Merge 6b8be4cb30 into 900f2210b1

fix: expand merge commit SHA regex and add SHA-256 test cases (#2414 )
* fix: expand merge commit SHA regex and add SHA-256 test cases Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: add checkCommitInfo SHA coverage Add checkCommitInfo tests for SHA-1 and SHA-256 merge messages and reject invalid 50-character hex merge heads.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * style: fix Prettier formatting in test and source files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-13 16:38:07 +00:00 · 2026-05-07 14:41:50 +02:00 · 2026-05-04 13:30:55 -04:00 · 2024-02-19 19:28:53 +02:00 · 2024-02-19 18:24:39 +02:00 · 2024-02-19 18:20:02 +02:00
10 changed files with 236 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -63,6 +63,11 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
    # Otherwise, uses the default branch.
    ref: ''

+    # Indicates whether to checkout the default repository branch if the requested ref
+    # does not exist
+    # Default: false
+    default-branch-checkout: ''
+
    # Personal access token (PAT) used to fetch the repository. The PAT is configured
    # with the local git config, which enables your scripts to run authenticated git
    # commands. The post-job step removes the PAT.
--- a/test/git-auth-helper.test.ts
+++ b/test/git-auth-helper.test.ts
@ -1164,6 +1164,7 @@ async function setup(testName: string): Promise<void> {
    nestedSubmodules: false,
    persistCredentials: true,
    ref: 'refs/heads/main',
+    defaultBranchCheckout: false,
    repositoryName: 'my-repo',
    repositoryOwner: 'my-org',
    repositoryPath: '',
--- a/test/input-helper.test.ts
+++ b/test/input-helper.test.ts
@ -80,6 +80,7 @@ describe('input-helper tests', () => {
    expect(settings.commit).toBeTruthy()
    expect(settings.commit).toBe('1234567890123456789012345678901234567890')
    expect(settings.filter).toBe(undefined)
+    expect(settings.defaultBranchCheckout).toBe(false)
    expect(settings.sparseCheckout).toBe(undefined)
    expect(settings.sparseCheckoutConeMode).toBe(true)
    expect(settings.fetchDepth).toBe(1)
@ -133,6 +134,16 @@ describe('input-helper tests', () => {
    expect(settings.commit).toBe('1111111111222222222233333333334444444444')
  })

+  it('sets ref to empty when explicit sha-256', async () => {
+    inputs.ref =
+      '1111111111222222222233333333334444444444555555555566666666667777'
+    const settings: IGitSourceSettings = await inputHelper.getInputs()
+    expect(settings.ref).toBeFalsy()
+    expect(settings.commit).toBe(
+      '1111111111222222222233333333334444444444555555555566666666667777'
+    )
+  })
+
  it('sets sha to empty when explicit ref', async () => {
    inputs.ref = 'refs/heads/some-other-ref'
    const settings: IGitSourceSettings = await inputHelper.getInputs()
--- a/test/ref-helper.test.ts
+++ b/test/ref-helper.test.ts
@ -1,8 +1,12 @@
 import * as assert from 'assert'
+import * as core from '@actions/core'
+import * as github from '@actions/github'
 import * as refHelper from '../lib/ref-helper'
 import {IGitCommandManager} from '../lib/git-command-manager'

 const commit = '1234567890123456789012345678901234567890'
+const sha256Commit =
+  '1234567890123456789012345678901234567890123456789012345678901234'
 let git: IGitCommandManager

 describe('ref-helper tests', () => {
@ -37,6 +41,12 @@ describe('ref-helper tests', () => {
    expect(checkoutInfo.startPoint).toBeFalsy()
  })

