fallback to REST API to download repo (#104)

2019-12-12 13:16:16 -05:00 · 2019-12-12 13:16:16 -05:00 · a572f640b0
parent cab31617d8
commit a572f640b0
13 changed files with 4079 additions and 802 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -30,7 +30,7 @@ jobs:
    steps:
      # Clone this repo
      - name: Checkout
-        uses: actions/checkout@v1 # todo: switch to V2
+        uses: actions/checkout@v2-beta

      # Basic checkout
      - name: Basic checkout
@ -81,3 +81,24 @@ jobs:
      - name: Verify LFS
        shell: bash
        run: __test__/verify-lfs.sh
+
+  test-job-container:
+    runs-on: ubuntu-latest
+    container: pstauffer/curl:latest
+    steps:
+      # Clone this repo
+      # todo: after v2-beta contains the latest changes, switch this to "uses: actions/checkout@v2-beta". Also switch to "alpine:latest"
+      - name: Checkout
+        run: |
+          curl --location --user token:${{ github.token }} --output checkout.tar.gz https://api.github.com/repos/actions/checkout/tarball/${{ github.sha }}
+          tar -xzf checkout.tar.gz
+          mv */* ./
+
+      # Basic checkout
+      - name: Basic checkout
+        uses: ./
+        with:
+          ref: test-data/v2/basic
+          path: basic
+      - name: Verify basic
+        run: __test__/verify-basic.sh --archive
--- a/README.md
+++ b/README.md
@ -13,7 +13,7 @@ Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows)
 # What's new

 - Improved fetch performance
-  - The default behavior now fetches only the SHA being checked-out
+  - The default behavior now fetches only the commit being checked-out
 - Script authenticated git commands
  - Persists `with.token` in the local git config
  - Enables your scripts to run authenticated git commands
@ -25,6 +25,8 @@ Refer [here](https://help.github.com/en/articles/events-that-trigger-workflows)
 - Improved layout
  - `with.path` is always relative to `github.workspace`
  - Aligns better with container actions, where `github.workspace` gets mapped in
+- Fallback to REST API download
+  - When Git 2.18 or higher is not in the PATH, the REST API will be used to download the files
 - Removed input `submodules`

 Refer [here](https://github.com/actions/checkout/blob/v1/README.md) for previous versions.
--- a/test/retry-helper.test.ts
+++ b/test/retry-helper.test.ts
@ -0,0 +1,88 @@
+const mockCore = jest.genMockFromModule('@actions/core') as any
+mockCore.info = (message: string) => {
+  info.push(message)
+}
+let info: string[]
+let retryHelper: any
+
+describe('retry-helper tests', () => {
+  beforeAll(() => {
+    // Mocks
+    jest.setMock('@actions/core', mockCore)
+
+    // Now import
+    const retryHelperModule = require('../lib/retry-helper')
+    retryHelper = new retryHelperModule.RetryHelper(3, 0, 0)
+  })
+
+  beforeEach(() => {
+    // Reset info
+    info = []
+  })
+
+  afterAll(() => {
+    // Reset modules
+    jest.resetModules()
+  })
+
+  it('first attempt succeeds', async () => {
+    const actual = await retryHelper.execute(async () => {
+      return 'some result'
+    })
+    expect(actual).toBe('some result')
+    expect(info).toHaveLength(0)
+  })
+
+  it('second attempt succeeds', async () => {
+    let attempts = 0
+    const actual = await retryHelper.execute(() => {
+      if (++attempts == 1) {
+        throw new Error('some error')
+      }
+
+      return Promise.resolve('some result')
+    })
+    expect(attempts).toBe(2)
+    expect(actual).toBe('some result')
+    expect(info).toHaveLength(2)
+    expect(info[0]).toBe('some error')
+    expect(info[1]).toMatch(/Waiting .+ seconds before trying again/)
+  })
+
+  it('third attempt succeeds', async () => {
+    let attempts = 0
+    const actual = await retryHelper.execute(() => {
+      if (++attempts < 3) {
+        throw new Error(`some error ${attempts}`)
+      }
+
+      return Promise.resolve('some result')
+    })
+    expect(attempts).toBe(3)
+    expect(actual).toBe('some result')
+    expect(info).toHaveLength(4)
+    expect(info[0]).toBe('some error 1')
+    expect(info[1]).toMatch(/Waiting .+ seconds before trying again/)
+    expect(info[2]).toBe('some error 2')
+    expect(info[3]).toMatch(/Waiting .+ seconds before trying again/)
+  })
+
+  it('all attempts fail succeeds', async () => {
+    let attempts = 0
+    let error: Error = (null as unknown) as Error
+    try {
+      await retryHelper.execute(() => {
+        throw new Error(`some error ${++attempts}`)
+      })
+    } catch (err) {
+      error = err
+    }
+    expect(error.message).toBe('some error 3')
+    expect(attempts).toBe(3)
+    expect(info).toHaveLength(4)
+    expect(info[0]).toBe('some error 1')
+    expect(info[1]).toMatch(/Waiting .+ seconds before trying again/)
+    expect(info[2]).toBe('some error 2')
+    expect(info[3]).toMatch(/Waiting .+ seconds before trying again/)
+  })
+})
--- a/test/verify-basic.sh
+++ b/test/verify-basic.sh
@ -1,10 +1,24 @@
-#!/bin/bash
+#!/bin/sh

