.

.github/workflows/check-dist.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4.1.6
 
       - name: Set Node.js 24.x
         uses: actions/setup-node@v4

.github/workflows/codeql-analysis.yml

@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v6
+      uses: actions/checkout@v4.1.6
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3

.github/workflows/licensed.yml

@@ -9,6 +9,6 @@ jobs:
     runs-on: ubuntu-latest
     name: Check licenses
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4.1.6
       - run: npm ci
       - run: npm run licensed-check

.github/workflows/publish-immutable-actions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checking out
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
       - name: Publish
         id: publish
         uses: actions/publish-immutable-action@0.0.3

.github/workflows/test.yml

@@ -19,7 +19,7 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: 24.x
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4.1.6
       - run: npm ci
       - run: npm run build
       - run: npm run format-check
@@ -37,7 +37,7 @@ jobs:
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
 
       # Basic checkout
       - name: Checkout basic
@@ -165,22 +165,6 @@ jobs:
       - name: Verify submodules recursive
         run: __test__/verify-submodules-recursive.sh
 
-      # Worktree credentials
-      - name: Checkout for worktree test
-        uses: ./
-        with:
-          path: worktree-test
-      - name: Verify worktree credentials
-        shell: bash
-        run: __test__/verify-worktree.sh worktree-test worktree-branch
-
-      # Worktree credentials in container step
-      - name: Verify worktree credentials in container step
-        if: runner.os == 'Linux'
-        uses: docker://bitnami/git:latest
-        with:
-          args: bash __test__/verify-worktree.sh worktree-test container-worktree-branch
-
       # Basic checkout using REST API
       - name: Remove basic
         if: runner.os != 'windows'
@@ -218,7 +202,7 @@ jobs:
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
 
       # Basic checkout using git
       - name: Checkout basic
@@ -250,7 +234,7 @@ jobs:
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
 
       # Basic checkout using git
       - name: Checkout basic
@@ -280,7 +264,7 @@ jobs:
     steps:
       # Clone this repo
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
         with:
           path: localClone
 
@@ -307,17 +291,17 @@ jobs:
           git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
 
       # needed to make checkout post cleanup succeed
-      - name: Fix Checkout v6
+      - name: Fix Checkout v4
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
         with:
           path: localClone
 
   test-output:
     runs-on: ubuntu-latest
     steps:
-      # Clone this repo
+      # Download the action at the current ref
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4.1.6
         with:
           path: actions-checkout
 

.github/workflows/update-main-version.yml

@@ -23,7 +23,7 @@ jobs:
     # Note this update workflow can also be used as a rollback tool.
     # For that reason, it's best to pin `actions/checkout` to a known, stable version
     # (typically, about two releases back).
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v4.1.6
       with:
         fetch-depth: 0
     - name: Git config

.github/workflows/update-test-ubuntu-git.yml

@@ -26,7 +26,7 @@ jobs:
  
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
 
       # Use `docker/login-action` to log in to GHCR.io. 
       # Once published, the packages are scoped to the account defined here.

CHANGELOG.md

@@ -1,19 +1,10 @@
 # Changelog
 
-## v6.0.0
+## V5.0.0
-* Persist creds to a separate file by @ericsciple in https://github.com/actions/checkout/pull/2286
-* Update README to include Node.js 24 support details and requirements by @salmanmkc in https://github.com/actions/checkout/pull/2248
-
-## v5.0.1
-* Port v6 cleanup to v5 by @ericsciple in https://github.com/actions/checkout/pull/2301
-
-## v5.0.0
 * Update actions checkout to use node 24 by @salmanmkc in https://github.com/actions/checkout/pull/2226
 
-## v4.3.1
-* Port v6 cleanup to v4 by @ericsciple in https://github.com/actions/checkout/pull/2305
 
-## v4.3.0
+## V4.3.0
 * docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
 * Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
 * Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043

README.md

@@ -1,14 +1,6 @@
 [![Build and Test](https://github.com/actions/checkout/actions/workflows/test.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/test.yml)
 
-# Checkout v6
+# Checkout V5
-
-## What's new
-
-- Improved credential security: `persist-credentials` now stores credentials in a separate file under `$RUNNER_TEMP` instead of directly in `.git/config`
-- No workflow changes required — `git fetch`, `git push`, etc. continue to work automatically
-- Running authenticated git commands from a [Docker container action](https://docs.github.com/actions/sharing-automations/creating-actions/creating-a-docker-container-action) requires Actions Runner [v2.329.0](https://github.com/actions/runner/releases/tag/v2.329.0) or later
-
-# Checkout v5
 
 ## What's new
 
@@ -16,7 +8,7 @@
   - This requires a minimum Actions Runner version of [v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) to run.
 
 
-# Checkout v4
+# Checkout V4
 
 This action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.
 
@@ -52,7 +44,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 
 <!-- start usage -->
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     # Repository name with owner. For example, actions/checkout
     # Default: ${{ github.repository }}
@@ -191,7 +183,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only the root files
 
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     sparse-checkout: .
 ```
@@ -199,7 +191,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only the root files and `.github` and `src` folder
 
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     sparse-checkout: |
       .github
@@ -209,7 +201,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch only a single file
 
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     sparse-checkout: |
       README.md
@@ -219,7 +211,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Fetch all history for all tags and branches
 
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     fetch-depth: 0
 ```
@@ -227,7 +219,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout a different branch
 
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     ref: my-branch
 ```
@@ -235,7 +227,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout HEAD^
 
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     fetch-depth: 2
 - run: git checkout HEAD^
@@ -245,12 +237,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 
 ```yaml
 - name: Checkout
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
   with:
     path: main
 
