.

.eslintrc.json

@@ -1,6 +1,6 @@
 {
   "plugins": ["jest", "@typescript-eslint"],
-  "extends": ["plugin:github/recommended"],
+  "extends": ["plugin:github/es6"],
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
     "ecmaVersion": 9,
@@ -16,9 +16,13 @@
     "@typescript-eslint/no-require-imports": "error",
     "@typescript-eslint/array-type": "error",
     "@typescript-eslint/await-thenable": "error",
+    "@typescript-eslint/ban-ts-ignore": "error",
     "camelcase": "off",
+    "@typescript-eslint/camelcase": "error",
+    "@typescript-eslint/class-name-casing": "error",
     "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
     "@typescript-eslint/func-call-spacing": ["error", "never"],
+    "@typescript-eslint/generic-type-naming": ["error", "^[A-Z][A-Za-z]*$"],
     "@typescript-eslint/no-array-constructor": "error",
     "@typescript-eslint/no-empty-interface": "error",
     "@typescript-eslint/no-explicit-any": "error",
@@ -29,6 +33,7 @@
     "@typescript-eslint/no-misused-new": "error",
     "@typescript-eslint/no-namespace": "error",
     "@typescript-eslint/no-non-null-assertion": "warn",
+    "@typescript-eslint/no-object-literal-type-assertion": "error",
     "@typescript-eslint/no-unnecessary-qualifier": "error",
     "@typescript-eslint/no-unnecessary-type-assertion": "error",
     "@typescript-eslint/no-useless-constructor": "error",
@@ -36,6 +41,7 @@
     "@typescript-eslint/prefer-for-of": "warn",
     "@typescript-eslint/prefer-function-type": "warn",
     "@typescript-eslint/prefer-includes": "error",
+    "@typescript-eslint/prefer-interface": "error",
     "@typescript-eslint/prefer-string-starts-ends-with": "error",
     "@typescript-eslint/promise-function-async": "error",
     "@typescript-eslint/require-array-sort-compare": "error",

.github/workflows/check-dist.yml

@@ -1,51 +0,0 @@
-# `dist/index.js` is a special file in Actions.
-# When you reference an action with `uses:` in a workflow,
-# `index.js` is the code that will run.
-# For our project, we generate this file through a build process
-# from other source files.
-# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
-name: Check dist
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
-
-jobs:
-  check-dist:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Set Node.js 12.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Rebuild the index.js file
-        run: npm run build
-
-      - name: Compare the expected and actual dist/ directories
-        run: |
-          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
-            echo "Detected uncommitted changes after build.  See status below:"
-            git diff
-            exit 1
-          fi
-
-      # If dist/ was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v2
-        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
-        with:
-          name: dist
-          path: dist/

.github/workflows/codeql-analysis.yml

@@ -1,58 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '28 9 * * 0'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    - run: npm ci
-    - run: npm run build
-    - run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows/licensed.yml

@@ -11,4 +11,10 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - run: npm ci
-      - run: npm run licensed-check
+      - name: Install licensed
+        run: |
+          cd $RUNNER_TEMP
+          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
+          sudo tar -xzf licensed.tar.gz
+          sudo mv licensed /usr/local/bin/licensed
+      - run: licensed status

.github/workflows/test.yml

@@ -205,41 +205,3 @@ jobs:
           path: basic
       - name: Verify basic
         run: __test__/verify-basic.sh --archive
-    
-  test-git-container:
-    runs-on: ubuntu-latest
-    container: bitnami/git:latest
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          path: v3
-
-      # Basic checkout using git
-      - name: Checkout basic
-        uses: ./v3
-        with:
-          ref: test-data/v2/basic
-      - name: Verify basic
-        run: |
-          if [ ! -f "./basic-file.txt" ]; then
-              echo "Expected basic file does not exist"
-              exit 1
-          fi
-
-          # Verify .git folder
-          if [ ! -d "./.git" ]; then
-            echo "Expected ./.git folder to exist"
-            exit 1
-          fi
-
-          # Verify auth token
-          git config --global --add safe.directory "*"
-          git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
-
-      # needed to make checkout post cleanup succeed
-      - name: Fix Checkout v3
-        uses: actions/checkout@v3
-        with:
-          path: v3

.gitignore

@@ -1,4 +1,3 @@
 __test__/_temp
-_temp/
 lib/
 node_modules/

CHANGELOG.md

@@ -1,14 +1,5 @@
 # Changelog
 
-## v2.5.0
-- [Bump @actions/core to v1.10.0](https://github.com/actions/checkout/pull/962)
-
-## v2.4.2
-- [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/776)
-
-## v2.4.1
-- [Set the safe directory option on git to prevent git commands failing when running in containers](https://github.com/actions/checkout/pull/762)
-
 ## v2.3.1
 
 - [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)

README.md

@@ -105,11 +105,6 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
     #
     # Default: false
     submodules: ''
-
-    # Add repository path as safe.directory for Git global config by running `git
-    # config --global --add safe.directory <path>`
-    # Default: true
-    set-safe-directory: ''
 ```
 <!-- end usage -->
 
@@ -190,7 +185,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
   uses: actions/checkout@v2
   with:
     repository: my-org/my-private-tools
-    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
+    token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret that contains your PAT
     path: my-tools
 ```
 