 if [ ! -f "./basic/basic-file.txt" ]; then
    echo "Expected basic file does not exist"
    exit 1
 fi

-# Verify auth token
-cd basic
-git fetch
+if [ "$1" = "--archive" ]; then
+  # Verify no .git folder
+  if [ -d "./basic/.git" ]; then
+    echo "Did not expect ./basic/.git folder to exist"
+    exit 1
+  fi
+else
+  # Verify .git folder
+  if [ ! -d "./basic/.git" ]; then
+    echo "Expected ./basic/.git folder to exist"
+    exit 1
+  fi
+
+  # Verify auth token
+  cd basic
+  git fetch --no-tags --depth=1 origin +refs/heads/master:refs/remotes/origin/master
+fi
--- a/dist/index.js
+++ b/dist/index.js
--- a/package-lock.json
+++ b/package-lock.json
@ -15,11 +15,11 @@
      "integrity": "sha512-nvFkxwiicvpzNiCBF4wFBDfnBvi7xp/as7LE1hBxBxKG2L29+gkIPBiLKMVORL+Hg3JNf07AKRfl0V5djoypjQ=="
    },
    "@actions/github": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@actions/github/-/github-1.1.0.tgz",
-      "integrity": "sha512-cHf6PyoNMdei13jEdGPhKprIMFmjVVW/dnM5/9QmQDJ1ZTaGVyezUSCUIC/ySNLRvDUpeFwPYMdThSEJldSbUw==",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-2.0.0.tgz",
+      "integrity": "sha512-sNpZ5dJyJyfJIO5lNYx8r/Gha4Tlm8R0MLO2cBkGdOnAAEn3t1M/MHVcoBhY/VPfjGVe5RNAUPz+6INrViiUPA==",
      "requires": {
-        "@octokit/graphql": "^2.0.1",
+        "@octokit/graphql": "^4.3.1",
        "@octokit/rest": "^16.15.0"
      }
    },
@ -28,6 +28,26 @@
      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.0.1.tgz",
      "integrity": "sha512-rhq+tfZukbtaus7xyUtwKfuiCRXd1hWSfmJNEpFgBQJ4woqPEpsBw04awicjwz9tyG2/MVhAEMfVn664Cri5zA=="
    },
+    "@actions/tool-cache": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@actions/tool-cache/-/tool-cache-1.1.2.tgz",
+      "integrity": "sha512-IJczPaZr02ECa3Lgws/TJEVco9tjOujiQSZbO3dHuXXjhd5vrUtfOgGwhmz3/f97L910OraPZ8SknofUk6RvOQ==",
+      "requires": {
+        "@actions/core": "^1.1.0",
+        "@actions/exec": "^1.0.1",
+        "@actions/io": "^1.0.1",
+        "semver": "^6.1.0",
+        "typed-rest-client": "^1.4.0",
+        "uuid": "^3.3.2"
+      },
+      "dependencies": {
+        "semver": {
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+          "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw=="
+        }
+      }
+    },
    "@babel/code-frame": {
      "version": "7.5.5",
      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.5.5.tgz",
@ -578,72 +598,56 @@
      }
    },
    "@octokit/endpoint": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-5.4.0.tgz",
-      "integrity": "sha512-DWTNgEKg5KXzvNjKTzcFTnkZiL7te6pQxxumvxPjyjDpcY5V3xzywnNu1WVqySY3Ct1flF/kAoyDdZos6acq3Q==",
+      "version": "5.5.1",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-5.5.1.tgz",
+      "integrity": "sha512-nBFhRUb5YzVTCX/iAK1MgQ4uWo89Gu0TH00qQHoYRCsE12dWcG1OiLd7v2EIo2+tpUKPMOQ62QFy9hy9Vg2ULg==",
      "requires": {
+        "@octokit/types": "^2.0.0",
        "is-plain-object": "^3.0.0",
        "universal-user-agent": "^4.0.0"
-      },
-      "dependencies": {
-        "universal-user-agent": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-4.0.0.tgz",
-          "integrity": "sha512-eM8knLpev67iBDizr/YtqkJsF3GK8gzDc6st/WKzrTuPtcsOKW/0IdL4cnMBsU69pOx0otavLWBDGTwg+dB0aA==",
-          "requires": {
-            "os-name": "^3.1.0"
-          }
-        }
      }
    },
    "@octokit/graphql": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-2.1.3.tgz",
-      "integrity": "sha512-XoXJqL2ondwdnMIW3wtqJWEwcBfKk37jO/rYkoxNPEVeLBDGsGO1TCWggrAlq3keGt/O+C/7VepXnukUxwt5vA==",
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.3.1.tgz",
+      "integrity": "sha512-hCdTjfvrK+ilU2keAdqNBWOk+gm1kai1ZcdjRfB30oA3/T6n53UVJb7w0L5cR3/rhU91xT3HSqCd+qbvH06yxA==",