 - name: Checkout tools repo
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
   with:
     repository: my-org/my-tools
     path: my-tools
@@ -261,10 +253,10 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 
 ```yaml
 - name: Checkout
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
 
 - name: Checkout tools repo
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
   with:
     repository: my-org/my-tools
     path: my-tools
@@ -275,12 +267,12 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 
 ```yaml
 - name: Checkout
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
   with:
     path: main
 
 - name: Checkout private tools
-  uses: actions/checkout@v6
+  uses: actions/checkout@v5
   with:
     repository: my-org/my-private-tools
     token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
@@ -293,7 +285,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
 ## Checkout pull request HEAD commit instead of merge commit
 
 ```yaml
-- uses: actions/checkout@v6
+- uses: actions/checkout@v5
   with:
     ref: ${{ github.event.pull_request.head.sha }}
 ```
@@ -309,7 +301,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
 ```
 
 ## Push a commit using the built-in token
@@ -320,7 +312,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
       - run: |
           date > generated.txt
           # Note: the following account information will not work on GHES
@@ -342,7 +334,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.head_ref }}
       - run: |

__test__/git-auth-helper.test.ts

@@ -706,7 +706,7 @@ describe('git-auth-helper tests', () => {
     const authHelper = gitAuthHelper.createAuthHelper(git, settings)
     await authHelper.configureAuth()
 
-    // Verify includeIf entries exist in local config
+    // Sanity check - verify includeIf entries exist in local config
     let localConfigContent = (
       await fs.promises.readFile(localGitConfigPath)
     ).toString()
@@ -714,192 +714,26 @@ describe('git-auth-helper tests', () => {
       localConfigContent.indexOf('includeIf.gitdir:')
     ).toBeGreaterThanOrEqual(0)
 
-    // Verify both host and container includeIf entries are present
+    // Sanity check - verify credentials file exists
-    const hostGitDir = path.join(workspace, '.git').replace(/\\/g, '/')
-    expect(
-      localConfigContent.indexOf(`includeIf.gitdir:${hostGitDir}.path`)
-    ).toBeGreaterThanOrEqual(0)
-    expect(
-      localConfigContent.indexOf('includeIf.gitdir:/github/workspace/.git.path')
-    ).toBeGreaterThanOrEqual(0)
-
-    // Verify credentials file exists
     let credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
       f => f.startsWith('git-credentials-') && f.endsWith('.config')
     )
     expect(credentialsFiles.length).toBe(1)
-    const credentialsFilePath = path.join(runnerTemp, credentialsFiles[0])
-
-    // Verify credentials file contains the auth token
-    let credentialsContent = (
-      await fs.promises.readFile(credentialsFilePath)
-    ).toString()
-    const basicCredential = Buffer.from(
-      `x-access-token:${settings.authToken}`,
-      'utf8'
-    ).toString('base64')
-    expect(
-      credentialsContent.indexOf(
-        `http.https://github.com/.extraheader AUTHORIZATION: basic ${basicCredential}`
-      )
-    ).toBeGreaterThanOrEqual(0)
-
-    // Verify the includeIf entries point to the credentials file
-    const containerCredentialsPath = path.posix.join(
-      '/github/runner_temp',
-      path.basename(credentialsFilePath)
-    )
-    expect(
-      localConfigContent.indexOf(credentialsFilePath)
-    ).toBeGreaterThanOrEqual(0)
-    expect(
-      localConfigContent.indexOf(containerCredentialsPath)
-    ).toBeGreaterThanOrEqual(0)
 
     // Act
     await authHelper.removeAuth()
 
-    // Assert all includeIf entries removed from local git config
+    // Assert includeIf entries removed from local git config
     localConfigContent = (
       await fs.promises.readFile(localGitConfigPath)
     ).toString()
     expect(localConfigContent.indexOf('includeIf.gitdir:')).toBeLessThan(0)
-    expect(
-      localConfigContent.indexOf(`includeIf.gitdir:${hostGitDir}.path`)
-    ).toBeLessThan(0)
-    expect(
-      localConfigContent.indexOf('includeIf.gitdir:/github/workspace/.git.path')
-    ).toBeLessThan(0)
-    expect(localConfigContent.indexOf(credentialsFilePath)).toBeLessThan(0)
-    expect(localConfigContent.indexOf(containerCredentialsPath)).toBeLessThan(0)
 
     // Assert credentials config file deleted
     credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
       f => f.startsWith('git-credentials-') && f.endsWith('.config')
     )
     expect(credentialsFiles.length).toBe(0)
-
-    // Verify credentials file no longer exists on disk
-    try {
-      await fs.promises.stat(credentialsFilePath)
-      throw new Error('Credentials file should have been deleted')
-    } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
-        throw err
-      }
-    }
-  })
-
-  const removeAuth_removesTokenFromSubmodules =
-    'removeAuth removes token from submodules'
-  it(removeAuth_removesTokenFromSubmodules, async () => {
-    // Arrange
-    await setup(removeAuth_removesTokenFromSubmodules)
-
-    // Create fake submodule config paths
-    const submodule1Dir = path.join(workspace, '.git', 'modules', 'submodule-1')
-    const submodule2Dir = path.join(workspace, '.git', 'modules', 'submodule-2')
-    const submodule1ConfigPath = path.join(submodule1Dir, 'config')
-    const submodule2ConfigPath = path.join(submodule2Dir, 'config')
-
-    await fs.promises.mkdir(submodule1Dir, {recursive: true})
-    await fs.promises.mkdir(submodule2Dir, {recursive: true})
-    await fs.promises.writeFile(submodule1ConfigPath, '')
-    await fs.promises.writeFile(submodule2ConfigPath, '')
-
