Skip to content

Commit 7f1cece

Browse files
committed
fix: bump GitHub actions/checkout to v6.03
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
1 parent a050973 commit 7f1cece

10 files changed

Lines changed: 349 additions & 216 deletions

.github/workflows/__shared-ci.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,13 @@ jobs:
2626
contents: read
2727
uses: ./.github/workflows/__test-action-checkout.yml
2828

29+
test-action-checkout-issue-comment:
30+
needs: linter
31+
permissions:
32+
contents: read
33+
pull-requests: read
34+
uses: ./.github/workflows/__test-action-checkout-issue-comment.yml
35+
2936
test-action-get-github-actions-bot-user:
3037
needs: linter
3138
permissions:
Lines changed: 50 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -1,40 +1,49 @@
1-
name: Internal - Tests for checkout action (issue_comment trigger)
1+
name: Internal - Tests for checkout action (issue_comment simulation)
22

33
on:
4-
issue_comment:
5-
types: [created, edited]
4+
workflow_call:
65

76
permissions:
87
contents: read
98
pull-requests: read
10-
issues: read
119

1210
jobs:
1311
test-checkout-issue-comment:
14-
# Only run on pull request comments
15-
if: github.event.issue.pull_request != null
16-
name: Test checkout action on issue_comment trigger
12+
name: Checkout action on simulated issue_comment
1713
runs-on: ubuntu-latest
1814
steps:
19-
- name: Arrange - Get PR information
15+
- name: Arrange - Checkout repository
16+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
19+
20+
- name: Arrange - Get PR information for simulation
2021
id: pr-info
2122
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
2223
with:
2324
script: |
25+
const assert = require('node:assert/strict');
26+
const prNumber = 1;
27+
assert.ok(prNumber, 'Could not determine PR number from static test configuration');
28+
2429
const pr = await github.rest.pulls.get({
2530
owner: context.repo.owner,
2631
repo: context.repo.repo,
27-
pull_number: context.issue.number,
32+
pull_number: prNumber,
2833
});
34+
2935
core.setOutput('head-sha', pr.data.head.sha);
3036
core.setOutput('head-ref', pr.data.head.ref);
31-
console.log(`PR Head SHA: ${pr.data.head.sha}`);
32-
console.log(`PR Head Ref: ${pr.data.head.ref}`);
37+
core.setOutput('pr-number', prNumber);
38+
39+
core.info(`PR #${prNumber} Head SHA: ${pr.data.head.sha}`);
40+
core.info(`PR #${prNumber} Head Ref: ${pr.data.head.ref}`);
3341
34-
- name: Act - Checkout using custom checkout action (issue_comment case)
42+
- name: Act - Simulate issue_comment event context and checkout
3543
id: checkout
3644
uses: ./actions/checkout
3745
with:
46+
ref: refs/pull/${{ steps.pr-info.outputs.pr-number }}/head
3847
persist-credentials: true
3948

