.

* auth-helper: properly await replacement of the token value in the config

After writing the `.extraheader` config, we manually replace the token
with the actual value. This is done in an `async` function, but we were
not `await`ing the result.

In our tests, this commit fixes a flakiness we observed where
`remote.origin.url` sometimes (very rarely, actually) is not set for
submodules. Our interpretation is that the configs are in the process of
being rewritten with the correct token value _while_ another `git
config` that wants to set the `insteadOf` value is reading the config,
which is currently empty.

A more idiomatic way to fix this in Typescript would use
`Promise.all()`, like this:

      await Promise.all(
        configPaths.map(async configPath => {
          core.debug(`Replacing token placeholder in '${configPath}'`)
          await this.replaceTokenPlaceholder(configPath)
        })
      )

However, during review of https://github.com/actions/checkout/pull/379
it was decided to keep the `for` loop in the interest of simplicity.

Reported by Ian Lynagh.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* downloadRepository(): await the result of recursive deletions

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* Ask ESLint to report floating Promises

This rule is quite helpful in avoiding hard-to-debug missing `await`s.

Note: there are two locations in `src/main.ts` that trigger warnings:
the `run()` and the `cleanup()` function are called without `await` and
without any `.catch()` clause.

In the initial version of https://github.com/actions/checkout/pull/379,
this was addressed by adding `.catch()` clauses. However, it was
determined that this is boilerplate code that will need to be fixed in a
broader way.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

* Rebuild

This trick was brought to you by `npm ci && npm run build`. Needed to
get the PR build to pass.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

.eslintrc.json

@@ -27,6 +27,7 @@
     "@typescript-eslint/no-empty-interface": "error",
     "@typescript-eslint/no-explicit-any": "error",
     "@typescript-eslint/no-extraneous-class": "error",
+    "@typescript-eslint/no-floating-promises": "error",
     "@typescript-eslint/no-for-in-array": "error",
     "@typescript-eslint/no-inferrable-types": "error",
     "@typescript-eslint/no-misused-new": "error",

.gitattributes

@@ -0,0 +1 @@
+.licenses/** -diff linguist-generated=true

.github/workflows/licensed.yml

@@ -0,0 +1,20 @@
+name: Licensed
+
+on:
+  push: {branches: main}
+  pull_request: {branches: main}
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Check licenses
+    steps:
+      - uses: actions/checkout@v2
+      - run: npm ci
+      - name: Install licensed
+        run: |
+          cd $RUNNER_TEMP
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
+          sudo tar -xzf licensed.tar.gz
+          sudo mv licensed /usr/local/bin/licensed
+      - run: licensed status

.github/workflows/test.yml

@@ -4,7 +4,7 @@ on:
   pull_request:
   push:
     branches:
-      - master
+      - main
       - releases/*
 
 jobs:

.licensed.yml

@@ -0,0 +1,14 @@
+sources:
+  npm: true
+
+allowed:
+  - apache-2.0
+  - bsd-2-clause
+  - bsd-3-clause
+  - isc
+  - mit
+  - cc0-1.0
+  - unlicense
+
+reviewed:
+  npm:

CHANGELOG.md

@@ -1,9 +1,20 @@
 # Changelog
 
+## v2.3.1
+
+- [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)
+
+
+## v2.3.0
+
+- [Fallback to the default branch](https://github.com/actions/checkout/pull/278)
+
 ## v2.2.0
+
 - [Fetch all history for all tags and branches when fetch-depth=0](https://github.com/actions/checkout/pull/258)
 
 ## v2.1.1
+
 - Changes to support GHES ([here](https://github.com/actions/checkout/pull/236) and [here](https://github.com/actions/checkout/pull/248))
 
 ## v2.1.0

CODEOWNERS

@@ -0,0 +1 @@
+* @actions/actions-runtime

README.md

@@ -42,7 +42,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
 
     # The branch, tag or SHA to checkout. When checking out the repository that
     # triggered a workflow, this defaults to the reference or SHA for that event.
-    # Otherwise, defaults to `master`.
+    # Otherwise, uses the default branch.
     ref: ''
 
     # Personal access token (PAT) used to fetch the repository. The PAT is configured
@@ -89,7 +89,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
     # Default: true
     clean: ''
 
