doc private submodules

v1.2.0 Release - Reverted changes to git just works authentication

.eslintignore

@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/

.eslintrc.json

@@ -0,0 +1,58 @@
+{
+  "plugins": ["jest", "@typescript-eslint"],
+  "extends": ["plugin:github/es6"],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": 9,
+    "sourceType": "module",
+    "project": "./tsconfig.json"
+  },
+  "rules": {
+    "eslint-comments/no-use": "off",
+    "import/no-namespace": "off",
+    "no-unused-vars": "off",
+    "@typescript-eslint/no-unused-vars": "error",
+    "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
+    "@typescript-eslint/no-require-imports": "error",
+    "@typescript-eslint/array-type": "error",
+    "@typescript-eslint/await-thenable": "error",
+    "@typescript-eslint/ban-ts-ignore": "error",
+    "camelcase": "off",
+    "@typescript-eslint/camelcase": "error",
+    "@typescript-eslint/class-name-casing": "error",
+    "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
+    "@typescript-eslint/func-call-spacing": ["error", "never"],
+    "@typescript-eslint/generic-type-naming": ["error", "^[A-Z][A-Za-z]*$"],
+    "@typescript-eslint/no-array-constructor": "error",
+    "@typescript-eslint/no-empty-interface": "error",
+    "@typescript-eslint/no-explicit-any": "error",
+    "@typescript-eslint/no-extraneous-class": "error",
+    "@typescript-eslint/no-for-in-array": "error",
+    "@typescript-eslint/no-inferrable-types": "error",
+    "@typescript-eslint/no-misused-new": "error",
+    "@typescript-eslint/no-namespace": "error",
+    "@typescript-eslint/no-non-null-assertion": "warn",
+    "@typescript-eslint/no-object-literal-type-assertion": "error",
+    "@typescript-eslint/no-unnecessary-qualifier": "error",
+    "@typescript-eslint/no-unnecessary-type-assertion": "error",
+    "@typescript-eslint/no-useless-constructor": "error",
+    "@typescript-eslint/no-var-requires": "error",
+    "@typescript-eslint/prefer-for-of": "warn",
+    "@typescript-eslint/prefer-function-type": "warn",
+    "@typescript-eslint/prefer-includes": "error",
+    "@typescript-eslint/prefer-interface": "error",
+    "@typescript-eslint/prefer-string-starts-ends-with": "error",
+    "@typescript-eslint/promise-function-async": "error",
+    "@typescript-eslint/require-array-sort-compare": "error",
+    "@typescript-eslint/restrict-plus-operands": "error",
+    "semi": "off",
+    "@typescript-eslint/semi": ["error", "never"],
+    "@typescript-eslint/type-annotation-spacing": "error",
+    "@typescript-eslint/unbound-method": "error"
+  },
+  "env": {
+    "node": true,
+    "es6": true,
+    "jest/globals": true
+  }
+}

.github/workflows/test.yml

@@ -1,18 +1,101 @@
-name: "test-local"
+name: Build and Test
+
 on:
   pull_request:
   push:
     branches:
       - master
-      - 'releases/*'
+      - releases/*
 
 jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: npm ci
+      - run: npm run build
+      - run: npm run format-check
+      - run: npm run lint
+      - run: npm run pack
+      - run: npm run gendocs
+      - run: npm test
+      - name: Verify no unstaged changes
+        run: __test__/verify-no-unstaged-changes.sh
+
   test:
     strategy:
       matrix:
-        os: [windows-latest, ubuntu-latest, macOS-latest]
-    runs-on: ${{ matrix.os }}
+        runs-on: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.runs-on }}
+
     steps:
-    - uses: actions/checkout@master
-    - uses: ./
-    - run: git ls-remote --tags origin
+      # Clone this repo
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      # Basic checkout
+      - name: Basic checkout
+        uses: ./
+        with:
+          ref: test-data/v2/basic
+          path: basic
+      - name: Verify basic
+        shell: bash
+        run: __test__/verify-basic.sh
+
+      # Clean
+      - name: Modify work tree
+        shell: bash
+        run: __test__/modify-work-tree.sh
+      - name: Clean checkout
+        uses: ./
+        with:
+          ref: test-data/v2/basic
+          path: basic
+      - name: Verify clean
+        shell: bash
+        run: __test__/verify-clean.sh
+
+      # Side by side
+      - name: Side by side checkout 1
+        uses: ./
+        with:
+          ref: test-data/v2/side-by-side-1
+          path: side-by-side-1
+      - name: Side by side checkout 2
+        uses: ./
+        with:
+          ref: test-data/v2/side-by-side-2
+          path: side-by-side-2
+      - name: Verify side by side
+        shell: bash
+        run: __test__/verify-side-by-side.sh
+
+      # LFS
+      - name: LFS checkout
+        uses: ./
+        with:
+          repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
+          ref: test-data/v2/lfs
+          path: lfs
+          lfs: true
+      - name: Verify LFS
+        shell: bash
+        run: __test__/verify-lfs.sh
+
+  test-job-container:
+    runs-on: ubuntu-latest
+    container: alpine:latest
+    steps:
+      # Clone this repo
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      # Basic checkout
+      - name: Basic checkout
+        uses: ./
+        with:
+          ref: test-data/v2/basic
+          path: basic
+      - name: Verify basic
+        run: __test__/verify-basic.sh --archive