__test__/git-auth-helper.test.ts

@@ -417,7 +417,7 @@ describe('git-auth-helper tests', () => {
           `Did not expect file to exist: '${globalGitConfigPath}'`
         )
       } catch (err) {
-        if ((err as any)?.code !== 'ENOENT') {
+        if (err.code !== 'ENOENT') {
           throw err
         }
       }
@@ -518,17 +518,12 @@ describe('git-auth-helper tests', () => {
       await authHelper.configureSubmoduleAuth()
 
       // Assert
-      expect(mockSubmoduleForeach).toHaveBeenCalledTimes(4)
+      expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3)
       expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
         /unset-all.*insteadOf/
       )
       expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
-      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
+      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/url.*insteadOf/)
-        /url.*insteadOf.*git@github.com:/
-      )
-      expect(mockSubmoduleForeach.mock.calls[3][0]).toMatch(
-        /url.*insteadOf.*org-123456@github.com:/
-      )
     }
   )
 
@@ -606,7 +601,7 @@ describe('git-auth-helper tests', () => {
       await fs.promises.stat(actualKeyPath)
       throw new Error('SSH key should have been deleted')
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -616,7 +611,7 @@ describe('git-auth-helper tests', () => {
       await fs.promises.stat(actualKnownHostsPath)
       throw new Error('SSH known hosts should have been deleted')
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -643,11 +638,10 @@ describe('git-auth-helper tests', () => {
     expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
   })
 
-  const removeGlobalConfig_removesOverride =
+  const removeGlobalAuth_removesOverride = 'removeGlobalAuth removes override'
-    'removeGlobalConfig removes override'
+  it(removeGlobalAuth_removesOverride, async () => {
-  it(removeGlobalConfig_removesOverride, async () => {
     // Arrange
-    await setup(removeGlobalConfig_removesOverride)
+    await setup(removeGlobalAuth_removesOverride)
     const authHelper = gitAuthHelper.createAuthHelper(git, settings)
     await authHelper.configureAuth()
     await authHelper.configureGlobalAuth()
@@ -656,7 +650,7 @@ describe('git-auth-helper tests', () => {
     await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig'))
 
     // Act
-    await authHelper.removeGlobalConfig()
+    await authHelper.removeGlobalAuth()
 
     // Assert
     expect(git.env['HOME']).toBeUndefined()
@@ -664,7 +658,7 @@ describe('git-auth-helper tests', () => {
       await fs.promises.stat(homeOverride)
       throw new Error(`Should have been deleted '${homeOverride}'`)
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -776,9 +770,7 @@ async function setup(testName: string): Promise<void> {
     repositoryPath: '',
     sshKey: sshPath ? 'some ssh private key' : '',
     sshKnownHosts: '',
-    sshStrict: true,
+    sshStrict: true
-    workflowOrganizationId: 123456,
-    setSafeDirectory: true
   }
 }
 

__test__/input-helper.test.ts

@@ -1,9 +1,9 @@
+import * as assert from 'assert'
 import * as core from '@actions/core'
 import * as fsHelper from '../lib/fs-helper'
 import * as github from '@actions/github'
 import * as inputHelper from '../lib/input-helper'
 import * as path from 'path'
-import * as workflowContextHelper from '../lib/workflow-context-helper'
 import {IGitSourceSettings} from '../lib/git-source-settings'
 
 const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
@@ -43,11 +43,6 @@ describe('input-helper tests', () => {
       .spyOn(fsHelper, 'directoryExistsSync')
       .mockImplementation((path: string) => path == gitHubWorkspace)
 
-    // Mock ./workflowContextHelper getOrganizationId()
-    jest
-      .spyOn(workflowContextHelper, 'getOrganizationId')
-      .mockImplementation(() => Promise.resolve(123456))
-
     // GitHub workspace
     process.env['GITHUB_WORKSPACE'] = gitHubWorkspace
   })
@@ -72,8 +67,8 @@ describe('input-helper tests', () => {
     jest.restoreAllMocks()
   })
 
-  it('sets defaults', async () => {
+  it('sets defaults', () => {
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings).toBeTruthy()
     expect(settings.authToken).toBeFalsy()
     expect(settings.clean).toBe(true)
@@ -85,14 +80,13 @@ describe('input-helper tests', () => {
     expect(settings.repositoryName).toBe('some-repo')
     expect(settings.repositoryOwner).toBe('some-owner')
     expect(settings.repositoryPath).toBe(gitHubWorkspace)
-    expect(settings.setSafeDirectory).toBe(true)
   })
 