      "requires": {
-        "@octokit/request": "^5.0.0",
-        "universal-user-agent": "^2.0.3"
+        "@octokit/request": "^5.3.0",
+        "@octokit/types": "^2.0.0",
+        "universal-user-agent": "^4.0.0"
      }
    },
    "@octokit/request": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.1.0.tgz",
-      "integrity": "sha512-I15T9PwjFs4tbWyhtFU2Kq7WDPidYMvRB7spmxoQRZfxSmiqullG+Nz+KbSmpkfnlvHwTr1e31R5WReFRKMXjg==",
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.3.1.tgz",
+      "integrity": "sha512-5/X0AL1ZgoU32fAepTfEoggFinO3rxsMLtzhlUX+RctLrusn/CApJuGFCd0v7GMFhF+8UiCsTTfsu7Fh1HnEJg==",
      "requires": {
-        "@octokit/endpoint": "^5.1.0",
+        "@octokit/endpoint": "^5.5.0",
        "@octokit/request-error": "^1.0.1",
+        "@octokit/types": "^2.0.0",
        "deprecation": "^2.0.0",
        "is-plain-object": "^3.0.0",
        "node-fetch": "^2.3.0",
        "once": "^1.4.0",
        "universal-user-agent": "^4.0.0"
-      },
-      "dependencies": {
-        "universal-user-agent": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-4.0.0.tgz",
-          "integrity": "sha512-eM8knLpev67iBDizr/YtqkJsF3GK8gzDc6st/WKzrTuPtcsOKW/0IdL4cnMBsU69pOx0otavLWBDGTwg+dB0aA==",
-          "requires": {
-            "os-name": "^3.1.0"
-          }
-        }
      }
    },
    "@octokit/request-error": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-1.0.4.tgz",
-      "integrity": "sha512-L4JaJDXn8SGT+5G0uX79rZLv0MNJmfGa4vb4vy1NnpjSnWDLJRy6m90udGwvMmavwsStgbv2QNkPzzTCMmL+ig==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-1.2.0.tgz",
+      "integrity": "sha512-DNBhROBYjjV/I9n7A8kVkmQNkqFAMem90dSxqvPq57e2hBr7mNTX98y3R2zDpqMQHVRpBDjsvsfIGgBzy+4PAg==",
      "requires": {
+        "@octokit/types": "^2.0.0",
        "deprecation": "^2.0.0",
        "once": "^1.4.0"
      }
    },
    "@octokit/rest": {
-      "version": "16.33.0",
-      "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-16.33.0.tgz",
-      "integrity": "sha512-t4jMR+odsfooQwmHiREoTQixVTX2DfdbSaO+lKrW9R5XBuk0DW+5T/JdfwtxAGUAHgvDDpWY/NVVDfEPTzxD6g==",
+      "version": "16.35.0",
+      "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-16.35.0.tgz",
+      "integrity": "sha512-9ShFqYWo0CLoGYhA1FdtdykJuMzS/9H6vSbbQWDX4pWr4p9v+15MsH/wpd/3fIU+tSxylaNO48+PIHqOkBRx3w==",
      "requires": {
-        "@octokit/request": "^5.0.0",
+        "@octokit/request": "^5.2.0",
        "@octokit/request-error": "^1.0.2",
        "atob-lite": "^2.0.0",
        "before-after-hook": "^2.0.0",
@ -655,16 +659,14 @@
        "octokit-pagination-methods": "^1.1.0",
        "once": "^1.4.0",
        "universal-user-agent": "^4.0.0"
-      },
-      "dependencies": {
-        "universal-user-agent": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-4.0.0.tgz",
-          "integrity": "sha512-eM8knLpev67iBDizr/YtqkJsF3GK8gzDc6st/WKzrTuPtcsOKW/0IdL4cnMBsU69pOx0otavLWBDGTwg+dB0aA==",
-          "requires": {
-            "os-name": "^3.1.0"
-          }
-        }
+      }
+    },
+    "@octokit/types": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-2.0.2.tgz",
+      "integrity": "sha512-StASIL2lgT3TRjxv17z9pAqbnI7HGu9DrJlg3sEBFfCLaMEqp+O3IQPUF6EZtQ4xkAu2ml6kMBBCtGxjvmtmuQ==",
+      "requires": {
+        "@types/node": ">= 8"
      }
    },
    "@types/babel__core": {
@ -757,8 +759,7 @@
    "@types/node": {
      "version": "12.7.12",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-12.7.12.tgz",
-      "integrity": "sha512-KPYGmfD0/b1eXurQ59fXD1GBzhSQfz6/lKBxkaHX9dKTzjXbK68Zt7yGUxUsCS1jeTy/8aL+d9JEr+S54mpkWQ==",
-      "dev": true
+      "integrity": "sha512-KPYGmfD0/b1eXurQ59fXD1GBzhSQfz6/lKBxkaHX9dKTzjXbK68Zt7yGUxUsCS1jeTy/8aL+d9JEr+S54mpkWQ=="
