Prep Release v4.1.4 (#1704 )

* Update package.json and package-lock.json to reflect v4.1.4 * Update CHANGELOG
Disable extensions.worktreeConfig when disabling sparse-checkout (#1692 )
2025-07-03 08:30:46 +02:00 · 2024-04-24 15:29:05 +02:00 · 2024-04-23 22:07:43 +02:00 · 2024-04-23 13:14:23 -04:00 · 2024-04-23 13:02:51 -04:00 · 2024-04-23 12:52:06 +02:00
9 changed files with 63 additions and 14 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,20 @@
+---
+version: 2
+
+updates:
+- package-ecosystem: "npm"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  groups:
+    minor-npm-dependencies:
+      # NPM: Only group minor and patch updates (we want to carefully review major updates)
+      update-types: [minor, patch]
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  groups:
+    minor-actions-dependencies:
+      # GitHub Actions: Only group minor and patch updates (we want to carefully review major updates)
+      update-types: [minor, patch]
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -8,7 +8,7 @@ on:
      - releases/*


-# Note that when you see patterns like "ref: test-data/v2/basic" within this workflow, 
+# Note that when you see patterns like "ref: test-data/v2/basic" within this workflow,
 # these refer to "test-data" branches on this actions/checkout repo.
 # (For example, test-data/v2/basic -> https://github.com/actions/checkout/tree/test-data/v2/basic)

@ -37,7 +37,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.1

      # Basic checkout
      - name: Checkout basic
@ -257,7 +257,7 @@ jobs:
          path: basic
      - name: Verify basic
        run: __test__/verify-basic.sh --archive
-    
+
  test-git-container:
    runs-on: ubuntu-latest
    container: bitnami/git:latest
--- a/.github/workflows/update-test-ubuntu-git.yml
+++ b/.github/workflows/update-test-ubuntu-git.yml
@ -31,7 +31,7 @@ jobs:
      # Use `docker/login-action` to log in to GHCR.io. 
      # Once published, the packages are scoped to the account defined here.
      - name: Log in to the ghcr.io container registry
-        uses: docker/login-action@v3.0.0
+        uses: docker/login-action@v3.1.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@ -48,7 +48,7 @@ jobs:

      # Use `docker/build-push-action` to build (and optionally publish) the image. 
      - name: Build Docker Image (with optional Push)
-        uses: docker/build-push-action@v5.1.0
+        uses: docker/build-push-action@v5.3.0
        with:
          context: .
          file: images/test-ubuntu-git.Dockerfile
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,16 @@
 # Changelog

+## v4.1.4
+- Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by @jww3 in https://github.com/actions/checkout/pull/1692
+- Add dependabot config by @cory-miller in https://github.com/actions/checkout/pull/1688
+- Bump the minor-actions-dependencies group with 2 updates by @dependabot in https://github.com/actions/checkout/pull/1693
+- Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in https://github.com/actions/checkout/pull/1643
+
+## v4.1.3
+- Check git version before attempting to disable `sparse-checkout` by @jww3 in https://github.com/actions/checkout/pull/1656
+- Add SSH user parameter by @cory-miller in https://github.com/actions/checkout/pull/1685
+- Update `actions/checkout` version in `update-main-version.yml` by @jww3 in https://github.com/actions/checkout/pull/1650
+
 ## v4.1.2
 - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present @dscho in https://github.com/actions/checkout/pull/1598

--- a/test/verify-basic.sh
+++ b/test/verify-basic.sh
@ -18,6 +18,20 @@ else
    exit 1
  fi

+  # Verify that sparse-checkout is disabled.
+  SPARSE_CHECKOUT_ENABLED=$(git -C ./basic config --local --get-all core.sparseCheckout)
+  if [ "$SPARSE_CHECKOUT_ENABLED" != "" ]; then
+    echo "Expected sparse-checkout to be disabled (discovered: $SPARSE_CHECKOUT_ENABLED)"
+    exit 1
+  fi
+
+  # Verify git configuration shows worktreeConfig is effectively disabled
+  WORKTREE_CONFIG_ENABLED=$(git -C ./basic config --local --get-all extensions.worktreeConfig)
+  if [[ "$WORKTREE_CONFIG_ENABLED" != "" ]]; then
+    echo "Expected extensions.worktreeConfig (boolean) to be disabled in git config.  This could be an artifact of sparse checkout functionality."
+    exit 1
+  fi
+
  # Verify auth token
  cd basic
  git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
--- a/dist/index.js
+++ b/dist/index.js
@ -582,6 +582,8 @@ class GitCommandManager {
    disableSparseCheckout() {
        return __awaiter(this, void 0, void 0, function* () {
            yield this.execGit(['sparse-checkout', 'disable']);
+            // Disabling 'sparse-checkout` leaves behind an undesirable side-effect in config (even in a pristine environment).
+            yield this.tryConfigUnset('extensions.worktreeConfig', false);
        });
    }
    sparseCheckout(sparseCheckout) {
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "checkout",
-  "version": "4.1.3",
+  "version": "4.1.4",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "checkout",
-      "version": "4.1.3",
+      "version": "4.1.4",
      "license": "MIT",
      "dependencies": {
        "@actions/core": "^1.10.0",
@ -9129,9 +9129,9 @@
      }
    },
    "node_modules/word-wrap": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
-      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
+      "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
@ -16055,9 +16055,9 @@
      }
    },
    "word-wrap": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
-      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
+      "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==",
      "dev": true
    },
    "wrap-ansi": {
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "checkout",
-  "version": "4.1.3",
+  "version": "4.1.4",
  "description": "checkout action",
  "main": "lib/main.js",
  "scripts": {
--- a/src/git-command-manager.ts
+++ b/src/git-command-manager.ts
@ -178,6 +178,8 @@ class GitCommandManager {

  async disableSparseCheckout(): Promise<void> {
    await this.execGit(['sparse-checkout', 'disable'])
+    // Disabling 'sparse-checkout` leaves behind an undesirable side-effect in config (even in a pristine environment).
+    await this.tryConfigUnset('extensions.worktreeConfig', false)
  }

  async sparseCheckout(sparseCheckout: string[]): Promise<void> {
Author	SHA1	Message	Date
John Wesley Walker III	0ad4b8fada	Prep Release v4.1.4 (#1704 ) * Update package.json and package-lock.json to reflect v4.1.4 * Update CHANGELOG	2024-04-24 15:29:05 +02:00
John Wesley Walker III	43045ae669	Disable `extensions.worktreeConfig` when disabling `sparse-checkout` (#1692 )	2024-04-23 22:07:43 +02:00
dependabot[bot]	37b082107b	Bump the minor-actions-dependencies group with 2 updates (#1693 ) Bumps the minor-actions-dependencies group with 2 updates: [docker/login-action](https://github.com/docker/login-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `docker/login-action` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3.0.0...v3.1.0) Updates `docker/build-push-action` from 5.1.0 to 5.3.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5.1.0...v5.3.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-actions-dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-actions-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-23 13:14:23 -04:00
Cory Miller	9839dc14a0	Add dependabot config (#1688 ) * Add dependabot config * Group minor and patch updates for NPM and GH Actions	2024-04-23 13:02:51 -04:00
dependabot[bot]	9b4c13b0bf	Bump word-wrap from 1.2.3 to 1.2.5 (#1643 ) Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.5. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.5) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-23 12:52:06 +02:00