.gitignore

@@ -0,0 +1,2 @@
+lib/
+node_modules/

.prettierignore

@@ -0,0 +1,3 @@
+dist/
+lib/
+node_modules/

.prettierrc.json

@@ -0,0 +1,11 @@
+{
+  "printWidth": 80,
+  "tabWidth": 2,
+  "useTabs": false,
+  "semi": false,
+  "singleQuote": true,
+  "trailingComma": "none",
+  "bracketSpacing": false,
+  "arrowParens": "avoid",
+  "parser": "typescript"
+}

CHANGELOG.md

@@ -0,0 +1,23 @@
+# Changelog
+
+## v2 (beta)
+
+- Improved fetch performance
+  - The default behavior now fetches only the SHA being checked-out
+- Script authenticated git commands
+  - Persists `with.token` in the local git config
+  - Enables your scripts to run authenticated git commands
+  - Post-job cleanup removes the token
+  - Coming soon: Opt out by setting `with.persist-credentials` to `false`
+- Creates a local branch
+  - No longer detached HEAD when checking out a branch
+  - A local branch is created with the corresponding upstream branch set
+- Improved layout
+  - `with.path` is always relative to `github.workspace`
+  - Aligns better with container actions, where `github.workspace` gets mapped in
+- Removed input `submodules`
+
+
+## v1
+
+Refer [here](https://github.com/actions/checkout/blob/v1/CHANGELOG.md) for the V1 changelog

README.md

@@ -2,63 +2,226 @@
   <a href="https://github.com/actions/checkout"><img alt="GitHub Actions status" src="https://github.com/actions/checkout/workflows/test-local/badge.svg"></a>
 </p>
 
-# Checkout
+# Checkout V2
 
-This action checks out your repository to `$GITHUB_WORKSPACE`, so that your workflow can access the contents of your repository.
+This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
 
-By default, this is equivalent to running `git fetch` and `git checkout $GITHUB_SHA`, so that you'll always have your repo contents at the version that triggered the workflow.
-See [here](https://help.github.com/en/articles/events-that-trigger-workflows) to learn what `$GITHUB_SHA` is for different kinds of events.
+Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth` to fetch more history. Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
+
+The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
+
+When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
+
+# What's new
+
+- Improved performance
+  - Fetches only a single commit by default
+- Script authenticated git commands
+  - Auth token persisted in the local git config
+- Creates a local branch
+  - No longer detached HEAD when checking out a branch
+- Improved layout
+  - The input `path` is always relative to $GITHUB_WORKSPACE
+  - Aligns better with container actions, where $GITHUB_WORKSPACE gets mapped in
+- Fallback to REST API download
+  - When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
+  - When using a job container, the container's PATH is used
+- Removed input `submodules`
+
+Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous versions.
 
 # Usage
 
-See [action.yml](action.yml)
+<!-- start usage -->
+```yaml
+- uses: actions/checkout@v2
+  with:
+    # Repository name with owner. For example, actions/checkout
+    # Default: ${{ github.repository }}
+    repository: ''
 
-Basic:
+    # The branch, tag or SHA to checkout. When checking out the repository that
+    # triggered a workflow, this defaults to the reference or SHA for that event.
+    # Otherwise, defaults to `master`.
+    ref: ''
+
+    # Auth token used to fetch the repository. The token is stored in the local git
+    # config, which enables your scripts to run authenticated git commands. The
+    # post-job step removes the token from the git config. [Learn more about creating
+    # and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
+    # Default: ${{ github.token }}
+    token: ''
+
+    # Whether to persist the token in the git config
+    # Default: true
+    persist-credentials: ''
+
+    # Relative path under $GITHUB_WORKSPACE to place the repository
+    path: ''
+
+    # Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching
+    # Default: true
+    clean: ''
+
+    # Number of commits to fetch. 0 indicates all history.
+    # Default: 1
+    fetch-depth: ''
+
+    # Whether to download Git-LFS files
+    # Default: false
+    lfs: ''
+```
+<!-- end usage -->
+
+# Scenarios
+
+- [Checkout a different branch](#Checkout-a-different-branch)
+- [Checkout HEAD^](#Checkout-HEAD)
+- [Checkout multiple repos (side by side)](#Checkout-multiple-repos-side-by-side)
+- [Checkout multiple repos (nested)](#Checkout-multiple-repos-nested)
+- [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
+- [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
+- [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
+- [Checkout submodules](#Checkout-submodules)
+- [Checkout private submodules](#Checkout-private-submodules)
+- [Fetch all tags](#Fetch-all-tags)
+- [Fetch all branches](#Fetch-all-branches)
+- [Fetch all history for all tags and branches](#Fetch-all-history-for-all-tags-and-branches)
+
+## Checkout a different branch
 
 ```yaml
-steps:
-- uses: actions/checkout@v1
-- uses: actions/setup-node@v1
+- uses: actions/checkout@v2
   with:
-    node-version: 10.x 
-- run: npm install
-- run: npm test
+    ref: my-branch
 ```
 
-By default, the branch or tag ref that triggered the workflow will be checked out, `${{ github.token }}` will be used for any Git server authentication. If you wish to check out a different branch, a different repository or use different token to checkout, specify that using `with.ref`, `with.repository` and `with.token`:
+## Checkout HEAD^
 
-Checkout different branch from the workflow repository:
 ```yaml
-- uses: actions/checkout@v1
+- uses: actions/checkout@v2
   with:
-    ref: some-branch
+    fetch-depth: 2
+- run: git checkout HEAD^
 ```
 
-Checkout different private repository:
+## Checkout multiple repos (side by side)
+
 ```yaml
-- uses: actions/checkout@v1
+- name: Checkout
+  uses: actions/checkout@v2
   with:
-    repository: myAccount/myRepository
-    ref: refs/heads/release
-    token: ${{ secrets.GitHub_PAT }} // `GitHub_PAT` is a secret contains your PAT.
+    path: main
+
+- name: Checkout tools repo
+  uses: actions/checkout@v2
+  with:
+    repository: my-org/my-tools
+    path: my-tools
 ```
 
