2022-10-17 06:49:29 -07:00
[](https://github.com/actions/checkout/actions/workflows/test.yml)
2019-10-25 10:52:59 -04:00
2025-11-20 10:20:04 -06:00
# Checkout v6
2025-11-03 13:40:10 -06:00
## What's new
2025-12-01 20:08:49 -06:00
- Improved credential security: `persist-credentials` now stores credentials in a separate file under `$RUNNER_TEMP` instead of directly in `.git/config`
- No workflow changes required — `git fetch` , `git push` , etc. continue to work automatically
- Running authenticated git commands from a [Docker container action ](https://docs.github.com/actions/sharing-automations/creating-actions/creating-a-docker-container-action ) requires Actions Runner [v2.329.0 ](https://github.com/actions/runner/releases/tag/v2.329.0 ) or later
2025-11-03 13:40:10 -06:00
# Checkout v5
2025-08-11 13:35:28 +01:00
2025-08-13 13:57:25 +01:00
## What's new
- Updated to the node24 runtime
- This requires a minimum Actions Runner version of [v2.327.1 ](https://github.com/actions/runner/releases/tag/v2.327.1 ) to run.
2025-08-11 13:35:28 +01:00
2025-11-03 13:40:10 -06:00
# Checkout v4
2019-07-23 15:32:03 -04:00
2019-12-03 10:28:59 -05:00
This action checks-out your repository under `$GITHUB_WORKSPACE` , so your workflow can access it.
2019-07-23 15:32:03 -04:00
2023-10-13 11:07:47 -04:00
Only a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here ](https://docs.github.com/actions/using-workflows/events-that-trigger-workflows ) to learn which commit `$GITHUB_SHA` points to for different events.
2019-08-13 16:53:03 +02:00
2020-01-02 15:40:10 -05:00
The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.
When Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.
2019-07-23 15:32:03 -04:00
2025-06-06 09:19:16 +01:00
### Note
Thank you for your interest in this GitHub action, however, right now we are not taking contributions.
We continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’ ’
We are taking the following steps to better direct requests related to GitHub Actions, including:
1. We will be directing questions and support requests to our [Community Discussions area ](https://github.com/orgs/community/discussions/categories/actions )
2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.
3. Security Issues should be handled as per our [security.md ](security.md )
We will still provide security updates for this project and fix major breaking changes during this time.
You are welcome to still raise bugs in this repo.
2019-12-05 22:10:31 -05:00
# What's new
2023-10-17 11:52:30 -04:00
Please refer to the [release page ](https://github.com/actions/checkout/releases/latest ) for the latest release notes.
2019-07-23 15:32:03 -04:00
2019-12-03 10:28:59 -05:00
# Usage
2019-09-05 08:42:49 -07:00
2019-12-03 10:28:59 -05:00
<!-- start usage -->
2019-07-23 15:32:03 -04:00
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2019-07-23 15:32:03 -04:00
with:
2019-12-03 16:47:19 -05:00
# Repository name with owner. For example, actions/checkout
2019-12-03 10:28:59 -05:00
# Default: ${{ github.repository }}
repository: ''
2019-12-12 13:49:26 -05:00
# The branch, tag or SHA to checkout. When checking out the repository that
2019-12-05 15:43:03 +11:00
# triggered a workflow, this defaults to the reference or SHA for that event.
2020-06-16 13:41:01 -04:00
# Otherwise, uses the default branch.
2019-12-03 10:28:59 -05:00
ref: ''
2020-03-11 15:55:17 -04:00
# Personal access token (PAT) used to fetch the repository. The PAT is configured
# with the local git config, which enables your scripts to run authenticated git
# commands. The post-job step removes the PAT.
#
2020-03-12 11:42:38 -04:00
# We recommend using a service account with the least permissions necessary. Also
# when generating a new PAT, select the least scopes necessary.
2020-03-11 15:55:17 -04:00
#
# [Learn more about creating and using encrypted secrets ](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets )
#
2019-12-03 10:28:59 -05:00
# Default: ${{ github.token }}
token: ''
