.

.github/dependabot.yml

@@ -1,20 +0,0 @@
----
-version: 2
-
-updates:
-- package-ecosystem: "npm"
-  directory: "/"
-  schedule:
-    interval: "weekly"
-  groups:
-    minor-npm-dependencies:
-      # NPM: Only group minor and patch updates (we want to carefully review major updates)
-      update-types: [minor, patch]
-- package-ecosystem: "github-actions"
-  directory: "/"
-  schedule:
-    interval: "weekly"
-  groups:
-    minor-actions-dependencies:
-      # GitHub Actions: Only group minor and patch updates (we want to carefully review major updates)
-      update-types: [minor, patch]

.github/workflows/check-dist.yml

@@ -22,10 +22,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v3
 
       - name: Set Node.js 20.x
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v1
         with:
           node-version: 20.x
 
@@ -44,7 +44,7 @@ jobs:
           fi
 
       # If dist/ was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v2
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/codeql-analysis.yml

@@ -39,10 +39,10 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4.1.6
+      uses: actions/checkout@v3
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,4 +55,4 @@ jobs:
     - run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v2

.github/workflows/licensed.yml

@@ -9,6 +9,6 @@ jobs:
     runs-on: ubuntu-latest
     name: Check licenses
     steps:
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v3
       - run: npm ci
       - run: npm run licensed-check

.github/workflows/publish-immutable-actions.yml

@@ -1,20 +0,0 @@
-name: 'Publish Immutable Action Version'
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-
-    steps:
-      - name: Checking out
-        uses: actions/checkout@v4
-      - name: Publish
-        id: publish
-        uses: actions/publish-immutable-action@0.0.3

.github/workflows/test.yml

@@ -7,19 +7,14 @@ on:
       - main
       - releases/*
 
-
-# Note that when you see patterns like "ref: test-data/v2/basic" within this workflow,
-# these refer to "test-data" branches on this actions/checkout repo.
-# (For example, test-data/v2/basic -> https://github.com/actions/checkout/tree/test-data/v2/basic)
-
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v1
         with:
           node-version: 20.x
-      - uses: actions/checkout@v4.1.6
+      - uses: actions/checkout@v3
       - run: npm ci
       - run: npm run build
       - run: npm run format-check
@@ -37,7 +32,7 @@ jobs:
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v3
 
       # Basic checkout
       - name: Checkout basic
@@ -100,16 +95,6 @@ jobs:
       - name: Verify sparse checkout
         run: __test__/verify-sparse-checkout.sh
 
-      # Disabled sparse checkout in existing checkout
-      - name: Disabled sparse checkout
-        uses: ./
-        with:
-          path: sparse-checkout
-
-      - name: Verify disabled sparse checkout
-        shell: bash
-        run: set -x && ls -l sparse-checkout/src/git-command-manager.ts
-
       # Sparse checkout (non-cone mode)
       - name: Sparse checkout (non-cone mode)
         uses: ./
@@ -190,7 +175,7 @@ jobs:
   test-proxy:
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/actions/test-ubuntu-git:main.20240221.114913.703z
+      image: alpine/git:latest
       options: --dns 127.0.0.1
     services:
       squid-proxy:
@@ -202,7 +187,7 @@ jobs:
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v3
 
       # Basic checkout using git
       - name: Checkout basic
@@ -234,7 +219,7 @@ jobs:
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v3
 
       # Basic checkout using git
       - name: Checkout basic
@@ -257,20 +242,20 @@ jobs:
           path: basic
       - name: Verify basic
         run: __test__/verify-basic.sh --archive
-
+    
   test-git-container:
     runs-on: ubuntu-latest
     container: bitnami/git:latest
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v4.1.6
+        uses: actions/checkout@v3
         with:
-          path: localClone
+          path: v3
 
       # Basic checkout using git
       - name: Checkout basic
-        uses: ./localClone
+        uses: ./v3
         with:
           ref: test-data/v2/basic
       - name: Verify basic
@@ -291,41 +276,7 @@ jobs:
           git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
 
       # needed to make checkout post cleanup succeed
-      - name: Fix Checkout v4
-        uses: actions/checkout@v4.1.6
+      - name: Fix Checkout v3
+        uses: actions/checkout@v3
         with:
-          path: localClone
-
-  test-output:
-    runs-on: ubuntu-latest
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v4.1.6
-
-      # Basic checkout using git
-      - name: Checkout basic
-        id: checkout
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-
-      # Verify output
-      - name: Verify output
-        run: |
-          echo "Commit: ${{ steps.checkout.outputs.commit }}"
-          echo "Ref: ${{ steps.checkout.outputs.ref }}"
-
-          if [ "${{ steps.checkout.outputs.ref }}" != "test-data/v2/basic" ]; then
-            echo "Expected ref to be test-data/v2/basic"
-            exit 1
-          fi
-
-          if [ "${{ steps.checkout.outputs.commit }}" != "82f71901cf8c021332310dcc8cdba84c4193ff5d" ]; then
-            echo "Expected commit to be 82f71901cf8c021332310dcc8cdba84c4193ff5d"
-            exit 1
-          fi
-
-      # needed to make checkout post cleanup succeed
-      - name: Fix Checkout
-        uses: actions/checkout@v4.1.6
+          path: v3