-    # Number of commits to fetch. 0 indicates all history.
+    # Number of commits to fetch. 0 indicates all history for all branches and tags.
     # Default: 1
     fetch-depth: ''
 
@@ -118,6 +118,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
 - [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 - [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
 - [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
+- [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
 
 ## Fetch all history for all tags and branches
 
@@ -204,7 +205,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
 ```yaml
 on:
   pull_request:
-    branches: [master]
+    branches: [main]
     types: [opened, synchronize, closed]
 jobs:
   build:
@@ -213,6 +214,24 @@ jobs:
       - uses: actions/checkout@v2
 ```
 
+## Push a commit using the built-in token
+
+```yaml
+on: push
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+          date > generated.txt
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+          git add .
+          git commit -m "generated"
+          git push
+```
+
 # License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

__test__/git-auth-helper.test.ts

@@ -714,6 +714,7 @@ async function setup(testName: string): Promise<void> {
     ),
     env: {},
     fetch: jest.fn(),
+    getDefaultBranch: jest.fn(),
     getWorkingDirectory: jest.fn(() => workspace),
     init: jest.fn(),
     isDetached: jest.fn(),
@@ -763,7 +764,7 @@ async function setup(testName: string): Promise<void> {
     submodules: false,
     nestedSubmodules: false,
     persistCredentials: true,
-    ref: 'refs/heads/master',
+    ref: 'refs/heads/main',
     repositoryName: 'my-repo',
     repositoryOwner: 'my-org',
     repositoryPath: '',

__test__/git-directory-helper.test.ts

@@ -408,6 +408,7 @@ async function setup(testName: string): Promise<void> {
     config: jest.fn(),
     configExists: jest.fn(),
     fetch: jest.fn(),
+    getDefaultBranch: jest.fn(),
     getWorkingDirectory: jest.fn(() => repositoryPath),
     init: jest.fn(),
     isDetached: jest.fn(),

__test__/input-helper.test.ts

@@ -110,13 +110,6 @@ describe('input-helper tests', () => {
     )
   })
 
-  it('sets correct default ref/sha for other repo', () => {
-    inputs.repository = 'some-owner/some-other-repo'
-    const settings: IGitSourceSettings = inputHelper.getInputs()
-    expect(settings.ref).toBe('refs/heads/master')
-    expect(settings.commit).toBeFalsy()
-  })
-
   it('sets ref to empty when explicit sha', () => {
     inputs.ref = '1111111111222222222233333333334444444444'
     const settings: IGitSourceSettings = inputHelper.getInputs()

__test__/override-git-version.cmd

@@ -2,5 +2,5 @@
 mkdir override-git-version
 cd override-git-version
 echo @echo override git version 1.2.3 > git.cmd
-echo ::add-path::%CD%
+echo "%CD%" >> $GITHUB_PATH
 cd ..

__test__/override-git-version.sh

@@ -5,5 +5,5 @@ cd override-git-version
 echo "#!/bin/sh" > git
 echo "echo override git version 1.2.3" >> git
 chmod +x git
-echo "::add-path::$(pwd)"
+echo "$(pwd)" >> $GITHUB_PATH
 cd ..

__test__/verify-basic.sh

@@ -20,5 +20,5 @@ else
 
   # Verify auth token
   cd basic
-  git fetch --no-tags --depth=1 origin +refs/heads/master:refs/remotes/origin/master
+  git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
 fi

__test__/verify-no-unstaged-changes.sh

@@ -12,6 +12,6 @@ if [[ "$(git status --porcelain)" != "" ]]; then
     echo ----------------------------------------
     echo Troubleshooting
     echo ----------------------------------------
-    echo "::error::Unstaged changes detected. Locally try running: git clean -ffdx && npm ci && npm run all"
+    echo "::error::Unstaged changes detected. Locally try running: git clean -ffdx && npm ci && npm run format && npm run build"
     exit 1
 fi

action.yml

@@ -8,7 +8,7 @@ inputs:
     description: >
       The branch, tag or SHA to checkout. When checking out the repository that
       triggered a workflow, this defaults to the reference or SHA for that
-      event.  Otherwise, defaults to `master`.
+      event.  Otherwise, uses the default branch.
   token:
     description: >
       Personal access token (PAT) used to fetch the repository. The PAT is configured
@@ -54,7 +54,7 @@ inputs:
     description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
     default: true
   fetch-depth:
-    description: 'Number of commits to fetch. 0 indicates all history.'
+    description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.'
     default: 1
   lfs:
     description: 'Whether to download Git-LFS files'

