fix: expand merge commit SHA regex and add SHA-256 test cases#2414
Merged
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
salmanmkc
reviewed
Apr 15, 2026
Add checkCommitInfo tests for SHA-1 and SHA-256 merge messages and reject invalid 50-character hex merge heads.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Expands SHA parsing to support repositories using SHA-256 (64-hex) commit IDs, and adds test coverage to ensure SHA-256 refs and merge commit messages are handled correctly.
Changes:
- Update
input-helperto treat 64-hex refs as explicit SHAs (setcommit, clearref). - Update
ref-helpermerge commit message parsing to accept both 40- and 64-hex SHAs. - Add Jest coverage for SHA-256 inputs and SHA-256 merge commit message parsing (including a negative case).
Show a summary per file
| File | Description |
|---|---|
| src/ref-helper.ts | Expands merge commit message SHA regex to accept 40- or 64-char hex SHAs. |
| src/input-helper.ts | Expands explicit-SHA detection to accept 40- or 64-char hex SHAs. |
| dist/index.js | Updates bundled output to reflect the new SHA regex behavior. |
| test/ref-helper.test.ts | Adds SHA-256 checkout info test and new checkCommitInfo SHA-1/SHA-256/invalid-merge coverage. |
| test/input-helper.test.ts | Adds SHA-256 explicit SHA input test ensuring ref is cleared and commit is set. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 4/5 changed files
- Comments generated: 0
salmanmkc
approved these changes
Apr 30, 2026
talcoh2x
added a commit
to Elmnt-Internal/checkout
that referenced
this pull request
May 20, 2026
* Provide explanation for where user email came from (actions#1869) * Provide explanation for where user email came from * bringing back the newline * Add Ref and Commit outputs (actions#1180) Signed-off-by: Luca Comellini <luca.com@gmail.com> * Bump the minor-npm-dependencies group across 1 directory with 4 updates (actions#1872) * Bump the minor-npm-dependencies group across 1 directory with 4 updates Bumps the minor-npm-dependencies group with 4 updates in the / directory: [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest), [prettier](https://github.com/prettier/prettier), [ts-jest](https://github.com/kulshekhar/ts-jest) and [typescript](https://github.com/Microsoft/TypeScript). Updates `eslint-plugin-jest` from 28.5.0 to 28.8.2 - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v28.5.0...v28.8.2) Updates `prettier` from 3.2.5 to 3.3.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.2.5...3.3.3) Updates `ts-jest` from 29.1.2 to 29.2.5 - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](kulshekhar/ts-jest@v29.1.2...v29.2.5) Updates `typescript` from 5.4.5 to 5.5.4 - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.4.5...v5.5.4) --- updated-dependencies: - dependency-name: eslint-plugin-jest dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-npm-dependencies - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-npm-dependencies - dependency-name: ts-jest dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-npm-dependencies - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * `npm run build` --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Josh Gross <joshmgross@github.com> * Bump braces from 3.0.2 to 3.0.3 (actions#1777) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Prepare 4.2.0 release (actions#1878) * Bump package version to 4.1.8 * Add v4.1.8 changelog * Bump version to `4.2.0` * Check out other refs/* by commit if provided, fall back to ref (actions#1924) * Add workflow file for publishing releases to immutable action package (actions#1919) This workflow file publishes new action releases to the immutable action package of the same name as this repo. This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature. * Prepare 4.2.1 release (actions#1925) * `url-helper.ts` now leverages well-known environment variables. (actions#1941) * `utl-helper.ts` now leverages well-known environment variables. --------- Co-authored-by: Erez Testiler <easyt@github.com> * Expand unit test coverage (actions#1946) * Prepare 4.2.2 Release (actions#1953) * Prepare 4.2.2 Release --------- Co-authored-by: Josh Gross <joshmgross@github.com> * docs: update README.md (actions#1971) Add a scenario where it is necessary to push a commit to a pull request. * Update README.md (actions#1977) * Documentation update - add recommended permissions to Readme (actions#2043) * Update README.md * Update README.md Co-authored-by: Josh Gross <joshmgross@github.com> --------- Co-authored-by: Josh Gross <joshmgross@github.com> * Adjust positioning of user email note and permissions heading (actions#2044) * Update README.md (actions#2194) * Update CODEOWNERS for actions (actions#2224) * Update package dependencies (actions#2236) * package