-  it('qualifies ref', async () => {
+  it('qualifies ref', () => {
     let originalRef = github.context.ref
     try {
       github.context.ref = 'some-unqualified-ref'
-      const settings: IGitSourceSettings = await inputHelper.getInputs()
+      const settings: IGitSourceSettings = inputHelper.getInputs()
       expect(settings).toBeTruthy()
       expect(settings.commit).toBe('1234567890123456789012345678901234567890')
       expect(settings.ref).toBe('refs/heads/some-unqualified-ref')
@@ -101,42 +95,32 @@ describe('input-helper tests', () => {
     }
   })
 
-  it('requires qualified repo', async () => {
+  it('requires qualified repo', () => {
     inputs.repository = 'some-unqualified-repo'
-    try {
+    assert.throws(() => {
-      await inputHelper.getInputs()
+      inputHelper.getInputs()
-      throw 'should not reach here'
+    }, /Invalid repository 'some-unqualified-repo'/)
-    } catch (err) {
-      expect(`(${(err as any).message}`).toMatch(
-        "Invalid repository 'some-unqualified-repo'"
-      )
-    }
   })
 
-  it('roots path', async () => {
+  it('roots path', () => {
     inputs.path = 'some-directory/some-subdirectory'
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings.repositoryPath).toBe(
       path.join(gitHubWorkspace, 'some-directory', 'some-subdirectory')
     )
   })
 
-  it('sets ref to empty when explicit sha', async () => {
+  it('sets ref to empty when explicit sha', () => {
     inputs.ref = '1111111111222222222233333333334444444444'
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings.ref).toBeFalsy()
     expect(settings.commit).toBe('1111111111222222222233333333334444444444')
   })
 
-  it('sets sha to empty when explicit ref', async () => {
+  it('sets sha to empty when explicit ref', () => {
     inputs.ref = 'refs/heads/some-other-ref'
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings.ref).toBe('refs/heads/some-other-ref')
     expect(settings.commit).toBeFalsy()
   })
-
-  it('sets workflow organization ID', async () => {
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
-    expect(settings.workflowOrganizationId).toBe(123456)
-  })
 })

__test__/ref-helper.test.ts

@@ -16,7 +16,7 @@ describe('ref-helper tests', () => {
       await refHelper.getCheckoutInfo(git, 'refs/heads/my/branch', commit)
       throw new Error('Should not reach here')
     } catch (err) {
-      expect((err as any)?.message).toBe('Arg git cannot be empty')
+      expect(err.message).toBe('Arg git cannot be empty')
     }
   })
 
@@ -25,9 +25,7 @@ describe('ref-helper tests', () => {
       await refHelper.getCheckoutInfo(git, '', '')
       throw new Error('Should not reach here')
     } catch (err) {
-      expect((err as any)?.message).toBe(
+      expect(err.message).toBe('Args ref and commit cannot both be empty')
-        'Args ref and commit cannot both be empty'
-      )
     }
   })
 
@@ -104,7 +102,7 @@ describe('ref-helper tests', () => {
       await refHelper.getCheckoutInfo(git, 'my-ref', '')
       throw new Error('Should not reach here')
     } catch (err) {
-      expect((err as any)?.message).toBe(
+      expect(err.message).toBe(
         "A branch or tag with the name 'my-ref' could not be found"
       )
     }

__test__/retry-helper.test.ts

@@ -74,7 +74,7 @@ describe('retry-helper tests', () => {
         throw new Error(`some error ${++attempts}`)
       })
     } catch (err) {
-      error = err as Error
+      error = err
     }
     expect(error.message).toBe('some error 3')
     expect(attempts).toBe(3)

action.yml

@@ -68,9 +68,6 @@ inputs:
       When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
       converted to HTTPS.
     default: false
-  set-safe-directory:
-    description: Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory <path>`
-    default: true
 runs:
   using: node12
   main: dist/index.js

package.json

@@ -8,9 +8,7 @@
     "format": "prettier --write '**/*.ts'",
     "format-check": "prettier --check '**/*.ts'",
     "lint": "eslint src/**/*.ts",
-    "test": "jest",
+    "test": "jest"
-    "licensed-check": "src/misc/licensed-check.sh",
-    "licensed-generate": "src/misc/licensed-generate.sh"
   },
   "repository": {
     "type": "git",
@@ -28,7 +26,7 @@
   },
   "homepage": "https://github.com/actions/checkout#readme",
   "dependencies": {
-    "@actions/core": "^1.10.0",
+    "@actions/core": "^1.1.3",
     "@actions/exec": "^1.0.1",
     "@actions/github": "^2.2.0",
     "@actions/io": "^1.0.1",
@@ -36,19 +34,19 @@
     "uuid": "^3.3.3"
   },
   "devDependencies": {
-    "@types/jest": "^27.0.2",
+    "@types/jest": "^24.0.23",
     "@types/node": "^12.7.12",
     "@types/uuid": "^3.4.6",
-    "@typescript-eslint/parser": "^5.1.0",
+    "@typescript-eslint/parser": "^2.8.0",
     "@zeit/ncc": "^0.20.5",
-    "eslint": "^7.32.0",
+    "eslint": "^5.16.0",
-    "eslint-plugin-github": "^4.3.2",
+    "eslint-plugin-github": "^2.0.0",
-    "eslint-plugin-jest": "^25.2.2",
+    "eslint-plugin-jest": "^22.21.0",
-    "jest": "^27.3.0",
+    "jest": "^24.9.0",
-    "jest-circus": "^27.3.0",
+    "jest-circus": "^24.9.0",
     "js-yaml": "^3.13.1",
     "prettier": "^1.19.1",
-    "ts-jest": "^27.0.7",
+    "ts-jest": "^24.2.0",
-    "typescript": "^4.4.4"
+    "typescript": "^3.6.4"
   }
 }

