Feature Request/Bug: Skipping actions/checkout prevents git authentication setup in act #5962
Description
Act version
0.2.82
Feature/Issue Description
By default, act copies the local repository into the container, effectively skipping the actions/checkout step.
However, part of that action’s logic is responsible for configuring Git authentication using the provided token or SSH key:
- uses: actions/checkout@master
with:
token: ${{ secrets.token }}When this logic is skipped, any subsequent step that performs Git operations requiring authentication (for example, git fetch origin <branch>) fails with:
Permission denied (publickey).
This occurs because while the repository contents are copied in, the authentication setup that actions/checkout normally handles never runs.
Workaround
You can force act to run the actions/checkout logic by using:
act --no-skip-checkoutThis works around the issue by performing a proper checkout and setting up credentials.
However, when using this approach you encounter what is another issue that is not necessarily related to the lack of git authentication setup but prevents a clean usage of act for local testing. That issue being that if the local repository contains uncommitted or unpushed commits, act fails because those commits don’t exist on the remote.
This results in errors like the ones reported in #2392 and discussion #2391:
| [command]/usr/bin/git rev-parse refs/remotes/origin/test
| 11bc6db0951c77a6cde669f46ee07f7bbe49dca3
| [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules origin +2e33b673c255efc2a09058854f354763d71d5960:refs/remotes/origin/test
| fatal: remote error: upload-pack: not our ref 2e33b673c255efc2a09058854f354763d71d5960
| The process '/usr/bin/git' failed with exit code 128
This effectively forces users to push all local changes just to test workflows involving Git operations — defeating the purpose of running Actions locally.
Expected Behavior
This being said, i would be okay using the --no-skip-checkout as long as i didnt hit the issue where local commits have to be pushed up in order for act to work, again this defeats the whole "run actions locally" aspect of this tool. So in my opinion act should provide a way to:
- Run locally with uncommitted or unpushed changes, and /or:
- Still execute the Git authentication setup logic normally handled by
actions/checkout.
Ideally, there would be a flag or built-in mechanism that:
- Keeps the local copy of the repo (like the default behavior), but
- Simulates or executes the
actions/checkoutcredential setup.
Current Options
| Option | Description | Drawback |
|---|---|---|
--no-skip-checkout |
Runs full checkout and sets up auth | Requires pushing any unpushed local commits |
| Manual auth setup in workflow | Reproduces actions/checkout logic manually |
Pollutes workflow YAML with act-specific logic |
Neither option is ideal for local testing scenarios.
Proposed Solution
Add support or fixes for:
- A new flag, e.g.
--setup-checkout-auth, that runs only the authentication setup portion ofactions/checkoutwithout doing a full remote fetch. - Handle local
- Or enhance default behavior so that
actautomatically simulates checkout authentication setup when skipping the full checkout.