updates * update dist * Update license files * Prepare release v4.3.0 (actions#2237) * Update actions checkout to use node 24 (actions#2226) * use node 24 * update other parts to node 24 * bump to major version, audit fix, changelog * update licenses * update dist * update major version * will do separate pr for v5 and will do a minor version for previous changes * Prepare v5.0.0 release (actions#2238) * Update README to include Node.js 24 support details and requirements (actions#2248) * Update README to include Node.js 24 support details and requirements * Update * Persist creds to a separate file (actions#2286) * v6-beta (actions#2298) * update readme/changelog for v6 (actions#2311) * Update all references from v5 and v4 to v6 (actions#2314) - Updated README.md examples to reference @v6 - Updated all workflow files to use actions/checkout@v6 * Add worktree support for persist-credentials includeIf (actions#2327) * Clarify v6 README (actions#2328) * Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (actions#2355) * Initial plan * Add orchestration ID support to git user-agent Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com> * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Improve tests to verify user-agent content and handle empty sanitized IDs Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com> * Simplify orchestration ID validation to accept any non-empty sanitized value Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com> * Remove test for orchestration ID with only invalid characters Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com> Co-authored-by: Tingluo Huang <tingluohuang@github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix tag handling: preserve annotations and explicit fetch-tags (actions#2356) This PR fixes several issues with tag handling in the checkout action: 1. fetch-tags: true now works (fixes actions#1471) - Tags refspec is now included in getRefSpec() when fetchTags=true - Previously tags were only fetched during a separate fetch that was overwritten by the main fetch 2. Tag checkout preserves annotations (fixes actions#290) - Tags are fetched via refspec (+refs/tags/*:refs/tags/*) instead of --tags flag - This fetches the actual tag objects, preserving annotations 3. Tag checkout with fetch-tags: true no longer fails (fixes actions#1467) - When checking out a tag with fetchTags=true, only the wildcard refspec is used (specific tag refspec is redundant) Changes: - src/ref-helper.ts: getRefSpec() now accepts fetchTags parameter and prepends tags refspec when true - src/git-command-manager.ts: fetch() simplified to always use --no-tags, tags are fetched explicitly via refspec - src/git-source-provider.ts: passes fetchTags to getRefSpec() - Added E2E test for fetch-tags option Related actions#1471, actions#1467, actions#290 * Update changelog (actions#2357) * fix: expand merge commit SHA regex and add SHA-256 test cases (actions#2414) * fix: expand merge commit SHA regex and add SHA-256 test cases Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: add checkCommitInfo SHA coverage Add checkCommitInfo tests for SHA-1 and SHA-256 merge messages and reject invalid 50-character hex merge heads.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * style: fix Prettier formatting in test and source files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Signed-off-by: Luca Comellini <luca.com@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: yasonk <yason@hey.com> Co-authored-by: Luca Comellini <luca.com@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Josh Gross <joshmgross@github.com> Co-authored-by: Orhan Toy <orhantoy@github.com> Co-authored-by: Joel Ambass <Jcambass@users.noreply.github.com> Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com> Co-authored-by: Erez Testiler <easyt@github.com> Co-authored-by: The web walker <contact@motss.app> Co-authored-by: Mohammad Ismail <96207520+mouismail@users.noreply.github.com> Co-authored-by: Ben Wells <benwells@github.com> Co-authored-by: Ben De St Paer-Gotch <nebuk89@github.com> Co-authored-by: Tingluo Huang <tingluohuang@github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> Co-authored-by: eric sciple <ericsciple@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Yashwanth Anantharaju <yaananth@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes https://github.com/github/actions-runtime/issues/5476
Fixes https://github.com/github/actions-runtime/issues/5481
Fixes https://github.com/github/actions-runtime/issues/5482
Summary
Automated by project-board-agents-plugin via /project-board-agents:lead
Board: https://github.com/orgs/github/projects/24272/views/1
Items: [P2] Fix merge commit SHA regex + [P2] Add SHA-256 test cases
Run: sha256-p2-checkout-00050