Onboard
Introduction
Users
Teams
Introduction
IntroductionPromote an image in Amazon ECRRetrieve an object from Amazon S3Store an object on Amazon S3Copy Docker images with CraneDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryGet artifact detailsRegister a build artifactRegister a deployed environment artifact
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineBuild and publish Docker images with KanikoRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Ansible PlaybookDeploy with Argo WorkflowsDeploy with AWS CodeDeployDeploy a binary with Amazon EC2Deploy to ECSRender an Amazon ECS task definitionDeploy with AWS Elastic BeanstalkDeploy with HerokuDeploy with OctopusDeploy with OpenShiftDeploy with SpinnakerDeploy with Tosca
Publish evidence items
Fetch secrets from CyberArk Conjur
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxCheckovCoverity on PolarisFind Security BugsGitHub Security ScannerGosecGrypeMendNexus IQnjsscanSnykSonarQube bundledSonarQube
IntroductionBlack DuckMendSnyk
IntroductionGitleaksTruffleHog ContainerTruffleHog CodeTruffleHog S3
IntroductionCreate a change requestUpdate or close a change requestGet a change request current stateQuery a change request approval
Publish test results
Multi-workflows dispatch
Introduction
Manage workflows
Introductioncloudbees and other context objectsenvnameonpermissionsjobs.<job_id>.<job_id>.delegates.<job_id>.env.<job_id>.vars.<job_id>.secrets.<job_id>.environment.<job_id>.if.<job_id>.needs.<job_id>.outputs.<job_id>.permissionsjobs.<job_id>.uses.<job_id>.services.<job_id>.services.<service_id>.services.<service_id>.args.services.<service_id>.env.services.<service_id>.imagejobs.<job_id>.steps.<job_id>.steps[*].id.<job_id>.steps[*].env.<job_id>.steps[*].if.<job_id>.steps[*].name.<job_id>.steps[*].run.<job_id>.steps[*].shell.<job_id>.steps[*].uses.<job_id>.steps[*].with.<job_id>.steps[*].with.args.<job_id>.steps[*].with.entrypoint.<job_id>.steps[*].timeout-minutesjobs.<job_id>.timeout-minutes
An example workflow
Reusable workflows
Personal access tokens
Trigger a workflow using an API
IntroductionManual approval
Connect a repositoryCreate a workflowRun a scanPublish an image
Introduction
Get started with feature flags
Create flags in code
Manage multiple SDK keys in your application
Create and manage flags in the UI
Namespaces and labels
Configure feature flags
Feature management custom roles
Flag approval requests and reviews
Audit history
Configuration as code
Flag impressions and activity status
Flag health
Code references
Properties and custom properties
Target groups
Enabling secret mode
IntroductionAndroid / Android TV / Fire TVC/C++ (client-side)C/C++ (server-side)GoJavaJavaScript (browser) / Chromecast / TizenJavaScript SSR.NET/C#Node.jsiOS / tvOSPHPPythonReact NativeRuby
IntroductionClient-side AndroidClient-side C ClientClient-side C++ ClientClient-side JavaClient-side JavaScript (browser)Client-side .NET/C# clientClient-side Objective-CClient-side React NativeClient-side SwiftServer-side CServer-side C++Server-side GoServer-side JavaServer-side .NET/C#Server-side NodeJSServer-side PythonServer-side PHPServer-side RubyBoth client-side and server-side JavaScript SSR
IntroductionAndroid appAngular appDjango appGin appJava Spring Boot app.NET Core appReact appSwift iOS app

CloudBees action: Check out a Git repository

4 minute read

Use this action to check out a Git repository under $CLOUDBEES_WORKSPACE, to allow your workflow to access the repository.

Your authentication for the checked-out repository is persisted in the local Git config file by default, so scripts can run authenticated Git commands in any container image that has git executables.

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Workflow run tokens

The CloudBees workflow run token (cloudbees.api.token) is used to fetch an app access token if no SSH key is provided.

  • Use a service account that limits user access to only necessary permissions.

  • When generating a new personal access token, select the narrowest possible scope.

  • Your CloudBees workflow run token can also be exchanged for OIDC tokens for use with Amazon Web Services, Google Cloud Platform, and other external tools. To learn more, refer to cloudbees and other context objects.

