Add new public key for known_hosts (#1237 ) (#1238 )

* Add new public key for known_hosts (#1237) * Add new public key for known_hosts * Fix the build! * fix build. --------- Co-authored-by: Cameron Booth <cdb@github.com>
Add backports to v2 branch (#1040 )
2026-06-23 12:41:24 +08:00 · 2023-03-24 02:04:47 -04:00 · 2022-12-13 10:14:06 -05:00 · 2022-10-13 16:50:56 +01:00 · 2022-10-13 16:49:13 +01:00 · 2022-04-21 10:45:29 -04:00
20 changed files with 3243 additions and 4256 deletions
@@ -22,12 +22,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
-      - name: Set Node.js 16.x
+      - name: Set Node.js 12.x
        uses: actions/setup-node@v1
        with:
-          node-version: 16.x
+          node-version: 12.x
      - name: Install dependencies
        run: npm ci
@@ -39,7 +39,7 @@ jobs:
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
@@ -9,6 +9,6 @@ jobs:
    runs-on: ubuntu-latest
    name: Check licenses
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - run: npm ci
      - run: npm run licensed-check
@@ -13,8 +13,8 @@ jobs:
    steps:
      - uses: actions/setup-node@v1
        with:
-          node-version: 16.x
+          node-version: 12.x
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - run: npm ci
      - run: npm run build
      - run: npm run format-check
@@ -32,7 +32,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
      # Basic checkout
      - name: Checkout basic
@@ -142,7 +142,7 @@ jobs:
      options: --dns 127.0.0.1
    services:
      squid-proxy:
-        image: datadog/squid:latest
+        image: ubuntu/squid:latest
        ports:
          - 3128:3128
    env:
@@ -150,7 +150,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
      # Basic checkout using git
      - name: Checkout basic
@@ -182,7 +182,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
      # Basic checkout using git
      - name: Checkout basic
@@ -1,20 +1,19 @@
 # Changelog
-## v3.0.2
+## v2.5.0
- [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/770)
+- [Bump @actions/core to v1.10.0](https://github.com/actions/checkout/pull/962)
-## v3.0.1
+## v2.4.2
- [Fixed an issue where checkout failed to run in container jobs due to the new git setting `safe.directory`](https://github.com/actions/checkout/pull/762)
+- [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/776)
 - [Bumped various npm package versions](https://github.com/actions/checkout/pull/744)
-## v3.0.0
+## v2.4.1
-
+- [Set the safe directory option on git to prevent git commands failing when running in containers](https://github.com/actions/checkout/pull/762)
 - [Update to node 16](https://github.com/actions/checkout/pull/689)
 ## v2.3.1
 - [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)
 ## v2.3.0
 - [Fallback to the default branch](https://github.com/actions/checkout/pull/278)
@@ -2,7 +2,7 @@
  <a href="https://github.com/actions/checkout"><img alt="GitHub Actions status" src="https://github.com/actions/checkout/workflows/test-local/badge.svg"></a>
 </p>
-# Checkout V3
+# Checkout V2
 This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
@@ -14,14 +14,27 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 # What's new
- Updated to the node16 runtime by default
+- Improved performance
-  - This requires a minimum [Actions Runner](https://github.com/actions/runner/releases/tag/v2.285.0) version of v2.285.0 to run, which is by default available in GHES 3.4 or later.
+  - Fetches only a single commit by default
 - Script authenticated git commands
  - Auth token persisted in the local git config
 - Supports SSH
 - Creates a local branch
  - No longer detached HEAD when checking out a branch
 - Improved layout
  - The input `path` is always relative to $GITHUB_WORKSPACE
  - Aligns better with container actions, where $GITHUB_WORKSPACE gets mapped in
 - Fallback to REST API download
  - When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
  - When using a job container, the container's PATH is used
 Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous versions.