adrs/0153-checkout-v2.md

@@ -24,7 +24,7 @@ We want to take this opportunity to make behavioral changes, from v1. This docum
     description: >
       The branch, tag or SHA to checkout. When checking out the repository that
       triggered a workflow, this defaults to the reference or SHA for that
-      event.  Otherwise, defaults to `master`.
+      event.  Otherwise, uses the default branch.
   token:
     description: >
       Personal access token (PAT) used to fetch the repository. The PAT is configured
@@ -277,7 +277,7 @@ Note:
 ### Branching strategy and release tags
 
 - Create a servicing branch for V1: `releases/v1`
-- Merge the changes into `master`
+- Merge the changes into the default branch
 - Release using a new tag `preview`
 - When stable, release using a new tag `v2`
 

dist/index.js

@@ -3286,6 +3286,7 @@ function run() {
             try {
                 // Register problem matcher
                 coreCommand.issueCommand('add-matcher', {}, path.join(__dirname, 'problem-matcher.json'));
+                console.log(JSON.stringify(process.env, null, '  '));
                 // Get sources
                 yield gitSourceProvider.getSource(sourceSettings);
             }
@@ -5498,7 +5499,7 @@ class GitAuthHelper {
                 const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
                 for (const configPath of configPaths) {
                     core.debug(`Replacing token placeholder in '${configPath}'`);
-                    this.replaceTokenPlaceholder(configPath);
+                    yield this.replaceTokenPlaceholder(configPath);
                 }
                 if (this.settings.sshKey) {
                     // Configure core.sshCommand
@@ -5827,6 +5828,33 @@ class GitCommandManager {
             }));
         });
     }
+    getDefaultBranch(repositoryUrl) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let output;
+            yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {
+                output = yield this.execGit([
+                    'ls-remote',
+                    '--quiet',
+                    '--exit-code',
+                    '--symref',
+                    repositoryUrl,
+                    'HEAD'
+                ]);
+            }));
+            if (output) {
+                // Satisfy compiler, will always be set
+                for (let line of output.stdout.trim().split('\n')) {
+                    line = line.trim();
+                    if (line.startsWith('ref:') || line.endsWith('HEAD')) {
+                        return line
+                            .substr('ref:'.length, line.length - 'ref:'.length - 'HEAD'.length)
+                            .trim();
+                    }
+                }
+            }
+            throw new Error('Unexpected output when retrieving default branch');
+        });
+    }
     getWorkingDirectory() {
         return this.workingDirectory;
     }
@@ -5856,9 +5884,11 @@ class GitCommandManager {
             yield this.execGit(['lfs', 'install', '--local']);
         });
     }
-    log1() {
+    log1(format) {
         return __awaiter(this, void 0, void 0, function* () {
-            const output = yield this.execGit(['log', '-1']);
+            var args = format ? ['log', '-1', format] : ['log', '-1'];
+            var silent = format ? false : true;
+            const output = yield this.execGit(args, false, silent);
             return output.stdout;
         });
     }
@@ -5873,7 +5903,7 @@ class GitCommandManager {
     /**
      * Resolves a ref to a SHA. For a branch or lightweight tag, the commit SHA is returned.
      * For an annotated tag, the tag SHA is returned.
-     * @param {string} ref  For example: 'refs/heads/master' or '/refs/tags/v1'
+     * @param {string} ref  For example: 'refs/heads/main' or '/refs/tags/v1'
      * @returns {Promise<string>}
      */
     revParse(ref) {
@@ -5980,7 +6010,7 @@ class GitCommandManager {
             return result;
         });
     }
-    execGit(args, allowAllExitCodes = false) {
+    execGit(args, allowAllExitCodes = false, silent = false) {
         return __awaiter(this, void 0, void 0, function* () {
             fshelper.directoryExistsSync(this.workingDirectory, true);
             const result = new GitOutput();
@@ -5995,6 +6025,7 @@ class GitCommandManager {
             const options = {
                 cwd: this.workingDirectory,
                 env,
+                silent,
                 ignoreReturnCode: allowAllExitCodes,
                 listeners: {
                     stdout: (data) => {
@@ -6166,6 +6197,17 @@ function getSource(settings) {
             core.startGroup('Setting up auth');
             yield authHelper.configureAuth();
             core.endGroup();
+            // Determine the default branch
+            if (!settings.ref && !settings.commit) {
+                core.startGroup('Determining the default branch');
+                if (settings.sshKey) {
+                    settings.ref = yield git.getDefaultBranch(repositoryUrl);
