Bump MinimumGitVersion to 2.28 due to #1386

* Add v4.1.2 and v4.1.1 to CHANGELOG.md
* Bump version in package.json to 4.1.2
* Ran `npm i` to regenerate package-lock.json

.github/workflows/test.yml

@@ -7,6 +7,11 @@ on:
       - main
       - releases/*
 
+
+# Note that when you see patterns like "ref: test-data/v2/basic" within this workflow, 
+# these refer to "test-data" branches on this actions/checkout repo.
+# (For example, test-data/v2/basic -> https://github.com/actions/checkout/tree/test-data/v2/basic)
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -95,6 +100,16 @@ jobs:
       - name: Verify sparse checkout
         run: __test__/verify-sparse-checkout.sh
 
+      # Disabled sparse checkout in existing checkout
+      - name: Disabled sparse checkout
+        uses: ./
+        with:
+          path: sparse-checkout
+
+      - name: Verify disabled sparse checkout
+        shell: bash
+        run: set -x && ls -l sparse-checkout/src/git-command-manager.ts
+
       # Sparse checkout (non-cone mode)
       - name: Sparse checkout (non-cone mode)
         uses: ./
@@ -175,7 +190,7 @@ jobs:
   test-proxy:
     runs-on: ubuntu-latest
     container:
-      image: alpine/git:latest
+      image: ghcr.io/actions/test-ubuntu-git:main.20240221.114913.703z
       options: --dns 127.0.0.1
     services:
       squid-proxy:
@@ -279,4 +294,4 @@ jobs:
       - name: Fix Checkout v3
         uses: actions/checkout@v3
         with:
-          path: v3
+          path: v3

.github/workflows/update-main-version.yml

@@ -19,7 +19,10 @@ jobs:
   tag:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    # Note this update workflow can also be used as a rollback tool.
+    # For that reason, it's best to pin `actions/checkout` to a known, stable version
+    # (typically, about two releases back).
+    - uses: actions/checkout@v4.1.1
       with:
         fetch-depth: 0
     - name: Git config

.github/workflows/update-test-ubuntu-git.yml

@@ -0,0 +1,59 @@
+name: Publish test-ubuntu-git Container
+
+on:
+  # Use an on demand workflow trigger.  
+  # (Forked copies of actions/checkout won't have permission to update GHCR.io/actions, 
+  #  so avoid trigger events that run automatically.)
+  workflow_dispatch:
+    inputs:
+      publish:
+        description:  'Publish to ghcr.io? (main branch only)'
+        type: boolean
+        required: true
+        default: false
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: actions/test-ubuntu-git
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+ 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Use `docker/login-action` to log in to GHCR.io. 
+      # Once published, the packages are scoped to the account defined here.
+      - name: Log in to the ghcr.io container registry
+        uses: docker/login-action@v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Format Timestamp
+        id: timestamp
+        # Use `date` with a custom format to achieve the key=value format GITHUB_OUTPUT expects.
+        run: date -u "+now=%Y%m%d.%H%M%S.%3NZ" >> "$GITHUB_OUTPUT"
+
+      - name: Issue Image Publish Warning
+        if:  ${{ inputs.publish && github.ref_name != 'main' }}
+        run: echo "::warning::test-ubuntu-git images can only be published from the actions/checkout 'main' branch.  Workflow will continue with push/publish disabled."
+
+      # Use `docker/build-push-action` to build (and optionally publish) the image. 
+      - name: Build Docker Image (with optional Push)
+        uses: docker/build-push-action@v5.1.0
+        with:
+          context: .
+          file: images/test-ubuntu-git.Dockerfile
+          # For now, attempts to push to ghcr.io must target the `main` branch.
+          # In the future, consider also allowing attempts from `releases/*` branches.
+          push: ${{ inputs.publish && github.ref_name == 'main' }}
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}.${{ steps.timestamp.outputs.now }}

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## v4.1.2
+- Fix: Disable sparse checkout whenever `sparse-checkout` option is not present @dscho in https://github.com/actions/checkout/pull/1598
+
+## v4.1.1
+- Correct link to GitHub Docs by @peterbe in https://github.com/actions/checkout/pull/1511
+- Link to release page from what's new section by @cory-miller in https://github.com/actions/checkout/pull/1514
+
 ## v4.1.0
 - [Add support for partial checkout filters](https://github.com/actions/checkout/pull/1396)
 

README.md

@@ -8,7 +8,7 @@ Only a single commit is fetched by default, for the ref/SHA that triggered the w
 
 The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
 
-When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
+When Git 2.28 or higher is not in your PATH, falls back to the REST API to download the files.
 
