Bump the minor-actions-dependencies group across 1 directory with 2 updates

Bumps the minor-actions-dependencies group with 2 updates in the / directory: [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `actions/publish-immutable-action` from 0.0.3 to 0.0.4 - [Release notes](https://github.com/actions/publish-immutable-action/releases) - [Commits](https://github.com/actions/publish-immutable-action/compare/0.0.3...v0.0.4) Updates `docker/build-push-action` from 6.5.0 to 6.10.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.5.0...v6.10.0) --- updated-dependencies: - dependency-name: actions/publish-immutable-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-actions-dependencies - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-actions-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
Update README.md (#1977 )
2024-12-02 16:59:45 +00:00 · 2024-11-14 10:41:00 -05:00 · 2024-11-08 10:32:54 -05:00 · 2024-10-23 16:24:28 +02:00 · 2024-10-23 15:59:08 +02:00 · 2024-10-18 10:07:17 +02:00
101 changed files with 53531 additions and 65 deletions
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1,3 @@
 dist/
 lib/
 node_modules/
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -0,0 +1,53 @@
 {
  "plugins": ["jest", "@typescript-eslint"],
  "extends": ["plugin:github/recommended"],
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
    "ecmaVersion": 9,
    "sourceType": "module",
    "project": "./tsconfig.json"
  },
  "rules": {
    "eslint-comments/no-use": "off",
    "import/no-namespace": "off",
    "no-unused-vars": "off",
    "@typescript-eslint/no-unused-vars": "error",
    "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
    "@typescript-eslint/no-require-imports": "error",
    "@typescript-eslint/array-type": "error",
    "@typescript-eslint/await-thenable": "error",
    "camelcase": "off",
    "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
    "@typescript-eslint/func-call-spacing": ["error", "never"],
    "@typescript-eslint/no-array-constructor": "error",
    "@typescript-eslint/no-empty-interface": "error",
    "@typescript-eslint/no-explicit-any": "error",
    "@typescript-eslint/no-extraneous-class": "error",
    "@typescript-eslint/no-floating-promises": "error",
    "@typescript-eslint/no-for-in-array": "error",
    "@typescript-eslint/no-inferrable-types": "error",
    "@typescript-eslint/no-misused-new": "error",
    "@typescript-eslint/no-namespace": "error",
    "@typescript-eslint/no-non-null-assertion": "warn",
    "@typescript-eslint/no-unnecessary-qualifier": "error",
    "@typescript-eslint/no-unnecessary-type-assertion": "error",
    "@typescript-eslint/no-useless-constructor": "error",
    "@typescript-eslint/no-var-requires": "error",
    "@typescript-eslint/prefer-for-of": "warn",
    "@typescript-eslint/prefer-function-type": "warn",
    "@typescript-eslint/prefer-includes": "error",
    "@typescript-eslint/prefer-string-starts-ends-with": "error",
    "@typescript-eslint/promise-function-async": "error",
    "@typescript-eslint/require-array-sort-compare": "error",
    "@typescript-eslint/restrict-plus-operands": "error",
    "semi": "off",
    "@typescript-eslint/semi": ["error", "never"],
    "@typescript-eslint/type-annotation-spacing": "error",
    "@typescript-eslint/unbound-method": "error"
  },
  "env": {
    "node": true,
    "es6": true,
    "jest/globals": true
  }
 }
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 .licenses/** -diff linguist-generated=true
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
 ---
 version: 2
 updates:
 - package-ecosystem: "npm"
  directory: "/"
  schedule:
    interval: "weekly"
  groups:
    minor-npm-dependencies:
      # NPM: Only group minor and patch updates (we want to carefully review major updates)
      update-types: [minor, patch]
 - package-ecosystem: "github-actions"
  directory: "/"
  schedule:
    interval: "weekly"
  groups:
    minor-actions-dependencies:
      # GitHub Actions: Only group minor and patch updates (we want to carefully review major updates)
      update-types: [minor, patch]
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -0,0 +1,51 @@
 # `dist/index.js` is a special file in Actions.
 # When you reference an action with `uses:` in a workflow,
 # `index.js` is the code that will run.
 # For our project, we generate this file through a build process
 # from other source files.
 # We need to make sure the checked-in `index.js` actually matches what we expect it to be.
 name: Check dist
 on:
  push:
    branches:
      - main
    paths-ignore:
      - '**.md'
  pull_request:
    paths-ignore:
      - '**.md'
  workflow_dispatch:
 jobs:
  check-dist:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.1.6
      - name: Set Node.js 20.x
        uses: actions/setup-node@v4
        with:
          node-version: 20.x
      - name: Install dependencies
        run: npm ci
      - name: Rebuild the index.js file
        run: npm run build
      - name: Compare the expected and actual dist/ directories
        run: |
          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
            echo "Detected uncommitted changes after build.  See status below:"
            git diff
            exit 1
          fi
      # If dist/ was different than expected, upload the expected version as an artifact
      - uses: actions/upload-artifact@v4
        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
        with:
          name: dist
          path: dist/
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,58 @@
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
 # ******** NOTE ********
 # We have attempted to detect the languages in your repository. Please check
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
 name: "CodeQL"
 on:
  push:
    branches: [ main ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ main ]
  schedule:
    - cron: '28 9 * * 0'
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [ 'javascript' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
        # Learn more:
        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4.1.6
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
        # queries: ./path/to/local/query, your-org/your-repo/queries@main
    - run: npm ci
    - run: npm run build
    - run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@@ -0,0 +1,14 @@
 name: Licensed
 on:
  push: {branches: main}
  pull_request: {branches: main}
 jobs:
  test:
    runs-on: ubuntu-latest
    name: Check licenses
    steps:
      - uses: actions/checkout@v4.1.6
      - run: npm ci
      - run: npm run licensed-check
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@@ -0,0 +1,20 @@
 name: 'Publish Immutable Action Version'
 on:
  release:
    types: [published]
 jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    steps:
      - name: Checking out
        uses: actions/checkout@v4
      - name: Publish
        id: publish
        uses: actions/publish-immutable-action@v0.0.4
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,19 +1,331 @@
-name: "test-local"
+name: Build and Test
 on:
  pull_request:
  push:
    branches:
-      - master
+      - main
-      - 'releases/*'
+      - releases/*
 # Note that when you see patterns like "ref: test-data/v2/basic" within this workflow,
 # these refer to "test-data" branches on this actions/checkout repo.
 # (For example, test-data/v2/basic -> https://github.com/actions/checkout/tree/test-data/v2/basic)
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/setup-node@v4
        with:
          node-version: 20.x
      - uses: actions/checkout@v4.1.6
      - run: npm ci
      - run: npm run build
      - run: npm run format-check
      - run: npm run lint
      - run: npm test
      - name: Verify no unstaged changes
        run: __test__/verify-no-unstaged-changes.sh
  test:
    strategy:
      matrix:
-        os: [windows-latest, ubuntu-latest, macOS-latest]
+        runs-on: [ubuntu-latest, macos-latest, windows-latest]
-    runs-on: ${{ matrix.os }}
+    runs-on: ${{ matrix.runs-on }}
    steps:
-    - uses: actions/checkout@master
+      # Clone this repo
-    - uses: ./
+      - name: Checkout
-      with:
+        uses: actions/checkout@v4.1.6
-        ref: master
+
      # Basic checkout
      - name: Checkout basic
        uses: ./
        with:
          ref: test-data/v2/basic
          path: basic
      - name: Verify basic
        shell: bash
        run: __test__/verify-basic.sh
      # Clean
      - name: Modify work tree
        shell: bash
        run: __test__/modify-work-tree.sh
      - name: Checkout clean
        uses: ./
        with:
          ref: test-data/v2/basic
          path: basic
      - name: Verify clean
        shell: bash
        run: __test__/verify-clean.sh
      # Side by side
      - name: Checkout side by side 1
        uses: ./
        with:
          ref: test-data/v2/side-by-side-1
          path: side-by-side-1
      - name: Checkout side by side 2
        uses: ./
        with:
          ref: test-data/v2/side-by-side-2
          path: side-by-side-2
      - name: Verify side by side
        shell: bash
        run: __test__/verify-side-by-side.sh
      # Filter
      - name: Fetch filter
        uses: ./
        with:
          filter: 'blob:none'
          path: fetch-filter
      - name: Verify fetch filter
        run: __test__/verify-fetch-filter.sh
      # Sparse checkout
      - name: Sparse checkout
        uses: ./
        with:
          sparse-checkout: |
            __test__
            .github
            dist
          path: sparse-checkout
      - name: Verify sparse checkout
        run: __test__/verify-sparse-checkout.sh
      # Disabled sparse checkout in existing checkout
      - name: Disabled sparse checkout
        uses: ./
        with:
          path: sparse-checkout
      - name: Verify disabled sparse checkout
        shell: bash
        run: set -x && ls -l sparse-checkout/src/git-command-manager.ts
      # Sparse checkout (non-cone mode)
      - name: Sparse checkout (non-cone mode)
        uses: ./
        with:
          sparse-checkout: |
            /__test__/
            /.github/
            /dist/
          sparse-checkout-cone-mode: false
          path: sparse-checkout-non-cone-mode
      - name: Verify sparse checkout (non-cone mode)
        run: __test__/verify-sparse-checkout-non-cone-mode.sh
      # LFS
      - name: Checkout LFS
        uses: ./
        with:
          repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
          ref: test-data/v2/lfs
          path: lfs
          lfs: true
      - name: Verify LFS
        shell: bash
        run: __test__/verify-lfs.sh
      # Submodules false
      - name: Checkout submodules false
        uses: ./
        with:
          ref: test-data/v2/submodule-ssh-url
          path: submodules-false
      - name: Verify submodules false
        run: __test__/verify-submodules-false.sh
      # Submodules one level
      - name: Checkout submodules true
        uses: ./
        with:
          ref: test-data/v2/submodule-ssh-url
          path: submodules-true
          submodules: true
      - name: Verify submodules true
        run: __test__/verify-submodules-true.sh
      # Submodules recursive
      - name: Checkout submodules recursive