src/fs-helper.ts

@@ -9,7 +9,7 @@ export function directoryExistsSync(path: string, required?: boolean): boolean {
   try {
     stats = fs.statSync(path)
   } catch (error) {
-    if ((error as any)?.code === 'ENOENT') {
+    if (error.code === 'ENOENT') {
       if (!required) {
         return false
       }
@@ -18,8 +18,7 @@ export function directoryExistsSync(path: string, required?: boolean): boolean {
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
-        ?.message ?? error}`
     )
   }
 
@@ -40,13 +39,12 @@ export function existsSync(path: string): boolean {
   try {
     fs.statSync(path)
   } catch (error) {
-    if ((error as any)?.code === 'ENOENT') {
+    if (error.code === 'ENOENT') {
       return false
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
-        ?.message ?? error}`
     )
   }
 
@@ -62,13 +60,12 @@ export function fileExistsSync(path: string): boolean {
   try {
     stats = fs.statSync(path)
   } catch (error) {
-    if ((error as any)?.code === 'ENOENT') {
+    if (error.code === 'ENOENT') {
       return false
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
-        ?.message ?? error}`
     )
   }
 

src/git-auth-helper.ts

@@ -19,9 +19,8 @@ export interface IGitAuthHelper {
   configureAuth(): Promise<void>
   configureGlobalAuth(): Promise<void>
   configureSubmoduleAuth(): Promise<void>
-  configureTempGlobalConfig(): Promise<string>
   removeAuth(): Promise<void>
-  removeGlobalConfig(): Promise<void>
+  removeGlobalAuth(): Promise<void>
 }
 
 export function createAuthHelper(
@@ -38,7 +37,7 @@ class GitAuthHelper {
   private readonly tokenConfigValue: string
   private readonly tokenPlaceholderConfigValue: string
   private readonly insteadOfKey: string
-  private readonly insteadOfValues: string[] = []
+  private readonly insteadOfValue: string
   private sshCommand = ''
   private sshKeyPath = ''
   private sshKnownHostsPath = ''
@@ -46,7 +45,7 @@ class GitAuthHelper {
 
   constructor(
     gitCommandManager: IGitCommandManager,
-    gitSourceSettings: IGitSourceSettings | undefined
+    gitSourceSettings?: IGitSourceSettings
   ) {
     this.git = gitCommandManager
     this.settings = gitSourceSettings || (({} as unknown) as IGitSourceSettings)
@@ -64,12 +63,7 @@ class GitAuthHelper {
 
     // Instead of SSH URL
     this.insteadOfKey = `url.${serverUrl.origin}/.insteadOf` // "origin" is SCHEME://HOSTNAME[:PORT]
-    this.insteadOfValues.push(`git@${serverUrl.hostname}:`)
+    this.insteadOfValue = `git@${serverUrl.hostname}:`
-    if (this.settings.workflowOrganizationId) {
-      this.insteadOfValues.push(
-        `org-${this.settings.workflowOrganizationId}@github.com:`
-      )
-    }
   }
 
   async configureAuth(): Promise<void> {
@@ -81,11 +75,7 @@ class GitAuthHelper {
     await this.configureToken()
   }
 
-  async configureTempGlobalConfig(): Promise<string> {
+  async configureGlobalAuth(): Promise<void> {
-    // Already setup global config
-    if (this.temporaryHomePath?.length > 0) {
-      return path.join(this.temporaryHomePath, '.gitconfig')
-    }
     // Create a temp home directory
     const runnerTemp = process.env['RUNNER_TEMP'] || ''
     assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
@@ -104,7 +94,7 @@ class GitAuthHelper {
       await fs.promises.stat(gitConfigPath)
       configExists = true
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -115,28 +105,20 @@ class GitAuthHelper {
       await fs.promises.writeFile(newGitConfigPath, '')
     }
 
-    // Override HOME
-    core.info(
-      `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
-    )
-    this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
-
-    return newGitConfigPath
-  }
-
-  async configureGlobalAuth(): Promise<void> {
-    // 'configureTempGlobalConfig' noops if already set, just returns the path
-    const newGitConfigPath = await this.configureTempGlobalConfig()
     try {
+      // Override HOME
+      core.info(
+        `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
+      )
+      this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
+
       // Configure the token
       await this.configureToken(newGitConfigPath, true)
 