-    // Mock getSubmoduleConfigPaths to return our fake submodules (for both configure and remove)
-    const mockGetSubmoduleConfigPaths =
-      git.getSubmoduleConfigPaths as jest.Mock<any, any>
-    mockGetSubmoduleConfigPaths.mockResolvedValue([
-      submodule1ConfigPath,
-      submodule2ConfigPath
-    ])
-
-    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
-    await authHelper.configureAuth()
-    await authHelper.configureSubmoduleAuth()
-
-    // Verify credentials file exists
-    let credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
-      f => f.startsWith('git-credentials-') && f.endsWith('.config')
-    )
-    expect(credentialsFiles.length).toBe(1)
-    const credentialsFilePath = path.join(runnerTemp, credentialsFiles[0])
-
-    // Verify submodule 1 config has includeIf entries
-    let submodule1Content = (
-      await fs.promises.readFile(submodule1ConfigPath)
-    ).toString()
-    const submodule1GitDir = submodule1Dir.replace(/\\/g, '/')
-    expect(
-      submodule1Content.indexOf(`includeIf.gitdir:${submodule1GitDir}.path`)
-    ).toBeGreaterThanOrEqual(0)
-    expect(
-      submodule1Content.indexOf(credentialsFilePath)
-    ).toBeGreaterThanOrEqual(0)
-
-    // Verify submodule 2 config has includeIf entries
-    let submodule2Content = (
-      await fs.promises.readFile(submodule2ConfigPath)
-    ).toString()
-    const submodule2GitDir = submodule2Dir.replace(/\\/g, '/')
-    expect(
-      submodule2Content.indexOf(`includeIf.gitdir:${submodule2GitDir}.path`)
-    ).toBeGreaterThanOrEqual(0)
-    expect(
-      submodule2Content.indexOf(credentialsFilePath)
-    ).toBeGreaterThanOrEqual(0)
-
-    // Verify both host and container paths are in each submodule config
-    const containerCredentialsPath = path.posix.join(
-      '/github/runner_temp',
-      path.basename(credentialsFilePath)
-    )
-    expect(
-      submodule1Content.indexOf(containerCredentialsPath)
-    ).toBeGreaterThanOrEqual(0)
-    expect(
-      submodule2Content.indexOf(containerCredentialsPath)
-    ).toBeGreaterThanOrEqual(0)
-
-    // Act - ensure mock persists for removeAuth
-    mockGetSubmoduleConfigPaths.mockResolvedValue([
-      submodule1ConfigPath,
-      submodule2ConfigPath
-    ])
-    await authHelper.removeAuth()
-
-    // Assert submodule 1 includeIf entries removed
-    submodule1Content = (
-      await fs.promises.readFile(submodule1ConfigPath)
-    ).toString()
-    expect(submodule1Content.indexOf('includeIf.gitdir:')).toBeLessThan(0)
-    expect(submodule1Content.indexOf(credentialsFilePath)).toBeLessThan(0)
-    expect(submodule1Content.indexOf(containerCredentialsPath)).toBeLessThan(0)
-
-    // Assert submodule 2 includeIf entries removed
-    submodule2Content = (
-      await fs.promises.readFile(submodule2ConfigPath)
-    ).toString()
-    expect(submodule2Content.indexOf('includeIf.gitdir:')).toBeLessThan(0)
-    expect(submodule2Content.indexOf(credentialsFilePath)).toBeLessThan(0)
-    expect(submodule2Content.indexOf(containerCredentialsPath)).toBeLessThan(0)
-
-    // Assert credentials config file deleted
-    credentialsFiles = (await fs.promises.readdir(runnerTemp)).filter(
-      f => f.startsWith('git-credentials-') && f.endsWith('.config')
-    )
-    expect(credentialsFiles.length).toBe(0)
-
-    // Verify credentials file no longer exists on disk
-    try {
-      await fs.promises.stat(credentialsFilePath)
-      throw new Error('Credentials file should have been deleted')
-    } catch (err) {
-      if ((err as any)?.code !== 'ENOENT') {
-        throw err
-      }
-    }
   })
 
   const removeGlobalConfig_removesOverride =
@@ -935,43 +769,19 @@ describe('git-auth-helper tests', () => {
     // Arrange
     await setup(testCredentialsConfigPath_matchesCredentialsConfigPaths)
     const authHelper = gitAuthHelper.createAuthHelper(git, settings)
-
+    
     // Get a real credentials config path
-    const credentialsConfigPath = await (
+    const credentialsConfigPath = await (authHelper as any).getCredentialsConfigPath()
-      authHelper as any
+    
-    ).getCredentialsConfigPath()
-
     // Act & Assert
-    expect(
+    expect((authHelper as any).testCredentialsConfigPath(credentialsConfigPath)).toBe(true)
-      (authHelper as any).testCredentialsConfigPath(credentialsConfigPath)
+    expect((authHelper as any).testCredentialsConfigPath('/some/path/git-credentials-12345678-abcd-1234-5678-123456789012.config')).toBe(true)
-    ).toBe(true)
+    expect((authHelper as any).testCredentialsConfigPath('/some/path/git-credentials-abcdef12-3456-7890-abcd-ef1234567890.config')).toBe(true)
-    expect(
+    
-      (authHelper as any).testCredentialsConfigPath(
-        '/some/path/git-credentials-12345678-abcd-1234-5678-123456789012.config'
-      )
-    ).toBe(true)
-    expect(
-      (authHelper as any).testCredentialsConfigPath(
-        '/some/path/git-credentials-abcdef12-3456-7890-abcd-ef1234567890.config'
-      )
-    ).toBe(true)
-
     // Test invalid paths
-    expect(
+    expect((authHelper as any).testCredentialsConfigPath('/some/path/other-config.config')).toBe(false)
-      (authHelper as any).testCredentialsConfigPath(
+    expect((authHelper as any).testCredentialsConfigPath('/some/path/git-credentials-invalid.config')).toBe(false)
-        '/some/path/other-config.config'
+    expect((authHelper as any).testCredentialsConfigPath('/some/path/git-credentials-.config')).toBe(false)
-      )
-    ).toBe(false)
-    expect(
-      (authHelper as any).testCredentialsConfigPath(
-        '/some/path/git-credentials-invalid.config'
-      )
-    ).toBe(false)
-    expect(
-      (authHelper as any).testCredentialsConfigPath(
-        '/some/path/git-credentials-.config'
-      )
-    ).toBe(false)
     expect((authHelper as any).testCredentialsConfigPath('')).toBe(false)