        uses: ./
        with:
          ref: test-data/v2/submodule-ssh-url
          path: submodules-recursive
          submodules: recursive
      - name: Verify submodules recursive
        run: __test__/verify-submodules-recursive.sh
      # Basic checkout using REST API
      - name: Remove basic
        if: runner.os != 'windows'
        run: rm -rf basic
      - name: Remove basic (Windows)
        if: runner.os == 'windows'
        shell: cmd
        run: rmdir /s /q basic
      - name: Override git version
        if: runner.os != 'windows'
        run: __test__/override-git-version.sh
      - name: Override git version (Windows)
        if: runner.os == 'windows'
        run: __test__\\override-git-version.cmd
      - name: Checkout basic using REST API
        uses: ./
        with:
          ref: test-data/v2/basic
          path: basic
      - name: Verify basic
        run: __test__/verify-basic.sh --archive
  test-proxy:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/actions/test-ubuntu-git:main.20240221.114913.703z
      options: --dns 127.0.0.1
    services:
      squid-proxy:
        image: ubuntu/squid:latest
        ports:
          - 3128:3128
    env:
      https_proxy: http://squid-proxy:3128
    steps:
      # Clone this repo
      - name: Checkout
        uses: actions/checkout@v4.1.6
      # Basic checkout using git
      - name: Checkout basic
        uses: ./
        with:
          ref: test-data/v2/basic
          path: basic
      - name: Verify basic
        run: __test__/verify-basic.sh
      # Basic checkout using REST API
      - name: Remove basic
        run: rm -rf basic
      - name: Override git version
        run: __test__/override-git-version.sh
      - name: Basic checkout using REST API
        uses: ./
        with:
          ref: test-data/v2/basic
          path: basic
      - name: Verify basic
        run: __test__/verify-basic.sh --archive
  test-bypass-proxy:
    runs-on: ubuntu-latest
    env:
      https_proxy: http://no-such-proxy:3128
      no_proxy: api.github.com,github.com
    steps:
      # Clone this repo
      - name: Checkout
        uses: actions/checkout@v4.1.6
      # Basic checkout using git
      - name: Checkout basic
        uses: ./
        with:
          ref: test-data/v2/basic
          path: basic
      - name: Verify basic
        run: __test__/verify-basic.sh
      - name: Remove basic
        run: rm -rf basic
      # Basic checkout using REST API
      - name: Override git version
        run: __test__/override-git-version.sh
      - name: Checkout basic using REST API
        uses: ./
        with:
          ref: test-data/v2/basic
          path: basic
      - name: Verify basic
        run: __test__/verify-basic.sh --archive
  test-git-container:
    runs-on: ubuntu-latest
    container: bitnami/git:latest
    steps:
      # Clone this repo
      - name: Checkout
        uses: actions/checkout@v4.1.6
        with:
          path: localClone
      # Basic checkout using git
      - name: Checkout basic
        uses: ./localClone
        with:
          ref: test-data/v2/basic
      - name: Verify basic
        run: |
          if [ ! -f "./basic-file.txt" ]; then
              echo "Expected basic file does not exist"
              exit 1
          fi
          # Verify .git folder
          if [ ! -d "./.git" ]; then
            echo "Expected ./.git folder to exist"
            exit 1
          fi
          # Verify auth token
          git config --global --add safe.directory "*"
          git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
      # needed to make checkout post cleanup succeed
      - name: Fix Checkout v4
        uses: actions/checkout@v4.1.6
        with:
          path: localClone
  test-output:
    runs-on: ubuntu-latest
    steps:
      # Clone this repo
      - name: Checkout
        uses: actions/checkout@v4.1.6
      # Basic checkout using git
      - name: Checkout basic
        id: checkout
        uses: ./
        with:
          ref: test-data/v2/basic
      # Verify output
      - name: Verify output
        run: |
          echo "Commit: ${{ steps.checkout.outputs.commit }}"
          echo "Ref: ${{ steps.checkout.outputs.ref }}"
          if [ "${{ steps.checkout.outputs.ref }}" != "test-data/v2/basic" ]; then
            echo "Expected ref to be test-data/v2/basic"
            exit 1
          fi
          if [ "${{ steps.checkout.outputs.commit }}" != "82f71901cf8c021332310dcc8cdba84c4193ff5d" ]; then
            echo "Expected commit to be 82f71901cf8c021332310dcc8cdba84c4193ff5d"
            exit 1
          fi
      # needed to make checkout post cleanup succeed
      - name: Fix Checkout
        uses: actions/checkout@v4.1.6
--- a/.github/workflows/update-main-version.yml
+++ b/.github/workflows/update-main-version.yml
@@ -0,0 +1,35 @@
 name: Update Main Version
 run-name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
 on:
  workflow_dispatch:
    inputs:
      target:
        description: The tag or reference to use
        required: true
      major_version:
        type: choice
        description: The major version to update
        options:
          - v4
          - v3
          - v2
 jobs:
  tag:
    runs-on: ubuntu-latest
    steps:
    # Note this update workflow can also be used as a rollback tool.
    # For that reason, it's best to pin `actions/checkout` to a known, stable version
    # (typically, about two releases back).
    - uses: actions/checkout@v4.1.6
      with:
        fetch-depth: 0
    - name: Git config
      run: |
        git config user.name "github-actions[bot]"
        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
    - name: Tag new target
      run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
    - name: Push new tag
      run: git push origin ${{ github.event.inputs.major_version }} --force
--- a/.github/workflows/update-test-ubuntu-git.yml
+++ b/.github/workflows/update-test-ubuntu-git.yml
@@ -0,0 +1,59 @@
 name: Publish test-ubuntu-git Container
 on:
  # Use an on demand workflow trigger.  
  # (Forked copies of actions/checkout won't have permission to update GHCR.io/actions, 
  #  so avoid trigger events that run automatically.)
  workflow_dispatch:
    inputs:
      publish:
        description:  'Publish to ghcr.io? (main branch only)'
        type: boolean
        required: true
        default: false
 env:
  REGISTRY: ghcr.io
  IMAGE_NAME: actions/test-ubuntu-git
 jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      # Use `docker/login-action` to log in to GHCR.io. 
      # Once published, the packages are scoped to the account defined here.
      - name: Log in to the ghcr.io container registry
        uses: docker/login-action@v3.3.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Format Timestamp
        id: timestamp
        # Use `date` with a custom format to achieve the key=value format GITHUB_OUTPUT expects.
        run: date -u "+now=%Y%m%d.%H%M%S.%3NZ" >> "$GITHUB_OUTPUT"
      - name: Issue Image Publish Warning
        if:  ${{ inputs.publish && github.ref_name != 'main' }}
        run: echo "::warning::test-ubuntu-git images can only be published from the actions/checkout 'main' branch.  Workflow will continue with push/publish disabled."
      # Use `docker/build-push-action` to build (and optionally publish) the image. 
      - name: Build Docker Image (with optional Push)
        uses: docker/build-push-action@v6.10.0
        with:
          context: .
          file: images/test-ubuntu-git.Dockerfile
          # For now, attempts to push to ghcr.io must target the `main` branch.
          # In the future, consider also allowing attempts from `releases/*` branches.
          push: ${{ inputs.publish && github.ref_name == 'main' }}
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}.${{ steps.timestamp.outputs.now }}
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,5 @@
 __test__/_temp
 _temp/
 lib/
 node_modules/
 .vscode/
--- a/.licensed.yml
+++ b/.licensed.yml
@@ -0,0 +1,14 @@
 sources:
  npm: true
 allowed:
  - apache-2.0
  - bsd-2-clause
  - bsd-3-clause
  - isc
  - mit
  - cc0-1.0
  - unlicense
 reviewed:
  npm:
--- a/.licenses/npm/@actions/core.dep.yml
+++ b/.licenses/npm/@actions/core.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@actions/core"
 version: 1.10.1
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |-
    The MIT License (MIT)
    Copyright 2019 GitHub
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/@actions/exec.dep.yml
+++ b/.licenses/npm/@actions/exec.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@actions/exec"
 version: 1.1.1
 type: npm
 summary: Actions exec lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/exec
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |-
    The MIT License (MIT)
    Copyright 2019 GitHub
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/@actions/github.dep.yml
+++ b/.licenses/npm/@actions/github.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@actions/github"
 version: 6.0.0
 type: npm
 summary: Actions github lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/github
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |-
    The MIT License (MIT)
    Copyright 2019 GitHub
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/@actions/http-client.dep.yml
+++ b/.licenses/npm/@actions/http-client.dep.yml
@@ -0,0 +1,32 @@
 ---
 name: "@actions/http-client"
 version: 2.2.1
 type: npm
 summary: Actions Http Client
 homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    Actions Http Client for Node.js
    Copyright (c) GitHub, Inc.
    All rights reserved.
    MIT License
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
    associated documentation files (the "Software"), to deal in the Software without restriction,
    including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
    and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
    subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
    LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
    NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
    WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
    SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/@actions/io.dep.yml
+++ b/.licenses/npm/@actions/io.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@actions/io"
 version: 1.1.3
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/io
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |-
    The MIT License (MIT)
    Copyright 2019 GitHub
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/@actions/tool-cache.dep.yml
+++ b/.licenses/npm/@actions/tool-cache.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@actions/tool-cache"
 version: 2.0.1
 type: npm
 summary: Actions tool-cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/tool-cache
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |-
    The MIT License (MIT)
    Copyright 2019 GitHub
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/@fastify/busboy.dep.yml
+++ b/.licenses/npm/@fastify/busboy.dep.yml
@@ -0,0 +1,30 @@
 ---
 name: "@fastify/busboy"
 version: 2.1.1
 type: npm
 summary: A streaming parser for HTML form data for node.js
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |-
    Copyright Brian White. All rights reserved.
