Michael Seele
fc82729de8
All checks were successful
validate-shared-actions / validate-shared-actions (pull_request) Successful in 1m7s
24 lines
No EOL
993 B
Markdown
24 lines
No EOL
993 B
Markdown
# checkout
|
|
|
|
Composite wrapper around actions/checkout pinned to a specific commit SHA to prevent supply chain attacks via tag or branch hijacking.
|
|
|
|
## Inputs
|
|
|
|
| Input | Required | Default | Description |
|
|
|-------|----------|---------|-------------|
|
|
| `ref` | No | `''` | Branch, tag, or SHA to checkout |
|
|
| `repository` | No | `${{ github.repository }}` | Repository name with owner |
|
|
| `token` | No | `${{ github.token }}` | Personal access token to fetch the repository |
|
|
| `path` | No | `''` | Relative path under `$GITHUB_WORKSPACE` to place the repository |
|
|
| `fetch-depth` | No | `1` | Number of commits to fetch. `0` fetches all history |
|
|
| `submodules` | No | `false` | Whether to checkout submodules (`true`, `false`, or `recursive`) |
|
|
|
|
## Usage
|
|
|
|
```yaml
|
|
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/checkout@checkout-v1
|
|
```
|
|
|
|
## Notes
|
|
|
|
- Pinned to `actions/checkout` commit SHA `de0fac2e` (v6.0.2) to prevent supply chain attacks via tag or branch hijacking. |