   })
 })
@@ -1080,41 +890,28 @@ async function setup(testName: string): Promise<void> {
       }
     ),
     tryConfigUnsetValue: jest.fn(
-      async (
+      async (key: string, value: string, globalConfig?: boolean): Promise<boolean> => {
-        key: string,
+        const configPath = globalConfig
-        value: string,
+          ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
-        globalConfig?: boolean,
+          : localGitConfigPath
-        configPath?: string
+        let content = await fs.promises.readFile(configPath)
-      ): Promise<boolean> => {
-        const targetConfigPath =
-          configPath ||
-          (globalConfig
-            ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
-            : localGitConfigPath)
-        let content = await fs.promises.readFile(targetConfigPath)
         let lines = content
           .toString()
           .split('\n')
           .filter(x => x)
           .filter(x => !(x.startsWith(key) && x.includes(value)))
-        await fs.promises.writeFile(targetConfigPath, lines.join('\n'))
+        await fs.promises.writeFile(configPath, lines.join('\n'))
         return true
       }
     ),
     tryDisableAutomaticGarbageCollection: jest.fn(),
     tryGetFetchUrl: jest.fn(),
     tryGetConfigValues: jest.fn(
-      async (
+      async (key: string, globalConfig?: boolean): Promise<string[]> => {
-        key: string,
+        const configPath = globalConfig
-        globalConfig?: boolean,
+          ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
-        configPath?: string
+          : localGitConfigPath
-      ): Promise<string[]> => {
+        const content = await fs.promises.readFile(configPath)
-        const targetConfigPath =
-          configPath ||
-          (globalConfig
-            ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
-            : localGitConfigPath)
-        const content = await fs.promises.readFile(targetConfigPath)
         const lines = content
           .toString()
           .split('\n')
@@ -1124,17 +921,11 @@ async function setup(testName: string): Promise<void> {
       }
     ),
     tryGetConfigKeys: jest.fn(
-      async (
+      async (pattern: string, globalConfig?: boolean): Promise<string[]> => {
-        pattern: string,
+        const configPath = globalConfig
-        globalConfig?: boolean,
+          ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
-        configPath?: string
+          : localGitConfigPath
-      ): Promise<string[]> => {
+        const content = await fs.promises.readFile(configPath)
-        const targetConfigPath =
-          configPath ||
-          (globalConfig
-            ? path.join(git.env['HOME'] || tempHomedir, '.gitconfig')
-            : localGitConfigPath)
-        const content = await fs.promises.readFile(targetConfigPath)
         const lines = content
           .toString()
           .split('\n')

__test__/verify-submodules-recursive.sh

@@ -17,7 +17,7 @@ fi
 
 echo "Testing persisted credential"
 pushd ./submodules-recursive/submodule-level-1/submodule-level-2
-git config --local --includes --name-only --get-regexp http.+extraheader && git fetch
+git config --local --name-only --get-regexp http.+extraheader && git fetch
 if [ "$?" != "0" ]; then
     echo "Failed to validate persisted credential"
     popd

__test__/verify-submodules-true.sh

@@ -17,7 +17,7 @@ fi
 
 echo "Testing persisted credential"
 pushd ./submodules-true/submodule-level-1
-git config --local --includes --name-only --get-regexp http.+extraheader && git fetch
+git config --local --name-only --get-regexp http.+extraheader && git fetch
 if [ "$?" != "0" ]; then
     echo "Failed to validate persisted credential"
     popd

__test__/verify-worktree.sh

@@ -1,51 +0,0 @@
-#!/bin/bash
-set -e
-
-# Verify worktree credentials
-# This test verifies that git credentials work in worktrees created after checkout
-# Usage: verify-worktree.sh <checkout-path> <worktree-name>
-
-CHECKOUT_PATH="$1"
-WORKTREE_NAME="$2"
-
-if [ -z "$CHECKOUT_PATH" ] || [ -z "$WORKTREE_NAME" ]; then
-  echo "Usage: verify-worktree.sh <checkout-path> <worktree-name>"
-  exit 1
-fi
-
-cd "$CHECKOUT_PATH"
-
-# Add safe directory for container environments
-git config --global --add safe.directory "*" 2>/dev/null || true
-
-# Show the includeIf configuration
-echo "Git config includeIf entries:"
-git config --list --show-origin | grep -i include || true
-
-# Create the worktree
-echo "Creating worktree..."
-git worktree add "../$WORKTREE_NAME" HEAD --detach
-
-# Change to worktree directory
-cd "../$WORKTREE_NAME"
-
-# Verify we're in a worktree
-echo "Verifying worktree gitdir:"
-cat .git
-
-# Verify credentials are available in worktree by checking extraheader is configured
-echo "Checking credentials in worktree..."
-if git config --list --show-origin | grep -q "extraheader"; then
-  echo "Credentials are configured in worktree"
-else
-  echo "ERROR: Credentials are NOT configured in worktree"
-  echo "Full git config:"
-  git config --list --show-origin
-  exit 1
-fi
-
-# Verify fetch works in the worktree
-echo "Fetching in worktree..."
-git fetch origin
-
-echo "Worktree credentials test passed!"

dist/index.js

@@ -238,9 +238,7 @@ class GitAuthHelper {
                 yield this.git.tryConfigUnset(this.insteadOfKey, true);
                 if (!this.settings.sshKey) {
                     for (const insteadOfValue of this.insteadOfValues) {
-                        yield this.git.config(this.insteadOfKey, insteadOfValue, true, // globalConfig?
+                        yield this.git.config(this.insteadOfKey, insteadOfValue, true, true);
-                        true // add?
-                        );
                     }
                 }
             }
@@ -257,10 +255,17 @@ class GitAuthHelper {