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to
    deal in the Software without restriction, including without limitation the
    rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
    sell copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
    IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/@octokit/auth-token.dep.yml
+++ b/.licenses/npm/@octokit/auth-token.dep.yml
@@ -0,0 +1,34 @@
 ---
 name: "@octokit/auth-token"
 version: 4.0.0
 type: npm
 summary: GitHub API token authentication for browsers and Node.js
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    The MIT License
    Copyright (c) 2019 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/core.dep.yml
+++ b/.licenses/npm/@octokit/core.dep.yml
@@ -0,0 +1,34 @@
 ---
 name: "@octokit/core"
 version: 5.2.0
 type: npm
 summary: Extendable client for GitHub's REST & GraphQL APIs
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    The MIT License
    Copyright (c) 2019 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/endpoint.dep.yml
+++ b/.licenses/npm/@octokit/endpoint.dep.yml
@@ -0,0 +1,34 @@
 ---
 name: "@octokit/endpoint"
 version: 9.0.5
 type: npm
 summary: Turns REST API endpoints into generic request options
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    The MIT License
    Copyright (c) 2018 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/graphql.dep.yml
+++ b/.licenses/npm/@octokit/graphql.dep.yml
@@ -0,0 +1,34 @@
 ---
 name: "@octokit/graphql"
 version: 7.1.0
 type: npm
 summary: GitHub GraphQL API client for browsers and Node
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    The MIT License
    Copyright (c) 2018 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/openapi-types-20.0.0.dep.yml
+++ b/.licenses/npm/@octokit/openapi-types-20.0.0.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@octokit/openapi-types"
 version: 20.0.0
 type: npm
 summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |-
    Copyright 2020 Gregor Martynus
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/openapi-types-22.1.0.dep.yml
+++ b/.licenses/npm/@octokit/openapi-types-22.1.0.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@octokit/openapi-types"
 version: 22.1.0
 type: npm
 summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |-
    Copyright 2020 Gregor Martynus
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/plugin-paginate-rest.dep.yml
+++ b/.licenses/npm/@octokit/plugin-paginate-rest.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@octokit/plugin-paginate-rest"
 version: 9.2.1
 type: npm
 summary: Octokit plugin to paginate REST API endpoint responses
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    MIT License Copyright (c) 2019 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/plugin-rest-endpoint-methods.dep.yml
+++ b/.licenses/npm/@octokit/plugin-rest-endpoint-methods.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@octokit/plugin-rest-endpoint-methods"
 version: 10.4.1
 type: npm
 summary: Octokit plugin adding one method for all of api.github.com REST API endpoints
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    MIT License Copyright (c) 2019 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/request-error.dep.yml
+++ b/.licenses/npm/@octokit/request-error.dep.yml
@@ -0,0 +1,34 @@
 ---
 name: "@octokit/request-error"
 version: 5.1.0
 type: npm
 summary: Error class for Octokit request errors
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    The MIT License
    Copyright (c) 2019 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/request.dep.yml
+++ b/.licenses/npm/@octokit/request.dep.yml
@@ -0,0 +1,35 @@
 ---
 name: "@octokit/request"
 version: 8.4.0
 type: npm
 summary: Send parameterized requests to GitHub's APIs with sensible defaults in browsers
  and Node
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    The MIT License
    Copyright (c) 2018 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/types-12.6.0.dep.yml
+++ b/.licenses/npm/@octokit/types-12.6.0.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@octokit/types"
 version: 12.6.0
 type: npm
 summary: Shared TypeScript definitions for Octokit projects
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    MIT License Copyright (c) 2019 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/@octokit/types-13.4.1.dep.yml
+++ b/.licenses/npm/@octokit/types-13.4.1.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: "@octokit/types"
 version: 13.4.1
 type: npm
 summary: Shared TypeScript definitions for Octokit projects
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    MIT License Copyright (c) 2019 Octokit contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 - sources: README.md
  text: "[MIT](LICENSE)"
 notices: []
--- a/.licenses/npm/before-after-hook.dep.yml
+++ b/.licenses/npm/before-after-hook.dep.yml
@@ -0,0 +1,214 @@
 ---
 name: before-after-hook
 version: 2.2.3
 type: npm
 summary: asynchronous before/error/after hooks for internal functionality
 homepage: 
 license: apache-2.0
 licenses:
 - sources: LICENSE
  text: |2
                                     Apache License
                               Version 2.0, January 2004
                            http://www.apache.org/licenses/
       TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
       1. Definitions.
          "License" shall mean the terms and conditions for use, reproduction,
          and distribution as defined by Sections 1 through 9 of this document.
          "Licensor" shall mean the copyright owner or entity authorized by
          the copyright owner that is granting the License.
          "Legal Entity" shall mean the union of the acting entity and all
          other entities that control, are controlled by, or are under common
          control with that entity. For the purposes of this definition,
          "control" means (i) the power, direct or indirect, to cause the
          direction or management of such entity, whether by contract or
          otherwise, or (ii) ownership of fifty percent (50%) or more of the
          outstanding shares, or (iii) beneficial ownership of such entity.
          "You" (or "Your") shall mean an individual or Legal Entity
          exercising permissions granted by this License.
          "Source" form shall mean the preferred form for making modifications,
          including but not limited to software source code, documentation
          source, and configuration files.
          "Object" form shall mean any form resulting from mechanical
          transformation or translation of a Source form, including but
          not limited to compiled object code, generated documentation,
          and conversions to other media types.
          "Work" shall mean the work of authorship, whether in Source or
          Object form, made available under the License, as indicated by a
          copyright notice that is included in or attached to the work
          (an example is provided in the Appendix below).
          "Derivative Works" shall mean any work, whether in Source or Object
          form, that is based on (or derived from) the Work and for which the
          editorial revisions, annotations, elaborations, or other modifications
          represent, as a whole, an original work of authorship. For the purposes
          of this License, Derivative Works shall not include works that remain
          separable from, or merely link (or bind by name) to the interfaces of,
          the Work and Derivative Works thereof.
          "Contribution" shall mean any work of authorship, including
          the original version of the Work and any modifications or additions
          to that Work or Derivative Works thereof, that is intentionally
          submitted to Licensor for inclusion in the Work by the copyright owner
          or by an individual or Legal Entity authorized to submit on behalf of
          the copyright owner. For the purposes of this definition, "submitted"
          means any form of electronic, verbal, or written communication sent
          to the Licensor or its representatives, including but not limited to
          communication on electronic mailing lists, source code control systems,
          and issue tracking systems that are managed by, or on behalf of, the
          Licensor for the purpose of discussing and improving the Work, but
          excluding communication that is conspicuously marked or otherwise
          designated in writing by the copyright owner as "Not a Contribution."
          "Contributor" shall mean Licensor and any individual or Legal Entity
          on behalf of whom a Contribution has been received by Licensor and
          subsequently incorporated within the Work.
       2. Grant of Copyright License. Subject to the terms and conditions of
          this License, each Contributor hereby grants to You a perpetual,
          worldwide, non-exclusive, no-charge, royalty-free, irrevocable
          copyright license to reproduce, prepare Derivative Works of,
          publicly display, publicly perform, sublicense, and distribute the
          Work and such Derivative Works in Source or Object form.
       3. Grant of Patent License. Subject to the terms and conditions of
          this License, each Contributor hereby grants to You a perpetual,
          worldwide, non-exclusive, no-charge, royalty-free, irrevocable
          (except as stated in this section) patent license to make, have made,
          use, offer to sell, sell, import, and otherwise transfer the Work,
          where such license applies only to those patent claims licensable
          by such Contributor that are necessarily infringed by their
          Contribution(s) alone or by combination of their Contribution(s)
          with the Work to which such Contribution(s) was submitted. If You
          institute patent litigation against any entity (including a
          cross-claim or counterclaim in a lawsuit) alleging that the Work
          or a Contribution incorporated within the Work constitutes direct
          or contributory patent infringement, then any patent licenses
          granted to You under this License for that Work shall terminate
          as of the date such litigation is filed.
       4. Redistribution. You may reproduce and distribute copies of the
          Work or Derivative Works thereof in any medium, with or without
          modifications, and in Source or Object form, provided that You
          meet the following conditions:
          (a) You must give any other recipients of the Work or
              Derivative Works a copy of this License; and
          (b) You must cause any modified files to carry prominent notices
              stating that You changed the files; and
          (c) You must retain, in the Source form of any Derivative Works
              that You distribute, all copyright, patent, trademark, and
              attribution notices from the Source form of the Work,
              excluding those notices that do not pertain to any part of
              the Derivative Works; and
          (d) If the Work includes a "NOTICE" text file as part of its
              distribution, then any Derivative Works that You distribute must
              include a readable copy of the attribution notices contained
              within such NOTICE file, excluding those notices that do not
              pertain to any part of the Derivative Works, in at least one
              of the following places: within a NOTICE text file distributed
              as part of the Derivative Works; within the Source form or
              documentation, if provided along with the Derivative Works; or,
              within a display generated by the Derivative Works, if and
              wherever such third-party notices normally appear. The contents
              of the NOTICE file are for informational purposes only and
              do not modify the License. You may add Your own attribution
              notices within Derivative Works that You distribute, alongside
              or as an addendum to the NOTICE text from the Work, provided
              that such additional attribution notices cannot be construed
              as modifying the License.
          You may add Your own copyright statement to Your modifications and
          may provide additional or different license terms and conditions
          for use, reproduction, or distribution of Your modifications, or
          for any such Derivative Works as a whole, provided Your use,
          reproduction, and distribution of the Work otherwise complies with
          the conditions stated in this License.
       5. Submission of Contributions. Unless You explicitly state otherwise,
          any Contribution intentionally submitted for inclusion in the Work
          by You to the Licensor shall be under the terms and conditions of
          this License, without any additional terms or conditions.
          Notwithstanding the above, nothing herein shall supersede or modify
          the terms of any separate license agreement you may have executed
          with Licensor regarding such Contributions.
       6. Trademarks. This License does not grant permission to use the trade
          names, trademarks, service marks, or product names of the Licensor,
          except as required for reasonable and customary use in describing the
          origin of the Work and reproducing the content of the NOTICE file.
       7. Disclaimer of Warranty. Unless required by applicable law or
          agreed to in writing, Licensor provides the Work (and each
          Contributor provides its Contributions) on an "AS IS" BASIS,
          WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
          implied, including, without limitation, any warranties or conditions
          of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
          PARTICULAR PURPOSE. You are solely responsible for determining the
          appropriateness of using or redistributing the Work and assume any
          risks associated with Your exercise of permissions under this License.
       8. Limitation of Liability. In no event and under no legal theory,
          whether in tort (including negligence), contract, or otherwise,
          unless required by applicable law (such as deliberate and grossly
          negligent acts) or agreed to in writing, shall any Contributor be
          liable to You for damages, including any direct, indirect, special,
          incidental, or consequential damages of any character arising as a
          result of this License or out of the use or inability to use the
          Work (including but not limited to damages for loss of goodwill,
          work stoppage, computer failure or malfunction, or any and all
          other commercial damages or losses), even if such Contributor
          has been advised of the possibility of such damages.
       9. Accepting Warranty or Additional Liability. While redistributing
          the Work or Derivative Works thereof, You may choose to offer,
          and charge a fee for, acceptance of support, warranty, indemnity,
          or other liability obligations and/or rights consistent with this
          License. However, in accepting such obligations, You may act only
          on Your own behalf and on Your sole responsibility, not on behalf
          of any other Contributor, and only if You agree to indemnify,
          defend, and hold each Contributor harmless for any liability
          incurred by, or claims asserted against, such Contributor by reason
          of your accepting any such warranty or additional liability.
       END OF TERMS AND CONDITIONS
       APPENDIX: How to apply the Apache License to your work.
          To apply the Apache License to your work, attach the following
          boilerplate notice, with the fields enclosed by brackets "{}"
          replaced with your own identifying information. (Don't include
          the brackets!)  The text should be enclosed in the appropriate
          comment syntax for the file format. We also recommend that a
          file or class name and description of purpose be included on the
          same "printed page" as the copyright notice for easier
          identification within third-party archives.
       Copyright 2018 Gregor Martynus and other contributors.
       Licensed under the Apache License, Version 2.0 (the "License");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at
           http://www.apache.org/licenses/LICENSE-2.0
       Unless required by applicable law or agreed to in writing, software
       distributed under the License is distributed on an "AS IS" BASIS,
       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and
       limitations under the License.
 - sources: README.md
  text: "[Apache 2.0](LICENSE)"
 notices: []
--- a/.licenses/npm/deprecation.dep.yml
+++ b/.licenses/npm/deprecation.dep.yml
@@ -0,0 +1,28 @@
 ---
 name: deprecation
 version: 2.3.1
 type: npm
 summary: Log a deprecation message with stack
 homepage: https://github.com/gr2m/deprecation#readme
 license: isc
 licenses:
 - sources: LICENSE
  text: |
    The ISC License
    Copyright (c) Gregor Martynus and contributors
    Permission to use, copy, modify, and/or distribute this software for any
    purpose with or without fee is hereby granted, provided that the above
    copyright notice and this permission notice appear in all copies.
