update dist

Company name changed and deprecated all packages in favor of the new name

.eslintrc.json

@@ -1,6 +1,6 @@
 {
   "plugins": ["jest", "@typescript-eslint"],
-  "extends": ["plugin:github/recommended"],
+  "extends": ["plugin:github/es6"],
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
     "ecmaVersion": 9,
@@ -16,19 +16,23 @@
     "@typescript-eslint/no-require-imports": "error",
     "@typescript-eslint/array-type": "error",
     "@typescript-eslint/await-thenable": "error",
+    "@typescript-eslint/ban-ts-ignore": "error",
     "camelcase": "off",
+    "@typescript-eslint/camelcase": "error",
+    "@typescript-eslint/class-name-casing": "error",
     "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
     "@typescript-eslint/func-call-spacing": ["error", "never"],
+    "@typescript-eslint/generic-type-naming": ["error", "^[A-Z][A-Za-z]*$"],
     "@typescript-eslint/no-array-constructor": "error",
     "@typescript-eslint/no-empty-interface": "error",
     "@typescript-eslint/no-explicit-any": "error",
     "@typescript-eslint/no-extraneous-class": "error",
-    "@typescript-eslint/no-floating-promises": "error",
     "@typescript-eslint/no-for-in-array": "error",
     "@typescript-eslint/no-inferrable-types": "error",
     "@typescript-eslint/no-misused-new": "error",
     "@typescript-eslint/no-namespace": "error",
     "@typescript-eslint/no-non-null-assertion": "warn",
+    "@typescript-eslint/no-object-literal-type-assertion": "error",
     "@typescript-eslint/no-unnecessary-qualifier": "error",
     "@typescript-eslint/no-unnecessary-type-assertion": "error",
     "@typescript-eslint/no-useless-constructor": "error",
@@ -36,6 +40,7 @@
     "@typescript-eslint/prefer-for-of": "warn",
     "@typescript-eslint/prefer-function-type": "warn",
     "@typescript-eslint/prefer-includes": "error",
+    "@typescript-eslint/prefer-interface": "error",
     "@typescript-eslint/prefer-string-starts-ends-with": "error",
     "@typescript-eslint/promise-function-async": "error",
     "@typescript-eslint/require-array-sort-compare": "error",

.gitattributes

@@ -1 +0,0 @@
-.licenses/** -diff linguist-generated=true

.github/workflows/check-dist.yml

@@ -1,51 +0,0 @@
-# `dist/index.js` is a special file in Actions.
-# When you reference an action with `uses:` in a workflow,
-# `index.js` is the code that will run.
-# For our project, we generate this file through a build process
-# from other source files.
-# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
-name: Check dist
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
-
-jobs:
-  check-dist:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Set Node.js 12.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Rebuild the index.js file
-        run: npm run build
-
-      - name: Compare the expected and actual dist/ directories
-        run: |
-          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
-            echo "Detected uncommitted changes after build.  See status below:"
-            git diff
-            exit 1
-          fi
-
-      # If dist/ was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v2
-        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
-        with:
-          name: dist
-          path: dist/

.github/workflows/codeql-analysis.yml

@@ -1,58 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '28 9 * * 0'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    - run: npm ci
-    - run: npm run build
-    - run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows/licensed.yml

@@ -1,14 +0,0 @@
-name: Licensed
-
-on:
-  push: {branches: main}
-  pull_request: {branches: main}
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    name: Check licenses
-    steps:
-      - uses: actions/checkout@v2
-      - run: npm ci
-      - run: npm run licensed-check

.github/workflows/test.yml

@@ -205,41 +205,3 @@ jobs:
           path: basic
       - name: Verify basic
         run: __test__/verify-basic.sh --archive
-    
-  test-git-container:
-    runs-on: ubuntu-latest
-    container: bitnami/git:latest
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          path: v3
-
-      # Basic checkout using git
-      - name: Checkout basic
-        uses: ./v3
-        with:
-          ref: test-data/v2/basic
-      - name: Verify basic
-        run: |
-          if [ ! -f "./basic-file.txt" ]; then
-              echo "Expected basic file does not exist"
-              exit 1
-          fi
-
-          # Verify .git folder
-          if [ ! -d "./.git" ]; then
-            echo "Expected ./.git folder to exist"
-            exit 1
-          fi
-
-          # Verify auth token
-          git config --global --add safe.directory "*"
-          git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
-
-      # needed to make checkout post cleanup succeed
-      - name: Fix Checkout v3
-        uses: actions/checkout@v3
-        with:
-          path: v3

.gitignore

@@ -1,4 +1,3 @@
 __test__/_temp
-_temp/
 lib/
 node_modules/

.licensed.yml

@@ -1,14 +0,0 @@
-sources:
-  npm: true
-
-allowed:
-  - apache-2.0
-  - bsd-2-clause
-  - bsd-3-clause
-  - isc
-  - mit
-  - cc0-1.0
-  - unlicense
-
-reviewed:
-  npm:

