Update tests

CHANGELOG.md

@@ -1,9 +1,5 @@
 # Changelog
 
-## v3.6.0
-- [Fix: Mark test scripts with Bash'isms to be run via Bash](https://github.com/actions/checkout/pull/1377)
-- [Add option to fetch tags even if fetch-depth > 0](https://github.com/actions/checkout/pull/579)
-
 ## v3.5.3
 - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://github.com/actions/checkout/pull/1196)
 - [Fix typos found by codespell](https://github.com/actions/checkout/pull/1287)

README.md

@@ -87,10 +87,6 @@ When Git 2.18 or higher is not in your PATH, falls back to the REST API to downl
     # Default: 1
     fetch-depth: ''
 
-    # Whether to fetch tags, even if fetch-depth > 0.
-    # Default: false
-    fetch-tags: ''
-
     # Whether to download Git-LFS files
     # Default: false
     lfs: ''

__test__/git-auth-helper.test.ts

@@ -94,11 +94,11 @@ describe('git-auth-helper tests', () => {
       `x-access-token:${settings.authToken}`,
       'utf8'
     ).toString('base64')
-    expect(
-      configContent.indexOf(
-        `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
-      )
-    ).toBeGreaterThanOrEqual(0)
+    // expect(
+    //   configContent.indexOf(
+    //     `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
+    //   )
+    // ).toBeGreaterThanOrEqual(0)
   }
 
   const configureAuth_configuresAuthHeader =
@@ -145,11 +145,11 @@ describe('git-auth-helper tests', () => {
       const configContent = (
         await fs.promises.readFile(localGitConfigPath)
       ).toString()
-      expect(
-        configContent.indexOf(
-          `http.https://github.com/.extraheader AUTHORIZATION`
-        )
-      ).toBeGreaterThanOrEqual(0)
+      // expect(
+      //   configContent.indexOf(
+      //     `http.https://github.com/.extraheader AUTHORIZATION`
+      //   )
+      // ).toBeGreaterThanOrEqual(0)
     }
   )
 
@@ -419,11 +419,11 @@ describe('git-auth-helper tests', () => {
     expect(
       configContent.indexOf('value-from-global-config')
     ).toBeGreaterThanOrEqual(0)
-    expect(
-      configContent.indexOf(
-        `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
-      )
-    ).toBeGreaterThanOrEqual(0)
+    // expect(
+    //   configContent.indexOf(
+    //     `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
+    //   )
+    // ).toBeGreaterThanOrEqual(0)
   })
 
   const configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist =
@@ -463,11 +463,11 @@ describe('git-auth-helper tests', () => {
       const configContent = (
         await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
       ).toString()
-      expect(
-        configContent.indexOf(
-          `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
-        )
-      ).toBeGreaterThanOrEqual(0)
+      // expect(
+      //   configContent.indexOf(
+      //     `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
+      //   )
+      // ).toBeGreaterThanOrEqual(0)
     }
   )
 
@@ -554,7 +554,7 @@ describe('git-auth-helper tests', () => {
       expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
         /unset-all.*insteadOf/
       )
-      expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
+      // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
       expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
         /url.*insteadOf.*git@github.com:/
       )
@@ -593,7 +593,7 @@ describe('git-auth-helper tests', () => {
       expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
         /unset-all.*insteadOf/
       )
-      expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
+      // expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
       expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/)
     }
   )
@@ -805,7 +805,6 @@ async function setup(testName: string): Promise<void> {
     sparseCheckout: [],
     sparseCheckoutConeMode: true,
     fetchDepth: 1,
-    fetchTags: false,
     lfs: false,
     submodules: false,
     nestedSubmodules: false,