4049
- name: Assert - Verify correct PR SHA was checked out
@@ -43,59 +52,55 @@ jobs:
4352
EXPECTED_SHA: ${{ steps.pr-info.outputs.head-sha }}
4453
with:
4554
script: |
55+
const assert = require('node:assert/strict');
4656
const { execSync } = require('child_process');
4757
const currentSha = execSync('git rev-parse HEAD').toString().trim();
4858
const expectedSha = process.env.EXPECTED_SHA;
4959
50-
console.log(`Current SHA: ${currentSha}`);
51-
console.log(`Expected PR Head SHA: ${expectedSha}`);
60+
core.info(`Current SHA: ${currentSha}`);
61+
core.info(`Expected PR Head SHA: ${expectedSha}`);
5262
53-
if (currentSha !== expectedSha) {
54-
throw new Error(`Checked out SHA (${currentSha}) does not match PR head SHA (${expectedSha})`);
63+
try {
64+
assert.strictEqual(
65+
currentSha,
66+
expectedSha,
67+
`Checked out SHA (${currentSha}) does not match PR head SHA (${expectedSha})`
68+
);
69+
} catch (error) {
70+
core.setFailed(error.message);
71+
return;
5572
}
5673
57-
console.log('✓ Verified: Checked out correct PR head SHA');
74+
core.info('Verified: Checked out correct PR head SHA');
5875
5976
- name: Assert - Verify not on main branch
6077
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
6178
env:
6279
EXPECTED_BRANCH: ${{ steps.pr-info.outputs.head-ref }}
6380
with:
6481
script: |
82+
const assert = require('node:assert/strict');
6583
const { execSync } = require('child_process');
6684
const currentBranch = execSync('git rev-parse --abbrev-ref HEAD').toString().trim();
6785
const expectedBranch = process.env.EXPECTED_BRANCH;
6886
69-
console.log(`Current branch/ref: ${currentBranch}`);
70-
console.log(`Expected branch: ${expectedBranch}`);
71-
72-
if (['HEAD', 'main', 'master'].includes(currentBranch)) {
73-
throw new Error(`Checked out main/master branch instead of PR branch`);
74-
}
75-
76-
console.log('✓ Verified: Not on main/master branch');
87+
core.info(`Current branch/ref: ${currentBranch}`);
88+
core.info(`Expected branch: ${expectedBranch}`);
7789
78-
- name: Assert - Verify credentials are persisted
79-
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
80-
with:
81-
script: |
82-
const { execSync } = require('child_process');
8390
try {
84-
execSync('git config --local --get-regexp "^url\\.https://.*\\.insteadOf"', { stdio: 'pipe' });
85-
console.log('✓ Verified: Credentials are persisted');
91+
assert.notStrictEqual(currentBranch, 'main', 'Checked out main branch instead of PR branch');
92+
assert.notStrictEqual(currentBranch, 'master', 'Checked out master branch instead of PR branch');
93+
assert.ok(
94+
currentBranch === 'HEAD' || currentBranch === expectedBranch,
95+
`Checked out unexpected ref ${currentBranch}; expected HEAD or ${expectedBranch}`
96+
);
8697
} catch (error) {
87-
console.log('WARNING: Token credentials appear not to be persisted');
88-
console.log('This may be expected depending on GitHub token availability in issue_comment context');
98+
core.setFailed(error.message);
99+
return;
89100
}
90101
91-
- name: Info - Display checkout details
92-
if: always()
93-
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
94-
with:
95-
script: |
96-
const { execSync } = require('child_process');
97-
console.log('=== Git Status ===');
98-
console.log(execSync('git status').toString());
99-
console.log('');
100-
console.log('=== Git Log (last 3 commits) ===');
101-
console.log(execSync('git log --oneline -3').toString());
102+
if (currentBranch === 'HEAD') {
103+
core.warning('Repository is in detached HEAD state; this is expected when checking out refs/pull/<n>/head.');
104+
}
105+
106+
core.info('Verified: Not on main/master branch');

.github/workflows/__test-action-checkout.yml

Lines changed: 35 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -22,16 +22,13 @@ jobs:
2222
uses: ./actions/checkout
2323

2424
- name: Assert - Verify repository is checked out
25-
run: |
26-
if [ ! -d ".git" ]; then
27-
echo "Repository .git directory is missing"
28-
exit 1
29-
fi
30-
31-
if [ ! -f "README.md" ]; then
32-
echo "README.md is missing"
33-
exit 1
34-
fi
25+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
26+
with:
27+
script: |
28+
const assert = require('node:assert/strict');
29+
const { existsSync } = require('node:fs');
30+
assert.ok(existsSync('.git'), 'Repository .git directory is missing');
31+
assert.ok(existsSync('README.md'), 'README.md is missing');
3532
3633
- name: Act - Run custom checkout action with fetch-depth 0
3734
id: custom-checkout-full-history
@@ -40,13 +37,13 @@ jobs:
4037
fetch-depth: "0"
4138

4239
- name: Assert - Verify full history is fetched
43-
run: |
44-
# Check that we have commits by counting them
45-
commit_count=$(git rev-list --count HEAD)
46-
if [ "$commit_count" -lt 1 ]; then
47-
echo "No commits found in repository"
48-
exit 1
49-
fi
40+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
41+
with:
42+
script: |
43+
const assert = require('node:assert/strict');
44+
const { execSync } = require('child_process');
45+
const commitCount = Number.parseInt(execSync('git rev-list --count HEAD').toString().trim(), 10);
46+
assert.ok(commitCount >= 1, 'No commits found in repository');
5047
5148
- name: Act - Run custom checkout action with LFS disabled (default)
5249
id: custom-checkout-no-lfs
@@ -55,16 +52,26 @@ jobs:
5552
lfs: "false"
5653

5754
- name: Assert - Verify checkout succeeded
58-
run: |
59-
if [ ! -f "action.yml" ]; then
60-
echo "action.yml is missing after checkout"
61-
exit 1
62-
fi
55+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
56+
with:
57+
script: |
58+
const assert = require('node:assert/strict');
59+
const { existsSync } = require('node:fs');
60+
assert.ok(existsSync('action.yml'), 'action.yml is missing after checkout');
6361
6462
- name: Assert - Verify token is not persisted by default
65-
run: |
66-
# When persist-credentials is false, the git config should not have insteadOf
67-
if git config --local --get url.https://github.com/.insteadOf 2>/dev/null; then
68-
echo "Token credentials were persisted when they should not have been"
69-
exit 1
70-
fi
63+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
64+
with:
65+
script: |
66+
const assert = require('node:assert/strict');
67+
const { execSync } = require('child_process');
68+
69+
let persisted = false;
70+
try {
71+
execSync('git config --local --get url.https://github.com/.insteadOf', { stdio: 'pipe' });
72+
persisted = true;
73+
} catch {
74+
persisted = false;
75+
}
76+
77+
assert.equal(persisted, false, 'Token credentials were persisted when they should not have been');