    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 - sources: README.md
  text: "[ISC](LICENSE)"
 notices: []
--- a/.licenses/npm/once.dep.yml
+++ b/.licenses/npm/once.dep.yml
@@ -0,0 +1,26 @@
 ---
 name: once
 version: 1.4.0
 type: npm
 summary: Run a function exactly one time
 homepage: https://github.com/isaacs/once#readme
 license: isc
 licenses:
 - sources: LICENSE
  text: |
    The ISC License
    Copyright (c) Isaac Z. Schlueter and Contributors
    Permission to use, copy, modify, and/or distribute this software for any
    purpose with or without fee is hereby granted, provided that the above
    copyright notice and this permission notice appear in all copies.
    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 notices: []
--- a/.licenses/npm/semver.dep.yml
+++ b/.licenses/npm/semver.dep.yml
@@ -0,0 +1,26 @@
 ---
 name: semver
 version: 6.3.1
 type: npm
 summary: The semantic version parser used by npm.
 homepage: 
 license: isc
 licenses:
 - sources: LICENSE
  text: |
    The ISC License
    Copyright (c) Isaac Z. Schlueter and Contributors
    Permission to use, copy, modify, and/or distribute this software for any
    purpose with or without fee is hereby granted, provided that the above
    copyright notice and this permission notice appear in all copies.
    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 notices: []
--- a/.licenses/npm/tunnel.dep.yml
+++ b/.licenses/npm/tunnel.dep.yml
@@ -0,0 +1,35 @@
 ---
 name: tunnel
 version: 0.0.6
 type: npm
 summary: Node HTTP/HTTPS Agents for tunneling proxies
 homepage: https://github.com/koichik/node-tunnel/
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    The MIT License (MIT)
    Copyright (c) 2012 Koichi Kobayashi
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in
    all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    THE SOFTWARE.
 - sources: README.md
  text: Licensed under the [MIT](https://github.com/koichik/node-tunnel/blob/master/LICENSE)
    license.
 notices: []
--- a/.licenses/npm/undici.dep.yml
+++ b/.licenses/npm/undici.dep.yml
@@ -0,0 +1,34 @@
 ---
 name: undici
 version: 5.28.4
 type: npm
 summary: An HTTP/1.1 client, written from scratch for Node.js
 homepage: https://undici.nodejs.org
 license: mit
 licenses:
 - sources: LICENSE
  text: |
    MIT License
    Copyright (c) Matteo Collina and Undici contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all
    copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    SOFTWARE.
 - sources: README.md
  text: MIT
 notices: []
--- a/.licenses/npm/universal-user-agent.dep.yml
+++ b/.licenses/npm/universal-user-agent.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: universal-user-agent
 version: 6.0.1
 type: npm
 summary: Get a user agent string in both browser and node
 homepage: 
 license: isc
 licenses:
 - sources: LICENSE.md
  text: |
    # [ISC License](https://spdx.org/licenses/ISC)
    Copyright (c) 2018, Gregor Martynus (https://github.com/gr2m)
    Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 - sources: README.md
  text: "[ISC](LICENSE.md)"
 notices: []
--- a/.licenses/npm/uuid-3.4.0.dep.yml
+++ b/.licenses/npm/uuid-3.4.0.dep.yml
@@ -0,0 +1,39 @@
 ---
 name: uuid
 version: 3.4.0
 type: npm
 summary: RFC4122 (v1, v4, and v5) UUIDs
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |
    The MIT License (MIT)
    Copyright (c) 2010-2016 Robert Kieffer and other contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is
    furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all
    copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    SOFTWARE.
 notices:
 - sources: AUTHORS
  text: |-
    Robert Kieffer <robert@broofa.com>
    Christoph Tavan <dev@tavan.de>
    AJ ONeal <coolaj86@gmail.com>
    Vincent Voyer <vincent@zeroload.net>
    Roman Shtylman <shtylman@gmail.com>
--- a/.licenses/npm/uuid-8.3.2.dep.yml
+++ b/.licenses/npm/uuid-8.3.2.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: uuid
 version: 8.3.2
 type: npm
 summary: RFC4122 (v1, v4, and v5) UUIDs
 homepage: https://github.com/uuidjs/uuid#readme
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |
    The MIT License (MIT)
    Copyright (c) 2010-2020 Robert Kieffer and other contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/uuid-9.0.1.dep.yml
+++ b/.licenses/npm/uuid-9.0.1.dep.yml
@@ -0,0 +1,20 @@
 ---
 name: uuid
 version: 9.0.1
 type: npm
 summary: RFC4122 (v1, v4, and v5) UUIDs
 homepage: 
 license: mit
 licenses:
 - sources: LICENSE.md
  text: |
    The MIT License (MIT)
    Copyright (c) 2010-2020 Robert Kieffer and other contributors
    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 notices: []
--- a/.licenses/npm/wrappy.dep.yml
+++ b/.licenses/npm/wrappy.dep.yml
@@ -0,0 +1,26 @@
 ---
 name: wrappy
 version: 1.0.2
 type: npm
 summary: Callback wrapping utility
 homepage: https://github.com/npm/wrappy
 license: isc
 licenses:
 - sources: LICENSE
  text: |
    The ISC License
    Copyright (c) Isaac Z. Schlueter and Contributors
    Permission to use, copy, modify, and/or distribute this software for any
    purpose with or without fee is hereby granted, provided that the above
    copyright notice and this permission notice appear in all copies.
    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 notices: []
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1,3 @@
 dist/
 lib/
 node_modules/
--- a/.prettierrc.json
+++ b/.prettierrc.json
@@ -0,0 +1,11 @@
 {
  "printWidth": 80,
  "tabWidth": 2,
  "useTabs": false,
  "semi": false,
  "singleQuote": true,
  "trailingComma": "none",
  "bracketSpacing": false,
  "arrowParens": "avoid",
  "parser": "typescript"
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,13 +1,161 @@
 # Changelog
-## Unreleased Changes
+## v4.2.2
- N/A
+* `url-helper.ts` now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
 * Expand unit test coverage for `isGhes` by @jww3 in https://github.com/actions/checkout/pull/1946
-## v1.2.0
+## v4.2.1
- Reverted the breaking behavior change in v1.1.0 that broke custom authentication flows
+* Check out other refs/* by commit if provided, fall back to ref by @orhantoy in https://github.com/actions/checkout/pull/1924
-## v1.1.0 (Not reccomended for use, this functionality will be ported to the 2.0 update)
+## v4.2.0
 - Persist `with.token` or `${{ github.token }}` into checkout repository's git config as `http.https://github.com/.extraheader=AUTHORIZATION: basic ***` to better support scripting git
-## v1.0.0
+* Add Ref and Commit outputs by @lucacome in https://github.com/actions/checkout/pull/1180
- Initial Release of the checkout action
+* Dependency updates by @dependabot- https://github.com/actions/checkout/pull/1777, https://github.com/actions/checkout/pull/1872
 ## v4.1.7
 * Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in https://github.com/actions/checkout/pull/1739
 * Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/actions/checkout/pull/1697
 * Check out other refs/* by commit by @orhantoy in https://github.com/actions/checkout/pull/1774
 * Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in https://github.com/actions/checkout/pull/1776
 ## v4.1.6
 * Check platform to set archive extension appropriately by @cory-miller in https://github.com/actions/checkout/pull/1732
 ## v4.1.5
 * Update NPM dependencies by @cory-miller in https://github.com/actions/checkout/pull/1703
 * Bump github/codeql-action from 2 to 3 by @dependabot in https://github.com/actions/checkout/pull/1694
 * Bump actions/setup-node from 1 to 4 by @dependabot in https://github.com/actions/checkout/pull/1696
 * Bump actions/upload-artifact from 2 to 4 by @dependabot in https://github.com/actions/checkout/pull/1695
 * README: Suggest `user.email` to be `41898282+github-actions[bot]@users.noreply.github.com` by @cory-miller in https://github.com/actions/checkout/pull/1707
 ## v4.1.4
 - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by @jww3 in https://github.com/actions/checkout/pull/1692
 - Add dependabot config by @cory-miller in https://github.com/actions/checkout/pull/1688
 - Bump the minor-actions-dependencies group with 2 updates by @dependabot in https://github.com/actions/checkout/pull/1693
 - Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in https://github.com/actions/checkout/pull/1643
 ## v4.1.3
 - Check git version before attempting to disable `sparse-checkout` by @jww3 in https://github.com/actions/checkout/pull/1656
 - Add SSH user parameter by @cory-miller in https://github.com/actions/checkout/pull/1685
 - Update `actions/checkout` version in `update-main-version.yml` by @jww3 in https://github.com/actions/checkout/pull/1650
 ## v4.1.2
 - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present @dscho in https://github.com/actions/checkout/pull/1598
 ## v4.1.1
 - Correct link to GitHub Docs by @peterbe in https://github.com/actions/checkout/pull/1511
 - Link to release page from what's new section by @cory-miller in https://github.com/actions/checkout/pull/1514
 ## v4.1.0
 - [Add support for partial checkout filters](https://github.com/actions/checkout/pull/1396)
 ## v4.0.0
 - [Support fetching without the --progress option](https://github.com/actions/checkout/pull/1067)
 - [Update to node20](https://github.com/actions/checkout/pull/1436)
 ## v3.6.0
 - [Fix: Mark test scripts with Bash'isms to be run via Bash](https://github.com/actions/checkout/pull/1377)
 - [Add option to fetch tags even if fetch-depth > 0](https://github.com/actions/checkout/pull/579)
 ## v3.5.3
 - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://github.com/actions/checkout/pull/1196)
 - [Fix typos found by codespell](https://github.com/actions/checkout/pull/1287)
 - [Add support for sparse checkouts](https://github.com/actions/checkout/pull/1369)
 ## v3.5.2
 - [Fix api endpoint for GHES](https://github.com/actions/checkout/pull/1289)
 ## v3.5.1
 - [Fix slow checkout on Windows](https://github.com/actions/checkout/pull/1246)
 ## v3.5.0
 * [Add new public key for known_hosts](https://github.com/actions/checkout/pull/1237)
 ## v3.4.0
 - [Upgrade codeql actions to v2](https://github.com/actions/checkout/pull/1209)
 - [Upgrade dependencies](https://github.com/actions/checkout/pull/1210)
 - [Upgrade @actions/io](https://github.com/actions/checkout/pull/1225)
 ## v3.3.0
 - [Implement branch list using callbacks from exec function](https://github.com/actions/checkout/pull/1045)
 - [Add in explicit reference to private checkout options](https://github.com/actions/checkout/pull/1050)
 - [Fix comment typos (that got added in #770)](https://github.com/actions/checkout/pull/1057)
 ## v3.2.0
 - [Add GitHub Action to perform release](https://github.com/actions/checkout/pull/942)
 - [Fix status badge](https://github.com/actions/checkout/pull/967)
 - [Replace datadog/squid with ubuntu/squid Docker image](https://github.com/actions/checkout/pull/1002)
 - [Wrap pipeline commands for submoduleForeach in quotes](https://github.com/actions/checkout/pull/964)
 - [Update @actions/io to 1.1.2](https://github.com/actions/checkout/pull/1029)
 - [Upgrading version to 3.2.0](https://github.com/actions/checkout/pull/1039)
 ## v3.1.0
 - [Use @actions/core `saveState` and `getState`](https://github.com/actions/checkout/pull/939)
