Change the default value of persist-credentials setting from true to
false to reduce the risk of unintentionally exposing the GITHUB_TOKEN
secret.
Fixes: #485
Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
* Check git version before attempting to disable `sparse-checkout`
* Bump `MinimumGitSparseCheckoutVersion` to 2.28 due to #1386
* Initial prep for release 4.1.3
* Give `test-ubuntu-git` its own `README`
* Refined title and description in `test-ubuntu-git.Dockerfile`
* nit accepted: Remove double space
---------
Co-authored-by: Ferenc Hammerl <31069338+fhammerl@users.noreply.github.com>
When a worktree is reused by actions/checkout and the first time sparse checkout was enabled, we need to ensure that the second time it is only a sparse checkout if explicitly asked for. Otherwise, we need to disable the sparse checkout so that a full checkout is the outcome of this Action.
## Details
* If no `sparse-checkout` parameter is specified, disable it
This should allow users to reuse existing folders when running
`actions/checkout` where a previous run asked for a sparse checkout but
the current run does not ask for a sparse checkout.
This fixes https://github.com/actions/checkout/issues/1475
There are use cases in particular with non-ephemeral (self-hosted) runners where an
existing worktree (that has been initialized as a sparse checkout) is
reused in subsequent CI runs (where `actions/checkout` is run _without_
any `sparse-checkout` parameter).
In these scenarios, we need to make sure that the sparse checkout is
disabled before checking out the files.
### Also includes:
* npm run build
* ci: verify that an existing sparse checkout can be made unsparse
* Added a clarifying comment about test branches.
* `test-proxy` now uses newly-minted `test-ubuntu-git` container image from ghcr.io
---------
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com>
* added filter option & tests
* added build file
* fix test oversight
* added exit 1
* updated docs to specify override
* undo unneeded readme change
* set to undefined rather than empty string
* run git config in correct di
---------
Co-authored-by: Cory Miller <13227161+cory-miller@users.noreply.github.com>
Setting the `show-progress` option to false in the `with` section of the
workflow step will cause git fetch to run without `--progress`.
The motivation is to be able to suppress the noisy progress status
output which adds many hundreds of "remote: Counting objects: 85%
(386/453)" and similar lines in the workflow log.
This should be sufficient to resolve#894 and its older friends,
though the solution is different to the one proposed there because
it doesn't use the --quiet flag. IIUC git doesn't show the progress
status by default since the output is not a terminal, so that's why
removing the --progress option is all that's needed.
Adding the --quiet flag doesn't make a lot of difference once the
--progress flag is removed, and actually I think using --quiet would
suppress some other more useful output that would be better left
visible.
Signed-off-by: Simon Baird <sbaird@redhat.com>
In #1369, I mistakenly replaced the hash-bang lines in the two new
scripts with `#!/bin/sh`, missing that both files contain the Bash'ism
`[[`. Symptom as per
https://github.com/actions/checkout/actions/runs/5200323109/jobs/9378889172?pr=1369#step:12:5
__test__/verify-sparse-checkout.sh: 58: [[: not found
Let's change those hash-bang lines back to `#!/bin/bash`.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Add support for sparse checkouts
* sparse-checkout: optionally turn off cone mode
While it _is_ true that cone mode is the default nowadays (mainly for
performance reasons: code mode is much faster than non-cone mode), there
_are_ legitimate use cases where non-cone mode is really useful.
Let's add a flag to optionally disable cone mode.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Verify minimum Git version for sparse checkout
The `git sparse-checkout` command is available only since Git version
v2.25.0. The `actions/checkout` Action actually supports older Git
versions than that; As of time of writing, the minimum version is
v2.18.0.
Instead of raising this minimum version even for users who do not
require a sparse checkout, only check for this minimum version
specifically when a sparse checkout was asked for.
Suggested-by: Tingluo Huang <tingluohuang@github.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Support sparse checkout/LFS better
Instead of fetching all the LFS objects present in the current revision
in a sparse checkout, whether they are needed inside the sparse cone or
not, let's instead only pull the ones that are actually needed.
To do that, let's avoid running that preemptive `git lfs fetch` call in
case of a sparse checkout.
An alternative that was considered during the development of this patch
(and ultimately rejected) was to use `git lfs pull --include <path>...`,
but it turned out to be too inflexible because it requires exact paths,
not the patterns that are available via the sparse checkout definition,
and that risks running into command-line length limitations.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---------
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Co-authored-by: Daniel <daniel.fernandez@feverup.com>
* Fix Self hosted runner issue wrt bad submodules - solution cleanup working space.
* Fix format with npm run format output
* Add mock implementation for new function submoduleStatus
* Add 2 test cases for submodule status.
* Codeql-Action Analyse revert v1 to v2
---------
Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com>
Co-authored-by: sminnie <minnie@sankhe.com>
* Improve checkout performance on Windows runners by upgrading @actions/github dependency
Re: https://github.com/actions/checkout/issues/1186
@dscho discovered that the checkout action could stall for a
considerable amount of time on Windows runners waiting for PowerShell
invocations made from 'windows-release' npm package to complete.
Then I studied the dependency chain to figure out where
'windows-release' was imported:
'@actions/checkout'@main
<- '@actions/github'@2.2.0
<- '@octokit/endpoint'@6.0.1
<- '@octokit/graphql'@4.3.1
<- '@octokit/request'@5.4.2
<- '@octokit/rest'@16.43.1
<- 'universal-user-agent'@4.0.1
<- 'os-name'@3.1.0
<- 'windows-release'@3.1.0
'universal-user-agent' package dropped its dependency on 'os-name' in
https://github.com/gr2m/universal-user-agent/releases/tag/v6.0.0 .
'@actions/github' v3 removed dependency on '@octokit/rest'@16.43.1 and
allows users to move away from the old 'universal-user-agent' v4.
(https://github.com/actions/toolkit/pull/453)
This pull request attempts to update the version of '@actions/github'
used in the checkout action to avoid importing 'windows-release'.
Based on testing in my own repositories, I can see an improvement in
reduced wait time between entering the checkout action and git actually
starts to do useful work.
* Update .licenses
* Rebuild index.js
When trying to list local branches to figure out what needs cleaned up during runs on non-ephemeral Actions Runners, we use git rev-parse --symbolic-full-name to get a list of branches. This can lead to ambiguous ref name errors when there are branches and tags with similar names.
Part of the reason we use rev-parse --symbolic-full-name vs git branch --list or git rev-parse --symbolic seems to related to a bug in Git 2.18. Until we can deprecate our usage of Git 2.18, I think we need to keep --symbolic-full-name. Since part of the problem is that these ambiguous ref name errors clog the Actions annotation limits, this is a mitigation to suppress those messages until we can get rid of the workaround.