             // Remove possible previous HTTPS instead of SSH
             yield this.removeSubmoduleGitConfig(this.insteadOfKey);
             if (this.settings.persistCredentials) {
-                // Get the credentials config file path in RUNNER_TEMP
+                // Credentials config path
-                const credentialsConfigPath = this.getCredentialsConfigPath();
+                const credentialsConfigPath = yield this.getCredentialsConfigPath();
                 // Container credentials config path
                 const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
+                // Container repo path
+                const workingDirectory = this.git.getWorkingDirectory();
+                const githubWorkspace = process.env['GITHUB_WORKSPACE'];
+                assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined');
+                let relativePath = path.relative(githubWorkspace, workingDirectory);
+                relativePath = relativePath.replace(/\\/g, '/');
+                const containerRepoPath = path.posix.join('/github/workspace', relativePath);
                 // Get submodule config file paths.
                 const configPaths = yield this.git.getSubmoduleConfigPaths(this.settings.nestedSubmodules);
                 // For each submodule, configure includeIf entries pointing to the shared credentials file.
@@ -270,19 +275,12 @@ class GitAuthHelper {
                     let submoduleGitDir = path.dirname(configPath); // The config file is at .git/modules/submodule-name/config
                     submoduleGitDir = submoduleGitDir.replace(/\\/g, '/'); // Use forward slashes, even on Windows
                     // Configure host includeIf
-                    yield this.git.config(`includeIf.gitdir:${submoduleGitDir}.path`, credentialsConfigPath, false, // globalConfig?
+                    yield this.git.config(`includeIf.gitdir:${submoduleGitDir}.path`, credentialsConfigPath, false, false, configPath);
-                    false, // add?
+                    // Configure container includeIf
-                    configPath);
-                    // Container submodule git directory
-                    const githubWorkspace = process.env['GITHUB_WORKSPACE'];
-                    assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined');
                     let relativeSubmoduleGitDir = path.relative(githubWorkspace, submoduleGitDir);
                     relativeSubmoduleGitDir = relativeSubmoduleGitDir.replace(/\\/g, '/'); // Use forward slashes, even on Windows
                     const containerSubmoduleGitDir = path.posix.join('/github/workspace', relativeSubmoduleGitDir);
-                    // Configure container includeIf
+                    yield this.git.config(`includeIf.gitdir:${containerSubmoduleGitDir}.path`, containerCredentialsPath, false, false, configPath);
-                    yield this.git.config(`includeIf.gitdir:${containerSubmoduleGitDir}.path`, containerCredentialsPath, false, // globalConfig?
-                    false, // add?
-                    configPath);
                 }
                 if (this.settings.sshKey) {
                     // Configure core.sshCommand
@@ -381,14 +379,12 @@ class GitAuthHelper {
     configureToken(globalConfig) {
         return __awaiter(this, void 0, void 0, function* () {
             // Get the credentials config file path in RUNNER_TEMP
-            const credentialsConfigPath = this.getCredentialsConfigPath();
+            const credentialsConfigPath = yield this.getCredentialsConfigPath();
             // Write placeholder to the separate credentials config file using git config.
             // This approach avoids the credential being captured by process creation audit events,
             // which are commonly logged. For more information, refer to
             // https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-            yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, false, // globalConfig?
+            yield this.git.config(this.tokenConfigKey, this.tokenPlaceholderConfigValue, false, false, credentialsConfigPath);
-            false, // add?
-            credentialsConfigPath);
             // Replace the placeholder in the credentials config file
             let content = (yield fs.promises.readFile(credentialsConfigPath)).toString();
             const placeholderIndex = content.indexOf(this.tokenPlaceholderConfigValue);
@@ -402,8 +398,7 @@ class GitAuthHelper {
             // Add include or includeIf to reference the credentials config
             if (globalConfig) {
                 // Global config file is temporary
-                yield this.git.config('include.path', credentialsConfigPath, true // globalConfig?
+                yield this.git.config('include.path', credentialsConfigPath, true);
-                );
             }
             else {
                 // Host git directory
@@ -412,13 +407,10 @@ class GitAuthHelper {
                 // Configure host includeIf
                 const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
                 yield this.git.config(hostIncludeKey, credentialsConfigPath);
-                // Configure host includeIf for worktrees
-                const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`;
-                yield this.git.config(hostWorktreeIncludeKey, credentialsConfigPath);
                 // Container git directory
-                const workingDirectory = this.git.getWorkingDirectory();
                 const githubWorkspace = process.env['GITHUB_WORKSPACE'];
                 assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined');
+                const workingDirectory = this.git.getWorkingDirectory();
                 let relativePath = path.relative(githubWorkspace, workingDirectory);