+  it('getCheckoutInfo sha-256 only', async () => {
+    const checkoutInfo = await refHelper.getCheckoutInfo(git, '', sha256Commit)
+    expect(checkoutInfo.ref).toBe(sha256Commit)
+    expect(checkoutInfo.startPoint).toBeFalsy()
+  })
+
  it('getCheckoutInfo refs/heads/', async () => {
    const checkoutInfo = await refHelper.getCheckoutInfo(
      git,
@ -227,4 +237,142 @@ describe('ref-helper tests', () => {
      '+refs/heads/my/branch:refs/remotes/origin/my/branch'
    )
  })
+
+  describe('checkCommitInfo', () => {
+    const repositoryOwner = 'some-owner'
+    const repositoryName = 'some-repo'
+    const ref = 'refs/pull/123/merge'
+    const sha1Head = '1111111111222222222233333333334444444444'
+    const sha1Base = 'aaaaaaaaaabbbbbbbbbbccccccccccdddddddddd'
+    const sha256Head =
+      '1111111111222222222233333333334444444444555555555566666666667777'
+    const sha256Base =
+      'aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeeeffffffffff0000'
+    let debugSpy: jest.SpyInstance
+    let getOctokitSpy: jest.SpyInstance
+    let repoGetSpy: jest.Mock
+    let originalEventName: string
+    let originalPayload: unknown
+    let originalRef: string
+    let originalSha: string
+
+    function setPullRequestContext(
+      expectedHeadSha: string,
+      expectedBaseSha: string,
+      mergeCommit: string
+    ): void {
+      ;(github.context as any).eventName = 'pull_request'
+      github.context.ref = ref
+      github.context.sha = mergeCommit
+      ;(github.context as any).payload = {
+        action: 'synchronize',
+        after: expectedHeadSha,
+        number: 123,
+        pull_request: {
+          base: {
+            sha: expectedBaseSha
+          }
+        },
+        repository: {
+          private: false
+        }
+      }
+    }
+
+    beforeEach(() => {
+      originalEventName = github.context.eventName
+      originalPayload = github.context.payload
+      originalRef = github.context.ref
+      originalSha = github.context.sha
+
+      jest.spyOn(github.context, 'repo', 'get').mockReturnValue({
+        owner: repositoryOwner,
+        repo: repositoryName
+      })
+      debugSpy = jest.spyOn(core, 'debug').mockImplementation(jest.fn())
+      repoGetSpy = jest.fn(async () => ({}))
+      getOctokitSpy = jest.spyOn(github, 'getOctokit').mockReturnValue({
+        rest: {
+          repos: {
+            get: repoGetSpy
+          }
+        }
+      } as any)
+    })
+
+    afterEach(() => {
+      ;(github.context as any).eventName = originalEventName
+      ;(github.context as any).payload = originalPayload
+      github.context.ref = originalRef
+      github.context.sha = originalSha
+      jest.restoreAllMocks()
+    })
+
+    it('returns early for SHA-1 merge commit', async () => {
+      setPullRequestContext(sha1Head, sha1Base, commit)
+
+      await refHelper.checkCommitInfo(
+        'token',
+        `Merge ${sha1Head} into ${sha1Base}`,
+        repositoryOwner,
+        repositoryName,
+        ref,
+        commit
+      )
+
+      expect(getOctokitSpy).not.toHaveBeenCalled()
+      expect(repoGetSpy).not.toHaveBeenCalled()
+    })
+
+    it('matches SHA-256 merge commit info', async () => {
+      const actualHeadSha =
+        '9999999999888888888877777777776666666666555555555544444444443333'
+      setPullRequestContext(sha256Head, sha256Base, sha256Commit)
+
+      await refHelper.checkCommitInfo(
+        'token',
+        `Merge ${actualHeadSha} into ${sha256Base}`,
+        repositoryOwner,
+        repositoryName,
+        ref,
+        sha256Commit
+      )
+
+      expect(getOctokitSpy).toHaveBeenCalledWith(
+        'token',
+        expect.objectContaining({
+          userAgent: expect.stringContaining(
+            `expected_head_sha=${sha256Head};actual_head_sha=${actualHeadSha}`
+          )
+        })
+      )
+      expect(repoGetSpy).toHaveBeenCalledWith({
+        owner: repositoryOwner,
+        repo: repositoryName
+      })
+      expect(debugSpy).toHaveBeenCalledWith(
+        `Expected head sha ${sha256Head}; actual head sha ${actualHeadSha}`
+      )
+      expect(debugSpy).not.toHaveBeenCalledWith('Unexpected message format')
+    })
+
+    it('does not match 50-char hex as a valid merge', async () => {
+      const invalidHeadSha =
