From 46c560dde5cfe7a13bc972a1fde189296e4577a8 Mon Sep 17 00:00:00 2001 From: Thomas Boop Date: Mon, 4 Nov 2019 14:58:03 -0500 Subject: [PATCH 1/3] Reverted Changes to Git Config and Authentication --- .github/workflows/test.yml | 3 ++- README.md | 21 +++++++++++---------- action.yml | 2 +- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bc481cb..011e8e1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,4 +15,5 @@ jobs: steps: - uses: actions/checkout@master - uses: ./ - - run: git ls-remote --tags origin + with: + ref: master diff --git a/README.md b/README.md index fd5c031..0339949 100644 --- a/README.md +++ b/README.md @@ -25,40 +25,41 @@ steps: - run: npm test ``` -By default, the branch or tag ref that triggered the workflow will be checked out, `${{ github.token }}` will be used for any Git server authentication. If you wish to check out a different branch, a different repository or use different token to checkout, specify that using `with.ref`, `with.repository` and `with.token`: +By default, the branch or tag ref that triggered the workflow will be checked out. If you wish to check out a different branch, a different repository or use different token to checkout, specify that using `with.ref`, `with.repository` and `with.token`. -Checkout different branch from the workflow repository: +## Checkout different branch from the workflow repository ```yaml - uses: actions/checkout@v1 with: ref: some-branch ``` -Checkout different private repository: +## Checkout different private repository ```yaml - uses: actions/checkout@v1 with: repository: myAccount/myRepository - ref: refs/heads/release + ref: refs/heads/master token: ${{ secrets.GitHub_PAT }} // `GitHub_PAT` is a secret contains your PAT. ``` +> - `${{ github.token }}` is scoped to the current repository, so if you want to checkout another repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line). -Checkout private submodules: +## Checkout private submodules ```yaml - uses: actions/checkout@v1 with: - submodules: recursive + submodules: true // 'recursive' 'true' or 'false' token: ${{ secrets.GitHub_PAT }} // `GitHub_PAT` is a secret contains your PAT. ``` -> - `with.token` will be used as `Basic` authentication header for https requests talk to https://github.com from `git(.exe)`, ensure those private submodules are configured via `https` not `ssh`. -> - `${{ github.token }}` only has permission to the workflow triggering repository. If the repository contains any submodules that comes from private repository, you will have to add your PAT as secret and use the secret in `with.token` to make `checkout` action work. +> - Private submodules must be configured via `https` not `ssh`. +> - `${{ github.token }}` only has permission to the workflow triggering repository. If the repository contains any submodules that come from private repositories, you will need to add your [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) as secret and use the secret in `with.token` to make the `checkout` action work. For more details, see [Contexts and expression syntax for GitHub Actions](https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions) and [Creating and using secrets (encrypted variables)](https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables) # Changelog -## v1.1.0 (unreleased) -- Persist `with.token` or `${{ github.token }}` into checkout repository's git config as `http.https://github.com/.extraheader=AUTHORIZATION: basic ***` to better support scripting git +# V1.1.0 +- Reverted Changes to automatically set Git Config and Authentication. # License diff --git a/action.yml b/action.yml index 7562254..2b080c8 100644 --- a/action.yml +++ b/action.yml @@ -20,4 +20,4 @@ inputs: description: 'Optional path to check out source code' runs: # Plugins live on the runner and are only available to a certain set of first party actions. - plugin: 'checkoutV1_1' + plugin: 'checkout' From 2571cdc2e31f4979f9ce7c7d87a76eb1bb3611b4 Mon Sep 17 00:00:00 2001 From: Thomas Boop <52323235+thboop@users.noreply.github.com> Date: Wed, 20 Nov 2019 09:37:11 -0500 Subject: [PATCH 2/3] Clarify Changelog --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0339949..8aa9ff4 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ For more details, see [Contexts and expression syntax for GitHub Actions](https: # Changelog -# V1.1.0 +# V1 - Reverted Changes to automatically set Git Config and Authentication. # License From 3c8fea2ef49e591c5f7d9a36d18b232c4874fb99 Mon Sep 17 00:00:00 2001 From: Thomas Boop <52323235+thboop@users.noreply.github.com> Date: Wed, 20 Nov 2019 10:34:51 -0500 Subject: [PATCH 3/3] v.1.2.0 Release --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8aa9ff4..c2b7298 100644 --- a/README.md +++ b/README.md @@ -58,8 +58,11 @@ For more details, see [Contexts and expression syntax for GitHub Actions](https: # Changelog -# V1 -- Reverted Changes to automatically set Git Config and Authentication. +## v1.2.0 +- Reverted persisting auth token changes to fix a bug with custom auth flows + +## v1.1.0 +- Persist `with.token` or `${{ github.token }}` into checkout repository's git config as `http.https://github.com/.extraheader=AUTHORIZATION: basic ***` to better support scripting git # License