-Checkout private submodules:
+## Checkout multiple repos (nested)
+
 ```yaml
-- uses: actions/checkout@v1
+- name: Checkout
+  uses: actions/checkout@v2
+
+- name: Checkout tools repo
+  uses: actions/checkout@v2
   with:
-    submodules: recursive
-    token: ${{ secrets.GitHub_PAT }} // `GitHub_PAT` is a secret contains your PAT.
+    repository: my-org/my-tools
+    path: my-tools
 ```
-> - `with.token` will be used as `Basic` authentication header for https requests talk to https://github.com from `git(.exe)`, ensure those private submodules are configured via `https` not `ssh`.
-> - `${{ github.token }}` only has permission to the workflow triggering repository. If the repository contains any submodules that comes from private repository, you will have to add your PAT as secret and use the secret in `with.token` to make `checkout` action work.
 
-For more details, see [Contexts and expression syntax for GitHub Actions](https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions) and [Creating and using secrets (encrypted variables)](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables)
+## Checkout multiple repos (private)
 
-# Changelog
+```yaml
+- name: Checkout
+  uses: actions/checkout@v2
+  with:
+    path: main
 
-## v1.1.0 (unreleased)
-- Persist `with.token` or `${{ github.token }}` into checkout repository's git config as `http.https://github.com/.extraheader=AUTHORIZATION: basic ***` to better support scripting git
+- name: Checkout private tools
+  uses: actions/checkout@v2
+  with:
+    repository: my-org/my-private-tools
+    token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret that contains your PAT
+    path: my-tools
+```
+
+> - `${{ github.token }}` is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
+
+
+## Checkout pull request HEAD commit instead of merge commit
+
+```yaml
+- uses: actions/checkout@v2
+  with:
+    ref: ${{ github.event.pull_request.head.sha }}
+```
+
+## Checkout pull request on closed event
+
+```yaml
+on:
+  pull_request:
+    branches: [master]
+    types: [opened, synchronize, closed]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+```
+
+## Checkout submodules
+
+```yaml
+- uses: actions/checkout@v2
+- name: Checkout submodules
+  shell: bash
+  run: |
+    auth_header="$(git config --local --get http.https://github.com/.extraheader)"
+    git submodule sync --recursive
+    git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
+```
+
+## Checkout private submodules
+
+```yaml
+- uses: actions/checkout@v2
+  with:
+    token: ${{ secrets.MY_GITHUB_PAT }}
+- name: Checkout submodules
+  shell: bash
+  run: |
+    auth_header="$(git config --local --get http.https://github.com/.extraheader)"
+    git submodule sync --recursive
+    git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1
+```
+
+## Fetch all tags
+
+```yaml
+- uses: actions/checkout@v2
+- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
+```
+
+## Fetch all branches
+
+```yaml
+- uses: actions/checkout@v2
+- run: |
+    git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
+```
+
+## Fetch all history for all tags and branches
+
+```yaml
+- uses: actions/checkout@v2
+- run: |
+    git fetch --prune --unshallow
+```
 
 # License
 

__test__/git-version.test.ts

@@ -0,0 +1,45 @@
+import {GitVersion} from '../lib/git-version'
+
+describe('git-version tests', () => {
+  it('basics', async () => {
+    let version = new GitVersion('')
+    expect(version.isValid()).toBeFalsy()
+
+    version = new GitVersion('asdf')
+    expect(version.isValid()).toBeFalsy()
+
+    version = new GitVersion('1.2')
+    expect(version.isValid()).toBeTruthy()
+    expect(version.toString()).toBe('1.2')
+
+    version = new GitVersion('1.2.3')
+    expect(version.isValid()).toBeTruthy()
+    expect(version.toString()).toBe('1.2.3')
+  })
+
+  it('check minimum', async () => {
+    let version = new GitVersion('4.5')
+    expect(version.checkMinimum(new GitVersion('3.6'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('3.6.7'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.4'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.5'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.5.0'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.6'))).toBeFalsy()
+    expect(version.checkMinimum(new GitVersion('4.6.0'))).toBeFalsy()
+    expect(version.checkMinimum(new GitVersion('5.1'))).toBeFalsy()
+    expect(version.checkMinimum(new GitVersion('5.1.2'))).toBeFalsy()
+
+    version = new GitVersion('4.5.6')
+    expect(version.checkMinimum(new GitVersion('3.6'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('3.6.7'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.4'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.5'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.5.5'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.5.6'))).toBeTruthy()
+    expect(version.checkMinimum(new GitVersion('4.5.7'))).toBeFalsy()
+    expect(version.checkMinimum(new GitVersion('4.6'))).toBeFalsy()
+    expect(version.checkMinimum(new GitVersion('4.6.0'))).toBeFalsy()
+    expect(version.checkMinimum(new GitVersion('5.1'))).toBeFalsy()
+    expect(version.checkMinimum(new GitVersion('5.1.2'))).toBeFalsy()
+  })
+})