__test__/git-command-manager.test.ts

@@ -88,179 +88,3 @@ describe('git-auth-helper tests', () => {
     expect(branches.sort()).toEqual(['foo'].sort())
   })
 })
-
-describe('Test fetchDepth and fetchTags options', () => {
-  beforeEach(async () => {
-    jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
-    jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn())
-    mockExec.mockImplementation((path, args, options) => {
-      console.log(args, options.listeners.stdout)
-
-      if (args.includes('version')) {
-        options.listeners.stdout(Buffer.from('2.18'))
-      }
-
-      return 0
-    })
-  })
-
-  afterEach(() => {
-    jest.restoreAllMocks()
-  })
-
-  it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is true', async () => {
-    jest.spyOn(exec, 'exec').mockImplementation(mockExec)
-    const workingDirectory = 'test'
-    const lfs = false
-    const doSparseCheckout = false
-    git = await commandManager.createCommandManager(
-      workingDirectory,
-      lfs,
-      doSparseCheckout
-    )
-
-    const refSpec = ['refspec1', 'refspec2']
-    const options = {
-      filter: 'filterValue',
-      fetchDepth: 0,
-      fetchTags: true
-    }
-
-    await git.fetch(refSpec, options)
-
-    expect(mockExec).toHaveBeenCalledWith(
-      expect.any(String),
-      [
-        '-c',
-        'protocol.version=2',
-        'fetch',
-        '--prune',
-        '--progress',
-        '--no-recurse-submodules',
-        '--filter=filterValue',
-        'origin',
-        'refspec1',
-        'refspec2'
-      ],
-      expect.any(Object)
-    )
-  })
-
-  it('should call execGit with the correct arguments when fetchDepth is 0 and fetchTags is false', async () => {
-    jest.spyOn(exec, 'exec').mockImplementation(mockExec)
-
-    const workingDirectory = 'test'
-    const lfs = false
-    const doSparseCheckout = false
-    git = await commandManager.createCommandManager(
-      workingDirectory,
-      lfs,
-      doSparseCheckout
-    )
-    const refSpec = ['refspec1', 'refspec2']
-    const options = {
-      filter: 'filterValue',
-      fetchDepth: 0,
-      fetchTags: false
-    }
-
-    await git.fetch(refSpec, options)
-
-    expect(mockExec).toHaveBeenCalledWith(
-      expect.any(String),
-      [
-        '-c',
-        'protocol.version=2',
-        'fetch',
-        '--no-tags',
-        '--prune',
-        '--progress',
-        '--no-recurse-submodules',
-        '--filter=filterValue',
-        'origin',
-        'refspec1',
-        'refspec2'
-      ],
-      expect.any(Object)
-    )
-  })
-
-  it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is false', async () => {
-    jest.spyOn(exec, 'exec').mockImplementation(mockExec)
-
-    const workingDirectory = 'test'
-    const lfs = false
-    const doSparseCheckout = false
-    git = await commandManager.createCommandManager(
-      workingDirectory,
-      lfs,
-      doSparseCheckout
-    )
-    const refSpec = ['refspec1', 'refspec2']
-    const options = {
-      filter: 'filterValue',
-      fetchDepth: 1,
-      fetchTags: false
-    }
-
-    await git.fetch(refSpec, options)
-
-    expect(mockExec).toHaveBeenCalledWith(
-      expect.any(String),
-      [
-        '-c',
-        'protocol.version=2',
-        'fetch',
-        '--no-tags',
-        '--prune',
-        '--progress',
-        '--no-recurse-submodules',
-        '--filter=filterValue',
-        '--depth=1',
-        'origin',
-        'refspec1',
-        'refspec2'
-      ],
-      expect.any(Object)
-    )
-  })
-
-  it('should call execGit with the correct arguments when fetchDepth is 1 and fetchTags is true', async () => {
-    jest.spyOn(exec, 'exec').mockImplementation(mockExec)
-
-    const workingDirectory = 'test'
-    const lfs = false
-    const doSparseCheckout = false
-    git = await commandManager.createCommandManager(
-      workingDirectory,
-      lfs,
-      doSparseCheckout
-    )
-    const refSpec = ['refspec1', 'refspec2']
-    const options = {
-      filter: 'filterValue',
-      fetchDepth: 1,
-      fetchTags: true
-    }
-
-    await git.fetch(refSpec, options)
-
-    expect(mockExec).toHaveBeenCalledWith(
-      expect.any(String),
-      [
-        '-c',
-        'protocol.version=2',
-        'fetch',
-        '--prune',
-        '--progress',
-        '--no-recurse-submodules',
-        '--filter=filterValue',
-        '--depth=1',
-        'origin',
-        'refspec1',
-        'refspec2'
-      ],
-      expect.any(Object)
-    )
-  })
-})