 - [Add `github-server-url` input](https://github.com/actions/checkout/pull/922)
 ## v3.0.2
 - [Add input `set-safe-directory`](https://github.com/actions/checkout/pull/770)
 ## v3.0.1
 - [Fixed an issue where checkout failed to run in container jobs due to the new git setting `safe.directory`](https://github.com/actions/checkout/pull/762)
 - [Bumped various npm package versions](https://github.com/actions/checkout/pull/744)
 ## v3.0.0
 - [Update to node 16](https://github.com/actions/checkout/pull/689)
 ## v2.3.1
 - [Fix default branch resolution for .wiki and when using SSH](https://github.com/actions/checkout/pull/284)
 ## v2.3.0
 - [Fallback to the default branch](https://github.com/actions/checkout/pull/278)
 ## v2.2.0
 - [Fetch all history for all tags and branches when fetch-depth=0](https://github.com/actions/checkout/pull/258)
 ## v2.1.1
 - Changes to support GHES ([here](https://github.com/actions/checkout/pull/236) and [here](https://github.com/actions/checkout/pull/248))
 ## v2.1.0
 - [Group output](https://github.com/actions/checkout/pull/191)
 - [Changes to support GHES alpha release](https://github.com/actions/checkout/pull/199)
 - [Persist core.sshCommand for submodules](https://github.com/actions/checkout/pull/184)
 - [Add support ssh](https://github.com/actions/checkout/pull/163)
 - [Convert submodule SSH URL to HTTPS, when not using SSH](https://github.com/actions/checkout/pull/179)
 - [Add submodule support](https://github.com/actions/checkout/pull/157)
 - [Follow proxy settings](https://github.com/actions/checkout/pull/144)
 - [Fix ref for pr closed event when a pr is merged](https://github.com/actions/checkout/pull/141)
 - [Fix issue checking detached when git less than 2.22](https://github.com/actions/checkout/pull/128)
 ## v2.0.0
 - [Do not pass cred on command line](https://github.com/actions/checkout/pull/108)
 - [Add input persist-credentials](https://github.com/actions/checkout/pull/107)
 - [Fallback to REST API to download repo](https://github.com/actions/checkout/pull/104)
 ## v2 (beta)
 - Improved fetch performance
  - The default behavior now fetches only the SHA being checked-out
 - Script authenticated git commands
  - Persists `with.token` in the local git config
  - Enables your scripts to run authenticated git commands
  - Post-job cleanup removes the token
  - Coming soon: Opt out by setting `with.persist-credentials` to `false`
 - Creates a local branch
  - No longer detached HEAD when checking out a branch
  - A local branch is created with the corresponding upstream branch set
 - Improved layout
  - `with.path` is always relative to `github.workspace`
  - Aligns better with container actions, where `github.workspace` gets mapped in
 - Removed input `submodules`
 ## v1
 Refer [here](https://github.com/actions/checkout/blob/v1/CHANGELOG.md) for the V1 changelog
--- a/1
+++ b/1
@@ -0,0 +1 @@
 * @actions/actions-launch
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,28 @@
 # Contributing
 ## Submitting a pull request
 1. Fork and clone the repository
 1. Configure and install the dependencies: `npm install`
 1. Create a new branch: `git checkout -b my-branch-name`
 1. Make your change, add tests, and make sure the tests still pass: `npm run test`
 1. Make sure your code is correctly formatted: `npm run format`
 1. Update `dist/index.js` using `npm run build`. This creates a single javascript file that is used as an entrypoint for the action
 1. Push to your fork and submit a pull request
 1. Pat yourself on the back and wait for your pull request to be reviewed and merged
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 - Write tests.
 - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
 ## Resources
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
 - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
 - [GitHub Help](https://help.github.com)
 - [Writing good commit messages](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
 Thanks! :heart: :heart: :heart:
 GitHub Actions Team :octocat:
--- a/README.md
+++ b/README.md
@@ -1,60 +1,318 @@
-<p align="center">
+[![Build and Test](https://github.com/actions/checkout/actions/workflows/test.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/test.yml)
  <a href="https://github.com/actions/checkout"><img alt="GitHub Actions status" src="https://github.com/actions/checkout/workflows/test-local/badge.svg"></a>
 </p>
-# Checkout
+# Checkout V4
-This action checks out your repository to `$GITHUB_WORKSPACE`, so that your workflow can access the contents of your repository.
+This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
-By default, this is equivalent to running `git fetch` and `git checkout $GITHUB_SHA`, so that you'll always have your repo contents at the version that triggered the workflow.
+Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://docs.github.com/actions/using-workflows/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.
-See [here](https://help.github.com/en/articles/events-that-trigger-workflows) to learn what `$GITHUB_SHA` is for different kinds of events.
+
 The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
 When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
 # What's new
 Please refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.
 # Usage
-See [action.yml](action.yml)
+<!-- start usage -->
 ```yaml
 - uses: actions/checkout@v4
  with:
    # Repository name with owner. For example, actions/checkout
    # Default: ${{ github.repository }}
    repository: ''
-Basic:
+    # The branch, tag or SHA to checkout. When checking out the repository that
    # triggered a workflow, this defaults to the reference or SHA for that event.
    # Otherwise, uses the default branch.
    ref: ''
    # Personal access token (PAT) used to fetch the repository. The PAT is configured
    # with the local git config, which enables your scripts to run authenticated git
    # commands. The post-job step removes the PAT.
    #
    # We recommend using a service account with the least permissions necessary. Also
    # when generating a new PAT, select the least scopes necessary.
    #
    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    #
    # Default: ${{ github.token }}
    token: ''
    # SSH key used to fetch the repository. The SSH key is configured with the local
    # git config, which enables your scripts to run authenticated git commands. The
    # post-job step removes the SSH key.
    #
    # We recommend using a service account with the least permissions necessary.
    #
    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    ssh-key: ''
    # Known hosts in addition to the user and global host key database. The public SSH
    # keys for a host may be obtained using the utility `ssh-keyscan`. For example,
    # `ssh-keyscan github.com`. The public key for github.com is always implicitly
    # added.
    ssh-known-hosts: ''
    # Whether to perform strict host key checking. When true, adds the options
    # `StrictHostKeyChecking=yes` and `CheckHostIP=no` to the SSH command line. Use
    # the input `ssh-known-hosts` to configure additional hosts.
    # Default: true
    ssh-strict: ''
    # The user to use when connecting to the remote SSH host. By default 'git' is
    # used.
    # Default: git
    ssh-user: ''
    # Whether to configure the token or SSH key with the local git config
    # Default: true
    persist-credentials: ''
    # Relative path under $GITHUB_WORKSPACE to place the repository
    path: ''
    # Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching
    # Default: true
    clean: ''
    # Partially clone against a given filter. Overrides sparse-checkout if set.
    # Default: null
    filter: ''
    # Do a sparse checkout on given patterns. Each pattern should be separated with
    # new lines.
    # Default: null
    sparse-checkout: ''
    # Specifies whether to use cone-mode when doing a sparse checkout.
    # Default: true
    sparse-checkout-cone-mode: ''
    # Number of commits to fetch. 0 indicates all history for all branches and tags.
    # Default: 1
    fetch-depth: ''
    # Whether to fetch tags, even if fetch-depth > 0.
    # Default: false
    fetch-tags: ''
    # Whether to show progress status output when fetching.
    # Default: true
    show-progress: ''
    # Whether to download Git-LFS files
    # Default: false
    lfs: ''
    # Whether to checkout submodules: `true` to checkout submodules or `recursive` to
    # recursively checkout submodules.
    #
    # When the `ssh-key` input is not provided, SSH URLs beginning with
    # `git@github.com:` are converted to HTTPS.
    #
    # Default: false
    submodules: ''
    # Add repository path as safe.directory for Git global config by running `git
    # config --global --add safe.directory <path>`
    # Default: true
    set-safe-directory: ''
    # The base URL for the GitHub instance that you are trying to clone from, will use
    # environment defaults to fetch from the same instance that the workflow is
    # running from unless specified. Example URLs are https://github.com or
    # https://my-ghes-server.example.com
    github-server-url: ''
 ```
 <!-- end usage -->
 # Scenarios
 - [Fetch only the root files](#Fetch-only-the-root-files)
 - [Fetch only the root files and `.github` and `src` folder](#Fetch-only-the-root-files-and-github-and-src-folder)
 - [Fetch only a single file](#Fetch-only-a-single-file)
 - [Fetch all history for all tags and branches](#Fetch-all-history-for-all-tags-and-branches)
 - [Checkout a different branch](#Checkout-a-different-branch)
 - [Checkout HEAD^](#Checkout-HEAD)
 - [Checkout multiple repos (side by side)](#Checkout-multiple-repos-side-by-side)
 - [Checkout multiple repos (nested)](#Checkout-multiple-repos-nested)
 - [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 - [Checkout pull request HEAD commit instead of merge commit](#Checkout-pull-request-HEAD-commit-instead-of-merge-commit)
 - [Checkout pull request on closed event](#Checkout-pull-request-on-closed-event)
 - [Push a commit using the built-in token](#Push-a-commit-using-the-built-in-token)
 - [Push a commit to a PR using the built-in token](#Push-a-commit-to-a-PR-using-the-built-in-token)
 ## Fetch only the root files
 ```yaml
-steps:
+- uses: actions/checkout@v4
 - uses: actions/checkout@v1
 - uses: actions/setup-node@v1
  with:
-    node-version: 10.x 
+    sparse-checkout: .
 - run: npm install
 - run: npm test
 ```
-By default, the branch or tag ref that triggered the workflow will be checked out. If you wish to check out a different branch, a different repository or use different token to checkout, specify that using `with.ref`, `with.repository` and `with.token`.
+## Fetch only the root files and `.github` and `src` folder
 ## Checkout different branch from the workflow repository
 ```yaml
- uses: actions/checkout@v1
+- uses: actions/checkout@v4
  with:
-    ref: some-branch
+    sparse-checkout: |
      .github
      src
 ```
-## Checkout different private repository
+## Fetch only a single file
 ```yaml
- uses: actions/checkout@v1
+- uses: actions/checkout@v4
  with:
-    repository: myAccount/myRepository
+    sparse-checkout: |
-    ref: refs/heads/master
+      README.md
-    token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret contains your PAT.