 # Usage
 <!-- start usage -->
 ```yaml
- uses: actions/checkout@v3
+- uses: actions/checkout@v2
  with:
    # Repository name with owner. For example, actions/checkout
    # Default: ${{ github.repository }}
@@ -115,7 +128,7 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 ## Fetch all history for all tags and branches
 ```yaml
- uses: actions/checkout@v3
+- uses: actions/checkout@v2
  with:
    fetch-depth: 0
 ```
@@ -123,7 +136,7 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 ## Checkout a different branch
 ```yaml
- uses: actions/checkout@v3
+- uses: actions/checkout@v2
  with:
    ref: my-branch
 ```
@@ -131,7 +144,7 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 ## Checkout HEAD^
 ```yaml
- uses: actions/checkout@v3
+- uses: actions/checkout@v2
  with:
    fetch-depth: 2
 - run: git checkout HEAD^
@@ -141,12 +154,12 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 ```yaml
 - name: Checkout
-  uses: actions/checkout@v3
+  uses: actions/checkout@v2
  with:
    path: main
 - name: Checkout tools repo
-  uses: actions/checkout@v3
+  uses: actions/checkout@v2
  with:
    repository: my-org/my-tools
    path: my-tools
@@ -156,10 +169,10 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 ```yaml
 - name: Checkout
-  uses: actions/checkout@v3
+  uses: actions/checkout@v2
 - name: Checkout tools repo
-  uses: actions/checkout@v3
+  uses: actions/checkout@v2
  with:
    repository: my-org/my-tools
    path: my-tools
@@ -169,12 +182,12 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 ```yaml
 - name: Checkout
-  uses: actions/checkout@v3
+  uses: actions/checkout@v2
  with:
    path: main
 - name: Checkout private tools
-  uses: actions/checkout@v3
+  uses: actions/checkout@v2
  with:
    repository: my-org/my-private-tools
    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
@@ -187,7 +200,7 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 ## Checkout pull request HEAD commit instead of merge commit
 ```yaml
- uses: actions/checkout@v3
+- uses: actions/checkout@v2
  with:
    ref: ${{ github.event.pull_request.head.sha }}
 ```
@@ -203,7 +216,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
 ```
 ## Push a commit using the built-in token
@@ -214,7 +227,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
      - run: |
          date > generated.txt
          git config user.name github-actions
@@ -72,6 +72,6 @@ inputs:
    description: Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory <path>`
    default: true
 runs:
-  using: node16
+  using: node12
  main: dist/index.js
  post: dist/index.js
@@ -1,6 +1,6 @@
 {
  "name": "checkout",
-  "version": "2.0.2",
+  "version": "2.6.0",
  "description": "checkout action",
  "main": "lib/main.js",
  "scripts": {
@@ -28,10 +28,10 @@
  },
  "homepage": "https://github.com/actions/checkout#readme",
  "dependencies": {
-    "@actions/core": "^1.2.6",
+    "@actions/core": "^1.10.0",
    "@actions/exec": "^1.0.1",
    "@actions/github": "^2.2.0",
-    "@actions/io": "^1.0.1",
+    "@actions/io": "^1.1.2",
    "@actions/tool-cache": "^1.1.2",
    "uuid": "^3.3.3"
  },
@@ -39,11 +39,12 @@
    "@types/jest": "^27.0.2",
    "@types/node": "^12.7.12",
    "@types/uuid": "^3.4.6",
-    "@typescript-eslint/parser": "^5.1.0",
+    "@typescript-eslint/eslint-plugin": "^5.45.0",
    "@typescript-eslint/parser": "^5.45.0",
    "@zeit/ncc": "^0.20.5",
    "eslint": "^7.32.0",
    "eslint-plugin-github": "^4.3.2",
-    "eslint-plugin-jest": "^25.2.2",
+    "eslint-plugin-jest": "^25.7.0",
    "jest": "^27.3.0",
    "jest-circus": "^27.3.0",
    "js-yaml": "^3.13.1",
@@ -157,7 +157,8 @@ class GitAuthHelper {
      // by process creation audit events, which are commonly logged. For more information,
      // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
      const output = await this.git.submoduleForeach(
-        `git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
+        // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
        `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
        this.settings.nestedSubmodules
      )
@@ -246,7 +247,7 @@ class GitAuthHelper {
    if (this.settings.sshKnownHosts) {
      knownHosts += `# Begin from input known hosts\n${this.settings.sshKnownHosts}\n# end from input known hosts\n`
    }
-    knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n# End implicitly added github.com\n`
+    knownHosts += `# Begin implicitly added github.com\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=\n# End implicitly added github.com\n`
    this.sshKnownHostsPath = path.join(runnerTemp, `${uniqueId}_known_hosts`)
    stateHelper.setSshKnownHostsPath(this.sshKnownHostsPath)
    await fs.promises.writeFile(this.sshKnownHostsPath, knownHosts)
@@ -365,7 +366,8 @@ class GitAuthHelper {
    const pattern = regexpHelper.escape(configKey)
    await this.git.submoduleForeach(
-      `git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`,
+      // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
      `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
      true
    )
  }
@@ -120,7 +120,7 @@ function updateUsage(
 }
 updateUsage(
-  'actions/checkout@v3',
+  'actions/checkout@v2',
  path.join(__dirname, '..', '..', 'action.yml'),
  path.join(__dirname, '..', '..', 'README.md')
 )
@@ -1,71 +1,60 @@
-import * as coreCommand from '@actions/core/lib/command'
+import * as core from '@actions/core'
 /**
 * Indicates whether the POST action is running
 */
-export const IsPost = !!process.env['STATE_isPost']
+export const IsPost = !!core.getState('isPost')
 /**
 * The repository path for the POST action. The value is empty during the MAIN action.
