hoverkraft-tech
diff --git a/‎.github/workflows/__shared-ci.yml‎
Lines changed: 13 additions & 0 deletions b/‎.github/workflows/__shared-ci.yml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/workflows/__test-action-checkout-issue-comment.yml‎
Lines changed: 106 additions & 0 deletions b/‎.github/workflows/__test-action-checkout-issue-comment.yml‎
Lines changed: 106 additions & 0 deletions
diff --git a/‎.github/workflows/__test-action-checkout.yml‎
Lines changed: 77 additions & 0 deletions b/‎.github/workflows/__test-action-checkout.yml‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎.github/workflows/__test-action-get-github-actions-bot-user.yml‎
Lines changed: 20 additions & 9 deletions b/‎.github/workflows/__test-action-get-github-actions-bot-user.yml‎
Lines changed: 20 additions & 9 deletions
diff --git a/‎.github/workflows/__test-action-get-issue-number.yml‎
Lines changed: 27 additions & 14 deletions b/‎.github/workflows/__test-action-get-issue-number.yml‎
Lines changed: 27 additions & 14 deletions
diff --git a/‎.github/workflows/__test-action-matrix-outputs.yml‎
Lines changed: 62 additions & 28 deletions b/‎.github/workflows/__test-action-matrix-outputs.yml‎
Lines changed: 62 additions & 28 deletions
@@ -23,6 +23,19 @@ jobs:
       contents: read
     uses: ./.github/workflows/__test-action-matrix-outputs.yml
 
+  test-action-checkout:
+    needs: linter
+    permissions:
+      contents: read
+    uses: ./.github/workflows/__test-action-checkout.yml
+
+  test-action-checkout-issue-comment:
+    needs: linter
+    permissions:
+      contents: read
+      pull-requests: read
+    uses: ./.github/workflows/__test-action-checkout-issue-comment.yml
+
   test-action-get-github-actions-bot-user:
     needs: linter
     permissions:
 
@@ -0,0 +1,106 @@
+name: Internal - Tests for checkout action (issue_comment simulation)
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  test-checkout-issue-comment:
+    name: Checkout action on simulated issue_comment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Arrange - Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Arrange - Get PR information for simulation
+        id: pr-info
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const prNumber = 1;
+            assert.ok(prNumber, 'Could not determine PR number from static test configuration');
+
+            const pr = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: prNumber,
+            });
+
+            core.setOutput('head-sha', pr.data.head.sha);
+            core.setOutput('head-ref', pr.data.head.ref);
+            core.setOutput('pr-number', prNumber);
+
+            core.info(`PR #${prNumber} Head SHA: ${pr.data.head.sha}`);
+            core.info(`PR #${prNumber} Head Ref: ${pr.data.head.ref}`);
+
+      - name: Act - Simulate issue_comment event context and checkout
+        id: checkout
+        uses: ./actions/checkout
+        with:
+          ref: refs/pull/${{ steps.pr-info.outputs.pr-number }}/head
+          persist-credentials: true
+
+      - name: Assert - Verify correct PR SHA was checked out
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        env:
+          EXPECTED_SHA: ${{ steps.pr-info.outputs.head-sha }}
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const { execSync } = require('child_process');
+            const currentSha = execSync('git rev-parse HEAD').toString().trim();
+            const expectedSha = process.env.EXPECTED_SHA;
+
+            core.info(`Current SHA: ${currentSha}`);
+            core.info(`Expected PR Head SHA: ${expectedSha}`);
+
+            try {
+              assert.strictEqual(
+                currentSha,
+                expectedSha,
+                `Checked out SHA (${currentSha}) does not match PR head SHA (${expectedSha})`
+              );
+            } catch (error) {
+              core.setFailed(error.message);
+              return;
+            }
+
+            core.info('Verified: Checked out correct PR head SHA');
+
+      - name: Assert - Verify not on main branch
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        env:
+          EXPECTED_BRANCH: ${{ steps.pr-info.outputs.head-ref }}
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const { execSync } = require('child_process');
+            const currentBranch = execSync('git rev-parse --abbrev-ref HEAD').toString().trim();
+            const expectedBranch = process.env.EXPECTED_BRANCH;
+
+            core.info(`Current branch/ref: ${currentBranch}`);
+            core.info(`Expected branch: ${expectedBranch}`);
+
+            try {
+              assert.notStrictEqual(currentBranch, 'main', 'Checked out main branch instead of PR branch');
+              assert.notStrictEqual(currentBranch, 'master', 'Checked out master branch instead of PR branch');
+              assert.ok(
+                currentBranch === 'HEAD' || currentBranch === expectedBranch,
+                `Checked out unexpected ref ${currentBranch}; expected HEAD or ${expectedBranch}`
+              );
+            } catch (error) {
+              core.setFailed(error.message);
+              return;
+            }
+
+            if (currentBranch === 'HEAD') {
+              core.warning('Repository is in detached HEAD state; this is expected when checking out refs/pull/<n>/head.');
+            }
+
+            core.info('Verified: Not on main/master branch');
@@ -0,0 +1,77 @@
+name: Internal - Tests for checkout action
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  tests:
+    name: Tests for checkout action
+    runs-on: ubuntu-latest
+    steps:
+      - name: Arrange - Checkout repository using checkout action
+        id: checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Act - Run custom checkout action with defaults
+        id: custom-checkout-defaults
+        uses: ./actions/checkout
+
+      - name: Assert - Verify repository is checked out
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const { existsSync } = require('node:fs');
+            assert.ok(existsSync('.git'), 'Repository .git directory is missing');
+            assert.ok(existsSync('README.md'), 'README.md is missing');
+
+      - name: Act - Run custom checkout action with fetch-depth 0
+        id: custom-checkout-full-history
+        uses: ./actions/checkout
+        with:
+          fetch-depth: "0"
+
+      - name: Assert - Verify full history is fetched
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const { execSync } = require('child_process');
+            const commitCount = Number.parseInt(execSync('git rev-list --count HEAD').toString().trim(), 10);
+            assert.ok(commitCount >= 1, 'No commits found in repository');
+
+      - name: Act - Run custom checkout action with LFS disabled (default)
+        id: custom-checkout-no-lfs
+        uses: ./actions/checkout
+        with:
+          lfs: "false"
+
+      - name: Assert - Verify checkout succeeded
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const { existsSync } = require('node:fs');
+            assert.ok(existsSync('README.md'), 'README.md is missing');
+
+      - name: Assert - Verify token is not persisted by default
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const { execSync } = require('child_process');
+
+            let persisted = false;
+            try {
+              execSync('git config --local --get url.https://github.com/.insteadOf', { stdio: 'pipe' });
+              persisted = true;
+            } catch {
+              persisted = false;
+            }
+
+            assert.equal(persisted, false, 'Token credentials were persisted when they should not have been');
@@ -21,16 +21,27 @@ jobs:
         uses: ./actions/get-github-actions-bot-user
 
