--- name: Checkout Variants (C1) # Reusable workflow invoked by caller job c1 in 00-suite-runner.yml. # Probes actions/checkout@v4 across its input matrix: default, fetch-depth, # lfs, ref (tag), path, sparse-checkout cone mode, persist-credentials # (true/false, with a non-vacuous assertion that the embedded credential # token differs between the two), and an optional submodule checkout gated # on a workflow_call input. on: workflow_call ONLY (no push/pull_request). on: push: workflow_dispatch: inputs: usesubmodule: description: Set to "true" to enable the submodule checkout test. required: false type: string default: 'false' permissions: contents: read jobs: checkout-variants: runs-on: ubuntu-24.04 steps: # --- default checkout: get repo + assert library --- - name: checkout-default uses: actions/checkout@v4 - name: default-assert run: | source lib/assert.sh cp lib/assert.sh "$RUNNER_TEMP/assert.sh" assert_exists lib/assert.sh # --- fetch-depth: 0 (full history) --- - name: checkout-full-history uses: actions/checkout@v4 with: fetch-depth: 0 - name: full-history-assert run: | source "$RUNNER_TEMP/assert.sh" count=$(git rev-list --count HEAD) is_gt1=false if [ "$count" -ge 1 ]; then is_gt1=true; fi assert_eq "$is_gt1" true "fetch-depth:0 sees full history ($count commits, >=1)" # --- lfs: true (conditional on git lfs availability) --- - name: checkout-lfs uses: actions/checkout@v4 with: lfs: true - name: lfs-assert run: | source "$RUNNER_TEMP/assert.sh" if ! git lfs version >/dev/null 2>&1; then echo "SKIP: git lfs not available (documented skip)" else assert_exists test.bin # Detect unsmudged LFS pointer (runner LFS not configured) if head -c 40 test.bin | grep -q 'version https://git-lfs'; then echo "SKIP: test.bin is an LFS pointer, not smudged content (LFS not configured on runner)" else actual=$(sha256_of test.bin) expected=$(cat fixtures/test.bin.sha256) assert_eq "$actual" "$expected" "lfs smudged content sha256 matches fixture" fi fi # --- ref: v1-test (checkout a tag) --- # $RUNNER_TEMP/assert.sh copy is essential here: commit 36469e7 (v1-test) # predates lib/assert.sh, so the file is absent at this ref. - name: checkout-ref-tag uses: actions/checkout@v4 with: ref: v1-test - name: ref-tag-assert run: | source "$RUNNER_TEMP/assert.sh" tag=$(git describe --tags --exact-match 2>/dev/null) assert_eq "$tag" v1-test "checked out tag is v1-test" # --- path: sub (checkout into a subdirectory) --- - name: checkout-path-sub uses: actions/checkout@v4 with: path: sub - name: path-sub-assert run: | source "$RUNNER_TEMP/assert.sh" assert_exists sub/test.bin # --- sparse-checkout cone mode --- - name: checkout-sparse-cone uses: actions/checkout@v4 with: sparse-checkout: | sparse-cone/keep sparse-checkout-cone-mode: true - name: sparse-cone-assert run: | source "$RUNNER_TEMP/assert.sh" assert_exists sparse-cone/keep/marker assert_not_exists sparse-cone/skip/marker # --- persist-credentials: true (separate path to avoid interference) --- - name: checkout-persist-true uses: actions/checkout@v4 with: persist-credentials: true path: pc-true - name: persist-true-capture run: | source "$RUNNER_TEMP/assert.sh" url=$(git -C pc-true config --local remote.origin.url) printf '%s\n' "$url" > "$RUNNER_TEMP/url_true.txt" # --- persist-credentials: false (separate path) --- - name: checkout-persist-false uses: actions/checkout@v4 with: persist-credentials: false path: pc-false - name: persist-credentials-assert run: | source "$RUNNER_TEMP/assert.sh" url_true=$(git -C pc-true config --local remote.origin.url) url_false=$(git -C pc-false config --local remote.origin.url) # Gitea stores creds in http.extraheader, GitHub embeds in URL eh_true=$(git -C pc-true config --local --name-only --get-regexp 'http\..*\.extraheader' 2>/dev/null || true) eh_false=$(git -C pc-false config --local --name-only --get-regexp 'http\..*\.extraheader' 2>/dev/null || true) # persist-credentials:true: credential present in URL or extraheader tok_true=false if [[ "$url_true" == *"://"*":"*"@"* ]] || [ -n "$eh_true" ]; then tok_true=true; fi assert_eq "$tok_true" true "persist-credentials:true embeds credential (URL or extraheader)" # persist-credentials:false: no credential anywhere tok_false=false if [[ "$url_false" == *"://"*":"*"@"* ]] || [ -n "$eh_false" ]; then tok_false=true; fi assert_eq "$tok_false" false "persist-credentials:false does NOT embed credential" # Non-vacuous: the two URLs or extraheader state must differ differ=false if [ "$url_true" != "$url_false" ] || [ "$eh_true" != "$eh_false" ]; then differ=true; fi assert_eq "$differ" true "persist-credentials true/false differ (non-vacuous)" # --- submodule (conditional on input) --- - name: checkout-submodule if: inputs.usesubmodule == 'true' uses: actions/checkout@v4 with: submodules: true - name: submodule-assert if: inputs.usesubmodule == 'true' run: | source "$RUNNER_TEMP/assert.sh" assert_exists lib/assert.sh - name: submodule-skip if: inputs.usesubmodule != 'true' run: | echo "SKIP: submodule test is conditional (set workflow_call input usesubmodule=true to enable)"