Skip to content

Commit a050973

Browse files
committed
fix(actions/checkout): bump actions/checkout to v6.0.3
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
1 parent 0381055 commit a050973

3 files changed

Lines changed: 177 additions & 0 deletions

File tree

.github/workflows/__shared-ci.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,12 @@ jobs:
2020
contents: read
2121
uses: ./.github/workflows/__test-action-matrix-outputs.yml
2222

23+
test-action-checkout:
24+
needs: linter
25+
permissions:
26+
contents: read
27+
uses: ./.github/workflows/__test-action-checkout.yml
28+
2329
test-action-get-github-actions-bot-user:
2430
needs: linter
2531
permissions:
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
name: Internal - Tests for checkout action (issue_comment trigger)
2+
3+
on:
4+
issue_comment:
5+
types: [created, edited]
6+
7+
permissions:
8+
contents: read
9+
pull-requests: read
10+
issues: read
11+
12+
jobs:
13+
test-checkout-issue-comment:
14+
# Only run on pull request comments
15+
if: github.event.issue.pull_request != null
16+
name: Test checkout action on issue_comment trigger
17+
runs-on: ubuntu-latest
18+
steps:
19+
- name: Arrange - Get PR information
20+
id: pr-info
21+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
22+
with:
23+
script: |
24+
const pr = await github.rest.pulls.get({
25+
owner: context.repo.owner,
26+
repo: context.repo.repo,
27+
pull_number: context.issue.number,
28+
});
29+
core.setOutput('head-sha', pr.data.head.sha);
30+
core.setOutput('head-ref', pr.data.head.ref);
31+
console.log(`PR Head SHA: ${pr.data.head.sha}`);
32+
console.log(`PR Head Ref: ${pr.data.head.ref}`);
33+
34+
- name: Act - Checkout using custom checkout action (issue_comment case)
35+
id: checkout
36+
uses: ./actions/checkout
37+
with:
38+
persist-credentials: true
39+
40+
- name: Assert - Verify correct PR SHA was checked out
41+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
42+
env:
43+
EXPECTED_SHA: ${{ steps.pr-info.outputs.head-sha }}
44+
with:
45+
script: |
46+
const { execSync } = require('child_process');
47+
const currentSha = execSync('git rev-parse HEAD').toString().trim();
48+
const expectedSha = process.env.EXPECTED_SHA;
49+
50+
console.log(`Current SHA: ${currentSha}`);
51+
console.log(`Expected PR Head SHA: ${expectedSha}`);
52+
53+
if (currentSha !== expectedSha) {
54+
throw new Error(`Checked out SHA (${currentSha}) does not match PR head SHA (${expectedSha})`);
55+
}
56+
57+
console.log('✓ Verified: Checked out correct PR head SHA');
58+
59+
- name: Assert - Verify not on main branch
60+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
61+
env:
62+
EXPECTED_BRANCH: ${{ steps.pr-info.outputs.head-ref }}
63+
with:
64+
script: |
65+
const { execSync } = require('child_process');
66+
const currentBranch = execSync('git rev-parse --abbrev-ref HEAD').toString().trim();
67+
const expectedBranch = process.env.EXPECTED_BRANCH;
68+
69+
console.log(`Current branch/ref: ${currentBranch}`);
70+
console.log(`Expected branch: ${expectedBranch}`);
71+
72+
if (['HEAD', 'main', 'master'].includes(currentBranch)) {
73+
throw new Error(`Checked out main/master branch instead of PR branch`);
74+
}
75+
76+
console.log('✓ Verified: Not on main/master branch');
77+
78+
- name: Assert - Verify credentials are persisted
79+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
80+
with:
81+
script: |
82+
const { execSync } = require('child_process');
83+
try {
84+
execSync('git config --local --get-regexp "^url\\.https://.*\\.insteadOf"', { stdio: 'pipe' });
85+
console.log('✓ Verified: Credentials are persisted');
86+
} catch (error) {
87+
console.log('WARNING: Token credentials appear not to be persisted');
88+
console.log('This may be expected depending on GitHub token availability in issue_comment context');
89+
}
90+
91+
- name: Info - Display checkout details
92+
if: always()
93+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
94+
with:
95+
script: |
96+
const { execSync } = require('child_process');
97+
console.log('=== Git Status ===');
98+
console.log(execSync('git status').toString());
99+
console.log('');
100+
console.log('=== Git Log (last 3 commits) ===');
101+
console.log(execSync('git log --oneline -3').toString());
Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
name: Internal - Tests for checkout action
2+
3+
on:
4+
workflow_call:
5+
6+
permissions:
7+
contents: read
8+
9+
jobs:
10+
tests:
11+
name: Tests for checkout action
12+
runs-on: ubuntu-latest
13+
steps:
14+
- name: Arrange - Checkout repository using checkout action
15+
id: checkout
16+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
19+
20+
- name: Act - Run custom checkout action with defaults
21+
id: custom-checkout-defaults
22+
uses: ./actions/checkout
23+
24+
- name: Assert - Verify repository is checked out
25+
run: |
26+
if [ ! -d ".git" ]; then
27+
echo "Repository .git directory is missing"
28+
exit 1
29+
fi
30+
31+
if [ ! -f "README.md" ]; then
32+
echo "README.md is missing"
33+
exit 1
34+
fi
35+
36+
- name: Act - Run custom checkout action with fetch-depth 0
37+
id: custom-checkout-full-history
38+
uses: ./actions/checkout
39+
with:
40+
fetch-depth: "0"
41+
42+
- name: Assert - Verify full history is fetched
43+
run: |
44+
# Check that we have commits by counting them
45+
commit_count=$(git rev-list --count HEAD)
46+
if [ "$commit_count" -lt 1 ]; then
47+
echo "No commits found in repository"
48+
exit 1
49+
fi
50+
51+
- name: Act - Run custom checkout action with LFS disabled (default)
52+
id: custom-checkout-no-lfs
53+
uses: ./actions/checkout
54+
with:
55+
lfs: "false"
56+
57+
- name: Assert - Verify checkout succeeded
58+
run: |
59+
if [ ! -f "action.yml" ]; then
60+
echo "action.yml is missing after checkout"
61+
exit 1
62+
fi
63+
64+
- name: Assert - Verify token is not persisted by default
65+
run: |
66+
# When persist-credentials is false, the git config should not have insteadOf
67+
if git config --local --get url.https://github.com/.insteadOf 2>/dev/null; then
68+
echo "Token credentials were persisted when they should not have been"
69+
exit 1
70+
fi

0 commit comments

Comments
 (0)