                 relativePath = relativePath.replace(/\\/g, '/'); // Use forward slashes, even on Windows
                 const containerGitDir = path.posix.join('/github/workspace', relativePath, '.git');
@@ -427,9 +419,6 @@ class GitAuthHelper {
                 // Configure container includeIf
                 const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
                 yield this.git.config(containerIncludeKey, containerCredentialsPath);
-                // Configure container includeIf for worktrees
-                const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`;
-                yield this.git.config(containerWorktreeIncludeKey, containerCredentialsPath);
             }
         });
     }
@@ -438,16 +427,18 @@ class GitAuthHelper {
      * @returns The absolute path to the credentials config file
      */
     getCredentialsConfigPath() {
-        if (this.credentialsConfigPath) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.credentialsConfigPath) {
+                return this.credentialsConfigPath;
+            }
+            const runnerTemp = process.env['RUNNER_TEMP'] || '';
+            assert.ok(runnerTemp, 'RUNNER_TEMP is not defined');
+            // Create a unique filename for this checkout instance
+            const configFileName = `git-credentials-${(0, uuid_1.v4)()}.config`;
+            this.credentialsConfigPath = path.join(runnerTemp, configFileName);
+            core.debug(`Credentials config path: ${this.credentialsConfigPath}`);
             return this.credentialsConfigPath;
-        }
+        });
-        const runnerTemp = process.env['RUNNER_TEMP'] || '';
-        assert.ok(runnerTemp, 'RUNNER_TEMP is not defined');
-        // Create a unique filename for this checkout instance
-        const configFileName = `git-credentials-${(0, uuid_1.v4)()}.config`;
-        this.credentialsConfigPath = path.join(runnerTemp, configFileName);
-        core.debug(`Credentials config path: ${this.credentialsConfigPath}`);
-        return this.credentialsConfigPath;
     }
     /**
      * Removes SSH authentication configuration by cleaning up SSH keys,
@@ -481,7 +472,7 @@ class GitAuthHelper {
                 }
             }
             // SSH command
-            core.info('Removing SSH command configuration');
+            core.info("Removing SSH command configuration");
             yield this.removeGitConfig(SSH_COMMAND_KEY);
             yield this.removeSubmoduleGitConfig(SSH_COMMAND_KEY);
         });
@@ -494,13 +485,13 @@ class GitAuthHelper {
         return __awaiter(this, void 0, void 0, function* () {
             var _a;
             // Remove HTTP extra header
-            core.info('Removing HTTP extra header');
+            core.info("Removing HTTP extra header");
             yield this.removeGitConfig(this.tokenConfigKey);
             yield this.removeSubmoduleGitConfig(this.tokenConfigKey);
             // Collect credentials config paths that need to be removed
             const credentialsPaths = new Set();
             // Remove includeIf entries that point to git-credentials-*.config files
-            core.info('Removing includeIf entries pointing to credentials config files');
+            core.info("Removing includeIf entries pointing to credentials config files");
             const mainCredentialsPaths = yield this.removeIncludeIfCredentials();
             mainCredentialsPaths.forEach(path => credentialsPaths.add(path));
             // Remove submodule includeIf entries that point to git-credentials-*.config files
@@ -565,12 +556,10 @@ class GitAuthHelper {
             const credentialsPaths = new Set();
             try {
                 // Get all includeIf.gitdir keys
-                const keys = yield this.git.tryGetConfigKeys('^includeIf\\.gitdir:', false, // globalConfig?
+                const keys = yield this.git.tryGetConfigKeys('^includeIf\\.gitdir:', false, configPath);
-                configPath);
                 for (const key of keys) {
                     // Get all values for this key
-                    const values = yield this.git.tryGetConfigValues(key, false, // globalConfig?
+                    const values = yield this.git.tryGetConfigValues(key, false, configPath);
-                    configPath);
                     if (values.length > 0) {
                         // Remove only values that match git-credentials-<uuid>.config pattern
                         for (const value of values) {
@@ -1071,10 +1060,7 @@ class GitCommandManager {
             if (output.exitCode !== 0) {
                 return [];
             }
-            return output.stdout
+            return output.stdout.trim().split('\n').filter(value => value.trim());
-                .trim()
-                .split('\n')
-                .filter(value => value.trim());
         });
     }
     tryGetConfigKeys(pattern, globalConfig, configFile) {
@@ -1091,10 +1077,7 @@ class GitCommandManager {
             if (output.exitCode !== 0) {
                 return [];
             }
-            return output.stdout
+            return output.stdout.trim().split('\n').filter(key => key.trim());
-                .trim()
-                .split('\n')
-                .filter(key => key.trim());
         });
     }
     tryReset() {

src/git-auth-helper.ts

@@ -136,12 +136,7 @@ class GitAuthHelper {
       await this.git.tryConfigUnset(this.insteadOfKey, true)
       if (!this.settings.sshKey) {
         for (const insteadOfValue of this.insteadOfValues) {
-          await this.git.config(
+          await this.git.config(this.insteadOfKey, insteadOfValue, true, true)
-            this.insteadOfKey,
-            insteadOfValue,
-            true, // globalConfig?
-            true // add?
-          )
         }
       }
