Fix the warning from npm:
npm WARN deprecated uuid@3.3.3: Please upgrade to version 7 or higher.
Older versions may use Math.random() in certain circumstances, which is
known to be problematic. See https://v8.dev/blog/math-random for details.
* Improve checkout performance on Windows runners by upgrading @actions/github dependency
Re: https://github.com/actions/checkout/issues/1186
@dscho discovered that the checkout action could stall for a
considerable amount of time on Windows runners waiting for PowerShell
invocations made from 'windows-release' npm package to complete.
Then I studied the dependency chain to figure out where
'windows-release' was imported:
'@actions/checkout'@main
<- '@actions/github'@2.2.0
<- '@octokit/endpoint'@6.0.1
<- '@octokit/graphql'@4.3.1
<- '@octokit/request'@5.4.2
<- '@octokit/rest'@16.43.1
<- 'universal-user-agent'@4.0.1
<- 'os-name'@3.1.0
<- 'windows-release'@3.1.0
'universal-user-agent' package dropped its dependency on 'os-name' in
https://github.com/gr2m/universal-user-agent/releases/tag/v6.0.0 .
'@actions/github' v3 removed dependency on '@octokit/rest'@16.43.1 and
allows users to move away from the old 'universal-user-agent' v4.
(https://github.com/actions/toolkit/pull/453)
This pull request attempts to update the version of '@actions/github'
used in the checkout action to avoid importing 'windows-release'.
Based on testing in my own repositories, I can see an improvement in
reduced wait time between entering the checkout action and git actually
starts to do useful work.
* Update .licenses
* Rebuild index.js
When trying to list local branches to figure out what needs cleaned up during runs on non-ephemeral Actions Runners, we use git rev-parse --symbolic-full-name to get a list of branches. This can lead to ambiguous ref name errors when there are branches and tags with similar names.
Part of the reason we use rev-parse --symbolic-full-name vs git branch --list or git rev-parse --symbolic seems to related to a bug in Git 2.18. Until we can deprecate our usage of Git 2.18, I think we need to keep --symbolic-full-name. Since part of the problem is that these ambiguous ref name errors clog the Actions annotation limits, this is a mitigation to suppress those messages until we can get rid of the workaround.
* wrap pipeline commands for submoduleForeach in quotes
* Update src/git-auth-helper.ts
drop extraneous space.
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* Followed CONTRIBUTING.md instructions, updating dist/index.js
* fixed package-lock.json
* updating the pipeline so it runs from sh
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* Adding the ability to specify the GitHub Server URL and allowing for it to differ from the Actions workflow host
* Adding tests for injecting the GitHub URL
* Addressing code review comments for PR #922
* auth-helper: properly await replacement of the token value in the config
After writing the `.extraheader` config, we manually replace the token
with the actual value. This is done in an `async` function, but we were
not `await`ing the result.
In our tests, this commit fixes a flakiness we observed where
`remote.origin.url` sometimes (very rarely, actually) is not set for
submodules. Our interpretation is that the configs are in the process of
being rewritten with the correct token value _while_ another `git
config` that wants to set the `insteadOf` value is reading the config,
which is currently empty.
A more idiomatic way to fix this in Typescript would use
`Promise.all()`, like this:
await Promise.all(
configPaths.map(async configPath => {
core.debug(`Replacing token placeholder in '${configPath}'`)
await this.replaceTokenPlaceholder(configPath)
})
)
However, during review of https://github.com/actions/checkout/pull/379
it was decided to keep the `for` loop in the interest of simplicity.
Reported by Ian Lynagh.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* downloadRepository(): await the result of recursive deletions
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Ask ESLint to report floating Promises
This rule is quite helpful in avoiding hard-to-debug missing `await`s.
Note: there are two locations in `src/main.ts` that trigger warnings:
the `run()` and the `cleanup()` function are called without `await` and
without any `.catch()` clause.
In the initial version of https://github.com/actions/checkout/pull/379,
this was addressed by adding `.catch()` clauses. However, it was
determined that this is boilerplate code that will need to be fixed in a
broader way.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Rebuild
This trick was brought to you by `npm ci && npm run build`. Needed to
get the PR build to pass.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>