+    sparse-checkout-cone-mode: false
 ```
 > - `${{ github.token }}` is scoped to the current repository, so if you want to checkout another repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
-## Checkout private submodules
+## Fetch all history for all tags and branches
 ```yaml
- uses: actions/checkout@v1
+- uses: actions/checkout@v4
  with:
-    submodules: true # 'recursive' 'true' or 'false'
+    fetch-depth: 0
    token: ${{ secrets.GitHub_PAT }} # `GitHub_PAT` is a secret contains your PAT.
 ```
 > - Private submodules must be configured via `https` not `ssh`.
 > - `${{ github.token }}` only has permission to the workflow triggering repository. If the repository contains any submodules that come from private repositories, you will need to add your [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) as secret and use the secret in `with.token` to make the `checkout` action work.
-For more details, see [Contexts and expression syntax for GitHub Actions](https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions) and [Creating and using encrypted secrets](https://help.github.com/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
+## Checkout a different branch
 ```yaml
 - uses: actions/checkout@v4
  with:
    ref: my-branch
 ```
 ## Checkout HEAD^
 ```yaml
 - uses: actions/checkout@v4
  with:
    fetch-depth: 2
 - run: git checkout HEAD^
 ```
 ## Checkout multiple repos (side by side)
 ```yaml
 - name: Checkout
  uses: actions/checkout@v4
  with:
    path: main
 - name: Checkout tools repo
  uses: actions/checkout@v4
  with:
    repository: my-org/my-tools
    path: my-tools
 ```
 > - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 ## Checkout multiple repos (nested)
 ```yaml
 - name: Checkout
  uses: actions/checkout@v4
 - name: Checkout tools repo
  uses: actions/checkout@v4
  with:
    repository: my-org/my-tools
    path: my-tools
 ```
 > - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
 ## Checkout multiple repos (private)
 ```yaml
 - name: Checkout
  uses: actions/checkout@v4
  with:
    path: main
 - name: Checkout private tools
  uses: actions/checkout@v4
  with:
    repository: my-org/my-private-tools
    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
    path: my-tools
 ```
 > - `${{ github.token }}` is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
 ## Checkout pull request HEAD commit instead of merge commit
 ```yaml
 - uses: actions/checkout@v4
  with:
    ref: ${{ github.event.pull_request.head.sha }}
 ```
 ## Checkout pull request on closed event
 ```yaml
 on:
  pull_request:
    branches: [main]
    types: [opened, synchronize, closed]
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
 ```
 ## Push a commit using the built-in token
 ```yaml
 on: push
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: |
          date > generated.txt
          # Note: the following account information will not work on GHES
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git add .
          git commit -m "generated"
          git push
 ```
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
 ## Push a commit to a PR using the built-in token
 In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesn’t check out your branch by default.
 ```yaml
 on: pull_request
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.head_ref }}
      - run: |
          date > generated.txt
          # Note: the following account information will not work on GHES
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git add .
          git commit -m "generated"
          git push
 ```
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
 # License
--- a/test/git-auth-helper.test.ts
+++ b/test/git-auth-helper.test.ts
@@ -0,0 +1,856 @@
 import * as core from '@actions/core'
 import * as fs from 'fs'
 import * as gitAuthHelper from '../lib/git-auth-helper'
 import * as io from '@actions/io'
 import * as os from 'os'
 import * as path from 'path'
 import * as stateHelper from '../lib/state-helper'
 import {IGitCommandManager} from '../lib/git-command-manager'
 import {IGitSourceSettings} from '../lib/git-source-settings'
 const isWindows = process.platform === 'win32'
 const testWorkspace = path.join(__dirname, '_temp', 'git-auth-helper')
 const originalRunnerTemp = process.env['RUNNER_TEMP']
 const originalHome = process.env['HOME']
 let workspace: string
 let localGitConfigPath: string
 let globalGitConfigPath: string
 let runnerTemp: string
 let tempHomedir: string
 let git: IGitCommandManager & {env: {[key: string]: string}}
 let settings: IGitSourceSettings
 let sshPath: string
 let githubServerUrl: string
 describe('git-auth-helper tests', () => {
  beforeAll(async () => {
    // SSH
    sshPath = await io.which('ssh')
    // Clear test workspace
    await io.rmRF(testWorkspace)
  })
  beforeEach(() => {
    // Mock setSecret
    jest.spyOn(core, 'setSecret').mockImplementation((secret: string) => {})
    // Mock error/warning/info/debug
    jest.spyOn(core, 'error').mockImplementation(jest.fn())
    jest.spyOn(core, 'warning').mockImplementation(jest.fn())
    jest.spyOn(core, 'info').mockImplementation(jest.fn())
    jest.spyOn(core, 'debug').mockImplementation(jest.fn())
    // Mock state helper
    jest.spyOn(stateHelper, 'setSshKeyPath').mockImplementation(jest.fn())
    jest
      .spyOn(stateHelper, 'setSshKnownHostsPath')
      .mockImplementation(jest.fn())
  })
  afterEach(() => {
    // Unregister mocks
    jest.restoreAllMocks()
    // Restore HOME
    if (originalHome) {
      process.env['HOME'] = originalHome
    } else {
      delete process.env['HOME']
    }
  })
  afterAll(() => {
    // Restore RUNNER_TEMP
    delete process.env['RUNNER_TEMP']
    if (originalRunnerTemp) {
      process.env['RUNNER_TEMP'] = originalRunnerTemp
    }
  })
  async function testAuthHeader(
    testName: string,
    serverUrl: string | undefined = undefined
  ) {
    // Arrange
    let expectedServerUrl = 'https://github.com'
    if (serverUrl) {
      githubServerUrl = serverUrl
      expectedServerUrl = githubServerUrl
    }
    await setup(testName)
    expect(settings.authToken).toBeTruthy() // sanity check
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    // Assert config
    const configContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
    const basicCredential = Buffer.from(
      `x-access-token:${settings.authToken}`,
      'utf8'
    ).toString('base64')
    expect(
      configContent.indexOf(
        `http.${expectedServerUrl}/.extraheader AUTHORIZATION: basic ${basicCredential}`
      )
    ).toBeGreaterThanOrEqual(0)
  }
  const configureAuth_configuresAuthHeader =
    'configureAuth configures auth header'
  it(configureAuth_configuresAuthHeader, async () => {
    await testAuthHeader(configureAuth_configuresAuthHeader)
  })
  const configureAuth_AcceptsGitHubServerUrl =
    'inject https://my-ghes-server.com as github server url'
  it(configureAuth_AcceptsGitHubServerUrl, async () => {
    await testAuthHeader(
      configureAuth_AcceptsGitHubServerUrl,
      'https://my-ghes-server.com'
    )
  })
  const configureAuth_AcceptsGitHubServerUrlSetToGHEC =
    'inject https://github.com as github server url'
  it(configureAuth_AcceptsGitHubServerUrlSetToGHEC, async () => {
    await testAuthHeader(
      configureAuth_AcceptsGitHubServerUrl,
      'https://github.com'
    )
  })
  const configureAuth_configuresAuthHeaderEvenWhenPersistCredentialsFalse =
    'configureAuth configures auth header even when persist credentials false'
  it(
    configureAuth_configuresAuthHeaderEvenWhenPersistCredentialsFalse,
    async () => {
      // Arrange
      await setup(
        configureAuth_configuresAuthHeaderEvenWhenPersistCredentialsFalse
      )
      expect(settings.authToken).toBeTruthy() // sanity check
      settings.persistCredentials = false
      const authHelper = gitAuthHelper.createAuthHelper(git, settings)
      // Act
      await authHelper.configureAuth()
      // Assert config
      const configContent = (
        await fs.promises.readFile(localGitConfigPath)
      ).toString()
      expect(
        configContent.indexOf(
          `http.https://github.com/.extraheader AUTHORIZATION`
        )
      ).toBeGreaterThanOrEqual(0)
    }
  )
  const configureAuth_copiesUserKnownHosts =
    'configureAuth copies user known hosts'
  it(configureAuth_copiesUserKnownHosts, async () => {
    if (!sshPath) {
      process.stdout.write(
        `Skipped test "${configureAuth_copiesUserKnownHosts}". Executable 'ssh' not found in the PATH.\n`
      )
      return
    }
    // Arange
    await setup(configureAuth_copiesUserKnownHosts)
    expect(settings.sshKey).toBeTruthy() // sanity check
    // Mock fs.promises.readFile
    const realReadFile = fs.promises.readFile
    jest
      .spyOn(fs.promises, 'readFile')
      .mockImplementation(async (file: any, options: any): Promise<Buffer> => {
        const userKnownHostsPath = path.join(
          os.homedir(),
          '.ssh',
          'known_hosts'
        )
        if (file === userKnownHostsPath) {
          return Buffer.from('some-domain.com ssh-rsa ABCDEF')
        }
        return await realReadFile(file, options)
      })
    // Act
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    await authHelper.configureAuth()
    // Assert known hosts
    const actualSshKnownHostsPath = await getActualSshKnownHostsPath()
    const actualSshKnownHostsContent = (
      await fs.promises.readFile(actualSshKnownHostsPath)
    ).toString()
    expect(actualSshKnownHostsContent).toMatch(
      /some-domain\.com ssh-rsa ABCDEF/
    )
    expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/)
  })
  const configureAuth_registersBasicCredentialAsSecret =
    'configureAuth registers basic credential as secret'
  it(configureAuth_registersBasicCredentialAsSecret, async () => {
    // Arrange
    await setup(configureAuth_registersBasicCredentialAsSecret)
    expect(settings.authToken).toBeTruthy() // sanity check
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    // Assert secret
    const setSecretSpy = core.setSecret as jest.Mock<any, any>
    expect(setSecretSpy).toHaveBeenCalledTimes(1)
    const expectedSecret = Buffer.from(
      `x-access-token:${settings.authToken}`,
      'utf8'
    ).toString('base64')
    expect(setSecretSpy).toHaveBeenCalledWith(expectedSecret)
  })
  const setsSshCommandEnvVarWhenPersistCredentialsFalse =
    'sets SSH command env var when persist-credentials false'
  it(setsSshCommandEnvVarWhenPersistCredentialsFalse, async () => {
    if (!sshPath) {
      process.stdout.write(
        `Skipped test "${setsSshCommandEnvVarWhenPersistCredentialsFalse}". Executable 'ssh' not found in the PATH.\n`
      )
      return
    }
    // Arrange
    await setup(setsSshCommandEnvVarWhenPersistCredentialsFalse)
    settings.persistCredentials = false
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    // Assert git env var
    const actualKeyPath = await getActualSshKeyPath()
    const actualKnownHostsPath = await getActualSshKnownHostsPath()