2020-03-12 11:42:38 -04:00
# SSH key used to fetch the repository. The SSH key is configured with the local
# git config, which enables your scripts to run authenticated git commands. The
2020-03-11 15:55:17 -04:00
# post-job step removes the SSH key.
#
2020-03-12 11:42:38 -04:00
# We recommend using a service account with the least permissions necessary.
2020-03-11 15:55:17 -04:00
#
# [Learn more about creating and using encrypted secrets ](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets )
ssh-key: ''
# Known hosts in addition to the user and global host key database. The public SSH
# keys for a host may be obtained using the utility `ssh-keyscan` . For example,
# `ssh-keyscan github.com` . The public key for github.com is always implicitly
# added.
ssh-known-hosts: ''
# Whether to perform strict host key checking. When true, adds the options
# `StrictHostKeyChecking=yes` and `CheckHostIP=no` to the SSH command line. Use
# the input `ssh-known-hosts` to configure additional hosts.
# Default: true
ssh-strict: ''
2024-04-18 15:29:55 -04:00
# The user to use when connecting to the remote SSH host. By default 'git' is
# used.
# Default: git
ssh-user: ''
2020-03-11 15:55:17 -04:00
# Whether to configure the token or SSH key with the local git config
2019-12-12 13:49:26 -05:00
# Default: true
persist-credentials: ''
2019-12-03 10:28:59 -05:00
# Relative path under $GITHUB_WORKSPACE to place the repository
path: ''
# Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching
# Default: true
clean: ''
2023-09-22 18:30:36 +01:00
# Partially clone against a given filter. Overrides sparse-checkout if set.
# Default: null
filter: ''
2023-06-09 15:08:21 +02:00
# Do a sparse checkout on given patterns. Each pattern should be separated with
2023-09-22 18:30:36 +01:00
# new lines.
2023-06-09 15:08:21 +02:00
# Default: null
sparse-checkout: ''
# Specifies whether to use cone-mode when doing a sparse checkout.
# Default: true
sparse-checkout-cone-mode: ''
2020-07-12 21:02:24 -04:00
# Number of commits to fetch. 0 indicates all history for all branches and tags.
2019-12-03 10:28:59 -05:00
# Default: 1
fetch-depth: ''
2023-08-16 22:34:54 +02:00
# Whether to fetch tags, even if fetch-depth > 0.
# Default: false
fetch-tags: ''
2023-09-01 14:19:18 -04:00
# Whether to show progress status output when fetching.
# Default: true
show-progress: ''
2019-12-03 10:28:59 -05:00
# Whether to download Git-LFS files
# Default: false
lfs: ''
2020-03-05 14:21:59 -05:00
# Whether to checkout submodules: `true` to checkout submodules or `recursive` to
# recursively checkout submodules.
2020-03-11 15:55:17 -04:00
#
# When the `ssh-key` input is not provided, SSH URLs beginning with
# `git@github.com:` are converted to HTTPS.
#
2020-03-05 14:21:59 -05:00
# Default: false
submodules: ''
2022-04-20 21:37:43 -04:00
# Add repository path as safe.directory for Git global config by running `git
# config --global --add safe.directory < path > `
# Default: true
set-safe-directory: ''
2022-09-26 17:34:52 +01:00
Fix timeout implementation and address review feedback
- Kill git process on timeout: use child_process.spawn directly for
timeout-eligible operations so we have a ChildProcess handle to send
SIGTERM (then SIGKILL after 5s). On Windows, SIGTERM is a forced kill
so the SIGKILL fallback is effectively a no-op there.
- Fix timeout:0 not working: replace falsy || coalescion with explicit
empty-string check so that '0' is not replaced by the default '300'.
- Refactor execGit to use an options object instead of 5 positional
parameters, eliminating error-prone filler args (false, false, {}).
- Pass allowAllExitCodes through to execGitWithTimeout so both code
paths have consistent behavior for non-zero exit codes.
- Add settled guard to prevent double-reject when both close and error
events fire on the spawned process.
- Handle null exit code (process killed by signal) as an error rather
than silently treating it as success.
- Capture stderr in error messages for the timeout path, matching the
information level of the non-timeout exec path.
- Log SIGKILL failures at debug level instead of empty catch block.