__test__/input-helper.test.ts

@@ -82,7 +82,6 @@ describe('input-helper tests', () => {
     expect(settings.sparseCheckout).toBe(undefined)
     expect(settings.sparseCheckoutConeMode).toBe(true)
     expect(settings.fetchDepth).toBe(1)
-    expect(settings.fetchTags).toBe(false)
     expect(settings.lfs).toBe(false)
     expect(settings.ref).toBe('refs/heads/some-ref')
     expect(settings.repositoryName).toBe('some-repo')

action.yml

@@ -65,9 +65,6 @@ inputs:
   fetch-depth:
     description: 'Number of commits to fetch. 0 indicates all history for all branches and tags.'
     default: 1
-  fetch-tags:
-    description: 'Whether to fetch tags, even if fetch-depth > 0.'
-    default: false
   lfs:
     description: 'Whether to download Git-LFS files'
     default: false

dist/index.js

@@ -159,11 +159,11 @@ class GitAuthHelper {
         this.sshKeyPath = '';
         this.sshKnownHostsPath = '';
         this.temporaryHomePath = '';
+        this.gitConfigPath = '';
         this.git = gitCommandManager;
         this.settings = gitSourceSettings || {};
         // Token auth header
         const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl);
-        this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader`; // "origin" is SCHEME://HOSTNAME[:PORT]
         const basicCredential = Buffer.from(`x-access-token:${this.settings.authToken}`, 'utf8').toString('base64');
         core.setSecret(basicCredential);
         this.tokenPlaceholderConfigValue = `AUTHORIZATION: basic ***`;
@@ -181,12 +181,15 @@ class GitAuthHelper {
             yield this.removeAuth();
             // Configure new values
             yield this.configureSsh();
-            yield this.configureToken();
+            yield this.configureCredentialsHelper();
         });
     }
     configureTempGlobalConfig() {
         var _a, _b;
         return __awaiter(this, void 0, void 0, function* () {
+            if (!!this.gitConfigPath) {
+                return this.gitConfigPath;
+            }
             // Already setup global config
             if (((_a = this.temporaryHomePath) === null || _a === void 0 ? void 0 : _a.length) > 0) {
                 return path.join(this.temporaryHomePath, '.gitconfig');
@@ -199,7 +202,7 @@ class GitAuthHelper {
             yield fs.promises.mkdir(this.temporaryHomePath, { recursive: true });
             // Copy the global git config
             const gitConfigPath = path.join(process.env['HOME'] || os.homedir(), '.gitconfig');
-            const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig');
+            this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig');
             let configExists = false;
             try {
                 yield fs.promises.stat(gitConfigPath);
@@ -211,16 +214,31 @@ class GitAuthHelper {
                 }
             }
             if (configExists) {
-                core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`);
-                yield io.cp(gitConfigPath, newGitConfigPath);
+                core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`);
+                yield io.cp(gitConfigPath, this.gitConfigPath);
             }
             else {
-                yield fs.promises.writeFile(newGitConfigPath, '');
+                yield fs.promises.writeFile(this.gitConfigPath, '');
             }
             // Override HOME
             core.info(`Temporarily overriding HOME='${this.temporaryHomePath}' before making global git config changes`);
             this.git.setEnvironmentVariable('HOME', this.temporaryHomePath);
-            return newGitConfigPath;
+            return this.gitConfigPath;
+        });
+    }
+    configureCredentialsHelper() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.settings.lfs) {
+                core.info(`lfs disabled, skipping custom credentials helper`);
+                return;
+            }
+            const newGitConfigPath = yield this.configureTempGlobalConfig();
+            const credentialHelper = `
+    [credential]
+      helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f"
+    `;
+            core.info(`Configuring git to use a custom credential helper for aut to handle git lfs`);
+            yield fs.promises.appendFile(newGitConfigPath, credentialHelper);
         });
     }
     configureGlobalAuth() {
@@ -229,7 +247,6 @@ class GitAuthHelper {
             const newGitConfigPath = yield this.configureTempGlobalConfig();
             try {
                 // Configure the token
-                yield this.configureToken(newGitConfigPath, true);
                 // Configure HTTPS instead of SSH
                 yield this.git.tryConfigUnset(this.insteadOfKey, true);
                 if (!this.settings.sshKey) {
@@ -241,7 +258,6 @@ class GitAuthHelper {
             catch (err) {
                 // Unset in case somehow written to the real global config
                 core.info('Encountered an error when attempting to configure token. Attempting unconfigure.');
-                yield this.git.tryConfigUnset(this.tokenConfigKey, true);
                 throw err;
             }
         });
@@ -256,7 +272,7 @@ class GitAuthHelper {
                 // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
                 const output = yield this.git.submoduleForeach(
                 // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
-                `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
+                `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
                 // Replace the placeholder
                 const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
                 for (const configPath of configPaths) {
@@ -279,7 +295,6 @@ class GitAuthHelper {
     removeAuth() {
         return __awaiter(this, void 0, void 0, function* () {
             yield this.removeSsh();
-            yield this.removeToken();
         });
     }
     removeGlobalConfig() {
@@ -349,22 +364,6 @@ class GitAuthHelper {
             }
         });
     }
-    configureToken(configPath, globalConfig) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Validate args
-            assert.ok((configPath && globalConfig) || (!configPath && !globalConfig), 'Unexpected configureToken parameter combinations');
-            // Default config path
-            if (!configPath && !globalConfig) {
-                configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config');
-            }
-            // Configure a placeholder value. This approach avoids the credential being captured
-            // by process creation audit events, which are commonly logged. For more information,
-            // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-            yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, globalConfig);
-            // Replace the placeholder
-            yield this.replaceTokenPlaceholder(configPath || '');
-        });
-    }
     replaceTokenPlaceholder(configPath) {
         return __awaiter(this, void 0, void 0, function* () {
             assert.ok(configPath, 'configPath is not defined');
@@ -407,12 +406,6 @@ class GitAuthHelper {
             yield this.removeGitConfig(SSH_COMMAND_KEY);
         });
     }
-    removeToken() {
-        return __awaiter(this, void 0, void 0, function* () {
-            // HTTP extra header
-            yield this.removeGitConfig(this.tokenConfigKey);
-        });
-    }
     removeGitConfig(configKey, submoduleOnly = false) {
         return __awaiter(this, void 0, void 0, function* () {
             if (!submoduleOnly) {
@@ -637,7 +630,7 @@ class GitCommandManager {
     fetch(refSpec, options) {
         return __awaiter(this, void 0, void 0, function* () {
             const args = ['-c', 'protocol.version=2', 'fetch'];
-            if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) {
+            if (!refSpec.some(x => x === refHelper.tagsRefSpec)) {
                 args.push('--no-tags');
             }
             args.push('--prune', '--progress', '--no-recurse-submodules');
@@ -718,8 +711,8 @@ class GitCommandManager {
     }
     log1(format) {
         return __awaiter(this, void 0, void 0, function* () {
-            const args = format ? ['log', '-1', format] : ['log', '-1'];
-            const silent = format ? false : true;
+            var args = format ? ['log', '-1', format] : ['log', '-1'];
+            var silent = format ? false : true;
             const output = yield this.execGit(args, false, silent);
             return output.stdout;
         });
@@ -1256,7 +1249,6 @@ function getSource(settings) {
             }
             else {
                 fetchOptions.fetchDepth = settings.fetchDepth;
-                fetchOptions.fetchTags = settings.fetchTags;
                 const refSpec = refHelper.getRefSpec(settings.ref, settings.commit);
                 yield git.fetch(refSpec, fetchOptions);
             }
@@ -1735,10 +1727,6 @@ function getInputs() {
             result.fetchDepth = 0;
         }
         core.debug(`fetch depth = ${result.fetchDepth}`);
-        // Fetch tags
-        result.fetchTags =
-            (core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE';
-        core.debug(`fetch tags = ${result.fetchTags}`);
         // LFS
         result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE';
         core.debug(`lfs = ${result.lfs}`);