.github/workflows/update-main-version.yml

@@ -19,16 +19,13 @@ jobs:
   tag:
     runs-on: ubuntu-latest
     steps:
-    # Note this update workflow can also be used as a rollback tool.
-    # For that reason, it's best to pin `actions/checkout` to a known, stable version
-    # (typically, about two releases back).
-    - uses: actions/checkout@v4.1.6
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
     - name: Git config
       run: |
-        git config user.name "github-actions[bot]"
-        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+        git config user.name github-actions
+        git config user.email github-actions@github.com
     - name: Tag new target
       run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
     - name: Push new tag

.github/workflows/update-test-ubuntu-git.yml

@@ -1,59 +0,0 @@
-name: Publish test-ubuntu-git Container
-
-on:
-  # Use an on demand workflow trigger.  
-  # (Forked copies of actions/checkout won't have permission to update GHCR.io/actions, 
-  #  so avoid trigger events that run automatically.)
-  workflow_dispatch:
-    inputs:
-      publish:
-        description:  'Publish to ghcr.io? (main branch only)'
-        type: boolean
-        required: true
-        default: false
-
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: actions/test-ubuntu-git
-
-jobs:
-  build-and-push-image:
-    runs-on: ubuntu-latest
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
-    permissions:
-      contents: read
-      packages: write
- 
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      # Use `docker/login-action` to log in to GHCR.io. 
-      # Once published, the packages are scoped to the account defined here.
-      - name: Log in to the ghcr.io container registry
-        uses: docker/login-action@v3.3.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Format Timestamp
-        id: timestamp
-        # Use `date` with a custom format to achieve the key=value format GITHUB_OUTPUT expects.
-        run: date -u "+now=%Y%m%d.%H%M%S.%3NZ" >> "$GITHUB_OUTPUT"
-
-      - name: Issue Image Publish Warning
-        if:  ${{ inputs.publish && github.ref_name != 'main' }}
-        run: echo "::warning::test-ubuntu-git images can only be published from the actions/checkout 'main' branch.  Workflow will continue with push/publish disabled."
-
-      # Use `docker/build-push-action` to build (and optionally publish) the image. 
-      - name: Build Docker Image (with optional Push)
-        uses: docker/build-push-action@v6.5.0
-        with:
-          context: .
-          file: images/test-ubuntu-git.Dockerfile
-          # For now, attempts to push to ghcr.io must target the `main` branch.
-          # In the future, consider also allowing attempts from `releases/*` branches.
-          push: ${{ inputs.publish && github.ref_name == 'main' }}
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}.${{ steps.timestamp.outputs.now }}

CHANGELOG.md

@@ -1,51 +1,5 @@
 # Changelog
 
-## v4.2.2
-* `url-helper.ts` now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
-* Expand unit test coverage for `isGhes` by @jww3 in https://github.com/actions/checkout/pull/1946
-
-## v4.2.1
-* Check out other refs/* by commit if provided, fall back to ref by @orhantoy in https://github.com/actions/checkout/pull/1924
-
-## v4.2.0
-
-* Add Ref and Commit outputs by @lucacome in https://github.com/actions/checkout/pull/1180
-* Dependency updates by @dependabot- https://github.com/actions/checkout/pull/1777, https://github.com/actions/checkout/pull/1872
-
-## v4.1.7
-* Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in https://github.com/actions/checkout/pull/1739
-* Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/actions/checkout/pull/1697
-* Check out other refs/* by commit by @orhantoy in https://github.com/actions/checkout/pull/1774
-* Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in https://github.com/actions/checkout/pull/1776
-
-## v4.1.6
-* Check platform to set archive extension appropriately by @cory-miller in https://github.com/actions/checkout/pull/1732
-
-## v4.1.5
-* Update NPM dependencies by @cory-miller in https://github.com/actions/checkout/pull/1703
-* Bump github/codeql-action from 2 to 3 by @dependabot in https://github.com/actions/checkout/pull/1694
-* Bump actions/setup-node from 1 to 4 by @dependabot in https://github.com/actions/checkout/pull/1696
-* Bump actions/upload-artifact from 2 to 4 by @dependabot in https://github.com/actions/checkout/pull/1695
-* README: Suggest `user.email` to be `41898282+github-actions[bot]@users.noreply.github.com` by @cory-miller in https://github.com/actions/checkout/pull/1707
-
-## v4.1.4
-- Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by @jww3 in https://github.com/actions/checkout/pull/1692
-- Add dependabot config by @cory-miller in https://github.com/actions/checkout/pull/1688
-- Bump the minor-actions-dependencies group with 2 updates by @dependabot in https://github.com/actions/checkout/pull/1693
-- Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in https://github.com/actions/checkout/pull/1643
-
-## v4.1.3
-- Check git version before attempting to disable `sparse-checkout` by @jww3 in https://github.com/actions/checkout/pull/1656
-- Add SSH user parameter by @cory-miller in https://github.com/actions/checkout/pull/1685
-- Update `actions/checkout` version in `update-main-version.yml` by @jww3 in https://github.com/actions/checkout/pull/1650
-
-## v4.1.2
-- Fix: Disable sparse checkout whenever `sparse-checkout` option is not present @dscho in https://github.com/actions/checkout/pull/1598
-
-## v4.1.1
-- Correct link to GitHub Docs by @peterbe in https://github.com/actions/checkout/pull/1511
-- Link to release page from what's new section by @cory-miller in https://github.com/actions/checkout/pull/1514
-
 ## v4.1.0
 - [Add support for partial checkout filters](https://github.com/actions/checkout/pull/1396)
 