- Warn on customListeners being ignored in the timeout path.
- Emit core.warning() when invalid input values are silently replaced
with defaults, so users know their configuration was rejected.
- Add input validation in setTimeout (reject negative values).
- Clarify retry-max-attempts semantics: total attempts including the
initial attempt (3 = 1 initial + 2 retries).
- Remove Kubernetes probe references from descriptions.
- Use non-exhaustive list (e.g.) for network operations in docs to
avoid staleness if new operations are added.
- Add tests for timeout/retry input parsing (defaults, timeout:0,
custom values, invalid input with warnings, backoff clamping) and
command manager configuration (setTimeout, setRetryConfig, fetch).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 19:04:59 +02:00
# Timeout in seconds for each git network operation attempt (e.g. fetch,
# lfs-fetch, ls-remote). If a single attempt exceeds this, the process is
# terminated. If retries are configured (see retry-max-attempts), the operation
# will be retried. Set to 0 to disable. Default is 300 (5 minutes).
2026-03-18 18:06:25 +02:00
# Default: 300
timeout: ''
Fix timeout implementation and address review feedback
- Kill git process on timeout: use child_process.spawn directly for
timeout-eligible operations so we have a ChildProcess handle to send
SIGTERM (then SIGKILL after 5s). On Windows, SIGTERM is a forced kill
so the SIGKILL fallback is effectively a no-op there.
- Fix timeout:0 not working: replace falsy || coalescion with explicit
empty-string check so that '0' is not replaced by the default '300'.
- Refactor execGit to use an options object instead of 5 positional
parameters, eliminating error-prone filler args (false, false, {}).
- Pass allowAllExitCodes through to execGitWithTimeout so both code
paths have consistent behavior for non-zero exit codes.
- Add settled guard to prevent double-reject when both close and error
events fire on the spawned process.
- Handle null exit code (process killed by signal) as an error rather
than silently treating it as success.
- Capture stderr in error messages for the timeout path, matching the
information level of the non-timeout exec path.
- Log SIGKILL failures at debug level instead of empty catch block.
- Warn on customListeners being ignored in the timeout path.
- Emit core.warning() when invalid input values are silently replaced
with defaults, so users know their configuration was rejected.
- Add input validation in setTimeout (reject negative values).
- Clarify retry-max-attempts semantics: total attempts including the
initial attempt (3 = 1 initial + 2 retries).
- Remove Kubernetes probe references from descriptions.
- Use non-exhaustive list (e.g.) for network operations in docs to
avoid staleness if new operations are added.
- Add tests for timeout/retry input parsing (defaults, timeout:0,
custom values, invalid input with warnings, backoff clamping) and
command manager configuration (setTimeout, setRetryConfig, fetch).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 19:04:59 +02:00
# Total number of attempts for each git network operation (including the initial
# attempt). For example, 3 means one initial attempt plus up to 2 retries.
2026-03-18 18:06:25 +02:00
# Default: 3
retry-max-attempts: ''
# Minimum backoff time in seconds between retry attempts. The actual backoff is
Fix timeout implementation and address review feedback
- Kill git process on timeout: use child_process.spawn directly for
timeout-eligible operations so we have a ChildProcess handle to send
SIGTERM (then SIGKILL after 5s). On Windows, SIGTERM is a forced kill
so the SIGKILL fallback is effectively a no-op there.
- Fix timeout:0 not working: replace falsy || coalescion with explicit
empty-string check so that '0' is not replaced by the default '300'.
- Refactor execGit to use an options object instead of 5 positional
parameters, eliminating error-prone filler args (false, false, {}).
- Pass allowAllExitCodes through to execGitWithTimeout so both code
paths have consistent behavior for non-zero exit codes.
- Add settled guard to prevent double-reject when both close and error
events fire on the spawned process.
- Handle null exit code (process killed by signal) as an error rather
than silently treating it as success.
- Capture stderr in error messages for the timeout path, matching the
information level of the non-timeout exec path.
- Log SIGKILL failures at debug level instead of empty catch block.
- Warn on customListeners being ignored in the timeout path.
- Emit core.warning() when invalid input values are silently replaced
with defaults, so users know their configuration was rejected.