 # What's new
 

__test__/git-auth-helper.test.ts

@@ -727,6 +727,7 @@ async function setup(testName: string): Promise<void> {
     branchDelete: jest.fn(),
     branchExists: jest.fn(),
     branchList: jest.fn(),
+    disableSparseCheckout: jest.fn(),
     sparseCheckout: jest.fn(),
     sparseCheckoutNonConeMode: jest.fn(),
     checkout: jest.fn(),

__test__/git-command-manager.test.ts

@@ -24,7 +24,7 @@ describe('git-auth-helper tests', () => {
       console.log(args, options.listeners.stdout)
 
       if (args.includes('version')) {
-        options.listeners.stdout(Buffer.from('2.18'))
+        options.listeners.stdout(Buffer.from('2.28'))
         return 0
       }
 
@@ -57,7 +57,7 @@ describe('git-auth-helper tests', () => {
       console.log(args, options.listeners.stdout)
 
       if (args.includes('version')) {
-        options.listeners.stdout(Buffer.from('2.18'))
+        options.listeners.stdout(Buffer.from('2.28'))
         return 0
       }
 
@@ -97,7 +97,7 @@ describe('Test fetchDepth and fetchTags options', () => {
       console.log(args, options.listeners.stdout)
 
       if (args.includes('version')) {
-        options.listeners.stdout(Buffer.from('2.18'))
+        options.listeners.stdout(Buffer.from('2.28'))
       }
 
       return 0

__test__/git-directory-helper.test.ts

@@ -462,6 +462,7 @@ async function setup(testName: string): Promise<void> {
     branchList: jest.fn(async () => {
       return []
     }),
+    disableSparseCheckout: jest.fn(),
     sparseCheckout: jest.fn(),
     sparseCheckoutNonConeMode: jest.fn(),
     checkout: jest.fn(),

dist/index.js

@@ -480,7 +480,8 @@ const retryHelper = __importStar(__nccwpck_require__(2155));
 const git_version_1 = __nccwpck_require__(3142);
 // Auth header not supported before 2.9
 // Wire protocol v2 not supported before 2.18
-exports.MinimumGitVersion = new git_version_1.GitVersion('2.18');
+// sparse-checkout not [well-]supported before 2.28 (see https://github.com/actions/checkout/issues/1386)
+exports.MinimumGitVersion = new git_version_1.GitVersion('2.28');
 function createCommandManager(workingDirectory, lfs, doSparseCheckout) {
     return __awaiter(this, void 0, void 0, function* () {
         return yield GitCommandManager.createCommandManager(workingDirectory, lfs, doSparseCheckout);
@@ -523,13 +524,7 @@ class GitCommandManager {
     branchList(remote) {
         return __awaiter(this, void 0, void 0, function* () {
             const result = [];
-            // Note, this implementation uses "rev-parse --symbolic-full-name" because the output from
+            const args = ['rev-parse', '--symbolic'];
-            // "branch --list" is more difficult when in a detached HEAD state.
-            // TODO(https://github.com/actions/checkout/issues/786): this implementation uses
-            // "rev-parse --symbolic-full-name" because there is a bug
-            // in Git 2.18 that causes "rev-parse --symbolic" to output symbolic full names. When
-            // 2.18 is no longer supported, we can switch back to --symbolic.
-            const args = ['rev-parse', '--symbolic-full-name'];
             if (remote) {
                 args.push('--remotes=origin');
             }
@@ -576,6 +571,11 @@ class GitCommandManager {
             return result;
         });
     }
+    disableSparseCheckout() {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.execGit(['sparse-checkout', 'disable']);
+        });
+    }
     sparseCheckout(sparseCheckout) {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.execGit(['sparse-checkout', 'set', ...sparseCheckout]);
@@ -937,13 +937,6 @@ class GitCommandManager {
                 }
             }