+                }
+                else {
+                    settings.ref = yield githubApiHelper.getDefaultBranch(settings.authToken, settings.repositoryOwner, settings.repositoryName);
+                }
+                core.endGroup();
+            }
             // LFS install
             if (settings.lfs) {
                 yield git.lfsInstall();
@@ -6229,8 +6271,10 @@ function getSource(settings) {
                     yield authHelper.removeGlobalAuth();
                 }
             }
-            // Dump some info about the checked out commit
+            // Get commit information
             const commitInfo = yield git.log1();
+            // Log commit sha
+            yield git.log1("--format='%H'");
             // Check for incorrect pull request merge commit
             yield refHelper.checkCommitInfo(settings.authToken, commitInfo, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit);
         }
@@ -9525,6 +9569,11 @@ const v4_1 = __importDefault(__webpack_require__(826));
 const IS_WINDOWS = process.platform === 'win32';
 function downloadRepository(authToken, owner, repo, ref, commit, repositoryPath) {
     return __awaiter(this, void 0, void 0, function* () {
+        // Determine the default branch
+        if (!ref && !commit) {
+            core.info('Determining the default branch');
+            ref = yield getDefaultBranch(authToken, owner, repo);
+        }
         // Download the archive
         let archiveData = yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {
             core.info('Downloading the archive');
@@ -9546,7 +9595,7 @@ function downloadRepository(authToken, owner, repo, ref, commit, repositoryPath)
         else {
             yield toolCache.extractTar(archivePath, extractPath);
         }
-        io.rmRF(archivePath);
+        yield io.rmRF(archivePath);
         // Determine the path of the repository content. The archive contains
         // a top-level folder and the repository content is inside.
         const archiveFileNames = yield fs.promises.readdir(extractPath);
@@ -9565,10 +9614,46 @@ function downloadRepository(authToken, owner, repo, ref, commit, repositoryPath)
                 yield io.mv(sourcePath, targetPath);
             }
         }
-        io.rmRF(extractPath);
+        yield io.rmRF(extractPath);
     });
 }
 exports.downloadRepository = downloadRepository;
+/**
+ * Looks up the default branch name
+ */
+function getDefaultBranch(authToken, owner, repo) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {
+            core.info('Retrieving the default branch name');
+            const octokit = new github.GitHub(authToken);
+            let result;
+            try {
+                // Get the default branch from the repo info
+                const response = yield octokit.repos.get({ owner, repo });
+                result = response.data.default_branch;
+                assert.ok(result, 'default_branch cannot be empty');
+            }
+            catch (err) {
+                // Handle .wiki repo
+                if (err['status'] === 404 && repo.toUpperCase().endsWith('.WIKI')) {
+                    result = 'master';
+                }
+                // Otherwise error
+                else {
+                    throw err;
+                }
+            }
+            // Print the default branch
+            core.info(`Default branch '${result}'`);
+            // Prefix with 'refs/heads'
+            if (!result.startsWith('refs/')) {
+                result = `refs/heads/${result}`;
+            }
+            return result;
+        }));
+    });
+}
+exports.getDefaultBranch = getDefaultBranch;
 function downloadArchive(authToken, owner, repo, ref, commit) {
     return __awaiter(this, void 0, void 0, function* () {
         const octokit = new github.GitHub(authToken);
@@ -14466,14 +14551,11 @@ function getInputs() {
             result.ref = github.context.ref;
             result.commit = github.context.sha;
             // Some events have an unqualifed ref. For example when a PR is merged (pull_request closed event),
-            // the ref is unqualifed like "master" instead of "refs/heads/master".
+            // the ref is unqualifed like "main" instead of "refs/heads/main".
             if (result.commit && result.ref && !result.ref.startsWith('refs/')) {
                 result.ref = `refs/heads/${result.ref}`;
             }
         }
-        if (!result.ref && !result.commit) {
-            result.ref = 'refs/heads/master';
-        }
     }
     // SHA?
     else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
@@ -14508,7 +14590,7 @@ function getInputs() {
     core.debug(`submodules = ${result.submodules}`);
     core.debug(`recursive submodules = ${result.nestedSubmodules}`);
     // Auth token
-    result.authToken = core.getInput('token');
+    result.authToken = core.getInput('token', { required: true });
     // SSH
     result.sshKey = core.getInput('ssh-key');
     result.sshKnownHosts = core.getInput('ssh-known-hosts');