 */
-export const RepositoryPath =
+export const RepositoryPath = core.getState('repositoryPath')
  (process.env['STATE_repositoryPath'] as string) || ''
 /**
 * The set-safe-directory for the POST action. The value is set if input: 'safe-directory' is set during the MAIN action.
 */
-export const PostSetSafeDirectory =
+export const PostSetSafeDirectory = core.getState('setSafeDirectory') === 'true'
  (process.env['STATE_setSafeDirectory'] as string) === 'true'
 /**
 * The SSH key path for the POST action. The value is empty during the MAIN action.
 */
-export const SshKeyPath = (process.env['STATE_sshKeyPath'] as string) || ''
+export const SshKeyPath = core.getState('sshKeyPath')
 /**
 * The SSH known hosts path for the POST action. The value is empty during the MAIN action.
 */
-export const SshKnownHostsPath =
+export const SshKnownHostsPath = core.getState('sshKnownHostsPath')
  (process.env['STATE_sshKnownHostsPath'] as string) || ''
 /**
 * Save the repository path so the POST action can retrieve the value.
 */
 export function setRepositoryPath(repositoryPath: string) {
-  coreCommand.issueCommand(
+  core.saveState('repositoryPath', repositoryPath)
    'save-state',
    {name: 'repositoryPath'},
    repositoryPath
  )
 }
 /**
 * Save the SSH key path so the POST action can retrieve the value.
 */
 export function setSshKeyPath(sshKeyPath: string) {
-  coreCommand.issueCommand('save-state', {name: 'sshKeyPath'}, sshKeyPath)
+  core.saveState('sshKeyPath', sshKeyPath)
 }
 /**
 * Save the SSH known hosts path so the POST action can retrieve the value.
 */
 export function setSshKnownHostsPath(sshKnownHostsPath: string) {
-  coreCommand.issueCommand(
+  core.saveState('sshKnownHostsPath', sshKnownHostsPath)
    'save-state',
    {name: 'sshKnownHostsPath'},
    sshKnownHostsPath
  )
 }
 /**
 * Save the sef-safe-directory input so the POST action can retrieve the value.
 */
 export function setSafeDirectory() {
-  coreCommand.issueCommand('save-state', {name: 'setSafeDirectory'}, 'true')
+  core.saveState('setSafeDirectory', 'true')
 }
 // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
 // This is necessary since we don't have a separate entry point.
 if (!IsPost) {
-  coreCommand.issueCommand('save-state', {name: 'isPost'}, 'true')
+  core.saveState('isPost', 'true')
 }
Author	SHA1	Message	Date
Tingluo Huang	ee0669bd1c	Add new public key for known_hosts (#1237 ) (#1238 ) * Add new public key for known_hosts (#1237) * Add new public key for known_hosts * Fix the build! * fix build. --------- Co-authored-by: Cameron Booth <cdb@github.com>	2023-03-24 02:04:47 -04:00
Cory Miller	dc323e67f1	Add backports to v2 branch (#1040 ) * Update licensed version * Backport for submodule command wrapping * Update NPM packages * Update dist/index.js * Rebuild using Node 12 * Rebuild after a more aggressive cleanup of local files * Backport change to replace datadog/squid with ubuntu/squid	2022-12-13 10:14:06 -05:00
Francesco Renzi	e2f20e631a	Update CHANGELOG.md	2022-10-13 16:50:56 +01:00
Francesco Renzi	b2eb13baee	Update @actions/core to 1.10.0 (#962 ) * Update @actions/core to 1.10.0 * Backport state-helper updates	2022-10-13 16:49:13 +01:00
Tingluo Huang	7884fcad6b	Prepare changelog for v2.4.2. (#778 )	2022-04-21 10:45:29 -04:00
Tingluo Huang	f67ee5d622	Add set-safe-directory input to allow customers to take control. (#770 ) (#776 ) * Add set-safe-directory input to allow customers to take control.	2022-04-21 10:12:11 -04:00
Thomas Boop	f25a3a9f25	Safe Directory v2 update (#764 ) * set safe directory when running checkout	2022-04-14 12:12:00 -04:00