{"id":13395363,"url":"https://github.com/actions/checkout","last_synced_at":"2025-09-09T20:39:02.260Z","repository":{"id":37476150,"uuid":"197814629","full_name":"actions/checkout","owner":"actions","description":"Action for checking out a repo","archived":false,"fork":false,"pushed_at":"2025-08-13T12:57:25.000Z","size":4636,"stargazers_count":6980,"open_issues_count":608,"forks_count":2137,"subscribers_count":152,"default_branch":"main","last_synced_at":"2025-09-02T10:55:19.331Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://github.com/features/actions","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/actions.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-07-19T17:15:33.000Z","updated_at":"2025-09-02T09:46:27.000Z","dependencies_parsed_at":"2023-01-05T13:23:00.271Z","dependency_job_id":"65ad5ea5-a7f4-4c4e-a2de-6d2a6183c0b1","html_url":"https://github.com/actions/checkout","commit_stats":{"total_commits":191,"total_committers":56,"mean_commits":"3.4107142857142856","dds":0.6858638743455497,"last_synced_commit":"3b9b8c884f6b4bb4d5be2779c26374abadae0871"},"previous_names":[],"tags_count":52,"template":false,"template_full_name":null,"purl":"pkg:github/actions/checkout","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fcheckout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fcheckout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fcheckout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fcheckout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions","download_url":"https://codeload.github.com/actions/checkout/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fcheckout/sbom","scorecard":{"id":163775,"data":{"date":"2025-08-11","repo":{"name":"github.com/actions/checkout","commit":"08c6903cd8c0fde910a37f88322edcfb5dd907a8"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.7,"checks":[{"name":"Maintained","score":5,"reason":"6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-immutable-actions.yml:11","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish-immutable-actions.yml:13","Info: jobLevel 'contents' permission set to 'read': .github/workflows/update-test-ubuntu-git.yml:24","Warn: no topLevel permission defined: .github/workflows/check-dist.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/licensed.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-immutable-actions.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Warn: no topLevel permission defined: .github/workflows/update-main-version.yml:1","Warn: no topLevel permission defined: .github/workflows/update-test-ubuntu-git.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/licensed.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/licensed.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-immutable-actions.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/publish-immutable-actions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-immutable-actions.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/publish-immutable-actions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-main-version.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/update-main-version.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-test-ubuntu-git.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/update-test-ubuntu-git.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-test-ubuntu-git.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/update-test-ubuntu-git.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-test-ubuntu-git.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/checkout/update-test-ubuntu-git.yml/main?enable=pin","Warn: containerImage not pinned by hash: images/test-ubuntu-git.Dockerfile:4: pin your Docker image by updating ubuntu:latest to ubuntu:latest@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Info:   0 out of  20 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   4 out of   4 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/actions/.github/SECURITY.md:1","Info: Found linked content: github.com/actions/.github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: github.com/actions/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":8,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 20 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T14:18:01.415Z","repository_id":37476150,"created_at":"2025-08-16T14:18:01.415Z","updated_at":"2025-08-16T14:18:01.415Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273913588,"owners_count":25189985,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-06T02:00:13.247Z","response_time":2576,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T17:01:54.102Z","updated_at":"2025-09-09T20:39:02.236Z","avatar_url":"https://github.com/actions.png","language":"TypeScript","readme":"[![Build and Test](https://github.com/actions/checkout/actions/workflows/test.yml/badge.svg)](https://github.com/actions/checkout/actions/workflows/test.yml)\n\n# Checkout V5\n\n## What's new\n\n- Updated to the node24 runtime\n  - This requires a minimum Actions Runner version of [v2.327.1](https://github.com/actions/runner/releases/tag/v2.327.1) to run.\n\n\n# Checkout V4\n\nThis action checks-out your repository under `$GITHUB_WORKSPACE`, so your workflow can access it.\n\nOnly a single commit is fetched by default, for the ref/SHA that triggered the workflow. Set `fetch-depth: 0` to fetch all history for all branches and tags. Refer [here](https://docs.github.com/actions/using-workflows/events-that-trigger-workflows) to learn which commit `$GITHUB_SHA` points to for different events.\n\nThe auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set `persist-credentials: false` to opt-out.