       // Configure HTTPS instead of SSH
       await this.git.tryConfigUnset(this.insteadOfKey, true)
       if (!this.settings.sshKey) {
-        for (const insteadOfValue of this.insteadOfValues) {
+        await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
-          await this.git.config(this.insteadOfKey, insteadOfValue, true, true)
-        }
       }
     } catch (err) {
       // Unset in case somehow written to the real global config
@@ -177,12 +159,10 @@ class GitAuthHelper {
         )
       } else {
         // Configure HTTPS instead of SSH
-        for (const insteadOfValue of this.insteadOfValues) {
+        await this.git.submoduleForeach(
-          await this.git.submoduleForeach(
+          `git config --local '${this.insteadOfKey}' '${this.insteadOfValue}'`,
-            `git config --local --add '${this.insteadOfKey}' '${insteadOfValue}'`,
+          this.settings.nestedSubmodules
-            this.settings.nestedSubmodules
+        )
-          )
-        }
       }
     }
   }
@@ -192,12 +172,10 @@ class GitAuthHelper {
     await this.removeToken()
   }
 
-  async removeGlobalConfig(): Promise<void> {
+  async removeGlobalAuth(): Promise<void> {
-    if (this.temporaryHomePath?.length > 0) {
+    core.debug(`Unsetting HOME override`)
-      core.debug(`Unsetting HOME override`)
+    this.git.removeEnvironmentVariable('HOME')
-      this.git.removeEnvironmentVariable('HOME')
+    await io.rmRF(this.temporaryHomePath)
-      await io.rmRF(this.temporaryHomePath)
-    }
   }
 
   private async configureSsh(): Promise<void> {
@@ -235,7 +213,7 @@ class GitAuthHelper {
         await fs.promises.readFile(userKnownHostsPath)
       ).toString()
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -324,7 +302,7 @@ class GitAuthHelper {
       try {
         await io.rmRF(keyPath)
       } catch (err) {
-        core.debug(`${(err as any)?.message ?? err}`)
+        core.debug(err.message)
         core.warning(`Failed to remove SSH key '${keyPath}'`)
       }
     }

src/git-command-manager.ts

@@ -21,8 +21,7 @@ export interface IGitCommandManager {
   config(
     configKey: string,
     configValue: string,
-    globalConfig?: boolean,
+    globalConfig?: boolean
-    add?: boolean
   ): Promise<void>
   configExists(configKey: string, globalConfig?: boolean): Promise<boolean>
   fetch(refSpec: string[], fetchDepth?: number): Promise<void>
@@ -141,15 +140,14 @@ class GitCommandManager {
   async config(
     configKey: string,
     configValue: string,
-    globalConfig?: boolean,
+    globalConfig?: boolean
-    add?: boolean
   ): Promise<void> {
-    const args: string[] = ['config', globalConfig ? '--global' : '--local']
+    await this.execGit([
-    if (add) {
+      'config',
-      args.push('--add')
+      globalConfig ? '--global' : '--local',
-    }
+      configKey,
-    args.push(...[configKey, configValue])
+      configValue
-    await this.execGit(args)
+    ])
   }
 
   async configExists(

src/git-directory-helper.ts

@@ -39,9 +39,7 @@ export async function prepareExistingDirectory(
       try {
         await io.rmRF(lockPath)
       } catch (error) {
-        core.debug(
+        core.debug(`Unable to delete '${lockPath}'. ${error.message}`)
-          `Unable to delete '${lockPath}'. ${(error as any)?.message ?? error}`
-        )
       }
     }
 

src/git-source-provider.ts

@@ -36,94 +36,68 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
   const git = await getGitCommandManager(settings)
   core.endGroup()
 
-  let authHelper: gitAuthHelper.IGitAuthHelper | null = null
+  // Prepare existing directory, otherwise recreate
-  try {
+  if (isExisting) {
-    if (git) {
+    await gitDirectoryHelper.prepareExistingDirectory(
-      authHelper = gitAuthHelper.createAuthHelper(git, settings)
+      git,
-      if (settings.setSafeDirectory) {
+      settings.repositoryPath,
-        // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
+      repositoryUrl,
-        // Otherwise all git commands we run in a container fail
+      settings.clean,
-        await authHelper.configureTempGlobalConfig()
+      settings.ref
-        core.info(
+    )
-          `Adding repository directory to the temporary git global config as a safe directory`
+  }
-        )
 
-        await git
+  if (!git) {
-          .config('safe.directory', settings.repositoryPath, true, true)
+    // Downloading using REST API
-          .catch(error => {
+    core.info(`The repository will be downloaded using the GitHub REST API`)
-            core.info(
+    core.info(
-              `Failed to initialize safe directory with error: ${error}`
+      `To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
-            )
+    )
-          })
+    if (settings.submodules) {
-
+      throw new Error(
-        stateHelper.setSafeDirectory()
+        `Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
-      }
+      )
-    }
+    } else if (settings.sshKey) {
-
+      throw new Error(
-    // Prepare existing directory, otherwise recreate
+        `Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
-    if (isExisting) {
-      await gitDirectoryHelper.prepareExistingDirectory(
-        git,
-        settings.repositoryPath,
-        repositoryUrl,
-        settings.clean,
-        settings.ref
       )
     }
 