CODEOWNERS

@@ -1 +1 @@
-* @actions/actions-launch
+* @actions/actions-runtime

README.md

@@ -4,7 +4,7 @@
 
 This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
 
-Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://docs.github.com/actions/using-workflows/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
+Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
 
 The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
 
@@ -12,7 +12,9 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
 
 # What's new
 
-Please refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.
+- Updated default runtime to node20
+  - This requires a minimum Actions Runner version of [v2.308.0](https://github.com/actions/runner/releases/tag/v2.308.0).
+- Added support for fetching without the `--progress` option
 
 # Usage
 
@@ -62,11 +64,6 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
     # Default: true
     ssh-strict: ''
 
-    # The user to use when connecting to the remote SSH host. By default 'git' is
-    # used.
-    # Default: git
-    ssh-user: ''
-
     # Whether to configure the token or SSH key with the local git config
     # Default: true
     persist-credentials: ''
@@ -143,7 +140,6 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 - [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
 - [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
 - [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
-- [Push a commit to a PR using the built-in token](#Push-a-commit-to-a-PR-using-the-built-in-token)
 
 ## Fetch only the root files
 
@@ -212,7 +208,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
     repository: my-org/my-tools
     path: my-tools
 ```
-> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
+> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 
 ## Checkout multiple repos (nested)
 
@@ -226,7 +222,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
     repository: my-org/my-tools
     path: my-tools
 ```
-> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
+> - If your secondary repository is private you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 
 ## Checkout multiple repos (private)
 