CHANGELOG.md

@@ -1,14 +1,5 @@
 # Changelog
 
-## v2.5.0
-- [Bump @actions/core to v1.10.0](https://github.com/actions/checkout/pull/962)
-
-## v2.4.2
-- [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/776)
-
-## v2.4.1
-- [Set the safe directory option on git to prevent git commands failing when running in containers](https://github.com/actions/checkout/pull/762)
-
 ## v2.3.1
 
 - [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)

CODEOWNERS

@@ -1 +0,0 @@
-* @actions/actions-runtime

README.md

@@ -105,11 +105,6 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
     #
     # Default: false
     submodules: ''
-
-    # Add repository path as safe.directory for Git global config by running `git
-    # config --global --add safe.directory <path>`
-    # Default: true
-    set-safe-directory: ''
 ```
 <!-- end usage -->
 
@@ -190,7 +185,7 @@ Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous
   uses: actions/checkout@v2
   with:
     repository: my-org/my-private-tools
-    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
+    token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret that contains your PAT
     path: my-tools
 ```
 

__test__/git-auth-helper.test.ts

@@ -417,7 +417,7 @@ describe('git-auth-helper tests', () => {
           `Did not expect file to exist: '${globalGitConfigPath}'`
         )
       } catch (err) {
-        if ((err as any)?.code !== 'ENOENT') {
+        if (err.code !== 'ENOENT') {
           throw err
         }
       }
@@ -518,17 +518,12 @@ describe('git-auth-helper tests', () => {
       await authHelper.configureSubmoduleAuth()
 
       // Assert
-      expect(mockSubmoduleForeach).toHaveBeenCalledTimes(4)
+      expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3)
       expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
         /unset-all.*insteadOf/
       )
       expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
-      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
-        /url.*insteadOf.*git@github.com:/
-      )
-      expect(mockSubmoduleForeach.mock.calls[3][0]).toMatch(
-        /url.*insteadOf.*org-123456@github.com:/
-      )
+      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/url.*insteadOf/)
     }
   )
 
@@ -606,7 +601,7 @@ describe('git-auth-helper tests', () => {
       await fs.promises.stat(actualKeyPath)
       throw new Error('SSH key should have been deleted')
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -616,7 +611,7 @@ describe('git-auth-helper tests', () => {
       await fs.promises.stat(actualKnownHostsPath)
       throw new Error('SSH known hosts should have been deleted')
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -643,11 +638,10 @@ describe('git-auth-helper tests', () => {
     expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
   })
 
-  const removeGlobalConfig_removesOverride =
-    'removeGlobalConfig removes override'
-  it(removeGlobalConfig_removesOverride, async () => {
+  const removeGlobalAuth_removesOverride = 'removeGlobalAuth removes override'
+  it(removeGlobalAuth_removesOverride, async () => {
     // Arrange
-    await setup(removeGlobalConfig_removesOverride)
+    await setup(removeGlobalAuth_removesOverride)
     const authHelper = gitAuthHelper.createAuthHelper(git, settings)
     await authHelper.configureAuth()
     await authHelper.configureGlobalAuth()
@@ -656,7 +650,7 @@ describe('git-auth-helper tests', () => {
     await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig'))
 
     // Act
-    await authHelper.removeGlobalConfig()
+    await authHelper.removeGlobalAuth()
 
     // Assert
     expect(git.env['HOME']).toBeUndefined()
@@ -664,7 +658,7 @@ describe('git-auth-helper tests', () => {
       await fs.promises.stat(homeOverride)
       throw new Error(`Should have been deleted '${homeOverride}'`)
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -776,9 +770,7 @@ async function setup(testName: string): Promise<void> {
     repositoryPath: '',
     sshKey: sshPath ? 'some ssh private key' : '',
     sshKnownHosts: '',
-    sshStrict: true,
-    workflowOrganizationId: 123456,
-    setSafeDirectory: true
+    sshStrict: true
   }
 }
 

__test__/input-helper.test.ts

@@ -1,9 +1,9 @@
+import * as assert from 'assert'
 import * as core from '@actions/core'
 import * as fsHelper from '../lib/fs-helper'
 import * as github from '@actions/github'
 import * as inputHelper from '../lib/input-helper'
 import * as path from 'path'
-import * as workflowContextHelper from '../lib/workflow-context-helper'
 import {IGitSourceSettings} from '../lib/git-source-settings'
 
 const originalGitHubWorkspace = process.env['GITHUB_WORKSPACE']
@@ -43,11 +43,6 @@ describe('input-helper tests', () => {
       .spyOn(fsHelper, 'directoryExistsSync')
       .mockImplementation((path: string) => path == gitHubWorkspace)
 