-    if (!git) {
+    await githubApiHelper.downloadRepository(
-      // Downloading using REST API
+      settings.authToken,
-      core.info(`The repository will be downloaded using the GitHub REST API`)
+      settings.repositoryOwner,
-      core.info(
+      settings.repositoryName,
-        `To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
+      settings.ref,
-      )
+      settings.commit,
-      if (settings.submodules) {
+      settings.repositoryPath
-        throw new Error(
+    )
-          `Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
+    return
-        )
+  }
-      } else if (settings.sshKey) {
-        throw new Error(
-          `Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
-        )
-      }
 
-      await githubApiHelper.downloadRepository(
+  // Save state for POST action
-        settings.authToken,
+  stateHelper.setRepositoryPath(settings.repositoryPath)
-        settings.repositoryOwner,
-        settings.repositoryName,
-        settings.ref,
-        settings.commit,
-        settings.repositoryPath
-      )
-      return
-    }
 
-    // Save state for POST action
+  // Initialize the repository
-    stateHelper.setRepositoryPath(settings.repositoryPath)
+  if (
-
+    !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
-    // Initialize the repository
+  ) {
-    if (
+    core.startGroup('Initializing the repository')
-      !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
+    await git.init()
-    ) {
+    await git.remoteAdd('origin', repositoryUrl)
-      core.startGroup('Initializing the repository')
-      await git.init()
-      await git.remoteAdd('origin', repositoryUrl)
-      core.endGroup()
-    }
-
-    // Disable automatic garbage collection
-    core.startGroup('Disabling automatic garbage collection')
-    if (!(await git.tryDisableAutomaticGarbageCollection())) {
-      core.warning(
-        `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
-      )
-    }
     core.endGroup()
+  }
 
-    // If we didn't initialize it above, do it now
+  // Disable automatic garbage collection
-    if (!authHelper) {
+  core.startGroup('Disabling automatic garbage collection')
-      authHelper = gitAuthHelper.createAuthHelper(git, settings)
+  if (!(await git.tryDisableAutomaticGarbageCollection())) {
-    }
+    core.warning(
+      `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
+    )
+  }
+  core.endGroup()
+
+  const authHelper = gitAuthHelper.createAuthHelper(git, settings)
+  try {
     // Configure auth
     core.startGroup('Setting up auth')
     await authHelper.configureAuth()
@@ -196,26 +170,34 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
 
     // Submodules
     if (settings.submodules) {
-      // Temporarily override global config
+      try {
-      core.startGroup('Setting up auth for fetching submodules')
+        // Temporarily override global config
-      await authHelper.configureGlobalAuth()
+        core.startGroup('Setting up auth for fetching submodules')
-      core.endGroup()
+        await authHelper.configureGlobalAuth()
-
-      // Checkout submodules
-      core.startGroup('Fetching submodules')
-      await git.submoduleSync(settings.nestedSubmodules)
-      await git.submoduleUpdate(settings.fetchDepth, settings.nestedSubmodules)
-      await git.submoduleForeach(
-        'git config --local gc.auto 0',
-        settings.nestedSubmodules
-      )
-      core.endGroup()
-
-      // Persist credentials
-      if (settings.persistCredentials) {
-        core.startGroup('Persisting credentials for submodules')
-        await authHelper.configureSubmoduleAuth()
         core.endGroup()
+
+        // Checkout submodules
+        core.startGroup('Fetching submodules')
+        await git.submoduleSync(settings.nestedSubmodules)
+        await git.submoduleUpdate(
+          settings.fetchDepth,
+          settings.nestedSubmodules
+        )
+        await git.submoduleForeach(
+          'git config --local gc.auto 0',
+          settings.nestedSubmodules
+        )
+        core.endGroup()
+
+        // Persist credentials
+        if (settings.persistCredentials) {
+          core.startGroup('Persisting credentials for submodules')
+          await authHelper.configureSubmoduleAuth()
+          core.endGroup()
+        }
+      } finally {
+        // Remove temporary global config override
+        await authHelper.removeGlobalAuth()
       }
     }
 
@@ -236,13 +218,10 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
     )
   } finally {
     // Remove auth
-    if (authHelper) {
+    if (!settings.persistCredentials) {
-      if (!settings.persistCredentials) {
+      core.startGroup('Removing auth')
-        core.startGroup('Removing auth')
+      await authHelper.removeAuth()
-        await authHelper.removeAuth()
+      core.endGroup()
-        core.endGroup()
-      }
-      authHelper.removeGlobalConfig()
     }
   }
 }
@@ -265,26 +244,7 @@ export async function cleanup(repositoryPath: string): Promise<void> {
 