       - name: Assert - Check get-github-actions-bot-user outputs
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_NAME: ${{ steps.get-github-actions-bot-user.outputs.name }}
           STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_EMAIL: ${{ steps.get-github-actions-bot-user.outputs.email }}
-        run: |
-          if [ "${STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_NAME}" != 'github-actions[bot]' ]; then
-            echo "get-github-actions-bot-user output name is not valid"
-            exit 1
-          fi
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const outputName = process.env.STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_NAME;
+            const outputEmail = process.env.STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_EMAIL;
+
+            core.info(`Output name: ${outputName}`);
+            core.info(`Output email: ${outputEmail}`);
 
-          if [ "${STEPS_GET_GITHUB_ACTIONS_BOT_USER_OUTPUTS_EMAIL}" != '41898282+github-actions[bot]@users.noreply.github.com' ]; then
-            echo "get-github-actions-bot-user output email is not valid"
-            exit 1
-          fi
+            try {
+              assert.strictEqual(outputName, 'github-actions[bot]', 'get-github-actions-bot-user output name is not valid');
+              assert.strictEqual(
+                outputEmail,
+                '41898282+github-actions[bot]@users.noreply.github.com',
+                'get-github-actions-bot-user output email is not valid'
+              );
+            } catch (error) {
+              core.setFailed(error.message);
+              return;
+            }
@@ -22,22 +22,35 @@ jobs:
         uses: ./actions/get-issue-number
 
       - name: Assert - Check get-issue-number behavior by event type
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
+          EVENT_NAME: ${{ github.event_name }}
           STEPS_GET_ISSUE_NUMBER_OUTCOME: ${{ steps.get-issue-number.outcome }}
           STEPS_GET_ISSUE_NUMBER_OUTPUTS_ISSUE_NUMBER: ${{ steps.get-issue-number.outputs.issue-number }}
           EXPECTED_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
-        run: |
-          if [ "${GITHUB_EVENT_NAME}" = 'pull_request' ]; then
-            if [ "${STEPS_GET_ISSUE_NUMBER_OUTCOME}" != 'success' ]; then
-              echo "get-issue-number should succeed for pull_request events"
-              exit 1
-            fi
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const eventName = process.env.EVENT_NAME;
+            const outcome = process.env.STEPS_GET_ISSUE_NUMBER_OUTCOME;
+            const issueNumber = process.env.STEPS_GET_ISSUE_NUMBER_OUTPUTS_ISSUE_NUMBER;
+            const expectedPrNumber = process.env.EXPECTED_PULL_REQUEST_NUMBER;
+
+            core.info(`Event name: ${eventName}`);
+            core.info(`Action outcome: ${outcome}`);
 