- Add input validation in setTimeout (reject negative values).
- Clarify retry-max-attempts semantics: total attempts including the
initial attempt (3 = 1 initial + 2 retries).
- Remove Kubernetes probe references from descriptions.
- Use non-exhaustive list (e.g.) for network operations in docs to
avoid staleness if new operations are added.
- Add tests for timeout/retry input parsing (defaults, timeout:0,
custom values, invalid input with warnings, backoff clamping) and
command manager configuration (setTimeout, setRetryConfig, fetch).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 19:04:59 +02:00
# randomly chosen between min and max.
2026-03-18 18:06:25 +02:00
# Default: 10
retry-min-backoff: ''
# Maximum backoff time in seconds between retry attempts. The actual backoff is
# randomly chosen between min and max.
# Default: 20
retry-max-backoff: ''
2022-09-26 17:34:52 +01:00
# The base URL for the GitHub instance that you are trying to clone from, will use
# environment defaults to fetch from the same instance that the workflow is
# running from unless specified. Example URLs are https://github.com or
# https://my-ghes-server.example.com
github-server-url: ''
2019-07-23 15:32:03 -04:00
```
2019-12-03 10:28:59 -05:00
<!-- end usage -->
2019-07-23 15:32:03 -04:00
2019-12-13 16:39:47 -05:00
# Scenarios
2025-08-11 13:35:28 +01:00
- [Checkout V5 ](#checkout-v5 )
2025-08-13 13:57:25 +01:00
- [What's new ](#whats-new )
2025-08-11 13:35:28 +01:00
- [Checkout V4 ](#checkout-v4 )
- [Note ](#note )
2025-08-13 13:57:25 +01:00
- [What's new ](#whats-new-1 )
2025-08-11 13:35:28 +01:00
- [Usage ](#usage )
- [Scenarios ](#scenarios )
- [Fetch only the root files ](#fetch-only-the-root-files )
- [Fetch only the root files and `.github` and `src` folder ](#fetch-only-the-root-files-and-github-and-src-folder )
- [Fetch only a single file ](#fetch-only-a-single-file )
- [Fetch all history for all tags and branches ](#fetch-all-history-for-all-tags-and-branches )
- [Checkout a different branch ](#checkout-a-different-branch )
- [Checkout HEAD^ ](#checkout-head )
- [Checkout multiple repos (side by side) ](#checkout-multiple-repos-side-by-side )
- [Checkout multiple repos (nested) ](#checkout-multiple-repos-nested )
- [Checkout multiple repos (private) ](#checkout-multiple-repos-private )
- [Checkout pull request HEAD commit instead of merge commit ](#checkout-pull-request-head-commit-instead-of-merge-commit )
- [Checkout pull request on closed event ](#checkout-pull-request-on-closed-event )
- [Push a commit using the built-in token ](#push-a-commit-using-the-built-in-token )
- [Push a commit to a PR using the built-in token ](#push-a-commit-to-a-pr-using-the-built-in-token )
- [Recommended permissions ](#recommended-permissions )
- [License ](#license )
2020-05-27 09:54:28 -04:00
2023-06-09 15:08:21 +02:00
## Fetch only the root files
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2023-06-09 15:08:21 +02:00
with:
sparse-checkout: .