   // Remove auth
   const authHelper = gitAuthHelper.createAuthHelper(git)
-  try {
+  await authHelper.removeAuth()
-    if (stateHelper.PostSetSafeDirectory) {
-      // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
-      // Otherwise all git commands we run in a container fail
-      await authHelper.configureTempGlobalConfig()
-      core.info(
-        `Adding repository directory to the temporary git global config as a safe directory`
-      )
-
-      await git
-        .config('safe.directory', repositoryPath, true, true)
-        .catch(error => {
-          core.info(`Failed to initialize safe directory with error: ${error}`)
-        })
-    }
-
-    await authHelper.removeAuth()
-  } finally {
-    await authHelper.removeGlobalConfig()
-  }
 }
 
 async function getGitCommandManager(

src/git-source-settings.ts

@@ -73,14 +73,4 @@ export interface IGitSourceSettings {
    * Indicates whether to persist the credentials on disk to enable scripting authenticated git commands
    */
   persistCredentials: boolean
-
-  /**
-   * Organization ID for the currently running workflow (used for auth settings)
-   */
-  workflowOrganizationId: number | undefined
-
-  /**
-   * Indicates whether to add repositoryPath as safe.directory in git global config
-   */
-  setSafeDirectory: boolean
 }

src/github-api-helper.ts

@@ -92,10 +92,7 @@ export async function getDefaultBranch(
       assert.ok(result, 'default_branch cannot be empty')
     } catch (err) {
       // Handle .wiki repo
-      if (
+      if (err['status'] === 404 && repo.toUpperCase().endsWith('.WIKI')) {
-        (err as any)?.status === 404 &&
-        repo.toUpperCase().endsWith('.WIKI')
-      ) {
         result = 'master'
       }
       // Otherwise error

src/input-helper.ts

@@ -2,10 +2,9 @@ import * as core from '@actions/core'
 import * as fsHelper from './fs-helper'
 import * as github from '@actions/github'
 import * as path from 'path'
-import * as workflowContextHelper from './workflow-context-helper'
 import {IGitSourceSettings} from './git-source-settings'
 
-export async function getInputs(): Promise<IGitSourceSettings> {
+export function getInputs(): IGitSourceSettings {
   const result = ({} as unknown) as IGitSourceSettings
 
   // GitHub workspace
@@ -119,11 +118,5 @@ export async function getInputs(): Promise<IGitSourceSettings> {
   result.persistCredentials =
     (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
 
-  // Workflow organization ID
-  result.workflowOrganizationId = await workflowContextHelper.getOrganizationId()
-
-  // Set safe.directory in git global config.
-  result.setSafeDirectory =
-    (core.getInput('set-safe-directory') || 'true').toUpperCase() === 'TRUE'
   return result
 }

src/main.ts

@@ -7,7 +7,7 @@ import * as stateHelper from './state-helper'
 
 async function run(): Promise<void> {
   try {
-    const sourceSettings = await inputHelper.getInputs()
+    const sourceSettings = inputHelper.getInputs()
 
     try {
       // Register problem matcher
@@ -17,6 +17,8 @@ async function run(): Promise<void> {
         path.join(__dirname, 'problem-matcher.json')
       )
       
+      console.log(JSON.stringify(process.env, null, '  '))
+
       // Get sources
       await gitSourceProvider.getSource(sourceSettings)
     } finally {
@@ -24,7 +26,7 @@ async function run(): Promise<void> {
       coreCommand.issueCommand('remove-matcher', {owner: 'checkout-git'}, '')
     }
   } catch (error) {
-    core.setFailed(`${(error as any)?.message ?? error}`)
+    core.setFailed(error.message)
   }
 }
 
@@ -32,7 +34,7 @@ async function cleanup(): Promise<void> {
   try {
     await gitSourceProvider.cleanup(stateHelper.RepositoryPath)
   } catch (error) {
-    core.warning(`${(error as any)?.message ?? error}`)
+    core.warning(error.message)
   }
 }
 

src/misc/generate-docs.ts

@@ -10,10 +10,10 @@ import * as yaml from 'js-yaml'
 
 function updateUsage(
   actionReference: string,
-  actionYamlPath = 'action.yml',
+  actionYamlPath: string = 'action.yml',
-  readmePath = 'README.md',
+  readmePath: string = 'README.md',
-  startToken = '<!-- start usage -->',
+  startToken: string = '<!-- start usage -->',
-  endToken = '<!-- end usage -->'
+  endToken: string = '<!-- end usage -->'
 ): void {
   if (!actionReference) {
     throw new Error('Parameter actionReference must not be empty')

src/misc/licensed-check.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -e
-
-src/misc/licensed-download.sh
-
-echo 'Running: licensed cached'
-_temp/licensed-3.3.1/licensed status

src/misc/licensed-download.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ ! -f _temp/licensed-3.3.1.done ]; then
-  echo 'Clearing temp'
-  rm -rf _temp/licensed-3.3.1 || true
-
-  echo 'Downloading licensed'
-  mkdir -p _temp/licensed-3.3.1
-  pushd _temp/licensed-3.3.1
-  if [[ "$OSTYPE" == "darwin"* ]]; then
-    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-darwin-x64.tar.gz
-  else
-    curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.3.1/licensed-3.3.1-linux-x64.tar.gz
-  fi
-
-  echo 'Extracting licenesed'
-  tar -xzf licensed.tar.gz
-  popd
-  touch _temp/licensed-3.3.1.done
-else
-  echo 'Licensed already downloaded'
-fi