    },
    "@types/stack-utils": {
      "version": "1.0.1",
@ -766,6 +767,15 @@
      "integrity": "sha512-l42BggppR6zLmpfU6fq9HEa2oGPEI8yrSPL3GITjfRInppYFahObbIQOQK3UGxEnyQpltZLaPe75046NOZQikw==",
      "dev": true
    },
+    "@types/uuid": {
+      "version": "3.4.6",
+      "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-3.4.6.tgz",
+      "integrity": "sha512-cCdlC/1kGEZdEglzOieLDYBxHsvEOIg7kp/2FYyVR9Pxakq+Qf/inL3RKQ+PA8gOlI/NnL+fXmQH12nwcGzsHw==",
+      "dev": true,
+      "requires": {
+        "@types/node": "*"
+      }
+    },
    "@types/yargs": {
      "version": "13.0.3",
      "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-13.0.3.tgz",
@ -6603,6 +6613,11 @@
        "tslib": "^1.8.1"
      }
    },
+    "tunnel": {
+      "version": "0.0.4",
+      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.4.tgz",
+      "integrity": "sha1-LTeFoVjBdMmhbcLARuxfxfF0IhM="
+    },
    "tunnel-agent": {
      "version": "0.6.0",
      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
@ -6627,6 +6642,15 @@
        "prelude-ls": "~1.1.2"
      }
    },
+    "typed-rest-client": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/typed-rest-client/-/typed-rest-client-1.5.0.tgz",
+      "integrity": "sha512-DVZRlmsfnTjp6ZJaatcdyvvwYwbWvR4YDNFDqb+qdTxpvaVP99YCpBkA8rxsLtAPjBVoDe4fNsnMIdZTiPuKWg==",
+      "requires": {
+        "tunnel": "0.0.4",
+        "underscore": "1.8.3"
+      }
+    },
    "typescript": {
      "version": "3.6.4",
      "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.6.4.tgz",
@ -6653,6 +6677,11 @@
        }
      }
    },
+    "underscore": {
+      "version": "1.8.3",
+      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
+      "integrity": "sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI="
+    },
    "union-value": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz",
@ -6666,11 +6695,11 @@
      }
    },
    "universal-user-agent": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-2.1.0.tgz",
-      "integrity": "sha512-8itiX7G05Tu3mGDTdNY2fB4KJ8MgZLS54RdG6PkkfwMAavrXu1mV/lls/GABx9O3Rw4PnTtasxrvbMQoBYY92Q==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-4.0.0.tgz",
+      "integrity": "sha512-eM8knLpev67iBDizr/YtqkJsF3GK8gzDc6st/WKzrTuPtcsOKW/0IdL4cnMBsU69pOx0otavLWBDGTwg+dB0aA==",
      "requires": {
-        "os-name": "^3.0.0"
+        "os-name": "^3.1.0"
      }
    },
    "unset-value": {
@ -6753,8 +6782,7 @@
    "uuid": {
      "version": "3.3.3",
      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz",
-      "integrity": "sha512-pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ==",
-      "dev": true
+      "integrity": "sha512-pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ=="
    },
    "validate-npm-package-license": {
      "version": "3.0.4",
--- a/package.json
+++ b/package.json
@ -31,12 +31,15 @@
  "dependencies": {
    "@actions/core": "^1.1.3",
    "@actions/exec": "^1.0.1",
-    "@actions/github": "^1.1.0",
-    "@actions/io": "^1.0.1"
+    "@actions/github": "^2.0.0",
+    "@actions/io": "^1.0.1",
+    "@actions/tool-cache": "^1.1.2",
+    "uuid": "^3.3.3"
  },
  "devDependencies": {
    "@types/jest": "^24.0.23",
    "@types/node": "^12.7.12",
+    "@types/uuid": "^3.4.6",
    "@typescript-eslint/parser": "^2.8.0",
    "@zeit/ncc": "^0.20.5",
    "eslint": "^5.16.0",
--- a/src/git-command-manager.ts
+++ b/src/git-command-manager.ts
@ -3,8 +3,13 @@ import * as exec from '@actions/exec'
 import * as fshelper from './fs-helper'
 import * as io from '@actions/io'
 import * as path from 'path'
+import * as retryHelper from './retry-helper'
 import {GitVersion} from './git-version'