__test__/input-helper.test.ts

@@ -0,0 +1,120 @@
+import * as assert from 'assert'
+import * as path from 'path'
+import {ISourceSettings} from '../lib/git-source-provider'
+
+const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
+const gitHubWorkspace = path.resolve('/checkout-tests/workspace')
+
+// Late bind
+let inputHelper: any
+
+// Mock @actions/core
+let inputs = {} as any
+const mockCore = jest.genMockFromModule('@actions/core') as any
+mockCore.getInput = (name: string) => {
+  return inputs[name]
+}
+
+// Mock @actions/github
+const mockGitHub = jest.genMockFromModule('@actions/github') as any
+mockGitHub.context = {
+  repo: {
+    owner: 'some-owner',
+    repo: 'some-repo'
+  },
+  ref: 'refs/heads/some-ref',
+  sha: '1234567890123456789012345678901234567890'
+}
+
+// Mock ./fs-helper
+const mockFSHelper = jest.genMockFromModule('../lib/fs-helper') as any
+mockFSHelper.directoryExistsSync = (path: string) => path == gitHubWorkspace
+
+describe('input-helper tests', () => {
+  beforeAll(() => {
+    // GitHub workspace
+    process.env['GITHUB_WORKSPACE'] = gitHubWorkspace
+
+    // Mocks
+    jest.setMock('@actions/core', mockCore)
+    jest.setMock('@actions/github', mockGitHub)
+    jest.setMock('../lib/fs-helper', mockFSHelper)
+
+    // Now import
+    inputHelper = require('../lib/input-helper')
+  })
+
+  beforeEach(() => {
+    // Reset inputs
+    inputs = {}
+  })
+
+  afterAll(() => {
+    // Reset GitHub workspace
+    delete process.env['GITHUB_WORKSPACE']
+    if (originalGitHubWorkspace) {
+      process.env['GITHUB_WORKSPACE'] = originalGitHubWorkspace
+    }
+
+    // Reset modules
+    jest.resetModules()
+  })
+
+  it('sets defaults', () => {
+    const settings: ISourceSettings = inputHelper.getInputs()
+    expect(settings).toBeTruthy()
+    expect(settings.authToken).toBeFalsy()
+    expect(settings.clean).toBe(true)
+    expect(settings.commit).toBeTruthy()
+    expect(settings.commit).toBe('1234567890123456789012345678901234567890')
+    expect(settings.fetchDepth).toBe(1)
+    expect(settings.lfs).toBe(false)
+    expect(settings.ref).toBe('refs/heads/some-ref')
+    expect(settings.repositoryName).toBe('some-repo')
+    expect(settings.repositoryOwner).toBe('some-owner')
+    expect(settings.repositoryPath).toBe(gitHubWorkspace)
+  })
+
+  it('requires qualified repo', () => {
+    inputs.repository = 'some-unqualified-repo'
+    assert.throws(() => {
+      inputHelper.getInputs()
+    }, /Invalid repository 'some-unqualified-repo'/)
+  })
+
+  it('roots path', () => {
+    inputs.path = 'some-directory/some-subdirectory'
+    const settings: ISourceSettings = inputHelper.getInputs()
+    expect(settings.repositoryPath).toBe(
+      path.join(gitHubWorkspace, 'some-directory', 'some-subdirectory')
+    )
+  })
+
+  it('sets correct default ref/sha for other repo', () => {
+    inputs.repository = 'some-owner/some-other-repo'
+    const settings: ISourceSettings = inputHelper.getInputs()
+    expect(settings.ref).toBe('refs/heads/master')
+    expect(settings.commit).toBeFalsy()
+  })
+
+  it('sets ref to empty when explicit sha', () => {
+    inputs.ref = '1111111111222222222233333333334444444444'
+    const settings: ISourceSettings = inputHelper.getInputs()
+    expect(settings.ref).toBeFalsy()
+    expect(settings.commit).toBe('1111111111222222222233333333334444444444')
+  })
+
+  it('sets sha to empty when explicit ref', () => {
+    inputs.ref = 'refs/heads/some-other-ref'
+    const settings: ISourceSettings = inputHelper.getInputs()
+    expect(settings.ref).toBe('refs/heads/some-other-ref')
+    expect(settings.commit).toBeFalsy()
+  })
+
+  it('gives good error message for submodules input', () => {
+    inputs.submodules = 'true'
+    assert.throws(() => {
+      inputHelper.getInputs()
+    }, /The input 'submodules' is not supported/)
+  })
+})

__test__/modify-work-tree.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [ ! -f "./basic/basic-file.txt" ]; then
+    echo "Expected basic file does not exist"
+    exit 1
+fi
+
+echo hello >> ./basic/basic-file.txt
+echo hello >> ./basic/new-file.txt
+git -C ./basic status