-    // Mock ./workflowContextHelper getOrganizationId()
-    jest
-      .spyOn(workflowContextHelper, 'getOrganizationId')
-      .mockImplementation(() => Promise.resolve(123456))
-
     // GitHub workspace
     process.env['GITHUB_WORKSPACE'] = gitHubWorkspace
   })
@@ -72,8 +67,8 @@ describe('input-helper tests', () => {
     jest.restoreAllMocks()
   })
 
-  it('sets defaults', async () => {
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+  it('sets defaults', () => {
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings).toBeTruthy()
     expect(settings.authToken).toBeFalsy()
     expect(settings.clean).toBe(true)
@@ -85,14 +80,13 @@ describe('input-helper tests', () => {
     expect(settings.repositoryName).toBe('some-repo')
     expect(settings.repositoryOwner).toBe('some-owner')
     expect(settings.repositoryPath).toBe(gitHubWorkspace)
-    expect(settings.setSafeDirectory).toBe(true)
   })
 
-  it('qualifies ref', async () => {
+  it('qualifies ref', () => {
     let originalRef = github.context.ref
     try {
       github.context.ref = 'some-unqualified-ref'
-      const settings: IGitSourceSettings = await inputHelper.getInputs()
+      const settings: IGitSourceSettings = inputHelper.getInputs()
       expect(settings).toBeTruthy()
       expect(settings.commit).toBe('1234567890123456789012345678901234567890')
       expect(settings.ref).toBe('refs/heads/some-unqualified-ref')
@@ -101,42 +95,32 @@ describe('input-helper tests', () => {
     }
   })
 
-  it('requires qualified repo', async () => {
+  it('requires qualified repo', () => {
     inputs.repository = 'some-unqualified-repo'
-    try {
-      await inputHelper.getInputs()
-      throw 'should not reach here'
-    } catch (err) {
-      expect(`(${(err as any).message}`).toMatch(
-        "Invalid repository 'some-unqualified-repo'"
-      )
-    }
+    assert.throws(() => {
+      inputHelper.getInputs()
+    }, /Invalid repository 'some-unqualified-repo'/)
   })
 
-  it('roots path', async () => {
+  it('roots path', () => {
     inputs.path = 'some-directory/some-subdirectory'
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings.repositoryPath).toBe(
       path.join(gitHubWorkspace, 'some-directory', 'some-subdirectory')
     )
   })
 
-  it('sets ref to empty when explicit sha', async () => {
+  it('sets ref to empty when explicit sha', () => {
     inputs.ref = '1111111111222222222233333333334444444444'
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings.ref).toBeFalsy()
     expect(settings.commit).toBe('1111111111222222222233333333334444444444')
   })
 
-  it('sets sha to empty when explicit ref', async () => {
+  it('sets sha to empty when explicit ref', () => {
     inputs.ref = 'refs/heads/some-other-ref'
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    const settings: IGitSourceSettings = inputHelper.getInputs()
     expect(settings.ref).toBe('refs/heads/some-other-ref')
     expect(settings.commit).toBeFalsy()
   })
-
-  it('sets workflow organization ID', async () => {
-    const settings: IGitSourceSettings = await inputHelper.getInputs()
-    expect(settings.workflowOrganizationId).toBe(123456)
-  })
 })

__test__/override-git-version.cmd

@@ -2,5 +2,5 @@
 mkdir override-git-version
 cd override-git-version
 echo @echo override git version 1.2.3 > git.cmd
-echo "%CD%" >> $GITHUB_PATH
+echo ::add-path::%CD%
 cd ..

__test__/override-git-version.sh

@@ -5,5 +5,5 @@ cd override-git-version
 echo "#!/bin/sh" > git
 echo "echo override git version 1.2.3" >> git
 chmod +x git
-echo "$(pwd)" >> $GITHUB_PATH
+echo "::add-path::$(pwd)"
 cd ..

__test__/ref-helper.test.ts

@@ -16,7 +16,7 @@ describe('ref-helper tests', () => {
       await refHelper.getCheckoutInfo(git, 'refs/heads/my/branch', commit)
       throw new Error('Should not reach here')
     } catch (err) {
-      expect((err as any)?.message).toBe('Arg git cannot be empty')
+      expect(err.message).toBe('Arg git cannot be empty')
     }
   })
 
@@ -25,9 +25,7 @@ describe('ref-helper tests', () => {
       await refHelper.getCheckoutInfo(git, '', '')
       throw new Error('Should not reach here')
     } catch (err) {
-      expect((err as any)?.message).toBe(
-        'Args ref and commit cannot both be empty'
-      )
+      expect(err.message).toBe('Args ref and commit cannot both be empty')
     }
   })
 