@@ -280,39 +276,12 @@ jobs:
       - uses: actions/checkout@v4
       - run: |
           date > generated.txt
-          # Note: the following account information will not work on GHES
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config user.name github-actions
+          git config user.email github-actions@github.com
           git add .
           git commit -m "generated"
           git push
 ```
-*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
-
-## Push a commit to a PR using the built-in token
-
-In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesn’t check out your branch by default.
-
-```yaml
-on: pull_request
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
-      - run: |
-          date > generated.txt
-          # Note: the following account information will not work on GHES
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git add .
-          git commit -m "generated"
-          git push
-```
-*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
-
 
 # License
 

__test__/git-auth-helper.test.ts

@@ -727,7 +727,6 @@ async function setup(testName: string): Promise<void> {
     branchDelete: jest.fn(),
     branchExists: jest.fn(),
     branchList: jest.fn(),
-    disableSparseCheckout: jest.fn(),
     sparseCheckout: jest.fn(),
     sparseCheckoutNonConeMode: jest.fn(),
     checkout: jest.fn(),
@@ -796,8 +795,7 @@ async function setup(testName: string): Promise<void> {
     ),
     tryDisableAutomaticGarbageCollection: jest.fn(),
     tryGetFetchUrl: jest.fn(),
-    tryReset: jest.fn(),
-    version: jest.fn()
+    tryReset: jest.fn()
   }
 
   settings = {
@@ -821,7 +819,6 @@ async function setup(testName: string): Promise<void> {
     sshKey: sshPath ? 'some ssh private key' : '',
     sshKnownHosts: '',
     sshStrict: true,
-    sshUser: '',
     workflowOrganizationId: 123456,
     setSafeDirectory: true,
     githubServerUrl: githubServerUrl

__test__/git-directory-helper.test.ts

@@ -462,7 +462,6 @@ async function setup(testName: string): Promise<void> {
     branchList: jest.fn(async () => {
       return []
     }),
-    disableSparseCheckout: jest.fn(),
     sparseCheckout: jest.fn(),
     sparseCheckoutNonConeMode: jest.fn(),
     checkout: jest.fn(),
@@ -501,7 +500,6 @@ async function setup(testName: string): Promise<void> {
     }),
     tryReset: jest.fn(async () => {
       return true
-    }),
-    version: jest.fn()
+    })
   }
 }

__test__/git-version.test.ts

@@ -1,5 +1,4 @@
-import {GitVersion} from '../src/git-version'
-import {MinimumGitSparseCheckoutVersion} from '../src/git-command-manager'
+import {GitVersion} from '../lib/git-version'
 
 describe('git-version tests', () => {
   it('basics', async () => {
@@ -43,44 +42,4 @@ describe('git-version tests', () => {
     expect(version.checkMinimum(new GitVersion('5.1'))).toBeFalsy()
     expect(version.checkMinimum(new GitVersion('5.1.2'))).toBeFalsy()
   })
-
-  it('sparse checkout', async () => {
-    const minSparseVer = MinimumGitSparseCheckoutVersion
-    expect(new GitVersion('1.0').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('1.99').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.0').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.24').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.24.0').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.24.9').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.25').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.25.0').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.25.1').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.25.9').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.26').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.26.0').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.26.1').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.26.9').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.27').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.27.0').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.27.1').checkMinimum(minSparseVer)).toBeFalsy()
-    expect(new GitVersion('2.27.9').checkMinimum(minSparseVer)).toBeFalsy()
-    //                             /---------------------------------------
-    //         ^^^ before         /         after vvv
-    // --------------------------/
-    expect(new GitVersion('2.28').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.28.0').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.28.1').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.28.9').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.29').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.29.0').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.29.1').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.29.9').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('2.99').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('3.0').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('3.99').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('4.0').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('4.99').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('5.0').checkMinimum(minSparseVer)).toBeTruthy()
