Merge ab5d862ce8 into 85e6279cec

fix tests and update index.js
codereview: define a git-user slug instead of a true/false config
2026-01-03 17:32:21 +08:00 · 2025-01-22 10:55:19 +00:00 · 2025-01-22 11:55:00 +01:00 · 2025-01-21 18:50:25 +01:00 · 2025-01-16 15:56:18 -05:00 · 2025-01-16 14:14:48 -05:00
15 changed files with 145 additions and 65 deletions
--- a/README.md
+++ b/README.md
@@ -41,6 +41,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
    # Default: ${{ github.token }}
    token: ''

+    # Github slug used to configure local user.name and user.email for git. This is
+    # required to push a commit from a Github Action Workflow. Set to '' to disable
+    # this configuration.
+    # Default: github-action[bot]
+    git-user: ''
+
    # SSH key used to fetch the repository. The SSH key is configured with the local
    # git config, which enables your scripts to run authenticated git commands. The
    # post-job step removes the SSH key.
@@ -281,8 +287,6 @@ jobs:
      - run: |
          date > generated.txt
          # Note: the following account information will not work on GHES
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git add .
          git commit -m "generated"
          git push
@@ -305,14 +309,21 @@ jobs:
      - run: |
          date > generated.txt
          # Note: the following account information will not work on GHES
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git add .
          git commit -m "generated"
          git push
 ```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D

+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```

 # License

--- a/test/git-auth-helper.test.ts
+++ b/test/git-auth-helper.test.ts
@@ -1,12 +1,12 @@
 import * as core from '@actions/core'
 import * as fs from 'fs'
-import * as gitAuthHelper from '../lib/git-auth-helper'
+import * as gitAuthHelper from '../src/git-auth-helper'
 import * as io from '@actions/io'
 import * as os from 'os'
 import * as path from 'path'
-import * as stateHelper from '../lib/state-helper'
-import {IGitCommandManager} from '../lib/git-command-manager'
-import {IGitSourceSettings} from '../lib/git-source-settings'
+import * as stateHelper from '../src/state-helper'
+import {IGitCommandManager} from '../src/git-command-manager'
+import {IGitSourceSettings} from '../src/git-source-settings'

 const isWindows = process.platform === 'win32'
 const testWorkspace = path.join(__dirname, '_temp', 'git-auth-helper')
@@ -824,7 +824,8 @@ async function setup(testName: string): Promise<void> {
    sshUser: '',
    workflowOrganizationId: 123456,
    setSafeDirectory: true,
-    githubServerUrl: githubServerUrl
+    githubServerUrl: githubServerUrl,
+    gitUser: 'github-action[bot]'
  }
 }

--- a/test/git-command-manager.test.ts
+++ b/test/git-command-manager.test.ts
@@ -1,6 +1,6 @@
 import * as exec from '@actions/exec'
-import * as fshelper from '../lib/fs-helper'
-import * as commandManager from '../lib/git-command-manager'
+import * as fshelper from '../src/fs-helper'
+import * as commandManager from '../src/git-command-manager'

 let git: commandManager.IGitCommandManager
 let mockExec = jest.fn()
--- a/test/git-directory-helper.test.ts
+++ b/test/git-directory-helper.test.ts
@@ -1,9 +1,9 @@
 import * as core from '@actions/core'
 import * as fs from 'fs'
-import * as gitDirectoryHelper from '../lib/git-directory-helper'
+import * as gitDirectoryHelper from '../src/git-directory-helper'
 import * as io from '@actions/io'
 import * as path from 'path'
-import {IGitCommandManager} from '../lib/git-command-manager'