.github/workflows/__test-action-get-github-actions-bot-user.yml

Lines changed: 20 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -21,16 +21,27 @@ jobs:
2121
uses: ./actions/get-github-actions-bot-user
2222

2323
- name: Assert - Check get-github-actions-bot-user outputs
24+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
2425
env:
2526
STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_NAME: ${{ steps.get-github-actions-bot-user.outputs.name }}
2627
STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_EMAIL: ${{ steps.get-github-actions-bot-user.outputs.email }}
27-
run: |
28-
if [ "${STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_NAME}" != 'github-actions[bot]' ]; then
29-
echo "get-github-actions-bot-user output name is not valid"
30-
exit 1
31-
fi
28+
with:
29+
script: |
30+
const assert = require('node:assert/strict');
31+
const outputName = process.env.STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_NAME;
32+
const outputEmail = process.env.STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_EMAIL;
33+
34+
core.info(`Output name: ${outputName}`);
35+
core.info(`Output email: ${outputEmail}`);
3236
33-
if [ "${STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_EMAIL}" != '41898282+github-actions[bot]@users.noreply.github.com' ]; then
34-
echo "get-github-actions-bot-user output email is not valid"
35-
exit 1
36-
fi
37+
try {
38+
assert.strictEqual(outputName, 'github-actions[bot]', 'get-github-actions-bot-user output name is not valid');
39+
assert.strictEqual(
40+
outputEmail,
41+
'41898282+github-actions[bot]@users.noreply.github.com',
42+
'get-github-actions-bot-user output email is not valid'
43+
);
44+
} catch (error) {
45+
core.setFailed(error.message);
46+
return;
47+
}

.github/workflows/__test-action-get-issue-number.yml

Lines changed: 27 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -22,22 +22,35 @@ jobs:
2222
uses: ./actions/get-issue-number
2323

2424
- name: Assert - Check get-issue-number behavior by event type
25+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
2526
env:
27+
EVENT_NAME: ${{ github.event_name }}
2628
STEPS_GET_ISSUE_NUMBER_OUTCOME: ${{ steps.get-issue-number.outcome }}
2729
STEPS_GET_ISSUE_NUMBER_OUTPUTS_ISSUE_NUMBER: ${{ steps.get-issue-number.outputs.issue-number }}
2830
EXPECTED_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
29-
run: |
30-
if [ "${GITHUB_EVENT_NAME}" = 'pull_request' ]; then
31-
if [ "${STEPS_GET_ISSUE_NUMBER_OUTCOME}" != 'success' ]; then
32-
echo "get-issue-number should succeed for pull_request events"
33-
exit 1
34-
fi
31+
with:
32+
script: |
33+
const assert = require('node:assert/strict');
34+
const eventName = process.env.EVENT_NAME;
35+
const outcome = process.env.STEPS_GET_ISSUE_NUMBER_OUTCOME;
36+
const issueNumber = process.env.STEPS_GET_ISSUE_NUMBER_OUTPUTS_ISSUE_NUMBER;
37+
const expectedPrNumber = process.env.EXPECTED_PULL_REQUEST_NUMBER;
38+
39+
core.info(`Event name: ${eventName}`);
40+
core.info(`Action outcome: ${outcome}`);
3541
36-
if [ "${STEPS_GET_ISSUE_NUMBER_OUTPUTS_ISSUE_NUMBER}" != "${EXPECTED_PULL_REQUEST_NUMBER}" ]; then
37-
echo "get-issue-number output is not valid for pull_request events"
38-
exit 1
39-
fi
40-
elif [ "${STEPS_GET_ISSUE_NUMBER_OUTCOME}" != 'failure' ]; then
41-
echo "get-issue-number should fail when event is not pull_request"
42-
exit 1
43-
fi
42+
try {
43+
if (eventName === 'pull_request') {
44+
assert.strictEqual(outcome, 'success', 'get-issue-number should succeed for pull_request events');
45+
assert.strictEqual(
46+
issueNumber,
47+
expectedPrNumber,
48+
'get-issue-number output is not valid for pull_request events'
49+
);
50+
} else {
51+
assert.strictEqual(outcome, 'failure', 'get-issue-number should fail when event is not pull_request');
52+
}
53+
} catch (error) {
54+
core.setFailed(error.message);
55+
return;
56+
}

0 commit comments

Comments
 (0)