\n\nWhen Git 2.18 or higher is not in your PATH, falls back to the REST API to download the files.\n\n### Note\n\nThank you for your interest in this GitHub action, however, right now we are not taking contributions. \n\nWe continue to focus our resources on strategic areas that help our customers be successful while making developers' lives easier. While GitHub Actions remains a key part of this vision, we are allocating resources towards other areas of Actions and are not taking contributions to this repository at this time. The GitHub public roadmap is the best place to follow along for any updates on features we’re working on and what stage they’re in.\n\nWe are taking the following steps to better direct requests related to GitHub Actions, including:\n\n1. We will be directing questions and support requests to our [Community Discussions area](https://github.com/orgs/community/discussions/categories/actions)\n\n2. High Priority bugs can be reported through Community Discussions or you can report these to our support team https://support.github.com/contact/bug-report.\n\n3. Security Issues should be handled as per our [security.md](security.md)\n\nWe will still provide security updates for this project and fix major breaking changes during this time.\n\nYou are welcome to still raise bugs in this repo.\n\n# What's new\n\nPlease refer to the [release page](https://github.com/actions/checkout/releases/latest) for the latest release notes.\n\n# Usage\n\n\u003c!-- start usage --\u003e\n```yaml\n- uses: actions/checkout@v5\n  with:\n    # Repository name with owner. For example, actions/checkout\n    # Default: ${{ github.repository }}\n    repository: ''\n\n    # The branch, tag or SHA to checkout. When checking out the repository that\n    # triggered a workflow, this defaults to the reference or SHA for that event.\n    # Otherwise, uses the default branch.\n    ref: ''\n\n    # Personal access token (PAT) used to fetch the repository. The PAT is configured\n    # with the local git config, which enables your scripts to run authenticated git\n    # commands. The post-job step removes the PAT.\n    #\n    # We recommend using a service account with the least permissions necessary. Also\n    # when generating a new PAT, select the least scopes necessary.\n    #\n    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)\n    #\n    # Default: ${{ github.token }}\n    token: ''\n\n    # SSH key used to fetch the repository. The SSH key is configured with the local\n    # git config, which enables your scripts to run authenticated git commands. The\n    # post-job step removes the SSH key.\n    #\n    # We recommend using a service account with the least permissions necessary.\n    #\n    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)\n    ssh-key: ''\n\n    # Known hosts in addition to the user and global host key database. The public SSH\n    # keys for a host may be obtained using the utility `ssh-keyscan`. For example,\n    # `ssh-keyscan github.com`. The public key for github.com is always implicitly\n    # added.\n    ssh-known-hosts: ''\n\n    # Whether to perform strict host key checking. When true, adds the options\n    # `StrictHostKeyChecking=yes` and `CheckHostIP=no` to the SSH command line. Use\n    # the input `ssh-known-hosts` to configure additional hosts.\n    # Default: true\n    ssh-strict: ''\n\n    # The user to use when connecting to the remote SSH host. By default 'git' is\n    # used.\n    # Default: git\n    ssh-user: ''\n\n    # Whether to configure the token or SSH key with the local git config\n    # Default: true\n    persist-credentials: ''\n\n    # Relative path under $GITHUB_WORKSPACE to place the repository\n    path: ''\n\n    # Whether to execute `git clean -ffdx \u0026\u0026 git reset --hard HEAD` before fetching\n    # Default: true\n    clean: ''\n\n    # Partially clone against a given filter. Overrides sparse-checkout if set.\n    # Default: null\n    filter: ''\n\n    # Do a sparse checkout on given patterns. Each pattern should be separated with\n    # new lines.\n    # Default: null\n    sparse-checkout: ''\n\n    # Specifies whether to use cone-mode when doing a sparse checkout.\n    # Default: true\n    sparse-checkout-cone-mode: ''\n\n    # Number of commits to fetch. 0 indicates all history for all branches and tags.\n    # Default: 1\n    fetch-depth: ''\n\n    # Whether to fetch tags, even if fetch-depth \u003e 0.\n    # Default: false\n    fetch-tags: ''\n\n    # Whether to show progress status output when fetching.\n    # Default: true\n    show-progress: ''\n\n    # Whether to download Git-LFS files\n    # Default: false\n    lfs: ''\n\n    # Whether to checkout submodules: `true` to checkout submodules or `recursive` to\n    # recursively checkout submodules.\n    #\n    # When the `ssh-key` input is not provided, SSH URLs beginning with\n    # `git@github.com:` are converted to HTTPS.\n    #\n    # Default: false\n    submodules: ''\n\n    # Add repository path as safe.directory for Git global config by running `git\n    # config --global --add safe.directory \u003cpath\u003e`\n    # Default: true\n    set-safe-directory: ''\n\n    # The base URL for the GitHub instance that you are trying to clone from, will use\n    # environment defaults to fetch from the same instance that the workflow is\n    # running from unless specified. Example URLs are https://github.com or\n    # https://my-ghes-server.example.com\n    github-server-url: ''\n```\n\u003c!