@@ -104,7 +102,7 @@ describe('ref-helper tests', () => {
       await refHelper.getCheckoutInfo(git, 'my-ref', '')
       throw new Error('Should not reach here')
     } catch (err) {
-      expect((err as any)?.message).toBe(
+      expect(err.message).toBe(
         "A branch or tag with the name 'my-ref' could not be found"
       )
     }

__test__/retry-helper.test.ts

@@ -74,7 +74,7 @@ describe('retry-helper tests', () => {
         throw new Error(`some error ${++attempts}`)
       })
     } catch (err) {
-      error = err as Error
+      error = err
     }
     expect(error.message).toBe('some error 3')
     expect(attempts).toBe(3)

action.yml

@@ -68,9 +68,6 @@ inputs:
       When the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are
       converted to HTTPS.
     default: false
-  set-safe-directory:
-    description: Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory <path>`
-    default: true
 runs:
   using: node12
   main: dist/index.js

package.json

@@ -8,9 +8,7 @@
     "format": "prettier --write '**/*.ts'",
     "format-check": "prettier --check '**/*.ts'",
     "lint": "eslint src/**/*.ts",
-    "test": "jest",
-    "licensed-check": "src/misc/licensed-check.sh",
-    "licensed-generate": "src/misc/licensed-generate.sh"
+    "test": "jest"
   },
   "repository": {
     "type": "git",
@@ -28,7 +26,7 @@
   },
   "homepage": "https://github.com/actions/checkout#readme",
   "dependencies": {
-    "@actions/core": "^1.10.0",
+    "@actions/core": "^1.1.3",
     "@actions/exec": "^1.0.1",
     "@actions/github": "^2.2.0",
     "@actions/io": "^1.0.1",
@@ -36,19 +34,19 @@
     "uuid": "^3.3.3"
   },
   "devDependencies": {
-    "@types/jest": "^27.0.2",
+    "@types/jest": "^24.0.23",
     "@types/node": "^12.7.12",
     "@types/uuid": "^3.4.6",
-    "@typescript-eslint/parser": "^5.1.0",
-    "@zeit/ncc": "^0.20.5",
-    "eslint": "^7.32.0",
-    "eslint-plugin-github": "^4.3.2",
-    "eslint-plugin-jest": "^25.2.2",
-    "jest": "^27.3.0",
-    "jest-circus": "^27.3.0",
+    "@typescript-eslint/parser": "^2.8.0",
+    "@vercel/ncc": "^0.23.0",
+    "eslint": "^5.16.0",
+    "eslint-plugin-github": "^2.0.0",
+    "eslint-plugin-jest": "^22.21.0",
+    "jest": "^24.9.0",
+    "jest-circus": "^24.9.0",
     "js-yaml": "^3.13.1",
     "prettier": "^1.19.1",
-    "ts-jest": "^27.0.7",
-    "typescript": "^4.4.4"
+    "ts-jest": "^24.2.0",
+    "typescript": "^3.6.4"
   }
 }

src/fs-helper.ts

@@ -9,7 +9,7 @@ export function directoryExistsSync(path: string, required?: boolean): boolean {
   try {
     stats = fs.statSync(path)
   } catch (error) {
-    if ((error as any)?.code === 'ENOENT') {
+    if (error.code === 'ENOENT') {
       if (!required) {
         return false
       }
@@ -18,8 +18,7 @@ export function directoryExistsSync(path: string, required?: boolean): boolean {
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
-        ?.message ?? error}`
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
     )
   }
 
@@ -40,13 +39,12 @@ export function existsSync(path: string): boolean {
   try {
     fs.statSync(path)
   } catch (error) {
-    if ((error as any)?.code === 'ENOENT') {
+    if (error.code === 'ENOENT') {
       return false
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
-        ?.message ?? error}`
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
     )
   }
 
@@ -62,13 +60,12 @@ export function fileExistsSync(path: string): boolean {
   try {
     stats = fs.statSync(path)
   } catch (error) {
-    if ((error as any)?.code === 'ENOENT') {
+    if (error.code === 'ENOENT') {
       return false
     }
 
     throw new Error(
-      `Encountered an error when checking whether path '${path}' exists: ${(error as any)
-        ?.message ?? error}`
+      `Encountered an error when checking whether path '${path}' exists: ${error.message}`
     )
   }
 

src/git-auth-helper.ts

@@ -19,9 +19,8 @@ export interface IGitAuthHelper {
   configureAuth(): Promise<void>
   configureGlobalAuth(): Promise<void>
   configureSubmoduleAuth(): Promise<void>
-  configureTempGlobalConfig(): Promise<string>
   removeAuth(): Promise<void>
-  removeGlobalConfig(): Promise<void>
+  removeGlobalAuth(): Promise<void>
 }
 