+        '99999999998888888888777777777766666666665555555555'
+      setPullRequestContext(sha1Head, sha1Base, commit)
+
+      await refHelper.checkCommitInfo(
+        'token',
+        `Merge ${invalidHeadSha} into ${sha1Base}`,
+        repositoryOwner,
+        repositoryName,
+        ref,
+        commit
+      )
+
+      expect(getOctokitSpy).not.toHaveBeenCalled()
+      expect(repoGetSpy).not.toHaveBeenCalled()
+      expect(debugSpy).toHaveBeenCalledWith('Unexpected message format')
+    })
+  })
 })
--- a/action.yml
+++ b/action.yml
@ -9,6 +9,9 @@ inputs:
      The branch, tag or SHA to checkout. When checking out the repository that
      triggered a workflow, this defaults to the reference or SHA for that
      event.  Otherwise, uses the default branch.
+  default-branch-checkout:
+    description: 'Indicates whether to checkout the default repository branch if the requested ref does not exist'
+    default: false
  token:
    description: >
      Personal access token (PAT) used to fetch the repository. The PAT is configured
--- a/dist/index.js
+++ b/dist/index.js
@ -1529,7 +1529,7 @@ function getSource(settings) {
            else if (settings.sparseCheckout) {
                fetchOptions.filter = 'blob:none';
            }
-            if (settings.fetchDepth <= 0) {
+            if (settings.fetchDepth <= 0 || settings.defaultBranchCheckout) {
                // Fetch all branches and tags
                let refSpec = refHelper.getRefSpecForAllHistory(settings.ref, settings.commit);
                yield git.fetch(refSpec, fetchOptions);
@ -1562,7 +1562,22 @@ function getSource(settings) {
            core.endGroup();
            // Checkout info
            core.startGroup('Determining the checkout info');
-            const checkoutInfo = yield refHelper.getCheckoutInfo(git, settings.ref, settings.commit);
+            let checkoutInfo;
+            try {
+                checkoutInfo = yield refHelper.getCheckoutInfo(git, settings.ref, settings.commit);
+            }
+            catch (error) {
+                if (settings.defaultBranchCheckout) {
+                    core.info('Could not determine the checkout info. Trying the default repository branch');
+                    const repositoryDefaultBranch = settings.sshKey
+                        ? yield git.getDefaultBranch(repositoryUrl)
+                        : yield githubApiHelper.getDefaultBranch(settings.authToken, settings.repositoryOwner, settings.repositoryName);
+                    checkoutInfo = yield refHelper.getCheckoutInfo(git, repositoryDefaultBranch, settings.commit);
+                }
+                else {
+                    throw error;
+                }
+            }
            core.endGroup();
            // LFS fetch
            // Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
@ -2021,12 +2036,17 @@ function getInputs() {
            }
        }
        // SHA?
-        else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
+        else if (result.ref.match(/^(?:[0-9a-fA-F]{40}|[0-9a-fA-F]{64})$/)) {
            result.commit = result.ref;
            result.ref = '';
        }
        core.debug(`ref = '${result.ref}'`);
        core.debug(`commit = '${result.commit}'`);
+        // Default branch checkout
+        result.defaultBranchCheckout =
+            (core.getInput('default-branch-checkout') || 'false').toUpperCase() ===
+                'TRUE';
+        core.debug(`default-branch-checkout = '${result.defaultBranchCheckout}'`);
        // Clean
        result.clean = (core.getInput('clean') || 'true').toUpperCase() === 'TRUE';
        core.debug(`clean = ${result.clean}`);
@ -2444,7 +2464,7 @@ function checkCommitInfo(token, commitInfo, repositoryOwner, repositoryName, ref
                return;
            }
            // Extract details from message
-            const match = commitInfo.match(/Merge ([0-9a-f]{40}) into ([0-9a-f]{40})/);
+            const match = commitInfo.match(/Merge ([0-9a-f]{40}|[0-9a-f]{64}) into ([0-9a-f]{40}|[0-9a-f]{64})/);
            if (!match) {
                core.debug('Unexpected message format');
                return;
--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@ -168,7 +168,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
      fetchOptions.filter = 'blob:none'
    }