__test__/ref-helper.test.ts

@@ -0,0 +1,168 @@
+import * as assert from 'assert'
+import * as refHelper from '../lib/ref-helper'
+import {IGitCommandManager} from '../lib/git-command-manager'
+
+const commit = '1234567890123456789012345678901234567890'
+let git: IGitCommandManager
+
+describe('ref-helper tests', () => {
+  beforeEach(() => {
+    git = ({} as unknown) as IGitCommandManager
+  })
+
+  it('getCheckoutInfo requires git', async () => {
+    const git = (null as unknown) as IGitCommandManager
+    try {
+      await refHelper.getCheckoutInfo(git, 'refs/heads/my/branch', commit)
+      throw new Error('Should not reach here')
+    } catch (err) {
+      expect(err.message).toBe('Arg git cannot be empty')
+    }
+  })
+
+  it('getCheckoutInfo requires ref or commit', async () => {
+    try {
+      await refHelper.getCheckoutInfo(git, '', '')
+      throw new Error('Should not reach here')
+    } catch (err) {
+      expect(err.message).toBe('Args ref and commit cannot both be empty')
+    }
+  })
+
+  it('getCheckoutInfo sha only', async () => {
+    const checkoutInfo = await refHelper.getCheckoutInfo(git, '', commit)
+    expect(checkoutInfo.ref).toBe(commit)
+    expect(checkoutInfo.startPoint).toBeFalsy()
+  })
+
+  it('getCheckoutInfo refs/heads/', async () => {
+    const checkoutInfo = await refHelper.getCheckoutInfo(
+      git,
+      'refs/heads/my/branch',
+      commit
+    )
+    expect(checkoutInfo.ref).toBe('my/branch')
+    expect(checkoutInfo.startPoint).toBe('refs/remotes/origin/my/branch')
+  })
+
+  it('getCheckoutInfo refs/pull/', async () => {
+    const checkoutInfo = await refHelper.getCheckoutInfo(
+      git,
+      'refs/pull/123/merge',
+      commit
+    )
+    expect(checkoutInfo.ref).toBe('refs/remotes/pull/123/merge')
+    expect(checkoutInfo.startPoint).toBeFalsy()
+  })
+
+  it('getCheckoutInfo refs/tags/', async () => {
+    const checkoutInfo = await refHelper.getCheckoutInfo(
+      git,
+      'refs/tags/my-tag',
+      commit
+    )
+    expect(checkoutInfo.ref).toBe('refs/tags/my-tag')
+    expect(checkoutInfo.startPoint).toBeFalsy()
+  })
+
+  it('getCheckoutInfo unqualified branch only', async () => {
+    git.branchExists = jest.fn(async (remote: boolean, pattern: string) => {
+      return true
+    })
+
+    const checkoutInfo = await refHelper.getCheckoutInfo(git, 'my/branch', '')
+
+    expect(checkoutInfo.ref).toBe('my/branch')
+    expect(checkoutInfo.startPoint).toBe('refs/remotes/origin/my/branch')
+  })
+
+  it('getCheckoutInfo unqualified tag only', async () => {
+    git.branchExists = jest.fn(async (remote: boolean, pattern: string) => {
+      return false
+    })
+    git.tagExists = jest.fn(async (pattern: string) => {
+      return true
+    })
+
+    const checkoutInfo = await refHelper.getCheckoutInfo(git, 'my-tag', '')
+
+    expect(checkoutInfo.ref).toBe('refs/tags/my-tag')
+    expect(checkoutInfo.startPoint).toBeFalsy()
+  })
+
+  it('getCheckoutInfo unqualified ref only, not a branch or tag', async () => {
+    git.branchExists = jest.fn(async (remote: boolean, pattern: string) => {
+      return false
+    })
+    git.tagExists = jest.fn(async (pattern: string) => {
+      return false
+    })
+
+    try {
+      await refHelper.getCheckoutInfo(git, 'my-ref', '')
+      throw new Error('Should not reach here')
+    } catch (err) {
+      expect(err.message).toBe(
+        "A branch or tag with the name 'my-ref' could not be found"
+      )
+    }
+  })
+
+  it('getRefSpec requires ref or commit', async () => {
+    assert.throws(
+      () => refHelper.getRefSpec('', ''),
+      /Args ref and commit cannot both be empty/
+    )
+  })
+
+  it('getRefSpec sha + refs/heads/', async () => {
+    const refSpec = refHelper.getRefSpec('refs/heads/my/branch', commit)
+    expect(refSpec.length).toBe(1)
+    expect(refSpec[0]).toBe(`+${commit}:refs/remotes/origin/my/branch`)
+  })
+
+  it('getRefSpec sha + refs/pull/', async () => {
+    const refSpec = refHelper.getRefSpec('refs/pull/123/merge', commit)
+    expect(refSpec.length).toBe(1)
+    expect(refSpec[0]).toBe(`+${commit}:refs/remotes/pull/123/merge`)
+  })
+
+  it('getRefSpec sha + refs/tags/', async () => {
+    const refSpec = refHelper.getRefSpec('refs/tags/my-tag', commit)
+    expect(refSpec.length).toBe(1)
+    expect(refSpec[0]).toBe(`+${commit}:refs/tags/my-tag`)
+  })
+
+  it('getRefSpec sha only', async () => {
+    const refSpec = refHelper.getRefSpec('', commit)
+    expect(refSpec.length).toBe(1)
+    expect(refSpec[0]).toBe(commit)
+  })
+
+  it('getRefSpec unqualified ref only', async () => {
+    const refSpec = refHelper.getRefSpec('my-ref', '')
+    expect(refSpec.length).toBe(2)
+    expect(refSpec[0]).toBe('+refs/heads/my-ref*:refs/remotes/origin/my-ref*')
+    expect(refSpec[1]).toBe('+refs/tags/my-ref*:refs/tags/my-ref*')
+  })
+
+  it('getRefSpec refs/heads/ only', async () => {
+    const refSpec = refHelper.getRefSpec('refs/heads/my/branch', '')
+    expect(refSpec.length).toBe(1)
+    expect(refSpec[0]).toBe(
+      '+refs/heads/my/branch:refs/remotes/origin/my/branch'
+    )
+  })
+
+  it('getRefSpec refs/pull/ only', async () => {
+    const refSpec = refHelper.getRefSpec('refs/pull/123/merge', '')
+    expect(refSpec.length).toBe(1)
+    expect(refSpec[0]).toBe('+refs/pull/123/merge:refs/remotes/pull/123/merge')
+  })
+
+  it('getRefSpec refs/tags/ only', async () => {
+    const refSpec = refHelper.getRefSpec('refs/tags/my-tag', '')
+    expect(refSpec.length).toBe(1)
+    expect(refSpec[0]).toBe('+refs/tags/my-tag:refs/tags/my-tag')
+  })
+})