+// Auth header not supported before 2.9
+// Wire protocol v2 not supported before 2.18
+export const MinimumGitVersion = new GitVersion('2.18')
+
 export interface IGitCommandManager {
  branchDelete(remote: boolean, branch: string): Promise<void>
  branchExists(remote: boolean, pattern: string): Promise<boolean>
@ -150,22 +155,10 @@ class GitCommandManager {
      args.push(arg)
    }

-    let attempt = 1
-    const maxAttempts = 3
-    while (attempt <= maxAttempts) {
-      const allowAllExitCodes = attempt < maxAttempts
-      const output = await this.execGit(args, allowAllExitCodes)
-      if (output.exitCode === 0) {
-        break
-      }
-
-      const seconds = this.getRandomIntInclusive(1, 10)
-      core.warning(
-        `Git fetch failed with exit code ${output.exitCode}. Waiting ${seconds} seconds before trying again.`
-      )
-      await this.sleep(seconds * 1000)
-      attempt++
-    }
+    const that = this
+    await retryHelper.execute(async () => {
+      await that.execGit(args)
+    })
  }

  getWorkingDirectory(): string {
@ -188,22 +181,10 @@ class GitCommandManager {
  async lfsFetch(ref: string): Promise<void> {
    const args = ['lfs', 'fetch', 'origin', ref]

-    let attempt = 1
-    const maxAttempts = 3
-    while (attempt <= maxAttempts) {
-      const allowAllExitCodes = attempt < maxAttempts
-      const output = await this.execGit(args, allowAllExitCodes)
-      if (output.exitCode === 0) {
-        break
-      }
-
-      const seconds = this.getRandomIntInclusive(1, 10)
-      core.warning(
-        `Git lfs fetch failed with exit code ${output.exitCode}. Waiting ${seconds} seconds before trying again.`
-      )
-      await this.sleep(seconds * 1000)
-      attempt++
-    }
+    const that = this
+    await retryHelper.execute(async () => {
+      await that.execGit(args)
+    })
  }

  async lfsInstall(): Promise<void> {
@ -338,13 +319,9 @@ class GitCommandManager {
    }

    // Minimum git version
-    // Note:
-    // - Auth header not supported before 2.9
-    // - Wire protocol v2 not supported before 2.18
-    const minimumGitVersion = new GitVersion('2.18')
-    if (!gitVersion.checkMinimum(minimumGitVersion)) {
+    if (!gitVersion.checkMinimum(MinimumGitVersion)) {
      throw new Error(
-        `Minimum required git version is ${minimumGitVersion}. Your git ('${this.gitPath}') is ${gitVersion}`
+        `Minimum required git version is ${MinimumGitVersion}. Your git ('${this.gitPath}') is ${gitVersion}`
      )
    }

@ -381,16 +358,6 @@ class GitCommandManager {
    core.debug(`Set git useragent to: ${gitHttpUserAgent}`)
    this.gitEnv['GIT_HTTP_USER_AGENT'] = gitHttpUserAgent
  }
-
-  private getRandomIntInclusive(minimum: number, maximum: number): number {
-    minimum = Math.floor(minimum)
-    maximum = Math.floor(maximum)
-    return Math.floor(Math.random() * (maximum - minimum + 1)) + minimum
-  }
-
-  private async sleep(milliseconds): Promise<void> {
-    return new Promise(resolve => setTimeout(resolve, milliseconds))
-  }
 }