-    if (settings.fetchDepth <= 0) {
+    if (settings.fetchDepth <= 0 || settings.defaultBranchCheckout) {
      // Fetch all branches and tags
      let refSpec = refHelper.getRefSpecForAllHistory(
        settings.ref,
@ -215,11 +215,34 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {

    // Checkout info
    core.startGroup('Determining the checkout info')
-    const checkoutInfo = await refHelper.getCheckoutInfo(
-      git,
-      settings.ref,
-      settings.commit
-    )
+    let checkoutInfo: refHelper.ICheckoutInfo
+    try {
+      checkoutInfo = await refHelper.getCheckoutInfo(
+        git,
+        settings.ref,
+        settings.commit
+      )
+    } catch (error) {
+      if (settings.defaultBranchCheckout) {
+        core.info(
+          'Could not determine the checkout info. Trying the default repository branch'
+        )
+        const repositoryDefaultBranch = settings.sshKey
+          ? await git.getDefaultBranch(repositoryUrl)
+          : await githubApiHelper.getDefaultBranch(
+              settings.authToken,
+              settings.repositoryOwner,
+              settings.repositoryName
+            )
+        checkoutInfo = await refHelper.getCheckoutInfo(
+          git,
+          repositoryDefaultBranch,
+          settings.commit
+        )
+      } else {
+        throw error
+      }
+    }
    core.endGroup()

    // LFS fetch
--- a/src/git-source-settings.ts
+++ b/src/git-source-settings.ts
@ -19,6 +19,11 @@ export interface IGitSourceSettings {
   */
  ref: string

+  /**
+   * Indicates whether to checkout the default repository branch if the requested ref does not exist
+   */
+  defaultBranchCheckout: boolean
+
  /**
   * The commit to checkout
   */
--- a/src/input-helper.ts
+++ b/src/input-helper.ts
@ -71,13 +71,19 @@ export async function getInputs(): Promise<IGitSourceSettings> {
    }
  }
  // SHA?
-  else if (result.ref.match(/^[0-9a-fA-F]{40}$/)) {
+  else if (result.ref.match(/^(?:[0-9a-fA-F]{40}|[0-9a-fA-F]{64})$/)) {
    result.commit = result.ref
    result.ref = ''
  }
  core.debug(`ref = '${result.ref}'`)
  core.debug(`commit = '${result.commit}'`)

+  // Default branch checkout
+  result.defaultBranchCheckout =
+    (core.getInput('default-branch-checkout') || 'false').toUpperCase() ===
+    'TRUE'
+  core.debug(`default-branch-checkout = '${result.defaultBranchCheckout}'`)
+
  // Clean
  result.clean = (core.getInput('clean') || 'true').toUpperCase() === 'TRUE'
  core.debug(`clean = ${result.clean}`)
--- a/src/ref-helper.ts
+++ b/src/ref-helper.ts
@ -258,7 +258,9 @@ export async function checkCommitInfo(
    }

    // Extract details from message
-    const match = commitInfo.match(/Merge ([0-9a-f]{40}) into ([0-9a-f]{40})/)
+    const match = commitInfo.match(
+      /Merge ([0-9a-f]{40}|[0-9a-f]{64}) into ([0-9a-f]{40}|[0-9a-f]{64})/
+    )
    if (!match) {
      core.debug('Unexpected message format')
      return
Author	SHA1	Message	Date
Alexander Cranga	d00c4ca496	Merge `6b8be4cb30` into `900f2210b1`	2026-05-07 14:41:50 +02:00
Yashwanth Anantharaju	900f2210b1	fix: expand merge commit SHA regex and add SHA-256 test cases (#2414 ) Some checks failed Check dist / check-dist (push) Has been cancelled Details CodeQL / Analyze (javascript) (push) Has been cancelled Details Licensed / Check licenses (push) Has been cancelled Details Build and Test / build (push) Has been cancelled Details Build and Test / test (macos-latest) (push) Has been cancelled Details Build and Test / test (ubuntu-latest) (push) Has been cancelled Details Build and Test / test (windows-latest) (push) Has been cancelled Details Build and Test / test-proxy (push) Has been cancelled Details Build and Test / test-bypass-proxy (push) Has been cancelled Details Build and Test / test-git-container (push) Has been cancelled Details Build and Test / test-output (push) Has been cancelled Details * fix: expand merge commit SHA regex and add SHA-256 test cases Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: add checkCommitInfo SHA coverage Add checkCommitInfo tests for SHA-1 and SHA-256 merge messages and reject invalid 50-character hex merge heads.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * style: fix Prettier formatting in test and source files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-05-04 13:30:55 -04:00
alexanderkranga	6b8be4cb30	Add a test	2024-02-19 19:28:53 +02:00
alexanderkranga	47b9382799	update action.yml and readme	2024-02-19 18:24:39 +02:00
alexanderkranga	5bbdf118df	Default branch checkout option	2024-02-19 18:20:02 +02:00
alexanderkranga	e72243fb91	add our feature	2024-02-06 15:30:36 +02:00