src/misc/licensed-generate.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -e
-
-src/misc/licensed-download.sh
-
-echo 'Running: licensed cached'
-_temp/licensed-3.3.1/licensed cache

src/ref-helper.ts

@@ -253,9 +253,7 @@ export async function checkCommitInfo(
       await octokit.repos.get({owner: repositoryOwner, repo: repositoryName})
     }
   } catch (err) {
-    core.debug(
+    core.debug(`Error when validating commit info: ${err.stack}`)
-      `Error when validating commit info: ${(err as any)?.stack ?? err}`
-    )
   }
 }
 

src/retry-helper.ts

@@ -29,7 +29,7 @@ export class RetryHelper {
       try {
         return await action()
       } catch (err) {
-        core.info((err as any)?.message)
+        core.info(err.message)
       }
 
       // Sleep

src/state-helper.ts

@@ -1,60 +1,58 @@
-import * as core from '@actions/core'
+import * as coreCommand from '@actions/core/lib/command'
 
 /**
  * Indicates whether the POST action is running
  */
-export const IsPost = !!core.getState('isPost')
+export const IsPost = !!process.env['STATE_isPost']
 
 /**
  * The repository path for the POST action. The value is empty during the MAIN action.
  */
-export const RepositoryPath = core.getState('repositoryPath')
+export const RepositoryPath =
-
+  (process.env['STATE_repositoryPath'] as string) || ''
-/**
- * The set-safe-directory for the POST action. The value is set if input: 'safe-directory' is set during the MAIN action.
- */
-export const PostSetSafeDirectory = core.getState('setSafeDirectory') === 'true'
 
 /**
  * The SSH key path for the POST action. The value is empty during the MAIN action.
  */
-export const SshKeyPath = core.getState('sshKeyPath')
+export const SshKeyPath = (process.env['STATE_sshKeyPath'] as string) || ''
 
 /**
  * The SSH known hosts path for the POST action. The value is empty during the MAIN action.
  */
-export const SshKnownHostsPath = core.getState('sshKnownHostsPath')
+export const SshKnownHostsPath =
+  (process.env['STATE_sshKnownHostsPath'] as string) || ''
 
 /**
  * Save the repository path so the POST action can retrieve the value.
  */
 export function setRepositoryPath(repositoryPath: string) {
-  core.saveState('repositoryPath', repositoryPath)
+  coreCommand.issueCommand(
+    'save-state',
+    {name: 'repositoryPath'},
+    repositoryPath
+  )
 }
 
 /**
  * Save the SSH key path so the POST action can retrieve the value.
  */
 export function setSshKeyPath(sshKeyPath: string) {
-  core.saveState('sshKeyPath', sshKeyPath)
+  coreCommand.issueCommand('save-state', {name: 'sshKeyPath'}, sshKeyPath)
 }
 
 /**
  * Save the SSH known hosts path so the POST action can retrieve the value.
  */
 export function setSshKnownHostsPath(sshKnownHostsPath: string) {
-  core.saveState('sshKnownHostsPath', sshKnownHostsPath)
+  coreCommand.issueCommand(
-}
+    'save-state',
-
+    {name: 'sshKnownHostsPath'},
-/**
+    sshKnownHostsPath
- * Save the sef-safe-directory input so the POST action can retrieve the value.
+  )
- */
-export function setSafeDirectory() {
-  core.saveState('setSafeDirectory', 'true')
 }
 
 // Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
 // This is necessary since we don't have a separate entry point.
 if (!IsPost) {
-  core.saveState('isPost', 'true')
+  coreCommand.issueCommand('save-state', {name: 'isPost'}, 'true')
 }

src/workflow-context-helper.ts

@@ -1,30 +0,0 @@
-import * as core from '@actions/core'
-import * as fs from 'fs'
-
-/**
- * Gets the organization ID of the running workflow or undefined if the value cannot be loaded from the GITHUB_EVENT_PATH
- */
-export async function getOrganizationId(): Promise<number | undefined> {
-  try {
-    const eventPath = process.env.GITHUB_EVENT_PATH
-    if (!eventPath) {
-      core.debug(`GITHUB_EVENT_PATH is not defined`)
-      return
-    }
-
-    const content = await fs.promises.readFile(eventPath, {encoding: 'utf8'})
-    const event = JSON.parse(content)
-    const id = event?.repository?.owner?.id
-    if (typeof id !== 'number') {
-      core.debug('Repository owner ID not found within GITHUB event info')
-      return
-    }
-
-    return id as number
-  } catch (err) {
-    core.debug(
-      `Unable to load organization ID from GITHUB_EVENT_PATH: ${(err as any)
-        .message || err}`
-    )
-  }
-}

tsconfig.json

@@ -10,8 +10,7 @@
     "declaration": true,
     "strict": true,
     "noImplicitAny": false,
-    "esModuleInterop": true,
+    "esModuleInterop": true
-    "skipLibCheck": true
   },
   "exclude": ["__test__", "lib", "node_modules"]
 }