 export function createAuthHelper(
@@ -38,7 +37,7 @@ class GitAuthHelper {
   private readonly tokenConfigValue: string
   private readonly tokenPlaceholderConfigValue: string
   private readonly insteadOfKey: string
-  private readonly insteadOfValues: string[] = []
+  private readonly insteadOfValue: string
   private sshCommand = ''
   private sshKeyPath = ''
   private sshKnownHostsPath = ''
@@ -46,7 +45,7 @@ class GitAuthHelper {
 
   constructor(
     gitCommandManager: IGitCommandManager,
-    gitSourceSettings: IGitSourceSettings | undefined
+    gitSourceSettings?: IGitSourceSettings
   ) {
     this.git = gitCommandManager
     this.settings = gitSourceSettings || (({} as unknown) as IGitSourceSettings)
@@ -64,12 +63,7 @@ class GitAuthHelper {
 
     // Instead of SSH URL
     this.insteadOfKey = `url.${serverUrl.origin}/.insteadOf` // "origin" is SCHEME://HOSTNAME[:PORT]
-    this.insteadOfValues.push(`git@${serverUrl.hostname}:`)
-    if (this.settings.workflowOrganizationId) {
-      this.insteadOfValues.push(
-        `org-${this.settings.workflowOrganizationId}@github.com:`
-      )
-    }
+    this.insteadOfValue = `git@${serverUrl.hostname}:`
   }
 
   async configureAuth(): Promise<void> {
@@ -81,11 +75,7 @@ class GitAuthHelper {
     await this.configureToken()
   }
 
-  async configureTempGlobalConfig(): Promise<string> {
-    // Already setup global config
-    if (this.temporaryHomePath?.length > 0) {
-      return path.join(this.temporaryHomePath, '.gitconfig')
-    }
+  async configureGlobalAuth(): Promise<void> {
     // Create a temp home directory
     const runnerTemp = process.env['RUNNER_TEMP'] || ''
     assert.ok(runnerTemp, 'RUNNER_TEMP is not defined')
@@ -104,7 +94,7 @@ class GitAuthHelper {
       await fs.promises.stat(gitConfigPath)
       configExists = true
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -115,28 +105,20 @@ class GitAuthHelper {
       await fs.promises.writeFile(newGitConfigPath, '')
     }
 
-    // Override HOME
-    core.info(
-      `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
-    )
-    this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
-
-    return newGitConfigPath
-  }
-
-  async configureGlobalAuth(): Promise<void> {
-    // 'configureTempGlobalConfig' noops if already set, just returns the path
-    const newGitConfigPath = await this.configureTempGlobalConfig()
     try {
+      // Override HOME
+      core.info(
+        `Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`
+      )
+      this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
+
       // Configure the token
       await this.configureToken(newGitConfigPath, true)
 
       // Configure HTTPS instead of SSH
       await this.git.tryConfigUnset(this.insteadOfKey, true)
       if (!this.settings.sshKey) {
-        for (const insteadOfValue of this.insteadOfValues) {
-          await this.git.config(this.insteadOfKey, insteadOfValue, true, true)
-        }
+        await this.git.config(this.insteadOfKey, this.insteadOfValue, true)
       }
     } catch (err) {
       // Unset in case somehow written to the real global config
@@ -166,7 +148,7 @@ class GitAuthHelper {
         output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []
       for (const configPath of configPaths) {
         core.debug(`Replacing token placeholder in '${configPath}'`)
-        await this.replaceTokenPlaceholder(configPath)
+        this.replaceTokenPlaceholder(configPath)
       }
 
       if (this.settings.sshKey) {
@@ -177,12 +159,10 @@ class GitAuthHelper {
         )
       } else {
         // Configure HTTPS instead of SSH
-        for (const insteadOfValue of this.insteadOfValues) {
-          await this.git.submoduleForeach(
-            `git config --local --add '${this.insteadOfKey}' '${insteadOfValue}'`,
-            this.settings.nestedSubmodules
-          )
-        }
+        await this.git.submoduleForeach(
+          `git config --local '${this.insteadOfKey}' '${this.insteadOfValue}'`,
+          this.settings.nestedSubmodules
+        )
       }
     }
   }
@@ -192,12 +172,10 @@ class GitAuthHelper {
     await this.removeToken()
   }
 