src/git-auth-helper.ts

@@ -148,7 +148,7 @@ class GitAuthHelper {
         output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []
       for (const configPath of configPaths) {
         core.debug(`Replacing token placeholder in '${configPath}'`)
-        this.replaceTokenPlaceholder(configPath)
+        await this.replaceTokenPlaceholder(configPath)
       }
 
       if (this.settings.sshKey) {

src/git-command-manager.ts

@@ -25,12 +25,13 @@ export interface IGitCommandManager {
   ): Promise<void>
   configExists(configKey: string, globalConfig?: boolean): Promise<boolean>
   fetch(refSpec: string[], fetchDepth?: number): Promise<void>
+  getDefaultBranch(repositoryUrl: string): Promise<string>
   getWorkingDirectory(): string
   init(): Promise<void>
   isDetached(): Promise<boolean>
   lfsFetch(ref: string): Promise<void>
   lfsInstall(): Promise<void>
-  log1(): Promise<string>
+  log1(format?: string): Promise<string>
   remoteAdd(remoteName: string, remoteUrl: string): Promise<void>
   removeEnvironmentVariable(name: string): void
   revParse(ref: string): Promise<string>
@@ -195,6 +196,34 @@ class GitCommandManager {
     })
   }
 
+  async getDefaultBranch(repositoryUrl: string): Promise<string> {
+    let output: GitOutput | undefined
+    await retryHelper.execute(async () => {
+      output = await this.execGit([
+        'ls-remote',
+        '--quiet',
+        '--exit-code',
+        '--symref',
+        repositoryUrl,
+        'HEAD'
+      ])
+    })
+
+    if (output) {
+      // Satisfy compiler, will always be set
+      for (let line of output.stdout.trim().split('\n')) {
+        line = line.trim()
+        if (line.startsWith('ref:') || line.endsWith('HEAD')) {
+          return line
+            .substr('ref:'.length, line.length - 'ref:'.length - 'HEAD'.length)
+            .trim()
+        }
+      }
+    }
+
+    throw new Error('Unexpected output when retrieving default branch')
+  }
+
   getWorkingDirectory(): string {
     return this.workingDirectory
   }
@@ -225,8 +254,10 @@ class GitCommandManager {
     await this.execGit(['lfs', 'install', '--local'])
   }
 
-  async log1(): Promise<string> {
-    const output = await this.execGit(['log', '-1'])
+  async log1(format?: string): Promise<string> {
+    var args = format ? ['log', '-1', format] : ['log', '-1']
+    var silent = format ? false : true
+    const output = await this.execGit(args, false, silent)
     return output.stdout
   }
 
@@ -241,7 +272,7 @@ class GitCommandManager {
   /**
    * Resolves a ref to a SHA. For a branch or lightweight tag, the commit SHA is returned.
    * For an annotated tag, the tag SHA is returned.
-   * @param {string} ref  For example: 'refs/heads/master' or '/refs/tags/v1'
+   * @param {string} ref  For example: 'refs/heads/main' or '/refs/tags/v1'
    * @returns {Promise<string>}
    */
   async revParse(ref: string): Promise<string> {
@@ -361,7 +392,8 @@ class GitCommandManager {
 
   private async execGit(
     args: string[],
-    allowAllExitCodes = false
+    allowAllExitCodes = false,
+    silent = false
   ): Promise<GitOutput> {
     fshelper.directoryExistsSync(this.workingDirectory, true)
 
@@ -380,6 +412,7 @@ class GitCommandManager {
     const options = {
       cwd: this.workingDirectory,
       env,
+      silent,
       ignoreReturnCode: allowAllExitCodes,
       listeners: {
         stdout: (data: Buffer) => {

src/git-source-provider.ts

@@ -103,6 +103,21 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
     await authHelper.configureAuth()
     core.endGroup()
 