-- end usage --\u003e\n\n# Scenarios\n\n- [Checkout V5](#checkout-v5)\n  - [What's new](#whats-new)\n- [Checkout V4](#checkout-v4)\n    - [Note](#note)\n- [What's new](#whats-new-1)\n- [Usage](#usage)\n- [Scenarios](#scenarios)\n  - [Fetch only the root files](#fetch-only-the-root-files)\n  - [Fetch only the root files and `.github` and `src` folder](#fetch-only-the-root-files-and-github-and-src-folder)\n  - [Fetch only a single file](#fetch-only-a-single-file)\n  - [Fetch all history for all tags and branches](#fetch-all-history-for-all-tags-and-branches)\n  - [Checkout a different branch](#checkout-a-different-branch)\n  - [Checkout HEAD^](#checkout-head)\n  - [Checkout multiple repos (side by side)](#checkout-multiple-repos-side-by-side)\n  - [Checkout multiple repos (nested)](#checkout-multiple-repos-nested)\n  - [Checkout multiple repos (private)](#checkout-multiple-repos-private)\n  - [Checkout pull request HEAD commit instead of merge commit](#checkout-pull-request-head-commit-instead-of-merge-commit)\n  - [Checkout pull request on closed event](#checkout-pull-request-on-closed-event)\n  - [Push a commit using the built-in token](#push-a-commit-using-the-built-in-token)\n  - [Push a commit to a PR using the built-in token](#push-a-commit-to-a-pr-using-the-built-in-token)\n- [Recommended permissions](#recommended-permissions)\n- [License](#license)\n\n## Fetch only the root files\n\n```yaml\n- uses: actions/checkout@v5\n  with:\n    sparse-checkout: .\n```\n\n## Fetch only the root files and `.github` and `src` folder\n\n```yaml\n- uses: actions/checkout@v5\n  with:\n    sparse-checkout: |\n      .github\n      src\n```\n\n## Fetch only a single file\n\n```yaml\n- uses: actions/checkout@v5\n  with:\n    sparse-checkout: |\n      README.md\n    sparse-checkout-cone-mode: false\n```\n\n## Fetch all history for all tags and branches\n\n```yaml\n- uses: actions/checkout@v5\n  with:\n    fetch-depth: 0\n```\n\n## Checkout a different branch\n\n```yaml\n- uses: actions/checkout@v5\n  with:\n    ref: my-branch\n```\n\n## Checkout HEAD^\n\n```yaml\n- uses: actions/checkout@v5\n  with:\n    fetch-depth: 2\n- run: git checkout HEAD^\n```\n\n## Checkout multiple repos (side by side)\n\n```yaml\n- name: Checkout\n  uses: actions/checkout@v5\n  with:\n    path: main\n\n- name: Checkout tools repo\n  uses: actions/checkout@v5\n  with:\n    repository: my-org/my-tools\n    path: my-tools\n```\n\u003e - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)\n\n## Checkout multiple repos (nested)\n\n```yaml\n- name: Checkout\n  uses: actions/checkout@v5\n\n- name: Checkout tools repo\n  uses: actions/checkout@v5\n  with:\n    repository: my-org/my-tools\n    path: my-tools\n```\n\u003e - If your secondary repository is private or internal you will need to add the option noted in [Checkout multiple repos (private)](#Checkout-multiple-repos-private)\n\n## Checkout multiple repos (private)\n\n```yaml\n- name: Checkout\n  uses: actions/checkout@v5\n  with:\n    path: main\n\n- name: Checkout private tools\n  uses: actions/checkout@v5\n  with:\n    repository: my-org/my-private-tools\n    token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT\n    path: my-tools\n```\n\n\u003e - `${{ github.token }}` is scoped to the current repository, so if you want to checkout a different repository that is private you will need to provide your own [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).\n\n\n## Checkout pull request HEAD commit instead of merge commit\n\n```yaml\n- uses: actions/checkout@v5\n  with:\n    ref: ${{ github.event.pull_request.head.sha }}\n```\n\n## Checkout pull request on closed event\n\n```yaml\non:\n  pull_request:\n    branches: [main]\n    types: [opened, synchronize, closed]\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v5\n```\n\n## Push a commit using the built-in token\n\n```yaml\non: push\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v5\n      - run: |\n          date \u003e generated.txt\n          # Note: the following account information will not work on GHES\n          git config user.name \"github-actions[bot]\"\n          git config user.email \"41898282+github-actions[bot]@users.noreply.github.com\"\n          git add .\n          git commit -m \"generated\"\n          git push\n```\n*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D\n\n## Push a commit to a PR using the built-in token\n\nIn a pull request trigger, `ref` is required as GitHub Actions checks out in detached HEAD mode, meaning it doesn’t check out your branch by default.\n\n```yaml\non: pull_request\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v5\n        with:\n          ref: ${{ github.head_ref }}\n      - run: |\n          date \u003e generated.txt\n          # Note: the following account information will not work on GHES\n          git config user.name \"github-actions[bot]\"\n          git config user.email \"41898282+github-actions[bot]@users.noreply.github.com\"\n          git add .\n          git commit -m \"generated\"\n          git push\n```\n\n*NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D\n\n# Recommended permissions\n\nWhen using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:\n\n```yaml\npermissions:\n  contents: read\n```\n\n# License\n\nThe scripts and documentation in this project are released under the [MIT License](LICENSE)\n","funding_links":[],"categories":["Example 03: Actions","TypeScript","Official Resources","Popular GitHub Actions","others","🌱 Credits","后端开发框架及项目","二、核心官方Action（工作流必备）"],"sub_categories":["Official Actions","后端项目_其他","1. 工作流基础工具"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions%2Fcheckout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factions%2Fcheckout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions%2Fcheckout/lists"}