__test__/retry-helper.test.ts

@@ -0,0 +1,88 @@
+const mockCore = jest.genMockFromModule('@actions/core') as any
+mockCore.info = (message: string) => {
+  info.push(message)
+}
+let info: string[]
+let retryHelper: any
+
+describe('retry-helper tests', () => {
+  beforeAll(() => {
+    // Mocks
+    jest.setMock('@actions/core', mockCore)
+
+    // Now import
+    const retryHelperModule = require('../lib/retry-helper')
+    retryHelper = new retryHelperModule.RetryHelper(3, 0, 0)
+  })
+
+  beforeEach(() => {
+    // Reset info
+    info = []
+  })
+
+  afterAll(() => {
+    // Reset modules
+    jest.resetModules()
+  })
+
+  it('first attempt succeeds', async () => {
+    const actual = await retryHelper.execute(async () => {
+      return 'some result'
+    })
+    expect(actual).toBe('some result')
+    expect(info).toHaveLength(0)
+  })
+
+  it('second attempt succeeds', async () => {
+    let attempts = 0
+    const actual = await retryHelper.execute(() => {
+      if (++attempts == 1) {
+        throw new Error('some error')
+      }
+
+      return Promise.resolve('some result')
+    })
+    expect(attempts).toBe(2)
+    expect(actual).toBe('some result')
+    expect(info).toHaveLength(2)
+    expect(info[0]).toBe('some error')
+    expect(info[1]).toMatch(/Waiting .+ seconds before trying again/)
+  })
+
+  it('third attempt succeeds', async () => {
+    let attempts = 0
+    const actual = await retryHelper.execute(() => {
+      if (++attempts < 3) {
+        throw new Error(`some error ${attempts}`)
+      }
+
+      return Promise.resolve('some result')
+    })
+    expect(attempts).toBe(3)
+    expect(actual).toBe('some result')
+    expect(info).toHaveLength(4)
+    expect(info[0]).toBe('some error 1')
+    expect(info[1]).toMatch(/Waiting .+ seconds before trying again/)
+    expect(info[2]).toBe('some error 2')
+    expect(info[3]).toMatch(/Waiting .+ seconds before trying again/)
+  })
+
+  it('all attempts fail succeeds', async () => {
+    let attempts = 0
+    let error: Error = (null as unknown) as Error
+    try {
+      await retryHelper.execute(() => {
+        throw new Error(`some error ${++attempts}`)
+      })
+    } catch (err) {
+      error = err
+    }
+    expect(error.message).toBe('some error 3')
+    expect(attempts).toBe(3)
+    expect(info).toHaveLength(4)
+    expect(info[0]).toBe('some error 1')
+    expect(info[1]).toMatch(/Waiting .+ seconds before trying again/)
+    expect(info[2]).toBe('some error 2')
+    expect(info[3]).toMatch(/Waiting .+ seconds before trying again/)
+  })
+})

__test__/verify-basic.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+if [ ! -f "./basic/basic-file.txt" ]; then
+    echo "Expected basic file does not exist"
+    exit 1
+fi
+
+if [ "$1" = "--archive" ]; then
+  # Verify no .git folder
+  if [ -d "./basic/.git" ]; then
+    echo "Did not expect ./basic/.git folder to exist"
+    exit 1
+  fi
+else
+  # Verify .git folder
+  if [ ! -d "./basic/.git" ]; then
+    echo "Expected ./basic/.git folder to exist"
+    exit 1
+  fi
+
+  # Verify auth token
+  cd basic
+  git fetch --no-tags --depth=1 origin +refs/heads/master:refs/remotes/origin/master
+fi

__test__/verify-clean.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [[ "$(git -C ./basic status --porcelain)" != "" ]]; then
+    echo ----------------------------------------
+    echo git status
+    echo ----------------------------------------
+    git status
+    echo ----------------------------------------
+    echo git diff
+    echo ----------------------------------------
+    git diff
+    exit 1
+fi

__test__/verify-lfs.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ ! -f "./lfs/regular-file.txt" ]; then
+    echo "Expected regular file does not exist"
+    exit 1
+fi
+
+if [ ! -f "./lfs/lfs-file.bin" ]; then
+    echo "Expected lfs file does not exist"
+    exit 1
+fi

__test__/verify-no-unstaged-changes.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [[ "$(git status --porcelain)" != "" ]]; then
+    echo ----------------------------------------
+    echo git status
+    echo ----------------------------------------
+    git status
+    echo ----------------------------------------
+    echo git diff
+    echo ----------------------------------------
+    git diff
+    echo ----------------------------------------
+    echo Troubleshooting
+    echo ----------------------------------------
+    echo "::error::Unstaged changes detected. Locally try running: git clean -ffdx && npm ci && npm run all"
+    exit 1
+fi

__test__/verify-side-by-side.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ ! -f "./side-by-side-1/side-by-side-test-file-1.txt" ]; then
+    echo "Expected file 1 does not exist"
+    exit 1
+fi
+
+if [ ! -f "./side-by-side-2/side-by-side-test-file-2.txt" ]; then
+    echo "Expected file 2 does not exist"
+    exit 1
+fi