+import {IGitCommandManager} from '../src/git-command-manager'

 const testWorkspace = path.join(__dirname, '_temp', 'git-directory-helper')
 let repositoryPath: string
--- a/test/input-helper.test.ts
+++ b/test/input-helper.test.ts
@@ -1,10 +1,10 @@
 import * as core from '@actions/core'
-import * as fsHelper from '../lib/fs-helper'
+import * as fsHelper from '../src/fs-helper'
 import * as github from '@actions/github'
-import * as inputHelper from '../lib/input-helper'
+import * as inputHelper from '../src/input-helper'
 import * as path from 'path'
-import * as workflowContextHelper from '../lib/workflow-context-helper'
-import {IGitSourceSettings} from '../lib/git-source-settings'
+import * as workflowContextHelper from '../src/workflow-context-helper'
+import {IGitSourceSettings} from '../src/git-source-settings'

 const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
 const gitHubWorkspace = path.resolve('/checkout-tests/workspace')
--- a/test/ref-helper.test.ts
+++ b/test/ref-helper.test.ts
@@ -1,6 +1,6 @@
 import * as assert from 'assert'
-import * as refHelper from '../lib/ref-helper'
-import {IGitCommandManager} from '../lib/git-command-manager'
+import * as refHelper from '../src/ref-helper'
+import {IGitCommandManager} from '../src/git-command-manager'

 const commit = '1234567890123456789012345678901234567890'
 let git: IGitCommandManager
--- a/test/retry-helper.test.ts
+++ b/test/retry-helper.test.ts
@@ -1,5 +1,5 @@
 import * as core from '@actions/core'
-import {RetryHelper} from '../lib/retry-helper'
+import {RetryHelper} from '../src/retry-helper'

 let info: string[]
 let retryHelper: any
--- a/action.yml
+++ b/action.yml
@@ -22,6 +22,12 @@ inputs:

      [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    default: ${{ github.token }}
+  git-user:
+    description: >
+      Github slug used to configure local user.name and user.email for git.
+      This is required to push a commit from a Github Action Workflow.
+      Set to '' to disable this configuration.
+    default: "github-action[bot]"
  ssh-key:
    description: >
      SSH key used to fetch the repository. The SSH key is configured with the local
--- a/dist/index.js
+++ b/dist/index.js
@@ -1357,6 +1357,15 @@ function getSource(settings) {
            core.setOutput('commit', commitSHA.trim());
            // Check for incorrect pull request merge commit
            yield refHelper.checkCommitInfo(settings.authToken, commitInfo, settings.repositoryOwner, settings.repositoryName, settings.ref, settings.commit, settings.githubServerUrl);
+            if (settings.gitUser) {
+                if (!(yield git.configExists('user.name', true))) {
+                    yield git.config('user.name', settings.gitUser, true);
+                }
+                if (!(yield git.configExists('user.email', true))) {
+                    const userId = yield githubApiHelper.getUserId(settings.gitUser, settings.authToken, settings.githubServerUrl);
+                    yield git.config('user.email', `${userId}+${settings.gitUser}@users.noreply.github.com`, true);
+                }
+            }
        }
        finally {
            // Remove auth
@@ -1546,6 +1555,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.downloadRepository = downloadRepository;
 exports.getDefaultBranch = getDefaultBranch;
+exports.getUserId = getUserId;
 const assert = __importStar(__nccwpck_require__(9491));
 const core = __importStar(__nccwpck_require__(2186));
 const fs = __importStar(__nccwpck_require__(7147));