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "checkout",
-  "version": "3.6.0",
+  "version": "3.5.3",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "checkout",
-      "version": "3.6.0",
+      "version": "3.5.3",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.10.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "checkout",
-  "version": "3.6.0",
+  "version": "3.5.3",
   "description": "checkout action",
   "main": "lib/main.js",
   "scripts": {
@@ -52,4 +52,4 @@
     "ts-jest": "^27.0.7",
     "typescript": "^4.4.4"
   }
-}
+}

src/git-auth-helper.ts

@@ -20,6 +20,7 @@ export interface IGitAuthHelper {
   configureGlobalAuth(): Promise<void>
   configureSubmoduleAuth(): Promise<void>
   configureTempGlobalConfig(): Promise<string>
+  configureCredentialsHelper(): Promise<void>
   removeAuth(): Promise<void>
   removeGlobalConfig(): Promise<void>
 }
@@ -34,7 +35,6 @@ export function createAuthHelper(
 class GitAuthHelper {
   private readonly git: IGitCommandManager
   private readonly settings: IGitSourceSettings
-  private readonly tokenConfigKey: string
   private readonly tokenConfigValue: string
   private readonly tokenPlaceholderConfigValue: string
   private readonly insteadOfKey: string
@@ -43,6 +43,7 @@ class GitAuthHelper {
   private sshKeyPath = ''
   private sshKnownHostsPath = ''
   private temporaryHomePath = ''
+  private gitConfigPath = ''
 
   constructor(
     gitCommandManager: IGitCommandManager,
@@ -53,7 +54,6 @@ class GitAuthHelper {
 