__test__/verify-submodules-not-checked-out.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ ! -f "./submodules-not-checked-out/regular-file.txt" ]; then
+    echo "Expected regular file does not exist"
+    exit 1
+fi
+
+if [ -f "./submodules-not-checked-out/submodule-level-1/submodule-file.txt" ]; then
+    echo "Unexpected submodule file exists"
+    exit 1
+fi

action.yml

@@ -1,23 +1,36 @@
 name: 'Checkout'
-description: 'Checkout a Git repository.'
+description: 'Checkout a Git repository at a particular version'
 inputs: 
   repository:
-    description: 'Repository name'
+    description: 'Repository name with owner. For example, actions/checkout'
+    default: ${{ github.repository }}
   ref:
-    description: 'Ref to checkout (SHA, branch, tag)'
+    description: >
+      The branch, tag or SHA to checkout. When checking out the repository that
+      triggered a workflow, this defaults to the reference or SHA for that
+      event.  Otherwise, defaults to `master`.
   token:
-    description: 'Access token for clone repository'
-  clean:
-    description: 'If true, execute `execute git clean -ffdx && git reset --hard HEAD` before fetching'
+    description: >
+      Auth token used to fetch the repository. The token is stored in the local
+      git config, which enables your scripts to run authenticated git commands.
+      The post-job step removes the token from the git config. [Learn more about
+      creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
+    default: ${{ github.token }}
+  persist-credentials:
+    description: 'Whether to persist the token in the git config'
     default: true
-  submodules:
-    description: 'Whether to include submodules: false to exclude submodules, true to include only one level of submodules, or recursive to recursively clone submodules; defaults to false'
-  lfs:
-    description: 'Whether to download Git-LFS files; defaults to false'
-  fetch-depth:
-    description: 'The depth of commits to ask Git to fetch; defaults to no limit'  
   path:
-    description: 'Optional path to check out source code'  
+    description: 'Relative path under $GITHUB_WORKSPACE to place the repository'
+  clean:
+    description: 'Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching'
+    default: true
+  fetch-depth:
+    description: 'Number of commits to fetch. 0 indicates all history.'
+    default: 1
+  lfs:
+    description: 'Whether to download Git-LFS files'
+    default: false
 runs:
-  # Plugins live on the runner and are only available to a certain set of first party actions.
-  plugin: 'checkoutV1_1'
+  using: node12
+  main: dist/index.js
+  post: dist/index.js

dist/problem-matcher.json

@@ -0,0 +1,13 @@
+{
+    "problemMatcher": [
+        {
+            "owner": "checkout-git",
+            "pattern": [
+                {
+                    "regexp": "^(fatal|error): (.*)$",
+                    "message": 2
+                }
+            ]
+        }
+    ]
+}

jest.config.js

@@ -0,0 +1,11 @@
+module.exports = {
+  clearMocks: true,
+  moduleFileExtensions: ['js', 'ts'],
+  testEnvironment: 'node',
+  testMatch: ['**/*.test.ts'],
+  testRunner: 'jest-circus/runner',
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  verbose: true
+}

package.json

@@ -0,0 +1,55 @@
+{
+  "name": "checkout",
+  "version": "2.0.1",
+  "description": "checkout action",
+  "main": "lib/main.js",
+  "scripts": {
+    "build": "tsc",
+    "format": "prettier --write **/*.ts",
+    "format-check": "prettier --check **/*.ts",
+    "lint": "eslint src/**/*.ts",
+    "pack": "ncc build",
+    "gendocs": "node lib/misc/generate-docs.js",
+    "test": "jest",
+    "all": "npm run build && npm run format && npm run lint && npm run pack && npm run gendocs && npm test"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/actions/checkout.git"
+  },
+  "keywords": [
+    "github",
+    "actions",
+    "checkout"
+  ],
+  "author": "GitHub",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/actions/checkout/issues"
+  },
+  "homepage": "https://github.com/actions/checkout#readme",
+  "dependencies": {
+    "@actions/core": "^1.1.3",
+    "@actions/exec": "^1.0.1",
+    "@actions/github": "^2.0.0",
+    "@actions/io": "^1.0.1",
+    "@actions/tool-cache": "^1.1.2",
+    "uuid": "^3.3.3"
+  },
+  "devDependencies": {
+    "@types/jest": "^24.0.23",
+    "@types/node": "^12.7.12",
+    "@types/uuid": "^3.4.6",
+    "@typescript-eslint/parser": "^2.8.0",
+    "@zeit/ncc": "^0.20.5",
+    "eslint": "^5.16.0",
+    "eslint-plugin-github": "^2.0.0",
+    "eslint-plugin-jest": "^22.21.0",
+    "jest": "^24.9.0",
+    "jest-circus": "^24.9.0",
+    "js-yaml": "^3.13.1",
+    "prettier": "^1.19.1",
+    "ts-jest": "^24.2.0",
+    "typescript": "^3.6.4"
+  }
+}

src/fs-helper.ts

@@ -0,0 +1,77 @@
+import * as fs from 'fs'
+
+export function directoryExistsSync(path: string, required?: boolean): boolean {
+  if (!path) {
+    throw new Error("Arg 'path' must not be empty")
+  }
+
+  let stats: fs.Stats
+  try {
+    stats = fs.statSync(path)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      if (!required) {
+        return false
+      }
+
+      throw new Error(`Directory '${path}' does not exist`)
+    }
+
+    throw new Error(
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
+    )
+  }
+
+  if (stats.isDirectory()) {
+    return true
+  } else if (!required) {
+    return false
+  }
+
+  throw new Error(`Directory '${path}' does not exist`)
+}
+
+export function existsSync(path: string): boolean {
+  if (!path) {
+    throw new Error("Arg 'path' must not be empty")
+  }
+
+  try {
+    fs.statSync(path)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return false
+    }
+
+    throw new Error(
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
+    )
+  }
+
+  return true
+}
+
+export function fileExistsSync(path: string): boolean {
+  if (!path) {
+    throw new Error("Arg 'path' must not be empty")
+  }
+
+  let stats: fs.Stats
+  try {
+    stats = fs.statSync(path)
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      return false
+    }
+
+    throw new Error(
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
+    )
+  }
+
+  if (!stats.isDirectory()) {
+    return true
+  }
+
+  return false
+}