-            if [ "${STEPS_GET_ISSUE_NUMBER_OUTPUTS_ISSUE_NUMBER}" != "${EXPECTED_PULL_REQUEST_NUMBER}" ]; then
-              echo "get-issue-number output is not valid for pull_request events"
-              exit 1
-            fi
-          elif [ "${STEPS_GET_ISSUE_NUMBER_OUTCOME}" != 'failure' ]; then
-            echo "get-issue-number should fail when event is not pull_request"
-            exit 1
-          fi
+            try {
+              if (eventName === 'pull_request') {
+                assert.strictEqual(outcome, 'success', 'get-issue-number should succeed for pull_request events');
+                assert.strictEqual(
+                  issueNumber,
+                  expectedPrNumber,
+                  'get-issue-number output is not valid for pull_request events'
+                );
+              } else {
+                assert.strictEqual(outcome, 'failure', 'get-issue-number should fail when event is not pull_request');
+              }
+            } catch (error) {
+              core.setFailed(error.message);
+              return;
+            }
@@ -28,16 +28,27 @@ jobs:
           artifact-name: "test-matrix-outputs-${{ matrix.os }}"
 
       - name: Check set matrix outputs
-        shell: bash
-        run: |
-          EXPECTED_ARTIFACT_NAME="$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER-test-matrix-outputs-${{ matrix.os }}"
-
-          if [ "${STEPS_SET_MATRIX_OUTPUT_OUTPUTS_ARTIFACT_NAME}" != "$EXPECTED_ARTIFACT_NAME" ]; then
-            echo "Set matrix output 1 result is not valid"
-            exit 1
-          fi
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
+          GITHUB_RUN_ID_VALUE: ${{ github.run_id }}
+          GITHUB_RUN_NUMBER_VALUE: ${{ github.run_number }}
+          MATRIX_OS: ${{ matrix.os }}
           STEPS_SET_MATRIX_OUTPUT_OUTPUTS_ARTIFACT_NAME: ${{ steps.set-matrix-output.outputs.artifact-name }}
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const actualArtifactName = process.env.STEPS_SET_MATRIX_OUTPUT_OUTPUTS_ARTIFACT_NAME;
+            const expectedArtifactName = `${process.env.GITHUB_RUN_ID_VALUE}-${process.env.GITHUB_RUN_NUMBER_VALUE}-test-matrix-outputs-${process.env.MATRIX_OS}`;
+
+            core.info(`Actual artifact name: ${actualArtifactName}`);
+            core.info(`Expected artifact name: ${expectedArtifactName}`);
+
+            try {
+              assert.strictEqual(actualArtifactName, expectedArtifactName, 'Set matrix output 1 result is not valid');
+            } catch (error) {
+              core.setFailed(error.message);
+              return;
+            }
 
   tests-2:
     name: Arrange - Set empty output
@@ -96,27 +107,50 @@ jobs:
           artifact-name: test-matrix-outputs-${{ matrix.os }}
 
       - name: Check matrix outputs
-        shell: bash
-        run: |
-          # Output result must be a json array of 2 entries
-          if [ "$(echo "$OUTPUT_RESULT" | jq -e '. | length')" != "2" ]; then
-            echo "Get matrix outputs result is not valid"
-            exit 1
-          fi
-
-          # Output result must contain the first and third entries
-          if [ "$(echo "$OUTPUT_RESULT" | jq -ce '. | sort')" != '[{"test":"test content 1"},{"test":"test content 3"}]' ]; then
-            echo "Get matrix outputs result is not valid"
-            exit 1
-          fi
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         env:
           OUTPUT_RESULT: ${{ steps.get-matrix-outputs.outputs.result }}
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const outputResult = process.env.OUTPUT_RESULT;
+
+            let parsed;
+            try {
+              parsed = JSON.parse(outputResult);
+            } catch (error) {
+              core.setFailed(`Get matrix outputs result is not valid JSON: ${error.message}`);
+              return;
+            }
+
+            try {
+              assert.ok(Array.isArray(parsed), 'Get matrix outputs result is not an array');
+              assert.strictEqual(parsed.length, 2, 'Get matrix outputs result does not contain 2 entries');
+
+              const normalizedActual = [...parsed].sort((a, b) => String(a.test).localeCompare(String(b.test)));
+              const normalizedExpected = [
+                { test: 'test content 1' },
+                { test: 'test content 3' },
+              ];
+              assert.deepStrictEqual(normalizedActual, normalizedExpected, 'Get matrix outputs result is not valid');
+            } catch (error) {
+              core.setFailed(error.message);
+              return;
+            }
 
       - name: Check artifacts have been deleted
-        shell: bash
-        run: |
-          ARTIFACTS_PATH="/tmp/$GITHUB_RUN_ID-$GITHUB_RUN_NUMBER-test-matrix-outputs-${{ matrix.os }}"
-          if [ -d "$ARTIFACTS_PATH" ]; then
-            echo "Artifacts have not been deleted"
-            exit 1
-          fi
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        env:
+          ARTIFACTS_PATH: /tmp/${{ github.run_id }}-${{ github.run_number }}-test-matrix-outputs-${{ matrix.os }}
+        with:
+          script: |
+            const assert = require('node:assert/strict');
+            const { existsSync } = require('node:fs');
+            const artifactsPath = process.env.ARTIFACTS_PATH;
+
+            try {
+              assert.strictEqual(existsSync(artifactsPath), false, 'Artifacts have not been deleted');
+            } catch (error) {
+              core.setFailed(error.message);
+              return;
+            }