    const expectedSshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename(
      actualKeyPath
    )}" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename(
      actualKnownHostsPath
    )}"`
    expect(git.setEnvironmentVariable).toHaveBeenCalledWith(
      'GIT_SSH_COMMAND',
      expectedSshCommand
    )
    // Asserty git config
    const gitConfigLines = (await fs.promises.readFile(localGitConfigPath))
      .toString()
      .split('\n')
      .filter(x => x)
    expect(gitConfigLines).toHaveLength(1)
    expect(gitConfigLines[0]).toMatch(/^http\./)
  })
  const configureAuth_setsSshCommandWhenPersistCredentialsTrue =
    'sets SSH command when persist-credentials true'
  it(configureAuth_setsSshCommandWhenPersistCredentialsTrue, async () => {
    if (!sshPath) {
      process.stdout.write(
        `Skipped test "${configureAuth_setsSshCommandWhenPersistCredentialsTrue}". Executable 'ssh' not found in the PATH.\n`
      )
      return
    }
    // Arrange
    await setup(configureAuth_setsSshCommandWhenPersistCredentialsTrue)
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    // Assert git env var
    const actualKeyPath = await getActualSshKeyPath()
    const actualKnownHostsPath = await getActualSshKnownHostsPath()
    const expectedSshCommand = `"${sshPath}" -i "$RUNNER_TEMP/${path.basename(
      actualKeyPath
    )}" -o StrictHostKeyChecking=yes -o CheckHostIP=no -o "UserKnownHostsFile=$RUNNER_TEMP/${path.basename(
      actualKnownHostsPath
    )}"`
    expect(git.setEnvironmentVariable).toHaveBeenCalledWith(
      'GIT_SSH_COMMAND',
      expectedSshCommand
    )
    // Asserty git config
    expect(git.config).toHaveBeenCalledWith(
      'core.sshCommand',
      expectedSshCommand
    )
  })
  const configureAuth_writesExplicitKnownHosts = 'writes explicit known hosts'
  it(configureAuth_writesExplicitKnownHosts, async () => {
    if (!sshPath) {
      process.stdout.write(
        `Skipped test "${configureAuth_writesExplicitKnownHosts}". Executable 'ssh' not found in the PATH.\n`
      )
      return
    }
    // Arrange
    await setup(configureAuth_writesExplicitKnownHosts)
    expect(settings.sshKey).toBeTruthy() // sanity check
    settings.sshKnownHosts = 'my-custom-host.com ssh-rsa ABC123'
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    // Assert known hosts
    const actualSshKnownHostsPath = await getActualSshKnownHostsPath()
    const actualSshKnownHostsContent = (
      await fs.promises.readFile(actualSshKnownHostsPath)
    ).toString()
    expect(actualSshKnownHostsContent).toMatch(
      /my-custom-host\.com ssh-rsa ABC123/
    )
    expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/)
  })
  const configureAuth_writesSshKeyAndImplicitKnownHosts =
    'writes SSH key and implicit known hosts'
  it(configureAuth_writesSshKeyAndImplicitKnownHosts, async () => {
    if (!sshPath) {
      process.stdout.write(
        `Skipped test "${configureAuth_writesSshKeyAndImplicitKnownHosts}". Executable 'ssh' not found in the PATH.\n`
      )
      return
    }
    // Arrange
    await setup(configureAuth_writesSshKeyAndImplicitKnownHosts)
    expect(settings.sshKey).toBeTruthy() // sanity check
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    // Assert SSH key
    const actualSshKeyPath = await getActualSshKeyPath()
    expect(actualSshKeyPath).toBeTruthy()
    const actualSshKeyContent = (
      await fs.promises.readFile(actualSshKeyPath)
    ).toString()
    expect(actualSshKeyContent).toBe(settings.sshKey + '\n')
    if (!isWindows) {
      // Assert read/write for user, not group or others.
      // Otherwise SSH client will error.
      expect((await fs.promises.stat(actualSshKeyPath)).mode & 0o777).toBe(
        0o600
      )
    }
    // Assert known hosts
    const actualSshKnownHostsPath = await getActualSshKnownHostsPath()
    const actualSshKnownHostsContent = (
      await fs.promises.readFile(actualSshKnownHostsPath)
    ).toString()
    expect(actualSshKnownHostsContent).toMatch(/github\.com ssh-rsa AAAAB3N/)
  })
  const configureGlobalAuth_configuresUrlInsteadOfWhenSshKeyNotSet =
    'configureGlobalAuth configures URL insteadOf when SSH key not set'
  it(configureGlobalAuth_configuresUrlInsteadOfWhenSshKeyNotSet, async () => {
    // Arrange
    await setup(configureGlobalAuth_configuresUrlInsteadOfWhenSshKeyNotSet)
    settings.sshKey = ''
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    await authHelper.configureGlobalAuth()
    // Assert temporary global config
    expect(git.env['HOME']).toBeTruthy()
    const configContent = (
      await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
    ).toString()
    expect(
      configContent.indexOf(`url.https://github.com/.insteadOf git@github.com`)
    ).toBeGreaterThanOrEqual(0)
  })
  const configureGlobalAuth_copiesGlobalGitConfig =
    'configureGlobalAuth copies global git config'
  it(configureGlobalAuth_copiesGlobalGitConfig, async () => {
    // Arrange
    await setup(configureGlobalAuth_copiesGlobalGitConfig)
    await fs.promises.writeFile(globalGitConfigPath, 'value-from-global-config')
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    // Act
    await authHelper.configureAuth()
    await authHelper.configureGlobalAuth()
    // Assert original global config not altered
    let configContent = (
      await fs.promises.readFile(globalGitConfigPath)
    ).toString()
    expect(configContent).toBe('value-from-global-config')
    // Assert temporary global config
    expect(git.env['HOME']).toBeTruthy()
    const basicCredential = Buffer.from(
      `x-access-token:${settings.authToken}`,
      'utf8'
    ).toString('base64')
    configContent = (
      await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
    ).toString()
    expect(
      configContent.indexOf('value-from-global-config')
    ).toBeGreaterThanOrEqual(0)
    expect(
      configContent.indexOf(
        `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
      )
    ).toBeGreaterThanOrEqual(0)
  })
  const configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist =
    'configureGlobalAuth creates new git config when global does not exist'
  it(
    configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist,
    async () => {
      // Arrange
      await setup(
        configureGlobalAuth_createsNewGlobalGitConfigWhenGlobalDoesNotExist
      )
      await io.rmRF(globalGitConfigPath)
      const authHelper = gitAuthHelper.createAuthHelper(git, settings)
      // Act
      await authHelper.configureAuth()
      await authHelper.configureGlobalAuth()
      // Assert original global config not recreated
      try {
        await fs.promises.stat(globalGitConfigPath)
        throw new Error(
          `Did not expect file to exist: '${globalGitConfigPath}'`
        )
      } catch (err) {
        if ((err as any)?.code !== 'ENOENT') {
          throw err
        }
      }
      // Assert temporary global config
      expect(git.env['HOME']).toBeTruthy()
      const basicCredential = Buffer.from(
        `x-access-token:${settings.authToken}`,
        'utf8'
      ).toString('base64')
      const configContent = (
        await fs.promises.readFile(path.join(git.env['HOME'], '.gitconfig'))
      ).toString()
      expect(
        configContent.indexOf(
          `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
        )
      ).toBeGreaterThanOrEqual(0)
    }
  )
  const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeyNotSet =
    'configureSubmoduleAuth configures submodules when persist credentials false and SSH key not set'
  it(
    configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeyNotSet,
    async () => {
      // Arrange
      await setup(
        configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeyNotSet
      )
      settings.persistCredentials = false
      settings.sshKey = ''
      const authHelper = gitAuthHelper.createAuthHelper(git, settings)
      await authHelper.configureAuth()
      const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
      mockSubmoduleForeach.mockClear() // reset calls
      // Act
      await authHelper.configureSubmoduleAuth()
      // Assert
      expect(mockSubmoduleForeach).toBeCalledTimes(1)
      expect(mockSubmoduleForeach.mock.calls[0][0] as string).toMatch(
        /unset-all.*insteadOf/
      )
    }
  )
  const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet =
    'configureSubmoduleAuth configures submodules when persist credentials false and SSH key set'
  it(
    configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet,
    async () => {
      if (!sshPath) {
        process.stdout.write(
          `Skipped test "${configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet}". Executable 'ssh' not found in the PATH.\n`
        )
        return
      }
      // Arrange
      await setup(
        configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsFalseAndSshKeySet
      )
      settings.persistCredentials = false
      const authHelper = gitAuthHelper.createAuthHelper(git, settings)
      await authHelper.configureAuth()
      const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
      mockSubmoduleForeach.mockClear() // reset calls
      // Act
      await authHelper.configureSubmoduleAuth()
      // Assert
      expect(mockSubmoduleForeach).toHaveBeenCalledTimes(1)
      expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
        /unset-all.*insteadOf/
      )
    }
  )
  const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeyNotSet =
    'configureSubmoduleAuth configures submodules when persist credentials true and SSH key not set'
  it(
    configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeyNotSet,
    async () => {
      // Arrange
      await setup(
        configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeyNotSet
      )
      settings.sshKey = ''
      const authHelper = gitAuthHelper.createAuthHelper(git, settings)
      await authHelper.configureAuth()
      const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
      mockSubmoduleForeach.mockClear() // reset calls
      // Act
      await authHelper.configureSubmoduleAuth()
      // Assert
      expect(mockSubmoduleForeach).toHaveBeenCalledTimes(4)
      expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
        /unset-all.*insteadOf/
      )
      expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(
        /url.*insteadOf.*git@github.com:/
      )
      expect(mockSubmoduleForeach.mock.calls[3][0]).toMatch(
        /url.*insteadOf.*org-123456@github.com:/
      )
    }
  )
  const configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet =
    'configureSubmoduleAuth configures submodules when persist credentials true and SSH key set'
  it(
    configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet,
    async () => {
      if (!sshPath) {
        process.stdout.write(
          `Skipped test "${configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet}". Executable 'ssh' not found in the PATH.\n`
        )
        return
      }
      // Arrange