src/git-version.ts

@@ -0,0 +1,77 @@
+export class GitVersion {
+  private readonly major: number = NaN
+  private readonly minor: number = NaN
+  private readonly patch: number = NaN
+
+  /**
+   * Used for comparing the version of git and git-lfs against the minimum required version
+   * @param version the version string, e.g. 1.2 or 1.2.3
+   */
+  constructor(version?: string) {
+    if (version) {
+      const match = version.match(/^(\d+)\.(\d+)(\.(\d+))?$/)
+      if (match) {
+        this.major = Number(match[1])
+        this.minor = Number(match[2])
+        if (match[4]) {
+          this.patch = Number(match[4])
+        }
+      }
+    }
+  }
+
+  /**
+   * Compares the instance against a minimum required version
+   * @param minimum Minimum version
+   */
+  checkMinimum(minimum: GitVersion): boolean {
+    if (!minimum.isValid()) {
+      throw new Error('Arg minimum is not a valid version')
+    }
+
+    // Major is insufficient
+    if (this.major < minimum.major) {
+      return false
+    }
+
+    // Major is equal
+    if (this.major === minimum.major) {
+      // Minor is insufficient
+      if (this.minor < minimum.minor) {
+        return false
+      }
+
+      // Minor is equal
+      if (this.minor === minimum.minor) {
+        // Patch is insufficient
+        if (this.patch && this.patch < (minimum.patch || 0)) {
+          return false
+        }
+      }
+    }
+
+    return true
+  }
+
+  /**
+   * Indicates whether the instance was constructed from a valid version string
+   */
+  isValid(): boolean {
+    return !isNaN(this.major)
+  }
+
+  /**
+   * Returns the version as a string, e.g. 1.2 or 1.2.3
+   */
+  toString(): string {
+    let result = ''
+    if (this.isValid()) {
+      result = `${this.major}.${this.minor}`
+      if (!isNaN(this.patch)) {
+        result += `.${this.patch}`
+      }
+    }
+
+    return result
+  }
+}

src/github-api-helper.ts

@@ -0,0 +1,92 @@
+import * as assert from 'assert'
+import * as core from '@actions/core'
+import * as fs from 'fs'
+import * as github from '@actions/github'
+import * as io from '@actions/io'
+import * as path from 'path'
+import * as retryHelper from './retry-helper'
+import * as toolCache from '@actions/tool-cache'
+import {default as uuid} from 'uuid/v4'
+import {ReposGetArchiveLinkParams} from '@octokit/rest'
+
+const IS_WINDOWS = process.platform === 'win32'
+
+export async function downloadRepository(
+  authToken: string,
+  owner: string,
+  repo: string,
+  ref: string,
+  commit: string,
+  repositoryPath: string
+): Promise<void> {
+  // Download the archive
+  let archiveData = await retryHelper.execute(async () => {
+    core.info('Downloading the archive')
+    return await downloadArchive(authToken, owner, repo, ref, commit)
+  })
+
+  // Write archive to disk
+  core.info('Writing archive to disk')
+  const uniqueId = uuid()
+  const archivePath = path.join(repositoryPath, `${uniqueId}.tar.gz`)
+  await fs.promises.writeFile(archivePath, archiveData)
+  archiveData = Buffer.from('') // Free memory
+
+  // Extract archive
+  core.info('Extracting the archive')
+  const extractPath = path.join(repositoryPath, uniqueId)
+  await io.mkdirP(extractPath)
+  if (IS_WINDOWS) {
+    await toolCache.extractZip(archivePath, extractPath)
+  } else {
+    await toolCache.extractTar(archivePath, extractPath)
+  }
+  io.rmRF(archivePath)
+
+  // Determine the path of the repository content. The archive contains
+  // a top-level folder and the repository content is inside.
+  const archiveFileNames = await fs.promises.readdir(extractPath)
+  assert.ok(
+    archiveFileNames.length == 1,
+    'Expected exactly one directory inside archive'
+  )
+  const archiveVersion = archiveFileNames[0] // The top-level folder name includes the short SHA
+  core.info(`Resolved version ${archiveVersion}`)
+  const tempRepositoryPath = path.join(extractPath, archiveVersion)
+
+  // Move the files
+  for (const fileName of await fs.promises.readdir(tempRepositoryPath)) {
+    const sourcePath = path.join(tempRepositoryPath, fileName)
+    const targetPath = path.join(repositoryPath, fileName)
+    if (IS_WINDOWS) {
+      await io.cp(sourcePath, targetPath, {recursive: true}) // Copy on Windows (Windows Defender may have a lock)
+    } else {
+      await io.mv(sourcePath, targetPath)
+    }
+  }
+  io.rmRF(extractPath)
+}
+
+async function downloadArchive(
+  authToken: string,
+  owner: string,
+  repo: string,
+  ref: string,
+  commit: string
+): Promise<Buffer> {
+  const octokit = new github.GitHub(authToken)
+  const params: ReposGetArchiveLinkParams = {
+    owner: owner,
+    repo: repo,
+    archive_format: IS_WINDOWS ? 'zipball' : 'tarball',
+    ref: commit || ref
+  }
+  const response = await octokit.repos.getArchiveLink(params)
+  if (response.status != 200) {
+    throw new Error(
+      `Unexpected response from GitHub API. Status: ${response.status}, Data: ${response.data}`
+    )
+  }
+
+  return Buffer.from(response.data) // response.data is ArrayBuffer
+}