45 lines
1.5 KiB
YAML
45 lines
1.5 KiB
YAML
name: Schmalz Checkout
|
|
description: >
|
|
Composite wrapper around actions/checkout pinned to a specific commit SHA
|
|
to prevent supply chain attacks via tag or branch hijacking.
|
|
|
|
inputs:
|
|
ref:
|
|
description: The branch, tag, or SHA to checkout. Defaults to the ref that triggered the workflow.
|
|
required: false
|
|
default: ''
|
|
repository:
|
|
description: Repository name with owner (e.g. actions/checkout). Defaults to the current repository.
|
|
required: false
|
|
default: ${{ github.repository }}
|
|
token:
|
|
description: Personal access token used to fetch the repository.
|
|
required: false
|
|
default: ${{ github.token }}
|
|
path:
|
|
description: Relative path under $GITHUB_WORKSPACE to place the repository.
|
|
required: false
|
|
default: ''
|
|
fetch-depth:
|
|
description: Number of commits to fetch. 0 fetches all history.
|
|
required: false
|
|
default: '1'
|
|
submodules:
|
|
description: Whether to checkout submodules. true, false, or recursive.
|
|
required: false
|
|
default: 'false'
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
# Pinned to commit SHA instead of a tag to prevent supply chain attacks.
|
|
# actions/checkout v4.3.1 — https://code.forgejo.org/actions/checkout/commits/tag/v4.3.1
|
|
- name: Checkout repository
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
repository: ${{ inputs.repository }}
|
|
token: ${{ inputs.token }}
|
|
path: ${{ inputs.path }}
|
|
fetch-depth: ${{ inputs.fetch-depth }}
|
|
submodules: ${{ inputs.submodules }}
|