 class GitOutput {
--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@ -3,9 +3,11 @@ import * as coreCommand from '@actions/core/lib/command'
 import * as fs from 'fs'
 import * as fsHelper from './fs-helper'
 import * as gitCommandManager from './git-command-manager'
+import * as githubApiHelper from './github-api-helper'
 import * as io from '@actions/io'
 import * as path from 'path'
 import * as refHelper from './ref-helper'
+import * as stateHelper from './state-helper'
 import {IGitCommandManager} from './git-command-manager'

 const authConfigKey = `http.https://github.com/.extraheader`
@ -23,6 +25,7 @@ export interface ISourceSettings {
 }

 export async function getSource(settings: ISourceSettings): Promise<void> {
+  // Repository URL
  core.info(
    `Syncing repository: ${settings.repositoryOwner}/${settings.repositoryName}`
  )
@ -43,92 +46,92 @@ export async function getSource(settings: ISourceSettings): Promise<void> {
  }

  // Git command manager
-  core.info(`Working directory is '${settings.repositoryPath}'`)
-  const git = await gitCommandManager.CreateCommandManager(
-    settings.repositoryPath,
-    settings.lfs
-  )
+  const git = await getGitCommandManager(settings)

-  // Try prepare existing directory, otherwise recreate
-  if (
-    isExisting &&
-    !(await tryPrepareExistingDirectory(
+  // Prepare existing directory, otherwise recreate
+  if (isExisting) {
+    await prepareExistingDirectory(
      git,
      settings.repositoryPath,
      repositoryUrl,
      settings.clean
-    ))
-  ) {
-    // Delete the contents of the directory. Don't delete the directory itself
-    // since it may be the current working directory.
-    core.info(`Deleting the contents of '${settings.repositoryPath}'`)
-    for (const file of await fs.promises.readdir(settings.repositoryPath)) {
-      await io.rmRF(path.join(settings.repositoryPath, file))
-    }
-  }
-
-  // Initialize the repository
-  if (
-    !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
-  ) {
-    await git.init()
-    await git.remoteAdd('origin', repositoryUrl)
-  }
-
-  // Disable automatic garbage collection
-  if (!(await git.tryDisableAutomaticGarbageCollection())) {
-    core.warning(
-      `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
    )
  }

-  // Remove possible previous extraheader
-  await removeGitConfig(git, authConfigKey)
+  if (!git) {
+    // Downloading using REST API
+    core.info(`The repository will be downloaded using the GitHub REST API`)
+    core.info(
+      `To create a local Git repository instead, add Git ${gitCommandManager.MinimumGitVersion} or higher to the PATH`
+    )
+    await githubApiHelper.downloadRepository(
+      settings.accessToken,
+      settings.repositoryOwner,
+      settings.repositoryName,
+      settings.ref,
+      settings.commit,
+      settings.repositoryPath
+    )
+  } else {
+    // Save state for POST action
+    stateHelper.setRepositoryPath(settings.repositoryPath)

-  // Add extraheader (auth)
-  const base64Credentials = Buffer.from(
-    `x-access-token:${settings.accessToken}`,
-    'utf8'
-  ).toString('base64')
-  core.setSecret(base64Credentials)
-  const authConfigValue = `AUTHORIZATION: basic ${base64Credentials}`
-  await git.config(authConfigKey, authConfigValue)
+    // Initialize the repository
+    if (
+      !fsHelper.directoryExistsSync(path.join(settings.repositoryPath, '.git'))
+    ) {
+      await git.init()
+      await git.remoteAdd('origin', repositoryUrl)
+    }