-  async removeGlobalConfig(): Promise<void> {
-    if (this.temporaryHomePath?.length > 0) {
-      core.debug(`Unsetting HOME override`)
-      this.git.removeEnvironmentVariable('HOME')
-      await io.rmRF(this.temporaryHomePath)
-    }
+  async removeGlobalAuth(): Promise<void> {
+    core.debug(`Unsetting HOME override`)
+    this.git.removeEnvironmentVariable('HOME')
+    await io.rmRF(this.temporaryHomePath)
   }
 
   private async configureSsh(): Promise<void> {
@@ -235,7 +213,7 @@ class GitAuthHelper {
         await fs.promises.readFile(userKnownHostsPath)
       ).toString()
     } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
+      if (err.code !== 'ENOENT') {
         throw err
       }
     }
@@ -324,7 +302,7 @@ class GitAuthHelper {
       try {
         await io.rmRF(keyPath)
       } catch (err) {
-        core.debug(`${(err as any)?.message ?? err}`)
+        core.debug(err.message)
         core.warning(`Failed to remove SSH key '${keyPath}'`)
       }
     }

src/git-command-manager.ts

@@ -21,8 +21,7 @@ export interface IGitCommandManager {
   config(
     configKey: string,
     configValue: string,
-    globalConfig?: boolean,
-    add?: boolean
+    globalConfig?: boolean
   ): Promise<void>
   configExists(configKey: string, globalConfig?: boolean): Promise<boolean>
   fetch(refSpec: string[], fetchDepth?: number): Promise<void>
@@ -32,7 +31,7 @@ export interface IGitCommandManager {
   isDetached(): Promise<boolean>
   lfsFetch(ref: string): Promise<void>
   lfsInstall(): Promise<void>
-  log1(format?: string): Promise<string>
+  log1(): Promise<string>
   remoteAdd(remoteName: string, remoteUrl: string): Promise<void>
   removeEnvironmentVariable(name: string): void
   revParse(ref: string): Promise<string>
@@ -141,15 +140,14 @@ class GitCommandManager {
   async config(
     configKey: string,
     configValue: string,
-    globalConfig?: boolean,
-    add?: boolean
+    globalConfig?: boolean
   ): Promise<void> {
-    const args: string[] = ['config', globalConfig ? '--global' : '--local']
-    if (add) {
-      args.push('--add')
-    }
-    args.push(...[configKey, configValue])
-    await this.execGit(args)
+    await this.execGit([
+      'config',
+      globalConfig ? '--global' : '--local',
+      configKey,
+      configValue
+    ])
   }
 
   async configExists(
@@ -256,10 +254,8 @@ class GitCommandManager {
     await this.execGit(['lfs', 'install', '--local'])
   }
 
-  async log1(format?: string): Promise<string> {
-    var args = format ? ['log', '-1', format] : ['log', '-1']
-    var silent = format ? false : true
-    const output = await this.execGit(args, false, silent)
+  async log1(): Promise<string> {
+    const output = await this.execGit(['log', '-1'])
     return output.stdout
   }
 
@@ -394,8 +390,7 @@ class GitCommandManager {
 
   private async execGit(
     args: string[],
-    allowAllExitCodes = false,
-    silent = false
+    allowAllExitCodes = false
   ): Promise<GitOutput> {
     fshelper.directoryExistsSync(this.workingDirectory, true)
 
@@ -414,7 +409,6 @@ class GitCommandManager {
     const options = {
       cwd: this.workingDirectory,
       env,
-      silent,
       ignoreReturnCode: allowAllExitCodes,
       listeners: {
         stdout: (data: Buffer) => {

src/git-directory-helper.ts

@@ -39,9 +39,7 @@ export async function prepareExistingDirectory(
       try {
         await io.rmRF(lockPath)
       } catch (error) {
-        core.debug(
-          `Unable to delete '${lockPath}'. ${(error as any)?.message ?? error}`
-        )
+        core.debug(`Unable to delete '${lockPath}'. ${error.message}`)
       }
     }
 

src/git-source-provider.ts

@@ -36,94 +36,68 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
   const git = await getGitCommandManager(settings)
   core.endGroup()
 
-  let authHelper: gitAuthHelper.IGitAuthHelper | null = null
-  try {
-    if (git) {
-      authHelper = gitAuthHelper.createAuthHelper(git, settings)
-      if (settings.setSafeDirectory) {
-        // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
-        // Otherwise all git commands we run in a container fail
-        await authHelper.configureTempGlobalConfig()
-        core.info(
-          `Adding repository directory to the temporary git global config as a safe directory`
-        )
+  // Prepare existing directory, otherwise recreate
+  if (isExisting) {
+    await gitDirectoryHelper.prepareExistingDirectory(
+      git,
+      settings.repositoryPath,
+      repositoryUrl,
+      settings.clean,
+      settings.ref
+    )
+  }
 
-        await git
-          .config('safe.directory', settings.repositoryPath, true, true)
-          .catch(error => {
-            core.info(
-              `Failed to initialize safe directory with error: ${error}`
-            )
-          })
-
-        stateHelper.setSafeDirectory()
-      }
-    }
-
-    // Prepare existing directory, otherwise recreate
-    if (isExisting) {
-      await gitDirectoryHelper.prepareExistingDirectory(
-        git,
-        settings.repositoryPath,
-        repositoryUrl,
-        settings.clean,
-        settings.ref
+  if (!git) {
+    // Downloading using REST API
+    core.info(`The repository will be downloaded using the GitHub REST API`)
+    core.info(
+      `To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
+    )
+    if (settings.submodules) {
+      throw new Error(
+        `Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
+      )
+    } else if (settings.sshKey) {
+      throw new Error(
+        `Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
       )
     }
 