-    expect(new GitVersion('5.99').checkMinimum(minSparseVer)).toBeTruthy()
-  })
 })

__test__/ref-helper.test.ts

@@ -67,26 +67,6 @@ describe('ref-helper tests', () => {
     expect(checkoutInfo.startPoint).toBeFalsy()
   })
 
-  it('getCheckoutInfo refs/', async () => {
-    const checkoutInfo = await refHelper.getCheckoutInfo(
-      git,
-      'refs/gh/queue/main/pr-123',
-      commit
-    )
-    expect(checkoutInfo.ref).toBe(commit)
-    expect(checkoutInfo.startPoint).toBeFalsy()
-  })
-
-  it('getCheckoutInfo refs/ without commit', async () => {
-    const checkoutInfo = await refHelper.getCheckoutInfo(
-      git,
-      'refs/non-standard-ref',
-      ''
-    )
-    expect(checkoutInfo.ref).toBe('refs/non-standard-ref')
-    expect(checkoutInfo.startPoint).toBeFalsy()
-  })
-
   it('getCheckoutInfo unqualified branch only', async () => {
     git.branchExists = jest.fn(async (remote: boolean, pattern: string) => {
       return true

__test__/url-helper.test.ts

@@ -1,92 +0,0 @@
-import * as urlHelper from '../src/url-helper'
-
-describe('getServerUrl tests', () => {
-  it('basics', async () => {
-    // Note that URL::toString will append a trailing / when passed just a domain name ...
-    expect(urlHelper.getServerUrl().toString()).toBe('https://github.com/')
-    expect(urlHelper.getServerUrl(' ').toString()).toBe('https://github.com/')
-    expect(urlHelper.getServerUrl('   ').toString()).toBe('https://github.com/')
-    expect(urlHelper.getServerUrl('http://contoso.com').toString()).toBe(
-      'http://contoso.com/'
-    )
-    expect(urlHelper.getServerUrl('https://contoso.com').toString()).toBe(
-      'https://contoso.com/'
-    )
-    expect(urlHelper.getServerUrl('https://contoso.com/').toString()).toBe(
-      'https://contoso.com/'
-    )
-
-    // ... but can't make that same assumption when passed an URL that includes some deeper path.
-    expect(urlHelper.getServerUrl('https://contoso.com/a/b').toString()).toBe(
-      'https://contoso.com/a/b'
-    )
-  })
-})
-
-describe('isGhes tests', () => {
-  const pristineEnv = process.env
-
-  beforeEach(() => {
-    jest.resetModules()
-    process.env = {...pristineEnv}
-  })
-
-  afterAll(() => {
-    process.env = pristineEnv
-  })
-
-  it('basics', async () => {
-    delete process.env['GITHUB_SERVER_URL']
-    expect(urlHelper.isGhes()).toBeFalsy()
-    expect(urlHelper.isGhes('https://github.com')).toBeFalsy()
-    expect(urlHelper.isGhes('https://contoso.ghe.com')).toBeFalsy()
-    expect(urlHelper.isGhes('https://test.github.localhost')).toBeFalsy()
-    expect(urlHelper.isGhes('https://src.onpremise.fabrikam.com')).toBeTruthy()
-  })
-
-  it('returns false when the GITHUB_SERVER_URL environment variable is not defined', async () => {
-    delete process.env['GITHUB_SERVER_URL']
-    expect(urlHelper.isGhes()).toBeFalsy()
-  })
-
-  it('returns false when the GITHUB_SERVER_URL environment variable is set to github.com', async () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://github.com'
-    expect(urlHelper.isGhes()).toBeFalsy()
-  })
-
-  it('returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL', async () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://contoso.ghe.com'
-    expect(urlHelper.isGhes()).toBeFalsy()
-  })
-
-  it('returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix', async () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://mock-github.localhost'
-    expect(urlHelper.isGhes()).toBeFalsy()
-  })
-
-  it('returns true when the GITHUB_SERVER_URL environment variable is set to some other URL', async () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://src.onpremise.fabrikam.com'
-    expect(urlHelper.isGhes()).toBeTruthy()
-  })
-})
-
-describe('getServerApiUrl tests', () => {
-  it('basics', async () => {
-    expect(urlHelper.getServerApiUrl()).toBe('https://api.github.com')
-    expect(urlHelper.getServerApiUrl('https://github.com')).toBe(
-      'https://api.github.com'
-    )
-    expect(urlHelper.getServerApiUrl('https://GitHub.com')).toBe(
-      'https://api.github.com'
-    )
-    expect(urlHelper.getServerApiUrl('https://contoso.ghe.com')).toBe(
-      'https://api.contoso.ghe.com'
-    )
-    expect(urlHelper.getServerApiUrl('https://fabrikam.GHE.COM')).toBe(
-      'https://api.fabrikam.ghe.com'
-    )
-    expect(
-      urlHelper.getServerApiUrl('https://src.onpremise.fabrikam.com')
-    ).toBe('https://src.onpremise.fabrikam.com/api/v3')
-  })
-})

__test__/verify-basic.sh

@@ -18,20 +18,6 @@ else
     exit 1
   fi
 
-  # Verify that sparse-checkout is disabled.
-  SPARSE_CHECKOUT_ENABLED=$(git -C ./basic config --local --get-all core.sparseCheckout)
-  if [ "$SPARSE_CHECKOUT_ENABLED" != "" ]; then
-    echo "Expected sparse-checkout to be disabled (discovered: $SPARSE_CHECKOUT_ENABLED)"
-    exit 1
-  fi
-
-  # Verify git configuration shows worktreeConfig is effectively disabled
-  WORKTREE_CONFIG_ENABLED=$(git -C ./basic config --local --get-all extensions.worktreeConfig)
-  if [[ "$WORKTREE_CONFIG_ENABLED" != "" ]]; then
-    echo "Expected extensions.worktreeConfig (boolean) to be disabled in git config.  This could be an artifact of sparse checkout functionality."
-    exit 1
-  fi
-
   # Verify auth token
   cd basic