      await setup(
        configureSubmoduleAuth_configuresSubmodulesWhenPersistCredentialsTrueAndSshKeySet
      )
      const authHelper = gitAuthHelper.createAuthHelper(git, settings)
      await authHelper.configureAuth()
      const mockSubmoduleForeach = git.submoduleForeach as jest.Mock<any, any>
      mockSubmoduleForeach.mockClear() // reset calls
      // Act
      await authHelper.configureSubmoduleAuth()
      // Assert
      expect(mockSubmoduleForeach).toHaveBeenCalledTimes(3)
      expect(mockSubmoduleForeach.mock.calls[0][0]).toMatch(
        /unset-all.*insteadOf/
      )
      expect(mockSubmoduleForeach.mock.calls[1][0]).toMatch(/http.*extraheader/)
      expect(mockSubmoduleForeach.mock.calls[2][0]).toMatch(/core\.sshCommand/)
    }
  )
  const removeAuth_removesSshCommand = 'removeAuth removes SSH command'
  it(removeAuth_removesSshCommand, async () => {
    if (!sshPath) {
      process.stdout.write(
        `Skipped test "${removeAuth_removesSshCommand}". Executable 'ssh' not found in the PATH.\n`
      )
      return
    }
    // Arrange
    await setup(removeAuth_removesSshCommand)
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    await authHelper.configureAuth()
    let gitConfigContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
    expect(gitConfigContent.indexOf('core.sshCommand')).toBeGreaterThanOrEqual(
      0
    ) // sanity check
    const actualKeyPath = await getActualSshKeyPath()
    expect(actualKeyPath).toBeTruthy()
    await fs.promises.stat(actualKeyPath)
    const actualKnownHostsPath = await getActualSshKnownHostsPath()
    expect(actualKnownHostsPath).toBeTruthy()
    await fs.promises.stat(actualKnownHostsPath)
    // Act
    await authHelper.removeAuth()
    // Assert git config
    gitConfigContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
    expect(gitConfigContent.indexOf('core.sshCommand')).toBeLessThan(0)
    // Assert SSH key file
    try {
      await fs.promises.stat(actualKeyPath)
      throw new Error('SSH key should have been deleted')
    } catch (err) {
      if ((err as any)?.code !== 'ENOENT') {
        throw err
      }
    }
    // Assert known hosts file
    try {
      await fs.promises.stat(actualKnownHostsPath)
      throw new Error('SSH known hosts should have been deleted')
    } catch (err) {
      if ((err as any)?.code !== 'ENOENT') {
        throw err
      }
    }
  })
  const removeAuth_removesToken = 'removeAuth removes token'
  it(removeAuth_removesToken, async () => {
    // Arrange
    await setup(removeAuth_removesToken)
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    await authHelper.configureAuth()
    let gitConfigContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
    expect(gitConfigContent.indexOf('http.')).toBeGreaterThanOrEqual(0) // sanity check
    // Act
    await authHelper.removeAuth()
    // Assert git config
    gitConfigContent = (
      await fs.promises.readFile(localGitConfigPath)
    ).toString()
    expect(gitConfigContent.indexOf('http.')).toBeLessThan(0)
  })
  const removeGlobalConfig_removesOverride =
    'removeGlobalConfig removes override'
  it(removeGlobalConfig_removesOverride, async () => {
    // Arrange
    await setup(removeGlobalConfig_removesOverride)
    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
    await authHelper.configureAuth()
    await authHelper.configureGlobalAuth()
    const homeOverride = git.env['HOME'] // Sanity check
    expect(homeOverride).toBeTruthy()
    await fs.promises.stat(path.join(git.env['HOME'], '.gitconfig'))
    // Act
    await authHelper.removeGlobalConfig()
    // Assert
    expect(git.env['HOME']).toBeUndefined()
    try {
      await fs.promises.stat(homeOverride)
      throw new Error(`Should have been deleted '${homeOverride}'`)
    } catch (err) {
      if ((err as any)?.code !== 'ENOENT') {
        throw err
      }
    }
  })
 })
 async function setup(testName: string): Promise<void> {
  testName = testName.replace(/[^a-zA-Z0-9_]+/g, '-')
  // Directories
  workspace = path.join(testWorkspace, testName, 'workspace')
  runnerTemp = path.join(testWorkspace, testName, 'runner-temp')
  tempHomedir = path.join(testWorkspace, testName, 'home-dir')
  await fs.promises.mkdir(workspace, {recursive: true})
  await fs.promises.mkdir(runnerTemp, {recursive: true})
  await fs.promises.mkdir(tempHomedir, {recursive: true})
  process.env['RUNNER_TEMP'] = runnerTemp
  process.env['HOME'] = tempHomedir
  // Create git config
  globalGitConfigPath = path.join(tempHomedir, '.gitconfig')
  await fs.promises.writeFile(globalGitConfigPath, '')
  localGitConfigPath = path.join(workspace, '.git', 'config')
  await fs.promises.mkdir(path.dirname(localGitConfigPath), {recursive: true})
  await fs.promises.writeFile(localGitConfigPath, '')
  git = {
    branchDelete: jest.fn(),
    branchExists: jest.fn(),
    branchList: jest.fn(),
    disableSparseCheckout: jest.fn(),
    sparseCheckout: jest.fn(),
    sparseCheckoutNonConeMode: jest.fn(),
    checkout: jest.fn(),
    checkoutDetach: jest.fn(),
    config: jest.fn(
      async (key: string, value: string, globalConfig?: boolean) => {
        const configPath = globalConfig
          ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
          : localGitConfigPath
        await fs.promises.appendFile(configPath, `\n${key} ${value}`)
      }
    ),
    configExists: jest.fn(
      async (key: string, globalConfig?: boolean): Promise<boolean> => {
        const configPath = globalConfig
          ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
          : localGitConfigPath
        const content = await fs.promises.readFile(configPath)
        const lines = content
          .toString()
          .split('\n')
          .filter(x => x)
        return lines.some(x => x.startsWith(key))
      }
    ),
    env: {},
    fetch: jest.fn(),
    getDefaultBranch: jest.fn(),
    getWorkingDirectory: jest.fn(() => workspace),
    init: jest.fn(),
    isDetached: jest.fn(),
    lfsFetch: jest.fn(),
    lfsInstall: jest.fn(),
    log1: jest.fn(),
    remoteAdd: jest.fn(),
    removeEnvironmentVariable: jest.fn((name: string) => delete git.env[name]),
    revParse: jest.fn(),
    setEnvironmentVariable: jest.fn((name: string, value: string) => {
      git.env[name] = value
    }),
    shaExists: jest.fn(),
    submoduleForeach: jest.fn(async () => {
      return ''
    }),
    submoduleSync: jest.fn(),
    submoduleStatus: jest.fn(async () => {
      return true
    }),
    submoduleUpdate: jest.fn(),
    tagExists: jest.fn(),
    tryClean: jest.fn(),
    tryConfigUnset: jest.fn(
      async (key: string, globalConfig?: boolean): Promise<boolean> => {
        const configPath = globalConfig
          ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
          : localGitConfigPath
        let content = await fs.promises.readFile(configPath)
        let lines = content
          .toString()
          .split('\n')
          .filter(x => x)
          .filter(x => !x.startsWith(key))
        await fs.promises.writeFile(configPath, lines.join('\n'))
        return true
      }
    ),
    tryDisableAutomaticGarbageCollection: jest.fn(),
    tryGetFetchUrl: jest.fn(),
    tryReset: jest.fn(),
    version: jest.fn()
  }
  settings = {
    authToken: 'some auth token',
    clean: true,
    commit: '',
    filter: undefined,
    sparseCheckout: [],
    sparseCheckoutConeMode: true,
    fetchDepth: 1,
    fetchTags: false,
    showProgress: true,
    lfs: false,
    submodules: false,
    nestedSubmodules: false,
    persistCredentials: true,
    ref: 'refs/heads/main',
    repositoryName: 'my-repo',
    repositoryOwner: 'my-org',
    repositoryPath: '',
    sshKey: sshPath ? 'some ssh private key' : '',
    sshKnownHosts: '',
    sshStrict: true,
    sshUser: '',
    workflowOrganizationId: 123456,
    setSafeDirectory: true,
    githubServerUrl: githubServerUrl
  }
 }
 async function getActualSshKeyPath(): Promise<string> {
  let actualTempFiles = (await fs.promises.readdir(runnerTemp))
    .sort()
    .map(x => path.join(runnerTemp, x))
  if (actualTempFiles.length === 0) {
    return ''
  }
  expect(actualTempFiles).toHaveLength(2)
  expect(actualTempFiles[0].endsWith('_known_hosts')).toBeFalsy()
  return actualTempFiles[0]
 }
 async function getActualSshKnownHostsPath(): Promise<string> {
  let actualTempFiles = (await fs.promises.readdir(runnerTemp))
    .sort()
    .map(x => path.join(runnerTemp, x))
  if (actualTempFiles.length === 0) {
    return ''
  }
  expect(actualTempFiles).toHaveLength(2)
  expect(actualTempFiles[1].endsWith('_known_hosts')).toBeTruthy()
  expect(actualTempFiles[1].startsWith(actualTempFiles[0])).toBeTruthy()
  return actualTempFiles[1]
 }
--- a/test/git-command-manager.test.ts
+++ b/test/git-command-manager.test.ts
@@ -0,0 +1,378 @@
 import * as exec from '@actions/exec'
 import * as fshelper from '../lib/fs-helper'
 import * as commandManager from '../lib/git-command-manager'
 let git: commandManager.IGitCommandManager
 let mockExec = jest.fn()
 describe('git-auth-helper tests', () => {
  beforeAll(async () => {})
  beforeEach(async () => {
    jest.spyOn(fshelper, 'fileExistsSync').mockImplementation(jest.fn())
    jest.spyOn(fshelper, 'directoryExistsSync').mockImplementation(jest.fn())
  })
  afterEach(() => {
    jest.restoreAllMocks()
  })
  afterAll(() => {})
  it('branch list matches', async () => {
    mockExec.mockImplementation((path, args, options) => {
      console.log(args, options.listeners.stdout)
      if (args.includes('version')) {
        options.listeners.stdout(Buffer.from('2.18'))
        return 0
      }
      if (args.includes('rev-parse')) {
        options.listeners.stdline(Buffer.from('refs/heads/foo'))
        options.listeners.stdline(Buffer.from('refs/heads/bar'))
        return 0
      }
      return 1
    })
    jest.spyOn(exec, 'exec').mockImplementation(mockExec)
    const workingDirectory = 'test'
    const lfs = false
    const doSparseCheckout = false
    git = await commandManager.createCommandManager(
      workingDirectory,
      lfs,
      doSparseCheckout
    )
    let branches = await git.branchList(false)
    expect(branches).toHaveLength(2)
    expect(branches.sort()).toEqual(['foo', 'bar'].sort())
  })
  it('ambiguous ref name output is captured', async () => {
    mockExec.mockImplementation((path, args, options) => {
      console.log(args, options.listeners.stdout)
      if (args.includes('version')) {
        options.listeners.stdout(Buffer.from('2.18'))
        return 0
      }
      if (args.includes('rev-parse')) {
        options.listeners.stdline(Buffer.from('refs/heads/foo'))
        // If refs/tags/v1 and refs/heads/tags/v1 existed on this repository
        options.listeners.errline(
          Buffer.from("error: refname 'tags/v1' is ambiguous")
        )
        return 0
      }
      return 1
    })
    jest.spyOn(exec, 'exec').mockImplementation(mockExec)
    const workingDirectory = 'test'
    const lfs = false
    const doSparseCheckout = false
    git = await commandManager.createCommandManager(
+