@@ -1663,6 +1673,15 @@ function downloadArchive(authToken, owner, repo, ref, commit, baseUrl) {
        return Buffer.from(response.data); // response.data is ArrayBuffer
    });
 }
+function getUserId(username, authToken, baseUrl) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const octokit = github.getOctokit(authToken, {
+            baseUrl: (0, url_helper_1.getServerApiUrl)(baseUrl)
+        });
+        const user = yield octokit.rest.users.getByUsername({ username, });
+        return user.data.id;
+    });
+}


 /***/ }),
@@ -1813,6 +1832,8 @@ function getInputs() {
        core.debug(`recursive submodules = ${result.nestedSubmodules}`);
        // Auth token
        result.authToken = core.getInput('token', { required: true });
+        // Git user
+        result.gitUser = core.getInput('git-user') || 'github-action[bot]';
        // SSH
        result.sshKey = core.getInput('ssh-key');
        result.sshKnownHosts = core.getInput('ssh-known-hosts');
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
      "version": "4.2.2",
      "license": "MIT",
      "dependencies": {
-        "@actions/core": "^1.11.1",
+        "@actions/core": "^1.10.1",
        "@actions/exec": "^1.1.1",
        "@actions/github": "^6.0.0",
        "@actions/io": "^1.1.3",
@@ -17,21 +17,21 @@
        "uuid": "^9.0.1"
      },
      "devDependencies": {
-        "@types/jest": "^29.5.14",
+        "@types/jest": "^29.5.12",
        "@types/node": "^20.12.12",
        "@types/uuid": "^9.0.8",
        "@typescript-eslint/eslint-plugin": "^7.9.0",
        "@typescript-eslint/parser": "^7.9.0",
-        "@vercel/ncc": "^0.38.3",
+        "@vercel/ncc": "^0.38.1",
        "eslint": "^8.57.0",
        "eslint-plugin-github": "^4.10.2",
-        "eslint-plugin-jest": "^28.9.0",
+        "eslint-plugin-jest": "^28.8.2",
        "jest": "^29.7.0",
        "jest-circus": "^29.7.0",
        "js-yaml": "^4.1.0",
-        "prettier": "^3.4.1",
+        "prettier": "^3.3.3",
        "ts-jest": "^29.2.5",
-        "typescript": "^5.7.2"
+        "typescript": "^5.5.4"
      }
    },
    "node_modules/@aashutoshrathi/word-wrap": {
@@ -44,13 +44,20 @@
      }
    },
    "node_modules/@actions/core": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
-      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
-      "license": "MIT",
+      "version": "1.10.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.1.tgz",
+      "integrity": "sha512-3lBR9EDAY+iYIpTnTIXmWcNbX3T2kCkAEQGIQx4NVQ0575nk2k3GRZDTPQG+vVtS2izSLmINlxXf0uLtnrTP+g==",
      "dependencies": {
-        "@actions/exec": "^1.1.1",
-        "@actions/http-client": "^2.0.1"
+        "@actions/http-client": "^2.0.1",
+        "uuid": "^8.3.2"
+      }
+    },
+    "node_modules/@actions/core/node_modules/uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
+      "bin": {
+        "uuid": "dist/bin/uuid"
      }
    },
    "node_modules/@actions/exec": {
@@ -1565,11 +1572,10 @@
      }
    },
    "node_modules/@types/jest": {
-      "version": "29.5.14",
-      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.14.tgz",
-      "integrity": "sha512-ZN+4sdnLUbo8EVvVc2ao0GFW6oVrQRPn4K2lglySj7APvSrgzxHiNNK99us4WDMi57xxA2yggblIAMNhXOotLQ==",
+      "version": "29.5.12",
+      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz",
+      "integrity": "sha512-eDC8bTvT/QhYdxJAulQikueigY5AsdBRH2yDKW3yveW7svY3+DzN84/2NUgkw10RTiJbWqZrTtoGVdYlvFJdLw==",
      "dev": true,
-      "license": "MIT",
      "dependencies": {
        "expect": "^29.0.0",
        "pretty-format": "^29.0.0"
@@ -1821,11 +1827,10 @@
      "dev": true
    },