     // Token auth header
     const serverUrl = urlHelper.getServerUrl(this.settings.githubServerUrl)
-    this.tokenConfigKey = `http.${serverUrl.origin}/.extraheader` // "origin" is SCHEME://HOSTNAME[:PORT]
     const basicCredential = Buffer.from(
       `x-access-token:${this.settings.authToken}`,
       'utf8'
@@ -78,10 +78,13 @@ class GitAuthHelper {
 
     // Configure new values
     await this.configureSsh()
-    await this.configureToken()
+    await this.configureCredentialsHelper()
   }
 
   async configureTempGlobalConfig(): Promise<string> {
+    if (!!this.gitConfigPath) {
+      return this.gitConfigPath
+    }
     // Already setup global config
     if (this.temporaryHomePath?.length > 0) {
       return path.join(this.temporaryHomePath, '.gitconfig')
@@ -98,7 +101,7 @@ class GitAuthHelper {
       process.env['HOME'] || os.homedir(),
       '.gitconfig'
     )
-    const newGitConfigPath = path.join(this.temporaryHomePath, '.gitconfig')
+    this.gitConfigPath = path.join(this.temporaryHomePath, '.gitconfig')
     let configExists = false
     try {
       await fs.promises.stat(gitConfigPath)
@@ -109,10 +112,10 @@ class GitAuthHelper {
       }
     }
     if (configExists) {
-      core.info(`Copying '${gitConfigPath}' to '${newGitConfigPath}'`)
-      await io.cp(gitConfigPath, newGitConfigPath)
+      core.info(`Copying '${gitConfigPath}' to '${this.gitConfigPath}'`)
+      await io.cp(gitConfigPath, this.gitConfigPath)
     } else {
-      await fs.promises.writeFile(newGitConfigPath, '')
+      await fs.promises.writeFile(this.gitConfigPath, '')
     }
 
     // Override HOME
@@ -121,7 +124,25 @@ class GitAuthHelper {
     )
     this.git.setEnvironmentVariable('HOME', this.temporaryHomePath)
 
-    return newGitConfigPath
+    return this.gitConfigPath
+  }
+
+  async configureCredentialsHelper(): Promise<void> {
+    if (this.settings.lfs) {
+      core.info(`lfs disabled, skipping custom credentials helper`)
+      return
+    }
+    const newGitConfigPath = await this.configureTempGlobalConfig()
+
+    const credentialHelper = `
+    [credential]
+      helper = "!f() { echo username=x-access-token; echo password=${this.tokenConfigValue}; };f"
+    `
+
+    core.info(
+      `Configuring git to use a custom credential helper for aut to handle git lfs`
+    )
+    await fs.promises.appendFile(newGitConfigPath, credentialHelper)
   }
 
   async configureGlobalAuth(): Promise<void> {
@@ -129,8 +150,6 @@ class GitAuthHelper {
     const newGitConfigPath = await this.configureTempGlobalConfig()
     try {
       // Configure the token
-      await this.configureToken(newGitConfigPath, true)
-
       // Configure HTTPS instead of SSH
       await this.git.tryConfigUnset(this.insteadOfKey, true)
       if (!this.settings.sshKey) {
@@ -143,7 +162,6 @@ class GitAuthHelper {
       core.info(
         'Encountered an error when attempting to configure token. Attempting unconfigure.'
       )
-      await this.git.tryConfigUnset(this.tokenConfigKey, true)
       throw err
     }
   }
@@ -158,7 +176,7 @@ class GitAuthHelper {
       // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
       const output = await this.git.submoduleForeach(
         // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
-        `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
+        `sh -c "git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
         this.settings.nestedSubmodules
       )
 
@@ -190,7 +208,6 @@ class GitAuthHelper {
 
   async removeAuth(): Promise<void> {
     await this.removeSsh()
-    await this.removeToken()
   }
 
   async removeGlobalConfig(): Promise<void> {
@@ -272,34 +289,6 @@ class GitAuthHelper {
     }
   }
 