-    if (!git) {
-      // Downloading using REST API
-      core.info(`The repository will be downloaded using the GitHub REST API`)
-      core.info(
-        `To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
-      )
-      if (settings.submodules) {
-        throw new Error(
-          `Input 'submodules' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
-        )
-      } else if (settings.sshKey) {
-        throw new Error(
-          `Input 'ssh-key' not supported when falling back to download using the GitHub REST API. To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH.`
-        )
-      }
+    await githubApiHelper.downloadRepository(
+      settings.authToken,
+      settings.repositoryOwner,
+      settings.repositoryName,
+      settings.ref,
+      settings.commit,
+      settings.repositoryPath
+    )
+    return
+  }
 
-      await githubApiHelper.downloadRepository(
-        settings.authToken,
-        settings.repositoryOwner,
-        settings.repositoryName,
-        settings.ref,
-        settings.commit,
-        settings.repositoryPath
-      )
-      return
-    }
+  // Save state for POST action
+  stateHelper.setRepositoryPath(settings.repositoryPath)
 
-    // Save state for POST action
-    stateHelper.setRepositoryPath(settings.repositoryPath)
-
-    // Initialize the repository
-    if (
-      !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
-    ) {
-      core.startGroup('Initializing the repository')
-      await git.init()
-      await git.remoteAdd('origin', repositoryUrl)
-      core.endGroup()
-    }
-
-    // Disable automatic garbage collection
-    core.startGroup('Disabling automatic garbage collection')
-    if (!(await git.tryDisableAutomaticGarbageCollection())) {
-      core.warning(
-        `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
-      )
-    }
+  // Initialize the repository
+  if (
+    !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
+  ) {
+    core.startGroup('Initializing the repository')
+    await git.init()
+    await git.remoteAdd('origin', repositoryUrl)
     core.endGroup()
+  }
 
-    // If we didn't initialize it above, do it now
-    if (!authHelper) {
-      authHelper = gitAuthHelper.createAuthHelper(git, settings)
-    }
+  // Disable automatic garbage collection
+  core.startGroup('Disabling automatic garbage collection')
+  if (!(await git.tryDisableAutomaticGarbageCollection())) {
+    core.warning(
+      `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
+    )
+  }
+  core.endGroup()
+
+  const authHelper = gitAuthHelper.createAuthHelper(git, settings)
+  try {
     // Configure auth
     core.startGroup('Setting up auth')
     await authHelper.configureAuth()
@@ -196,35 +170,40 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
 
     // Submodules
     if (settings.submodules) {
-      // Temporarily override global config
-      core.startGroup('Setting up auth for fetching submodules')
-      await authHelper.configureGlobalAuth()
-      core.endGroup()
-
-      // Checkout submodules
-      core.startGroup('Fetching submodules')
-      await git.submoduleSync(settings.nestedSubmodules)
-      await git.submoduleUpdate(settings.fetchDepth, settings.nestedSubmodules)
-      await git.submoduleForeach(
-        'git config --local gc.auto 0',
-        settings.nestedSubmodules
-      )
-      core.endGroup()
-
-      // Persist credentials
-      if (settings.persistCredentials) {
-        core.startGroup('Persisting credentials for submodules')
-        await authHelper.configureSubmoduleAuth()
+      try {
+        // Temporarily override global config
+        core.startGroup('Setting up auth for fetching submodules')
+        await authHelper.configureGlobalAuth()
         core.endGroup()
+
+        // Checkout submodules
+        core.startGroup('Fetching submodules')
+        await git.submoduleSync(settings.nestedSubmodules)
+        await git.submoduleUpdate(
+          settings.fetchDepth,
+          settings.nestedSubmodules
+        )
+        await git.submoduleForeach(
+          'git config --local gc.auto 0',
+          settings.nestedSubmodules
+        )
+        core.endGroup()
+
+        // Persist credentials
+        if (settings.persistCredentials) {
+          core.startGroup('Persisting credentials for submodules')
+          await authHelper.configureSubmoduleAuth()
+          core.endGroup()
+        }
+      } finally {
+        // Remove temporary global config override
+        await authHelper.removeGlobalAuth()
       }
     }
 
-    // Get commit information
+    // Dump some info about the checked out commit
     const commitInfo = await git.log1()
 