    "node_modules/@vercel/ncc": {
-      "version": "0.38.3",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.3.tgz",
-      "integrity": "sha512-rnK6hJBS6mwc+Bkab+PGPs9OiS0i/3kdTO+CkI8V0/VrW3vmz7O2Pxjw/owOlmo6PKEIxRSeZKv/kuL9itnpYA==",
+      "version": "0.38.1",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.1.tgz",
+      "integrity": "sha512-IBBb+iI2NLu4VQn3Vwldyi2QwaXt5+hTyh58ggAMoCGE6DJmPvwL3KPBWcJl1m9LYPChBLE980Jw+CS4Wokqxw==",
      "dev": true,
-      "license": "MIT",
      "bin": {
        "ncc": "dist/ncc/cli.js"
      }
@@ -2497,10 +2502,11 @@
      }
    },
    "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "path-key": "^3.1.0",
        "shebang-command": "^2.0.0",
@@ -3213,11 +3219,10 @@
      }
    },
    "node_modules/eslint-plugin-jest": {
-      "version": "28.9.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-28.9.0.tgz",
-      "integrity": "sha512-rLu1s1Wf96TgUUxSw6loVIkNtUjq1Re7A9QdCCHSohnvXEBAjuL420h0T/fMmkQlNsQP2GhQzEUpYHPfxBkvYQ==",
+      "version": "28.8.2",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-28.8.2.tgz",
+      "integrity": "sha512-mC3OyklHmS5i7wYU1rGId9EnxRI8TVlnFG56AE+8U9iRy6zwaNygZR+DsdZuCL0gRG0wVeyzq+uWcPt6yJrrMA==",
      "dev": true,
-      "license": "MIT",
      "dependencies": {
        "@typescript-eslint/utils": "^6.0.0 || ^7.0.0 || ^8.0.0"
      },
@@ -5524,12 +5529,13 @@
      }
    },
    "node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
-        "braces": "^3.0.2",
+        "braces": "^3.0.3",
        "picomatch": "^2.3.1"
      },
      "engines": {
@@ -5974,11 +5980,10 @@
      }
    },
    "node_modules/prettier": {
-      "version": "3.4.1",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.1.tgz",
-      "integrity": "sha512-G+YdqtITVZmOJje6QkXQWzl3fSfMxFwm1tjTyo9exhkmWSqC4Yhd1+lug++IlR2mvRVAxEDDWYkQdeSztajqgg==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.3.tgz",
+      "integrity": "sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==",
      "dev": true,
-      "license": "MIT",
      "bin": {
        "prettier": "bin/prettier.cjs"
      },
@@ -6899,11 +6904,10 @@
      }
    },
    "node_modules/typescript": {
-      "version": "5.7.2",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.2.tgz",
-      "integrity": "sha512-i5t66RHxDvVN40HfDd1PsEThGNnlMCMT3jMUuoh9/0TaqWevNontacunWyN02LA9/fIbEWlcHZcgTKb9QoaLfg==",
+      "version": "5.5.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.4.tgz",
+      "integrity": "sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==",
      "dev": true,
-      "license": "Apache-2.0",
      "bin": {
        "tsc": "bin/tsc",
        "tsserver": "bin/tsserver"
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
  },
  "homepage": "https://github.com/actions/checkout#readme",
  "dependencies": {
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^1.10.1",
    "@actions/exec": "^1.1.1",
    "@actions/github": "^6.0.0",
    "@actions/io": "^1.1.3",
@@ -36,20 +36,20 @@
    "uuid": "^9.0.1"
  },
  "devDependencies": {
-    "@types/jest": "^29.5.14",
+    "@types/jest": "^29.5.12",
    "@types/node": "^20.12.12",
    "@types/uuid": "^9.0.8",
    "@typescript-eslint/eslint-plugin": "^7.9.0",
    "@typescript-eslint/parser": "^7.9.0",
-    "@vercel/ncc": "^0.38.3",
+    "@vercel/ncc": "^0.38.1",
    "eslint": "^8.57.0",
    "eslint-plugin-github": "^4.10.2",
-    "eslint-plugin-jest": "^28.9.0",
+    "eslint-plugin-jest": "^28.8.2",
    "jest": "^29.7.0",
    "jest-circus": "^29.7.0",
    "js-yaml": "^4.1.0",
-    "prettier": "^3.4.1",
+    "prettier": "^3.3.3",