-  // LFS install
-  if (settings.lfs) {
-    await git.lfsInstall()
+    // Disable automatic garbage collection
+    if (!(await git.tryDisableAutomaticGarbageCollection())) {
+      core.warning(
+        `Unable to turn off git automatic garbage collection. The git fetch operation may trigger garbage collection and cause a delay.`
+      )
+    }
+
+    // Remove possible previous extraheader
+    await removeGitConfig(git, authConfigKey)
+
+    // Add extraheader (auth)
+    const base64Credentials = Buffer.from(
+      `x-access-token:${settings.accessToken}`,
+      'utf8'
+    ).toString('base64')
+    core.setSecret(base64Credentials)
+    const authConfigValue = `AUTHORIZATION: basic ${base64Credentials}`
+    await git.config(authConfigKey, authConfigValue)
+
+    // LFS install
+    if (settings.lfs) {
+      await git.lfsInstall()
+    }
+
+    // Fetch
+    const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
+    await git.fetch(settings.fetchDepth, refSpec)
+
+    // Checkout info
+    const checkoutInfo = await refHelper.getCheckoutInfo(
+      git,
+      settings.ref,
+      settings.commit
+    )
+
+    // LFS fetch
+    // Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
+    // Explicit lfs fetch will fetch lfs objects in parallel.
+    if (settings.lfs) {
+      await git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref)
+    }
+
+    // Checkout
+    await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint)
+
+    // Dump some info about the checked out commit
+    await git.log1()
  }
-
-  // Fetch
-  const refSpec = refHelper.getRefSpec(settings.ref, settings.commit)
-  await git.fetch(settings.fetchDepth, refSpec)
-
-  // Checkout info
-  const checkoutInfo = await refHelper.getCheckoutInfo(
-    git,
-    settings.ref,
-    settings.commit
-  )
-
-  // LFS fetch
-  // Explicit lfs-fetch to avoid slow checkout (fetches one lfs object at a time).
-  // Explicit lfs fetch will fetch lfs objects in parallel.
-  if (settings.lfs) {
-    await git.lfsFetch(checkoutInfo.startPoint || checkoutInfo.ref)
-  }
-
-  // Checkout
-  await git.checkout(checkoutInfo.ref, checkoutInfo.startPoint)
-
-  // Dump some info about the checked out commit
-  await git.log1()
-
-  // Set intra-task state for cleanup
-  coreCommand.issueCommand(
-    'save-state',
-    {name: 'repositoryPath'},
-    settings.repositoryPath
-  )
 }

 export async function cleanup(repositoryPath: string): Promise<void> {
@ -146,79 +149,110 @@ export async function cleanup(repositoryPath: string): Promise<void> {
  await removeGitConfig(git, authConfigKey)
 }

-async function tryPrepareExistingDirectory(
+async function getGitCommandManager(
+  settings: ISourceSettings
+): Promise<IGitCommandManager> {
+  core.info(`Working directory is '${settings.repositoryPath}'`)
+  let git = (null as unknown) as IGitCommandManager
+  try {
+    return await gitCommandManager.CreateCommandManager(
+      settings.repositoryPath,
+      settings.lfs
+    )
+  } catch (err) {
+    // Git is required for LFS
+    if (settings.lfs) {
+      throw err
+    }
+
+    // Otherwise fallback to REST API
+    return (null as unknown) as IGitCommandManager
+  }
+}
+
+async function prepareExistingDirectory(
  git: IGitCommandManager,
  repositoryPath: string,
  repositoryUrl: string,
  clean: boolean
-): Promise<boolean> {
+): Promise<void> {
+  let remove = false
+
+  // Check whether using git or REST API
+  if (!git) {
+    remove = true
+  }
  // Fetch URL does not match
-  if (
+  else if (
    !fsHelper.directoryExistsSync(path.join(repositoryPath, '.git')) ||
    repositoryUrl !== (await git.tryGetFetchUrl())
  ) {
-    return false
-  }
+    remove = true
+  } else {
+    // Delete any index.lock and shallow.lock left by a previously canceled run or crashed git process
+    const lockPaths = [
+      path.join(repositoryPath, '.git', 'index.lock'),
+      path.join(repositoryPath, '.git', 'shallow.lock')
+    ]
+    for (const lockPath of lockPaths) {
+      try {
+        await io.rmRF(lockPath)
+      } catch (error) {
+        core.debug(`Unable to delete '${lockPath}'. ${error.message}`)
+      }
+    }