   git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main

action.yml

@@ -45,10 +45,6 @@ inputs:
       and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to
       configure additional hosts.
     default: true
-  ssh-user:
-    description: >
-      The user to use when connecting to the remote SSH host. By default 'git' is used.
-    default: git
   persist-credentials:
     description: 'Whether to configure the token or SSH key with the local git config'
     default: true
@@ -98,11 +94,6 @@ inputs:
   github-server-url:
     description: The base URL for the GitHub instance that you are trying to clone from, will use environment defaults to fetch from the same instance that the workflow is running from unless specified. Example URLs are https://github.com or https://my-ghes-server.example.com
     required: false
-outputs:
-  ref:
-    description: 'The branch, tag or SHA that was checked out'
-  commit:
-    description: 'The commit SHA that was checked out'
 runs:
   using: node20
   main: dist/index.js

images/test-ubuntu-git.Dockerfile

@@ -1,12 +0,0 @@
-# Defines the test-ubuntu-git Container Image.
-# Consumed by actions/checkout CI/CD validation workflows.
-
-FROM ubuntu:latest
-
-RUN apt update
-RUN apt install -y git
-
-LABEL org.opencontainers.image.title="Ubuntu + git (validation image)"
-LABEL org.opencontainers.image.description="Ubuntu image with git pre-installed. Intended primarily for testing `actions/checkout` during CI/CD workflows."
-LABEL org.opencontainers.image.documentation="https://github.com/actions/checkout/tree/main/images/test-ubuntu-git.md"
-LABEL org.opencontainers.image.licenses=MIT

images/test-ubuntu-git.md

@@ -1,15 +0,0 @@
-# `test-ubuntu-git` Container Image
-
-[![Publish test-ubuntu-git Container](https://github.com/actions/checkout/actions/workflows/update-test-ubuntu-git.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/update-test-ubuntu-git.yml)
-
-## Purpose
-
-`test-ubuntu-git` is a container image hosted on the GitHub Container Registry, `ghcr.io`.  
-
-It is intended primarily for testing the [`actions/checkout` repository](https://github.com/actions/checkout) as part of `actions/checkout`'s CI/CD workflows.
-
-The composition of `test-ubuntu-git` is intentionally minimal.  It is comprised of [git](https://git-scm.com/) installed on top of a [base-level ubuntu image](https://hub.docker.com/_/ubuntu/tags).
-
-# License
-
-`test-ubuntu-git` is released under the [MIT License](/LICENSE).

jest.config.js

@@ -1,6 +1,5 @@
 module.exports = {
   clearMocks: true,
-  fakeTimers: {},
   moduleFileExtensions: ['js', 'ts'],
   testEnvironment: 'node',
   testMatch: ['**/*.test.ts'],

package.json

@@ -1,6 +1,6 @@
 {
   "name": "checkout",
-  "version": "4.2.2",
+  "version": "4.1.0",
   "description": "checkout action",
   "main": "lib/main.js",
   "scripts": {
@@ -30,26 +30,26 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
-    "@actions/github": "^6.0.0",
+    "@actions/github": "file:actions-github-6.0.2.tgz",
     "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.1",
-    "uuid": "^9.0.1"
+    "uuid": "^3.3.3"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.12",
-    "@types/node": "^20.12.12",
-    "@types/uuid": "^9.0.8",
-    "@typescript-eslint/eslint-plugin": "^7.9.0",
-    "@typescript-eslint/parser": "^7.9.0",
-    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.57.0",
-    "eslint-plugin-github": "^4.10.2",
-    "eslint-plugin-jest": "^28.8.2",
+    "@types/jest": "^29.5.5",
+    "@types/node": "^20.8.2",
+    "@types/uuid": "^3.4.6",
+    "@typescript-eslint/eslint-plugin": "^6.7.4",
+    "@typescript-eslint/parser": "^6.7.4",
+    "@vercel/ncc": "^0.38.0",
+    "eslint": "^8.50.0",
+    "eslint-plugin-github": "^4.10.1",
+    "eslint-plugin-jest": "^27.4.2",
     "jest": "^29.7.0",
     "jest-circus": "^29.7.0",
-    "js-yaml": "^4.1.0",
-    "prettier": "^3.3.3",
-    "ts-jest": "^29.2.5",
-    "typescript": "^5.5.4"
+    "js-yaml": "^3.13.1",
+    "prettier": "^3.0.3",
+    "ts-jest": "^29.1.1",
+    "typescript": "^5.2.2"
   }
 }

src/git-auth-helper.ts

@@ -8,7 +8,7 @@ import * as path from 'path'
 import * as regexpHelper from './regexp-helper'
 import * as stateHelper from './state-helper'
 import * as urlHelper from './url-helper'
-import {v4 as uuid} from 'uuid'
+import {default as uuid} from 'uuid/v4'
 import {IGitCommandManager} from './git-command-manager'
 import {IGitSourceSettings} from './git-source-settings'
 

src/git-command-manager.ts

@@ -11,15 +11,12 @@ import {GitVersion} from './git-version'
 
 // Auth header not supported before 2.9
 // Wire protocol v2 not supported before 2.18
-// sparse-checkout not [well-]supported before 2.28 (see https://github.com/actions/checkout/issues/1386)
 export const MinimumGitVersion = new GitVersion('2.18')
-export const MinimumGitSparseCheckoutVersion = new GitVersion('2.28')
 
 export interface IGitCommandManager {
   branchDelete(remote: boolean, branch: string): Promise<void>
   branchExists(remote: boolean, pattern: string): Promise<boolean>
   branchList(remote: boolean): Promise<string[]>
-  disableSparseCheckout(): Promise<void>