```
## Fetch only the root files and `.github` and `src` folder
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2023-06-09 15:08:21 +02:00
with:
sparse-checkout: |
.github
src
```
## Fetch only a single file
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2023-06-09 15:08:21 +02:00
with:
sparse-checkout: |
README.md
sparse-checkout-cone-mode: false
```
2020-05-27 09:54:28 -04:00
## Fetch all history for all tags and branches
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2020-05-27 09:54:28 -04:00
with:
fetch-depth: 0
```
2019-12-13 16:39:47 -05:00
2019-12-03 10:28:59 -05:00
## Checkout a different branch
2019-09-05 08:42:49 -07:00
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2019-09-05 08:42:49 -07:00
with:
2019-12-13 16:39:47 -05:00
ref: my-branch
2019-09-05 08:42:49 -07:00
```
2019-12-13 16:39:47 -05:00
## Checkout HEAD^
2019-12-03 10:28:59 -05:00
2019-10-25 10:52:59 -04:00
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2019-10-25 10:52:59 -04:00
with:
2019-12-13 16:39:47 -05:00
fetch-depth: 2
- run: git checkout HEAD^
```
## Checkout multiple repos (side by side)
```yaml
- name: Checkout
2025-11-23 19:32:55 -06:00
uses: actions/checkout@v6
2019-12-13 16:39:47 -05:00
with:
path: main
- name: Checkout tools repo
2025-11-23 19:32:55 -06:00
uses: actions/checkout@v6
2019-12-13 16:39:47 -05:00
with:
repository: my-org/my-tools
path: my-tools
```
2024-11-14 16:41:00 +01:00
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
2019-12-13 16:39:47 -05:00
## Checkout multiple repos (nested)
```yaml
- name: Checkout
2025-11-23 19:32:55 -06:00
uses: actions/checkout@v6
2019-12-13 16:39:47 -05:00
- name: Checkout tools repo
2025-11-23 19:32:55 -06:00
uses: actions/checkout@v6
2019-12-13 16:39:47 -05:00
with:
repository: my-org/my-tools
path: my-tools
```
2024-11-14 16:41:00 +01:00
> - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)
2019-12-13 16:39:47 -05:00
## Checkout multiple repos (private)
```yaml
- name: Checkout
2025-11-23 19:32:55 -06:00
uses: actions/checkout@v6
2019-12-13 16:39:47 -05:00
with:
path: main
- name: Checkout private tools
2025-11-23 19:32:55 -06:00
uses: actions/checkout@v6
2019-12-13 16:39:47 -05:00
with:
repository: my-org/my-private-tools
2021-11-03 02:50:59 +05:30
token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
2019-12-13 16:39:47 -05:00
path: my-tools
2019-10-25 10:52:59 -04:00
```
2019-12-13 16:39:47 -05:00
> - `${{ github.token }}` is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
## Checkout pull request HEAD commit instead of merge commit
2019-12-04 10:12:10 -05:00
```yaml
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2019-12-04 10:12:10 -05:00
with:
2019-12-10 21:47:38 +05:30
ref: ${{ github.event.pull_request.head.sha }}
2019-12-04 10:12:10 -05:00
```
2019-12-13 16:39:47 -05:00
## Checkout pull request on closed event
```yaml
on:
pull_request:
2020-07-14 09:23:30 -04:00
branches: [main]
2019-12-13 16:39:47 -05:00
types: [opened, synchronize, closed]
jobs:
build:
runs-on: ubuntu-latest
steps:
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2019-12-13 16:39:47 -05:00
```
2020-07-14 13:08:52 -04:00
## Push a commit using the built-in token
```yaml
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2020-07-14 13:08:52 -04:00
- run: |
date > generated.txt
2024-04-30 11:50:54 -04:00
# Note: the following account information will not work on GHES
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users .noreply.github.com"
2020-07-14 13:08:52 -04:00
git add .
git commit -m "generated"
git push
```
2024-09-02 06:53:38 -07:00
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com` . See users API: https://api.github.com/users/github-actions%5Bbot%5D
2020-07-14 13:08:52 -04:00
2024-11-08 23:32:54 +08:00
## Push a commit to a PR using the built-in token
In a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesn’
```yaml
on: pull_request
jobs:
build:
runs-on: ubuntu-latest
steps:
2025-11-23 19:32:55 -06:00
- uses: actions/checkout@v6
2024-11-08 23:32:54 +08:00
with:
ref: ${{ github.head_ref }}
- run: |
date > generated.txt
# Note: the following account information will not work on GHES
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users .noreply.github.com"
git add .
git commit -m "generated"
git push
```
2025-01-16 14:14:48 -05:00
2025-01-16 15:56:18 -05:00
*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com` . See users API: https://api.github.com/users/github-actions%5Bbot%5D
# Recommended permissions
2025-01-16 14:14:48 -05:00
When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
```yaml
permissions:
contents: read
```
2019-07-23 15:32:03 -04:00
# License
The scripts and documentation in this project are released under the [MIT License ](LICENSE )