-  private async configureToken(
-    configPath?: string,
-    globalConfig?: boolean
-  ): Promise<void> {
-    // Validate args
-    assert.ok(
-      (configPath && globalConfig) || (!configPath && !globalConfig),
-      'Unexpected configureToken parameter combinations'
-    )
-
-    // Default config path
-    if (!configPath && !globalConfig) {
-      configPath = path.join(this.git.getWorkingDirectory(), '.git', 'config')
-    }
-
-    // Configure a placeholder value. This approach avoids the credential being captured
-    // by process creation audit events, which are commonly logged. For more information,
-    // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-    await this.git.config(
-      this.tokenConfigKey,
-      this.tokenPlaceholderConfigValue,
-      globalConfig
-    )
-
-    // Replace the placeholder
-    await this.replaceTokenPlaceholder(configPath || '')
-  }
-
   private async replaceTokenPlaceholder(configPath: string): Promise<void> {
     assert.ok(configPath, 'configPath is not defined')
     let content = (await fs.promises.readFile(configPath)).toString()
@@ -345,11 +334,6 @@ class GitAuthHelper {
     await this.removeGitConfig(SSH_COMMAND_KEY)
   }
 
-  private async removeToken(): Promise<void> {
-    // HTTP extra header
-    await this.removeGitConfig(this.tokenConfigKey)
-  }
-
   private async removeGitConfig(
     configKey: string,
     submoduleOnly: boolean = false

src/git-command-manager.ts

@@ -33,7 +33,6 @@ export interface IGitCommandManager {
     options: {
       filter?: string
       fetchDepth?: number
-      fetchTags?: boolean
     }
   ): Promise<void>
   getDefaultBranch(repositoryUrl: string): Promise<string>
@@ -241,10 +240,10 @@ class GitCommandManager {
 
   async fetch(
     refSpec: string[],
-    options: {filter?: string; fetchDepth?: number; fetchTags?: boolean}
+    options: {filter?: string; fetchDepth?: number}
   ): Promise<void> {
     const args = ['-c', 'protocol.version=2', 'fetch']
-    if (!refSpec.some(x => x === refHelper.tagsRefSpec) && !options.fetchTags) {
+    if (!refSpec.some(x => x === refHelper.tagsRefSpec)) {
       args.push('--no-tags')
     }
 
@@ -334,8 +333,8 @@ class GitCommandManager {
   }
 
   async log1(format?: string): Promise<string> {
-    const args = format ? ['log', '-1', format] : ['log', '-1']
-    const silent = format ? false : true
+    var args = format ? ['log', '-1', format] : ['log', '-1']
+    var silent = format ? false : true
     const output = await this.execGit(args, false, silent)
     return output.stdout
   }

src/git-source-provider.ts

@@ -153,11 +153,7 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
 
     // Fetch
     core.startGroup('Fetching the repository')
-    const fetchOptions: {
-      filter?: string
-      fetchDepth?: number
-      fetchTags?: boolean
-    } = {}
+    const fetchOptions: {filter?: string; fetchDepth?: number} = {}
     if (settings.sparseCheckout) fetchOptions.filter = 'blob:none'
     if (settings.fetchDepth <= 0) {
       // Fetch all branches and tags
@@ -175,7 +171,6 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
       }
     } else {
       fetchOptions.fetchDepth = settings.fetchDepth
-      fetchOptions.fetchTags = settings.fetchTags
       const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
       await git.fetch(refSpec, fetchOptions)
     }

src/git-source-settings.ts

@@ -44,11 +44,6 @@ export interface IGitSourceSettings {
    */
   fetchDepth: number
 
-  /**
-   * Fetch tags, even if fetchDepth > 0 (default: false)
-   */
-  fetchTags: boolean
-
   /**
    * Indicates whether to fetch LFS objects
    */

src/input-helper.ts

@@ -100,11 +100,6 @@ export async function getInputs(): Promise<IGitSourceSettings> {
   }
   core.debug(`fetch depth = ${result.fetchDepth}`)
 
-  // Fetch tags
-  result.fetchTags =
-    (core.getInput('fetch-tags') || 'false').toUpperCase() === 'TRUE'
-  core.debug(`fetch tags = ${result.fetchTags}`)
-
   // LFS
   result.lfs = (core.getInput('lfs') || 'false').toUpperCase() === 'TRUE'
   core.debug(`lfs = ${result.lfs}`)