   sparseCheckout(sparseCheckout: string[]): Promise<void>
   sparseCheckoutNonConeMode(sparseCheckout: string[]): Promise<void>
   checkout(ref: string, startPoint: string): Promise<void>
@@ -62,7 +59,6 @@ export interface IGitCommandManager {
   tryDisableAutomaticGarbageCollection(): Promise<boolean>
   tryGetFetchUrl(): Promise<string>
   tryReset(): Promise<boolean>
-  version(): Promise<GitVersion>
 }
 
 export async function createCommandManager(
@@ -86,7 +82,6 @@ class GitCommandManager {
   private lfs = false
   private doSparseCheckout = false
   private workingDirectory = ''
-  private gitVersion: GitVersion = new GitVersion()
 
   // Private constructor; use createCommandManager()
   private constructor() {}
@@ -176,12 +171,6 @@ class GitCommandManager {
     return result
   }
 
-  async disableSparseCheckout(): Promise<void> {
-    await this.execGit(['sparse-checkout', 'disable'])
-    // Disabling 'sparse-checkout` leaves behind an undesirable side-effect in config (even in a pristine environment).
-    await this.tryConfigUnset('extensions.worktreeConfig', false)
-  }
-
   async sparseCheckout(sparseCheckout: string[]): Promise<void> {
     await this.execGit(['sparse-checkout', 'set', ...sparseCheckout])
   }
@@ -486,10 +475,6 @@ class GitCommandManager {
     return output.exitCode === 0
   }
 
-  async version(): Promise<GitVersion> {
-    return this.gitVersion
-  }
-
   static async createCommandManager(
     workingDirectory: string,
     lfs: boolean,
@@ -566,23 +551,23 @@ class GitCommandManager {
 
     // Git version
     core.debug('Getting git version')
-    this.gitVersion = new GitVersion()
+    let gitVersion = new GitVersion()
     let gitOutput = await this.execGit(['version'])
     let stdout = gitOutput.stdout.trim()
     if (!stdout.includes('\n')) {
       const match = stdout.match(/\d+\.\d+(\.\d+)?/)
       if (match) {
-        this.gitVersion = new GitVersion(match[0])
+        gitVersion = new GitVersion(match[0])
       }
     }
-    if (!this.gitVersion.isValid()) {
+    if (!gitVersion.isValid()) {
       throw new Error('Unable to determine git version')
     }
 
     // Minimum git version
-    if (!this.gitVersion.checkMinimum(MinimumGitVersion)) {
+    if (!gitVersion.checkMinimum(MinimumGitVersion)) {
       throw new Error(
-        `Minimum required git version is ${MinimumGitVersion}. Your git ('${this.gitPath}') is ${this.gitVersion}`
+        `Minimum required git version is ${MinimumGitVersion}. Your git ('${this.gitPath}') is ${gitVersion}`
       )
     }
 
@@ -616,14 +601,16 @@ class GitCommandManager {
 
     this.doSparseCheckout = doSparseCheckout
     if (this.doSparseCheckout) {
-      if (!this.gitVersion.checkMinimum(MinimumGitSparseCheckoutVersion)) {
+      // The `git sparse-checkout` command was introduced in Git v2.25.0
+      const minimumGitSparseCheckoutVersion = new GitVersion('2.25')
+      if (!gitVersion.checkMinimum(minimumGitSparseCheckoutVersion)) {
         throw new Error(
-          `Minimum Git version required for sparse checkout is ${MinimumGitSparseCheckoutVersion}. Your git ('${this.gitPath}') is ${this.gitVersion}`
+          `Minimum Git version required for sparse checkout is ${minimumGitSparseCheckoutVersion}. Your git ('${this.gitPath}') is ${gitVersion}`
         )
       }
     }
     // Set the user agent
-    const gitHttpUserAgent = `git/${this.gitVersion} (github-actions-checkout)`
+    const gitHttpUserAgent = `git/${gitVersion} (github-actions-checkout)`
     core.debug(`Set git useragent to: ${gitHttpUserAgent}`)
     this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent
   }

src/git-source-provider.ts

@@ -9,10 +9,7 @@ import * as path from 'path'
 import * as refHelper from './ref-helper'
 import * as stateHelper from './state-helper'
 import * as urlHelper from './url-helper'
-import {
-  MinimumGitSparseCheckoutVersion,
-  IGitCommandManager
-} from './git-command-manager'
+import {IGitCommandManager} from './git-command-manager'
 import {IGitSourceSettings} from './git-source-settings'
 
 export async function getSource(settings: IGitSourceSettings): Promise<void> {
@@ -211,13 +208,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
     }
 
     // Sparse checkout
-    if (!settings.sparseCheckout) {
-      let gitVersion = await git.version()
-      // no need to disable sparse-checkout if the installed git runtime doesn't even support it.
-      if (gitVersion.checkMinimum(MinimumGitSparseCheckoutVersion)) {
-        await git.disableSparseCheckout()
-      }
-    } else {
+    if (settings.sparseCheckout) {
       core.startGroup('Setting up sparse checkout')
       if (settings.sparseCheckoutConeMode) {
         await git.sparseCheckout(settings.sparseCheckout)
@@ -261,8 +252,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
     const commitInfo = await git.log1()
 
     // Log commit sha
-    const commitSHA = await git.log1('--format=%H')
-    core.setOutput('commit', commitSHA.trim())
+    await git.log1("--format='%H'")
 
     // Check for incorrect pull request merge commit
     await refHelper.checkCommitInfo(

src/git-source-settings.ts

@@ -94,11 +94,6 @@ export interface IGitSourceSettings {
    */
   sshStrict: boolean
 
