
@@ -109,16 +111,7 @@ class GitCommandManager {
 
   async branchList(remote: boolean): Promise<string[]> {
     const result: string[] = []
-
-    // Note, this implementation uses "rev-parse --symbolic-full-name" because the output from
-    // "branch --list" is more difficult when in a detached HEAD state.
-
-    // TODO(https://github.com/actions/checkout/issues/786): this implementation uses
-    // "rev-parse --symbolic-full-name" because there is a bug
-    // in Git 2.18 that causes "rev-parse --symbolic" to output symbolic full names. When
-    // 2.18 is no longer supported, we can switch back to --symbolic.
-
-    const args = ['rev-parse', '--symbolic-full-name']
+    const args = ['rev-parse', '--symbolic']
     if (remote) {
       args.push('--remotes=origin')
     } else {
@@ -171,6 +164,10 @@ class GitCommandManager {
     return result
   }
 
+  async disableSparseCheckout(): Promise<void> {
+    await this.execGit(['sparse-checkout', 'disable'])
+  }
+
   async sparseCheckout(sparseCheckout: string[]): Promise<void> {
     await this.execGit(['sparse-checkout', 'set', ...sparseCheckout])
   }
@@ -600,15 +597,7 @@ class GitCommandManager {
     }
 
     this.doSparseCheckout = doSparseCheckout
-    if (this.doSparseCheckout) {
-      // The `git sparse-checkout` command was introduced in Git v2.25.0
-      const minimumGitSparseCheckoutVersion = new GitVersion('2.25')
-      if (!gitVersion.checkMinimum(minimumGitSparseCheckoutVersion)) {
-        throw new Error(
-          `Minimum Git version required for sparse checkout is ${minimumGitSparseCheckoutVersion}. Your git ('${this.gitPath}') is ${gitVersion}`
-        )
-      }
-    }
+
     // Set the user agent
     const gitHttpUserAgent = `git/${gitVersion} (github-actions-checkout)`
     core.debug(`Set git useragent to: ${gitHttpUserAgent}`)

src/git-source-provider.ts

@@ -208,7 +208,9 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
     }
 
     // Sparse checkout
-    if (settings.sparseCheckout) {
+    if (!settings.sparseCheckout) {
+      await git.disableSparseCheckout()
+    } else {
       core.startGroup('Setting up sparse checkout')
       if (settings.sparseCheckoutConeMode) {
         await git.sparseCheckout(settings.sparseCheckout)

src/input-helper.ts

@@ -6,7 +6,7 @@ import * as workflowContextHelper from './workflow-context-helper'
 import {IGitSourceSettings} from './git-source-settings'
 
 export async function getInputs(): Promise<IGitSourceSettings> {
-  const result = {} as unknown as IGitSourceSettings
+  const result = ({} as unknown) as IGitSourceSettings
 
   // GitHub workspace
   let githubWorkspacePath = process.env['GITHUB_WORKSPACE']
@@ -149,8 +149,7 @@ export async function getInputs(): Promise<IGitSourceSettings> {
     (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
 
   // Workflow organization ID
-  result.workflowOrganizationId =
-    await workflowContextHelper.getOrganizationId()
+  result.workflowOrganizationId = await workflowContextHelper.getOrganizationId()
 
   // Set safe.directory in git global config.
   result.setSafeDirectory =

src/ref-helper.ts

@@ -23,7 +23,7 @@ export async function getCheckoutInfo(
     throw new Error('Args ref and commit cannot both be empty')
   }
 
-  const result = {} as unknown as ICheckoutInfo
+  const result = ({} as unknown) as ICheckoutInfo
   const upperRef = (ref || '').toUpperCase()
 
   // SHA only

src/workflow-context-helper.ts

@@ -23,9 +23,8 @@ export async function getOrganizationId(): Promise<number | undefined> {
     return id as number
   } catch (err) {
     core.debug(
-      `Unable to load organization ID from GITHUB_EVENT_PATH: ${
-        (err as any).message || err
-      }`
+      `Unable to load organization ID from GITHUB_EVENT_PATH: ${(err as any)
+        .message || err}`
     )
   }
 }