+    // Determine the default branch
+    if (!settings.ref && !settings.commit) {
+      core.startGroup('Determining the default branch')
+      if (settings.sshKey) {
+        settings.ref = await git.getDefaultBranch(repositoryUrl)
+      } else {
+        settings.ref = await githubApiHelper.getDefaultBranch(
+          settings.authToken,
+          settings.repositoryOwner,
+          settings.repositoryName
+        )
+      }
+      core.endGroup()
+    }
+
     // LFS install
     if (settings.lfs) {
       await git.lfsInstall()
@@ -186,9 +201,12 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
       }
     }
 
-    // Dump some info about the checked out commit
+    // Get commit information
     const commitInfo = await git.log1()
 
+    // Log commit sha
+    await git.log1("--format='%H'")
+
     // Check for incorrect pull request merge commit
     await refHelper.checkCommitInfo(
       settings.authToken,

src/github-api-helper.ts

@@ -19,6 +19,12 @@ export async function downloadRepository(
   commit: string,
   repositoryPath: string
 ): Promise<void> {
+  // Determine the default branch
+  if (!ref && !commit) {
+    core.info('Determining the default branch')
+    ref = await getDefaultBranch(authToken, owner, repo)
+  }
+
   // Download the archive
   let archiveData = await retryHelper.execute(async () => {
     core.info('Downloading the archive')
@@ -41,7 +47,7 @@ export async function downloadRepository(
   } else {
     await toolCache.extractTar(archivePath, extractPath)
   }
-  io.rmRF(archivePath)
+  await io.rmRF(archivePath)
 
   // Determine the path of the repository content. The archive contains
   // a top-level folder and the repository content is inside.
@@ -64,7 +70,47 @@ export async function downloadRepository(
       await io.mv(sourcePath, targetPath)
     }
   }
-  io.rmRF(extractPath)
+  await io.rmRF(extractPath)
+}
+
+/**
+ * Looks up the default branch name
+ */
+export async function getDefaultBranch(
+  authToken: string,
+  owner: string,
+  repo: string
+): Promise<string> {
+  return await retryHelper.execute(async () => {
+    core.info('Retrieving the default branch name')
+    const octokit = new github.GitHub(authToken)
+    let result: string
+    try {
+      // Get the default branch from the repo info
+      const response = await octokit.repos.get({owner, repo})
+      result = response.data.default_branch
+      assert.ok(result, 'default_branch cannot be empty')
+    } catch (err) {
+      // Handle .wiki repo
+      if (err['status'] === 404 && repo.toUpperCase().endsWith('.WIKI')) {
+        result = 'master'
+      }
+      // Otherwise error
+      else {
+        throw err
+      }
+    }
+
+    // Print the default branch
+    core.info(`Default branch '${result}'`)
+
+    // Prefix with 'refs/heads'
+    if (!result.startsWith('refs/')) {
+      result = `refs/heads/${result}`
+    }
+
+    return result
+  })
 }
 
 async function downloadArchive(

src/input-helper.ts

@@ -63,15 +63,11 @@ export function getInputs(): IGitSourceSettings {
       result.commit = github.context.sha
 
       // Some events have an unqualifed ref. For example when a PR is merged (pull_request closed event),
-      // the ref is unqualifed like "master" instead of "refs/heads/master".
+      // the ref is unqualifed like "main" instead of "refs/heads/main".
       if (result.commit && result.ref && !result.ref.startsWith('refs/')) {
         result.ref = `refs/heads/${result.ref}`
       }
     }
-
-    if (!result.ref && !result.commit) {
-      result.ref = 'refs/heads/master'
-    }
   }
   // SHA?
   else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
@@ -110,7 +106,7 @@ export function getInputs(): IGitSourceSettings {
   core.debug(`recursive submodules = ${result.nestedSubmodules}`)
 
   // Auth token
-  result.authToken = core.getInput('token')
+  result.authToken = core.getInput('token', {required: true})
 
   // SSH
   result.sshKey = core.getInput('ssh-key')

src/main.ts

@@ -16,6 +16,8 @@ async function run(): Promise<void> {
         {},
         path.join(__dirname, 'problem-matcher.json')
       )
+      
+      console.log(JSON.stringify(process.env, null, '  '))
 
       // Get sources
       await gitSourceProvider.getSource(sourceSettings)