    "ts-jest": "^29.2.5",
-    "typescript": "^5.7.2"
+    "typescript": "^5.5.4"
  }
 }
--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@@ -274,6 +274,23 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
      settings.commit,
      settings.githubServerUrl
    )
+    if (settings.gitUser) {
+      if (!(await git.configExists('user.name', true))) {
+        await git.config('user.name', settings.gitUser, true)
+      }
+      if (!(await git.configExists('user.email', true))) {
+        const userId = await githubApiHelper.getUserId(
+          settings.gitUser,
+          settings.authToken,
+          settings.githubServerUrl
+        )
+        await git.config(
+          'user.email',
+          `${userId}+${settings.gitUser}@users.noreply.github.com`,
+          true
+        )
+      }
+    }
  } finally {
    // Remove auth
    if (authHelper) {
--- a/src/git-source-settings.ts
+++ b/src/git-source-settings.ts
@@ -79,6 +79,11 @@ export interface IGitSourceSettings {
   */
  authToken: string

+  /**
+   * A github user slug to set a default user name and email in the local git config
+   */
+  gitUser: string
+
  /**
   * The SSH key to configure
   */
--- a/src/github-api-helper.ts
+++ b/src/github-api-helper.ts
@@ -143,3 +143,15 @@ async function downloadArchive(
  })
  return Buffer.from(response.data as ArrayBuffer) // response.data is ArrayBuffer
 }
+
+export async function getUserId(
+  username: string,
+  authToken: string,
+  baseUrl?: string
+): Promise<number> {
+  const octokit = github.getOctokit(authToken, {
+    baseUrl: getServerApiUrl(baseUrl)
+  })
+  const user = await octokit.rest.users.getByUsername({username})
+  return user.data.id
+}
--- a/src/input-helper.ts
+++ b/src/input-helper.ts
@@ -138,6 +138,9 @@ export async function getInputs(): Promise<IGitSourceSettings> {
  // Auth token
  result.authToken = core.getInput('token', {required: true})

+  // Git user
+  result.gitUser = core.getInput('git-user') || 'github-action[bot]'
+
  // SSH
  result.sshKey = core.getInput('ssh-key')
  result.sshKnownHosts = core.getInput('ssh-known-hosts')
Author	SHA1	Message	Date
Nicolas Schweitzer	7897d7b5db	Merge `ab5d862ce8` into `85e6279cec`	2025-01-22 10:55:19 +00:00
Nicolas Schweitzer	ab5d862ce8	fix tests and update index.js	2025-01-22 11:55:00 +01:00
Nicolas Schweitzer	5fba9eb899	codereview: define a git-user slug instead of a true/false config	2025-01-21 18:50:25 +01:00
Josh Gross	85e6279cec	Adjust positioning of user email note and permissions heading (#2044 ) Some checks failed CodeQL / Analyze (javascript) (push) Has been cancelled Details Build and Test / build (push) Has been cancelled Details Build and Test / test (macos-latest) (push) Has been cancelled Details Build and Test / test (ubuntu-latest) (push) Has been cancelled Details Build and Test / test (windows-latest) (push) Has been cancelled Details Build and Test / test-proxy (push) Has been cancelled Details Build and Test / test-bypass-proxy (push) Has been cancelled Details Build and Test / test-git-container (push) Has been cancelled Details Build and Test / test-output (push) Has been cancelled Details	2025-01-16 15:56:18 -05:00
Ben Wells	009b9ae9e4	Documentation update - add recommended permissions to Readme (#2043 ) * Update README.md * Update README.md Co-authored-by: Josh Gross <joshmgross@github.com> --------- Co-authored-by: Josh Gross <joshmgross@github.com>	2025-01-16 14:14:48 -05:00
Nicolas Schweitzer	f3b199b7ed	feat(git config): Set default user.name and user.email in git config	2024-12-19 16:24:48 +01:00