Merge d1d381abe7 into 85e6279cec

Adjust positioning of user email note and permissions heading (#2044 )
Documentation update - add recommended permissions to Readme (#2043 )
2025-09-06 21:52:19 +08:00 · 2025-01-16 16:15:22 -07:00 · 2025-01-16 15:56:18 -05:00 · 2025-01-16 14:14:48 -05:00 · 2024-12-18 10:08:23 +01:00
4 changed files with 20 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -74,6 +74,10 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
    # Relative path under $GITHUB_WORKSPACE to place the repository
    path: ''

+    # Allow the checked-out repository to be placed outside of the workspace
+    # Default: false
+    allow-path-outside-workspace: ''
+
    # Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching
    # Default: true
    clean: ''
@@ -311,8 +315,17 @@ jobs:
          git commit -m "generated"
          git push
 ```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D

+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```

 # License

--- a/action.yml
+++ b/action.yml
@@ -54,6 +54,10 @@ inputs:
    default: true
  path:
    description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
+  allow-path-outside-workspace:
+    description: Allow the checked-out repository to be placed outside of the workspace.
+    default: false
+    required: false
  clean:
    description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
    default: true
--- a/dist/index.js
+++ b/dist/index.js
@@ -1737,7 +1737,8 @@ function getInputs() {
        // Repository path
        result.repositoryPath = core.getInput('path') || '.';
        result.repositoryPath = path.resolve(githubWorkspacePath, result.repositoryPath);
-        if (!(result.repositoryPath + path.sep).startsWith(githubWorkspacePath + path.sep)) {
+        if (!core.getInput('allow-path-outside-workspace') &&
+            !(result.repositoryPath + path.sep).startsWith(githubWorkspacePath + path.sep)) {
            throw new Error(`Repository path '${result.repositoryPath}' is not under '${githubWorkspacePath}'`);
        }
        // Workflow repository?
--- a/src/input-helper.ts
+++ b/src/input-helper.ts
@@ -42,6 +42,7 @@ export async function getInputs(): Promise<IGitSourceSettings> {
    result.repositoryPath
  )
  if (
+    !core.getInput('allow-path-outside-workspace') &&
    !(result.repositoryPath + path.sep).startsWith(
      githubWorkspacePath + path.sep
    )
Author	SHA1	Message	Date
Xavier Solé Nogués	e10bd95aa5	Merge `d1d381abe7` into `85e6279cec`	2025-01-16 16:15:22 -07:00
Josh Gross	85e6279cec	Adjust positioning of user email note and permissions heading (#2044 ) Some checks failed CodeQL / Analyze (javascript) (push) Has been cancelled Details Build and Test / build (push) Has been cancelled Details Build and Test / test (macos-latest) (push) Has been cancelled Details Build and Test / test (ubuntu-latest) (push) Has been cancelled Details Build and Test / test (windows-latest) (push) Has been cancelled Details Build and Test / test-proxy (push) Has been cancelled Details Build and Test / test-bypass-proxy (push) Has been cancelled Details Build and Test / test-git-container (push) Has been cancelled Details Build and Test / test-output (push) Has been cancelled Details	2025-01-16 15:56:18 -05:00
Ben Wells	009b9ae9e4	Documentation update - add recommended permissions to Readme (#2043 ) * Update README.md * Update README.md Co-authored-by: Josh Gross <joshmgross@github.com> --------- Co-authored-by: Josh Gross <joshmgross@github.com>	2025-01-16 14:14:48 -05:00
xavisolesoft	d1d381abe7	Implement allow-path-outside-workspace	2024-12-18 10:08:23 +01:00