-  /**
-   * The SSH user to login as
-   */
-  sshUser: string
-
   /**
    * Indicates whether to persist the credentials on disk to enable scripting authenticated git commands
    */

src/github-api-helper.ts

@@ -6,7 +6,7 @@ import * as io from '@actions/io'
 import * as path from 'path'
 import * as retryHelper from './retry-helper'
 import * as toolCache from '@actions/tool-cache'
-import {v4 as uuid} from 'uuid'
+import {default as uuid} from 'uuid/v4'
 import {getServerApiUrl} from './url-helper'
 
 const IS_WINDOWS = process.platform === 'win32'
@@ -35,9 +35,7 @@ export async function downloadRepository(
   // Write archive to disk
   core.info('Writing archive to disk')
   const uniqueId = uuid()
-  const archivePath = IS_WINDOWS
-    ? path.join(repositoryPath, `${uniqueId}.zip`)
-    : path.join(repositoryPath, `${uniqueId}.tar.gz`)
+  const archivePath = path.join(repositoryPath, `${uniqueId}.tar.gz`)
   await fs.promises.writeFile(archivePath, archiveData)
   archiveData = Buffer.from('') // Free memory
 

src/input-helper.ts

@@ -143,7 +143,6 @@ export async function getInputs(): Promise<IGitSourceSettings> {
   result.sshKnownHosts = core.getInput('ssh-known-hosts')
   result.sshStrict =
     (core.getInput('ssh-strict') || 'true').toUpperCase() === 'TRUE'
-  result.sshUser = core.getInput('ssh-user')
 
   // Persist credentials
   result.persistCredentials =

src/main.ts

@@ -19,7 +19,6 @@ async function run(): Promise<void> {
 
       // Get sources
       await gitSourceProvider.getSource(sourceSettings)
-      core.setOutput('ref', sourceSettings.ref)
     } finally {
       // Unregister problem matcher
       coreCommand.issueCommand('remove-matcher', {owner: 'checkout-git'}, '')

src/misc/generate-docs.ts

@@ -20,7 +20,7 @@ function updateUsage(
   }
 
   // Load the action.yml
-  const actionYaml = yaml.load(fs.readFileSync(actionYamlPath).toString())
+  const actionYaml = yaml.safeLoad(fs.readFileSync(actionYamlPath).toString())
 
   // Load the README
   const originalReadme = fs.readFileSync(readmePath).toString()

src/ref-helper.ts

@@ -42,12 +42,8 @@ export async function getCheckoutInfo(
     result.ref = `refs/remotes/pull/${branch}`
   }
   // refs/tags/
-  else if (upperRef.startsWith('REFS/TAGS/')) {
-    result.ref = ref
-  }
-  // refs/
   else if (upperRef.startsWith('REFS/')) {
-    result.ref = commit ? commit : ref
+    result.ref = ref
   }
   // Unqualified ref, check for a matching branch or tag
   else {

src/url-helper.ts

@@ -12,8 +12,7 @@ export function getFetchUrl(settings: IGitSourceSettings): string {
   const encodedOwner = encodeURIComponent(settings.repositoryOwner)
   const encodedName = encodeURIComponent(settings.repositoryName)
   if (settings.sshKey) {
-    const user = settings.sshUser.length > 0 ? settings.sshUser : 'git'
-    return `${user}@${serviceUrl.hostname}:${encodedOwner}/${encodedName}.git`
+    return `git@${serviceUrl.hostname}:${encodedOwner}/${encodedName}.git`
   }
 
   // "origin" is SCHEME://HOSTNAME[:PORT]
@@ -21,61 +20,26 @@ export function getFetchUrl(settings: IGitSourceSettings): string {
 }
 
 export function getServerUrl(url?: string): URL {
-  let resolvedUrl = process.env['GITHUB_SERVER_URL'] || 'https://github.com'
-  if (hasContent(url, WhitespaceMode.Trim)) {
-    resolvedUrl = url!
-  }
-
-  return new URL(resolvedUrl)
+  let urlValue =
+    url && url.trim().length > 0
+      ? url
+      : process.env['GITHUB_SERVER_URL'] || 'https://github.com'
+  return new URL(urlValue)
 }
 
 export function getServerApiUrl(url?: string): string {
-  if (hasContent(url, WhitespaceMode.Trim)) {
-    let serverUrl = getServerUrl(url)
-    if (isGhes(url)) {
-      serverUrl.pathname = 'api/v3'
-    } else {
-      serverUrl.hostname = 'api.' + serverUrl.hostname
-    }
+  let apiUrl = 'https://api.github.com'
 
-    return pruneSuffix(serverUrl.toString(), '/')
+  if (isGhes(url)) {
+    const serverUrl = getServerUrl(url)
+    apiUrl = new URL(`${serverUrl.origin}/api/v3`).toString()
   }
 
-  return process.env['GITHUB_API_URL'] || 'https://api.github.com'
+  return apiUrl
 }
 
 export function isGhes(url?: string): boolean {
-  const ghUrl = new URL(
-    url || process.env['GITHUB_SERVER_URL'] || 'https://github.com'
-  )
+  const ghUrl = getServerUrl(url)
 
-  const hostname = ghUrl.hostname.trimEnd().toUpperCase()
-  const isGitHubHost = hostname === 'GITHUB.COM'
-  const isGitHubEnterpriseCloudHost = hostname.endsWith('.GHE.COM')
-  const isLocalHost = hostname.endsWith('.LOCALHOST')
-
-  return !isGitHubHost && !isGitHubEnterpriseCloudHost && !isLocalHost
-}
-
-function pruneSuffix(text: string, suffix: string) {
-  if (hasContent(suffix, WhitespaceMode.Preserve) && text?.endsWith(suffix)) {
-    return text.substring(0, text.length - suffix.length)
-  }
-  return text
-}
-
-enum WhitespaceMode {
-  Trim,
-  Preserve
-}
-
-function hasContent(
-  text: string | undefined,
-  whitespaceMode: WhitespaceMode
-): boolean {
-  let refinedText = text ?? ''
-  if (whitespaceMode == WhitespaceMode.Trim) {
-    refinedText = refinedText.trim()
-  }
-  return refinedText.length > 0
+  return ghUrl.hostname.toUpperCase() !== 'GITHUB.COM'
 }