     } catch (err) {
@@ -159,8 +154,8 @@ class GitAuthHelper {
     await this.removeSubmoduleGitConfig(this.insteadOfKey)
 
     if (this.settings.persistCredentials) {
-      // Get the credentials config file path in RUNNER_TEMP
+      // Credentials config path
-      const credentialsConfigPath = this.getCredentialsConfigPath()
+      const credentialsConfigPath = await this.getCredentialsConfigPath()
 
       // Container credentials config path
       const containerCredentialsPath = path.posix.join(
@@ -168,6 +163,17 @@ class GitAuthHelper {
         path.basename(credentialsConfigPath)
       )
 
+      // Container repo path
+      const workingDirectory = this.git.getWorkingDirectory()
+      const githubWorkspace = process.env['GITHUB_WORKSPACE']
+      assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
+      let relativePath = path.relative(githubWorkspace, workingDirectory)
+      relativePath = relativePath.replace(/\\/g, '/')
+      const containerRepoPath = path.posix.join(
+        '/github/workspace',
+        relativePath
+      )
+
       // Get submodule config file paths.
       const configPaths = await this.git.getSubmoduleConfigPaths(
         this.settings.nestedSubmodules
@@ -184,14 +190,12 @@ class GitAuthHelper {
         await this.git.config(
           `includeIf.gitdir:${submoduleGitDir}.path`,
           credentialsConfigPath,
-          false, // globalConfig?
+          false,
-          false, // add?
+          false,
           configPath
         )
 
-        // Container submodule git directory
+        // Configure container includeIf
-        const githubWorkspace = process.env['GITHUB_WORKSPACE']
-        assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
         let relativeSubmoduleGitDir = path.relative(
           githubWorkspace,
           submoduleGitDir
@@ -201,13 +205,11 @@ class GitAuthHelper {
           '/github/workspace',
           relativeSubmoduleGitDir
         )
-
-        // Configure container includeIf
         await this.git.config(
           `includeIf.gitdir:${containerSubmoduleGitDir}.path`,
           containerCredentialsPath,
-          false, // globalConfig?
+          false,
-          false, // add?
+          false,
           configPath
         )
       }
@@ -325,7 +327,7 @@ class GitAuthHelper {
    */
   private async configureToken(globalConfig?: boolean): Promise<void> {
     // Get the credentials config file path in RUNNER_TEMP
-    const credentialsConfigPath = this.getCredentialsConfigPath()
+    const credentialsConfigPath = await this.getCredentialsConfigPath()
 
     // Write placeholder to the separate credentials config file using git config.
     // This approach avoids the credential being captured by process creation audit events,
@@ -334,8 +336,8 @@ class GitAuthHelper {
     await this.git.config(
       this.tokenConfigKey,
       this.tokenPlaceholderConfigValue,
-      false, // globalConfig?
+      false,
-      false, // add?
+      false,
       credentialsConfigPath
     )
 
@@ -346,9 +348,7 @@ class GitAuthHelper {
       placeholderIndex < 0 ||
       placeholderIndex != content.lastIndexOf(this.tokenPlaceholderConfigValue)
     ) {
-      throw new Error(
+      throw new Error(`Unable to replace auth placeholder in ${credentialsConfigPath}`)
-        `Unable to replace auth placeholder in ${credentialsConfigPath}`
-      )
     }
     assert.ok(this.tokenConfigValue, 'tokenConfigValue is not defined')
     content = content.replace(
@@ -360,11 +360,7 @@ class GitAuthHelper {
     // Add include or includeIf to reference the credentials config
     if (globalConfig) {
       // Global config file is temporary
-      await this.git.config(
+      await this.git.config('include.path', credentialsConfigPath, true)
-        'include.path',
-        credentialsConfigPath,
-        true // globalConfig?
-      )
     } else {
       // Host git directory
       let gitDir = path.join(this.git.getWorkingDirectory(), '.git')
@@ -374,14 +370,10 @@ class GitAuthHelper {
       const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
       await this.git.config(hostIncludeKey, credentialsConfigPath)
 
-      // Configure host includeIf for worktrees
-      const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`
-      await this.git.config(hostWorktreeIncludeKey, credentialsConfigPath)
-
       // Container git directory
-      const workingDirectory = this.git.getWorkingDirectory()
       const githubWorkspace = process.env['GITHUB_WORKSPACE']
       assert.ok(githubWorkspace, 'GITHUB_WORKSPACE is not defined')
+      const workingDirectory = this.git.getWorkingDirectory()
       let relativePath = path.relative(githubWorkspace, workingDirectory)
       relativePath = relativePath.replace(/\\/g, '/') // Use forward slashes, even on Windows
       const containerGitDir = path.posix.join(
@@ -399,13 +391,6 @@ class GitAuthHelper {
       // Configure container includeIf
       const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
       await this.git.config(containerIncludeKey, containerCredentialsPath)
-
-      // Configure container includeIf for worktrees
-      const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`
-      await this.git.config(
-        containerWorktreeIncludeKey,
-        containerCredentialsPath
-      )
     }
   }
 
@@ -413,7 +398,7 @@ class GitAuthHelper {
    * Gets or creates the path to the credentials config file in RUNNER_TEMP.
    * @returns The absolute path to the credentials config file
    */
-  private getCredentialsConfigPath(): string {
+  private async getCredentialsConfigPath(): Promise<string> {
     if (this.credentialsConfigPath) {
       return this.credentialsConfigPath
     }
@@ -460,7 +445,7 @@ class GitAuthHelper {
     }
 
     // SSH command