-    // Log commit sha
-    await git.log1("--format='%H'")
-
     // Check for incorrect pull request merge commit
     await refHelper.checkCommitInfo(
       settings.authToken,
@@ -236,13 +215,10 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
     )
   } finally {
     // Remove auth
-    if (authHelper) {
-      if (!settings.persistCredentials) {
-        core.startGroup('Removing auth')
-        await authHelper.removeAuth()
-        core.endGroup()
-      }
-      authHelper.removeGlobalConfig()
+    if (!settings.persistCredentials) {
+      core.startGroup('Removing auth')
+      await authHelper.removeAuth()
+      core.endGroup()
     }
   }
 }
@@ -265,26 +241,7 @@ export async function cleanup(repositoryPath: string): Promise<void> {
 
   // Remove auth
   const authHelper = gitAuthHelper.createAuthHelper(git)
-  try {
-    if (stateHelper.PostSetSafeDirectory) {
-      // Setup the repository path as a safe directory, so if we pass this into a container job with a different user it doesn't fail
-      // Otherwise all git commands we run in a container fail
-      await authHelper.configureTempGlobalConfig()
-      core.info(
-        `Adding repository directory to the temporary git global config as a safe directory`
-      )
-
-      await git
-        .config('safe.directory', repositoryPath, true, true)
-        .catch(error => {
-          core.info(`Failed to initialize safe directory with error: ${error}`)
-        })
-    }
-
-    await authHelper.removeAuth()
-  } finally {
-    await authHelper.removeGlobalConfig()
-  }
+  await authHelper.removeAuth()
 }
 
 async function getGitCommandManager(

src/git-source-settings.ts

@@ -73,14 +73,4 @@ export interface IGitSourceSettings {
    * Indicates whether to persist the credentials on disk to enable scripting authenticated git commands
    */
   persistCredentials: boolean
-
-  /**
-   * Organization ID for the currently running workflow (used for auth settings)
-   */
-  workflowOrganizationId: number | undefined
-
-  /**
-   * Indicates whether to add repositoryPath as safe.directory in git global config
-   */
-  setSafeDirectory: boolean
 }

src/github-api-helper.ts

@@ -47,7 +47,7 @@ export async function downloadRepository(
   } else {
     await toolCache.extractTar(archivePath, extractPath)
   }
-  await io.rmRF(archivePath)
+  io.rmRF(archivePath)
 
   // Determine the path of the repository content. The archive contains
   // a top-level folder and the repository content is inside.
@@ -70,7 +70,7 @@ export async function downloadRepository(
       await io.mv(sourcePath, targetPath)
     }
   }
-  await io.rmRF(extractPath)
+  io.rmRF(extractPath)
 }
 
 /**
@@ -92,10 +92,7 @@ export async function getDefaultBranch(
       assert.ok(result, 'default_branch cannot be empty')
     } catch (err) {
       // Handle .wiki repo
-      if (
-        (err as any)?.status === 404 &&
-        repo.toUpperCase().endsWith('.WIKI')
-      ) {
+      if (err['status'] === 404 && repo.toUpperCase().endsWith('.WIKI')) {
         result = 'master'
       }
       // Otherwise error

src/input-helper.ts

@@ -2,10 +2,9 @@ import * as core from '@actions/core'
 import * as fsHelper from './fs-helper'
 import * as github from '@actions/github'
 import * as path from 'path'
-import * as workflowContextHelper from './workflow-context-helper'
 import {IGitSourceSettings} from './git-source-settings'
 
-export async function getInputs(): Promise<IGitSourceSettings> {
+export function getInputs(): IGitSourceSettings {
   const result = ({} as unknown) as IGitSourceSettings
 
   // GitHub workspace
@@ -119,11 +118,5 @@ export async function getInputs(): Promise<IGitSourceSettings> {
   result.persistCredentials =
     (core.getInput('persist-credentials') || 'false').toUpperCase() === 'TRUE'
 
-  // Workflow organization ID
-  result.workflowOrganizationId = await workflowContextHelper.getOrganizationId()
-
-  // Set safe.directory in git global config.
-  result.setSafeDirectory =
-    (core.getInput('set-safe-directory') || 'true').toUpperCase() === 'TRUE'
   return result
 }

src/main.ts

@@ -7,7 +7,7 @@ import * as stateHelper from './state-helper'
 
 async function run(): Promise<void> {
   try {
-    const sourceSettings = await inputHelper.getInputs()
+    const sourceSettings = inputHelper.getInputs()
 
     try {
       // Register problem matcher
@@ -24,7 +24,7 @@ async function run(): Promise<void> {
       coreCommand.issueCommand('remove-matcher', {owner: 'checkout-git'}, '')
     }
   } catch (error) {
-    core.setFailed(`${(error as any)?.message ?? error}`)
+    core.setFailed(error.message)
   }
 }
 
@@ -32,7 +32,7 @@ async function cleanup(): Promise<void> {
   try {
     await gitSourceProvider.cleanup(stateHelper.RepositoryPath)
   } catch (error) {
-    core.warning(`${(error as any)?.message ?? error}`)
+    core.warning(error.message)
   }
 }