Inputs

Table 1. Input details
Input name Data type Required? Description

clean

Boolean

No

Default is true. When true, executes git clean -ffdx && git reset --hard HEAD before fetching.

cloudbees-api-token

String

No

The CloudBees API Token to use when fetching SCM token when a token or ssh-key are not used. Default value is ${{ cloudbees.api.token }}.

fetch-depth

Number

No

Number of commits to fetch. Default is 1. 0 indicates a full history for all branches and tags.

lfs

Boolean

No

Default is false. When true, downloads Git-LFS files.

path

String

No

The relative repository path under the $CLOUDBEES_WORKSPACE.

persist-credentials

Boolean

No

The default value is true. When true, the SSH key is configured within the local Git config. This enables subsequently run scripts to execute using authenticated Git commands.

ref

String

No

The branch, tag or SHA to check out. The action uses the default branch, except when checking out the triggering workflow repository. In that instance, the event reference or SHA is used.

repository

String

No

Repository clone URL. For example, https://github.com/cloudbees-io/checkout. Default value is ${{ cloudbees.scm.repository }}.

set-safe-directory

Boolean

No

Default is true. When true, adds a repository path as safe.directory for the Git global config, by running git config --global --add safe.directory <path>.

ssh-key

String

No

SSH key used to fetch the repository. The SSH key is configured with the local Git config, which enables scripts to run authenticated Git commands.

We recommend using the platform authentication instead of SSH keys. Do not use SSH keys if using the authentication built into the platform for the workflow repository or authentication using the configure-git-global-credentials action is possible.

When adding the SSH private key as a Secret on CloudBees platform, ensure the string being added to the Secret value ends with a new line.

The cloudbees-io/checkout@v1 version of the action will continue to work with GitHub, GitHub Enterprise, Bitbucket cloud, and Bitbucket Datacenter. For other SCM providers (for instance Gerrit or GitLab) use the cloudbees-io/checkout@v2 version of this action.

ssh-known-hosts

String

No

A list of known SSH hosts that should be added to the global host database. Use the utility ssh-keyscan to get public SSH keys for a host.

The public keys for GitHub and Bitbucket are implicitly added by default.

ssh-strict

Boolean

No

Default is true. When true, performs strict host key checking, by adding the options StrictHostKeyChecking=yes and CheckHostIP=no to the SSH command line. Use the input ssh-known-hosts to configure additional hosts.

submodules

Boolean

No

Default is false. When true, checks out submodules. Use the value recursive, to recursively check out submodules. When the ssh-key input is not provided, SSH URLs beginning with git@github.com: are converted to HTTPS.

Outputs

Table 2. Output details
Output name Data type Description

commit

String

The commit SHA for the source repository.

ref

String

The ref or branch for the checked-out repository. Returns empty when in a detached-head state or if the commit is from a local merge.

repository-url

String

The URL of the cloned repository.

Usage examples

The following example uses this action to check out a GitHub repository:

      - name: Check out my GitHub repo
        uses: https://github.com/cloudbees-io/checkout@v2 (1)
        with:
          repository: https://github.com/my-name/my-repo-name
1 The full URL for the action is not required. CloudBees recommends using the full action URL to ensure clear identification. However, the short form can be used when the action resides in a Github SaaS repository.

The following example uses this action to check out a Bitbucket (cloud) or Bitbucket Data Center repository:

      - name: Check out my Bitbucket repo
        uses: https://github.com/cloudbees-io/checkout@v2
        with:
          repository: https://bitbucket.org/my-name/my-repo-name

The following example uses this action to check out the test branch of a Bitbucket repository for a workflow hosted in a GitHub repository:

      - name: Check out Bitbucket repo for GitHub workflow
        uses: https://github.com/cloudbees-io/checkout@v2
        with:
          repository: https://bitbucket.org/my-name/my-repo-name
          ref: test

The following example uses this action to check out the full history of the default branch of a GitHub repository, using an SSH key. The authentication does not persist.

      - name: Check out GitHub repo
        uses: https://github.com/cloudbees-io/checkout@v2
        with:
          repository: https://github.com/my-name/my-repo-name
          ssh-key: {{ secrets.MY_SSH_KEY }}
          persist-credentials: false
          fetch-depth: 0

The following example uses this action to check out the last commit of the default branch of a GitHub repository. Submodules are recursively checked out.

      - name: Check out GitHub repo
        uses: https://github.com/cloudbees-io/checkout@v2
        with:
          repository: https://github.com/my_name/my_repo
          path: my_path
          fetch-depth: 1
          submodules: recursive

The following example uses the outputs context variable to access the action’s output values.

- name: Display outputs
  uses: docker://golang:1.20.3-alpine3.17
  shell: sh
  run: |
          echo Repository URL = ${{ steps.checkout.outputs.repository-url }}
          echo Commit ID = ${{ steps.checkout.outputs.commit }}
          echo Ref = ${{ steps.checkout.outputs.ref }}