-    core.info('Removing SSH command configuration')
+    core.info("Removing SSH command configuration")
     await this.removeGitConfig(SSH_COMMAND_KEY)
     await this.removeSubmoduleGitConfig(SSH_COMMAND_KEY)
   }
@@ -471,7 +456,7 @@ class GitAuthHelper {
    */
   private async removeToken(): Promise<void> {
     // Remove HTTP extra header
-    core.info('Removing HTTP extra header')
+    core.info("Removing HTTP extra header")
     await this.removeGitConfig(this.tokenConfigKey)
     await this.removeSubmoduleGitConfig(this.tokenConfigKey)
 
@@ -479,15 +464,14 @@ class GitAuthHelper {
     const credentialsPaths = new Set<string>()
 
     // Remove includeIf entries that point to git-credentials-*.config files
-    core.info('Removing includeIf entries pointing to credentials config files')
+    core.info("Removing includeIf entries pointing to credentials config files")
     const mainCredentialsPaths = await this.removeIncludeIfCredentials()
     mainCredentialsPaths.forEach(path => credentialsPaths.add(path))
 
     // Remove submodule includeIf entries that point to git-credentials-*.config files
     const submoduleConfigPaths = await this.git.getSubmoduleConfigPaths(true)
     for (const configPath of submoduleConfigPaths) {
-      const submoduleCredentialsPaths =
+      const submoduleCredentialsPaths = await this.removeIncludeIfCredentials(configPath)
-        await this.removeIncludeIfCredentials(configPath)
       submoduleCredentialsPaths.forEach(path => credentialsPaths.add(path))
     }
 
@@ -507,9 +491,7 @@ class GitAuthHelper {
           )
         }
       } else {
-        core.debug(
+        core.debug(`Skipping removal of credentials config '${credentialsPath}' - not under RUNNER_TEMP`)
-          `Skipping removal of credentials config '${credentialsPath}' - not under RUNNER_TEMP`
-        )
       }
     }
   }
@@ -546,26 +528,16 @@ class GitAuthHelper {
    * @param configPath Optional path to a specific git config file to operate on
    * @returns Array of unique credentials config file paths that were found and removed
    */
-  private async removeIncludeIfCredentials(
+  private async removeIncludeIfCredentials(configPath?: string): Promise<string[]> {
-    configPath?: string
-  ): Promise<string[]> {
     const credentialsPaths = new Set<string>()
-
+    
     try {
       // Get all includeIf.gitdir keys
-      const keys = await this.git.tryGetConfigKeys(
+      const keys = await this.git.tryGetConfigKeys('^includeIf\\.gitdir:', false, configPath)
-        '^includeIf\\.gitdir:',
+      
-        false, // globalConfig?
-        configPath
-      )
-
       for (const key of keys) {
         // Get all values for this key
-        const values = await this.git.tryGetConfigValues(
+        const values = await this.git.tryGetConfigValues(key, false, configPath)
-          key,
-          false, // globalConfig?
-          configPath
-        )
         if (values.length > 0) {
           // Remove only values that match git-credentials-<uuid>.config pattern
           for (const value of values) {
@@ -584,7 +556,7 @@ class GitAuthHelper {
         core.debug(`Error during includeIf cleanup: ${err}`)
       }
     }
-
+    
     return Array.from(credentialsPaths)
   }
 

src/git-command-manager.ts

@@ -61,24 +61,11 @@ export interface IGitCommandManager {
   tagExists(pattern: string): Promise<boolean>
   tryClean(): Promise<boolean>
   tryConfigUnset(configKey: string, globalConfig?: boolean): Promise<boolean>
-  tryConfigUnsetValue(
+  tryConfigUnsetValue(configKey: string, configValue: string, globalConfig?: boolean, configFile?: string): Promise<boolean>
-    configKey: string,
-    configValue: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<boolean>
   tryDisableAutomaticGarbageCollection(): Promise<boolean>
   tryGetFetchUrl(): Promise<string>
-  tryGetConfigValues(
+  tryGetConfigValues(configKey: string, globalConfig?: boolean, configFile?: string): Promise<string[]>
-    configKey: string,
+  tryGetConfigKeys(pattern: string, globalConfig?: boolean, configFile?: string): Promise<string[]>
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<string[]>
-  tryGetConfigKeys(
-    pattern: string,
-    globalConfig?: boolean,
-    configFile?: string
-  ): Promise<string[]>
   tryReset(): Promise<boolean>
   version(): Promise<GitVersion>
 }
@@ -507,7 +494,7 @@ class GitCommandManager {
       args.push(globalConfig ? '--global' : '--local')
     }
     args.push('--unset', configKey, configValue)
-
+    
     const output = await this.execGit(args, true)
     return output.exitCode === 0
   }
@@ -550,17 +537,14 @@ class GitCommandManager {
       args.push(globalConfig ? '--global' : '--local')
     }
     args.push('--get-all', configKey)
-
+    
     const output = await this.execGit(args, true)
 
     if (output.exitCode !== 0) {
       return []
     }
 
-    return output.stdout
+    return output.stdout.trim().split('\n').filter(value => value.trim())
-      .trim()
-      .split('\n')
-      .filter(value => value.trim())
   }
 
   async tryGetConfigKeys(
@@ -575,17 +559,14 @@ class GitCommandManager {
       args.push(globalConfig ? '--global' : '--local')
     }
     args.push('--name-only', '--get-regexp', pattern)
-
+    
     const output = await this.execGit(args, true)
 
     if (output.exitCode !== 0) {
       return []
     }
 
-    return output.stdout
+    return output.stdout.trim().split('\n').filter(key => key.trim())
-      .trim()
-      .split('\n')
-      .filter(key => key.trim())
   }
 
   async tryReset(): Promise<boolean> {

src/misc/generate-docs.ts

@@ -120,7 +120,7 @@ function updateUsage(
 }
 
 updateUsage(
-  'actions/checkout@v6',
+  'actions/checkout@v5',
   path.join(__dirname, '..', '..', 'action.yml'),
   path.join(__dirname, '..', '..', 'README.md')
 )