-  // Delete any index.lock and shallow.lock left by a previously canceled run or crashed git process
-  const lockPaths = [
-    path.join(repositoryPath, '.git', 'index.lock'),
-    path.join(repositoryPath, '.git', 'shallow.lock')
-  ]
-  for (const lockPath of lockPaths) {
    try {
-      await io.rmRF(lockPath)
+      // Checkout detached HEAD
+      if (!(await git.isDetached())) {
+        await git.checkoutDetach()
+      }
+
+      // Remove all refs/heads/*
+      let branches = await git.branchList(false)
+      for (const branch of branches) {
+        await git.branchDelete(false, branch)
+      }
+
+      // Remove all refs/remotes/origin/* to avoid conflicts
+      branches = await git.branchList(true)
+      for (const branch of branches) {
+        await git.branchDelete(true, branch)
+      }
+
+      // Clean
+      if (clean) {
+        if (!(await git.tryClean())) {
+          core.debug(
+            `The clean command failed. This might be caused by: 1) path too long, 2) permission issue, or 3) file in use. For futher investigation, manually run 'git clean -ffdx' on the directory '${repositoryPath}'.`
+          )
+          remove = true
+        } else if (!(await git.tryReset())) {
+          remove = true
+        }
+
+        if (remove) {
+          core.warning(
+            `Unable to clean or reset the repository. The repository will be recreated instead.`
+          )
+        }
+      }
    } catch (error) {
-      core.debug(`Unable to delete '${lockPath}'. ${error.message}`)
-    }
-  }
-
-  try {
-    // Checkout detached HEAD
-    if (!(await git.isDetached())) {
-      await git.checkoutDetach()
-    }
-
-    // Remove all refs/heads/*
-    let branches = await git.branchList(false)
-    for (const branch of branches) {
-      await git.branchDelete(false, branch)
-    }
-
-    // Remove all refs/remotes/origin/* to avoid conflicts
-    branches = await git.branchList(true)
-    for (const branch of branches) {
-      await git.branchDelete(true, branch)
-    }
-  } catch (error) {
-    core.warning(
-      `Unable to prepare the existing repository. The repository will be recreated instead.`
-    )
-    return false
-  }
-
-  // Clean
-  if (clean) {
-    let succeeded = true
-    if (!(await git.tryClean())) {
-      core.debug(
-        `The clean command failed. This might be caused by: 1) path too long, 2) permission issue, or 3) file in use. For futher investigation, manually run 'git clean -ffdx' on the directory '${repositoryPath}'.`
-      )
-      succeeded = false
-    } else if (!(await git.tryReset())) {
-      succeeded = false
-    }
-
-    if (!succeeded) {
      core.warning(
-        `Unable to clean or reset the repository. The repository will be recreated instead.`
+        `Unable to prepare the existing repository. The repository will be recreated instead.`
      )
+      remove = true
    }
-
-    return succeeded
  }

-  return true
+  if (remove) {
+    // Delete the contents of the directory. Don't delete the directory itself
+    // since it might be the current working directory.
+    core.info(`Deleting the contents of '${repositoryPath}'`)
+    for (const file of await fs.promises.readdir(repositoryPath)) {
+      await io.rmRF(path.join(repositoryPath, file))
+    }
+  }
 }

 async function removeGitConfig(
--- a/src/github-api-helper.ts
+++ b/src/github-api-helper.ts
@ -0,0 +1,92 @@
+import * as assert from 'assert'
+import * as core from '@actions/core'
+import * as fs from 'fs'
+import * as github from '@actions/github'
+import * as io from '@actions/io'
+import * as path from 'path'
+import * as retryHelper from './retry-helper'
+import * as toolCache from '@actions/tool-cache'
+import {default as uuid} from 'uuid/v4'
+import {ReposGetArchiveLinkParams} from '@octokit/rest'
+
+const IS_WINDOWS = process.platform === 'win32'
+
+export async function downloadRepository(
+  accessToken: string,
+  owner: string,
+  repo: string,
+  ref: string,
+  commit: string,
+  repositoryPath: string
+): Promise<void> {
+  // Download the archive
+  let archiveData = await retryHelper.execute(async () => {
+    core.info('Downloading the archive')
+    return await downloadArchive(accessToken, owner, repo, ref, commit)
+  })
+
+  // Write archive to disk
+  core.info('Writing archive to disk')
+  const uniqueId = uuid()
+  const archivePath = path.join(repositoryPath, `${uniqueId}.tar.gz`)
+  await fs.promises.writeFile(archivePath, archiveData)
+  archiveData = Buffer.from('') // Free memory
+
+  // Extract archive
+  core.info('Extracting the archive')
+  const extractPath = path.join(repositoryPath, uniqueId)
+  await io.mkdirP(extractPath)
+  if (IS_WINDOWS) {
+    await toolCache.extractZip(archivePath, extractPath)
+  } else {
+    await toolCache.extractTar(archivePath, extractPath)
+  }
+  io.rmRF(archivePath)
+
+  // Determine the path of the repository content. The archive contains
+  // a top-level folder and the repository content is inside.
+  const archiveFileNames = await fs.promises.readdir(extractPath)
+  assert.ok(
+    archiveFileNames.length == 1,
+    'Expected exactly one directory inside archive'
+  )
+  const archiveVersion = archiveFileNames[0] // The top-level folder name includes the short SHA
+  core.info(`Resolved version ${archiveVersion}`)
+  const tempRepositoryPath = path.join(extractPath, archiveVersion)
+
+  // Move the files
+  for (const fileName of await fs.promises.readdir(tempRepositoryPath)) {
+    const sourcePath = path.join(tempRepositoryPath, fileName)
+    const targetPath = path.join(repositoryPath, fileName)
+    if (IS_WINDOWS) {
+      await io.cp(sourcePath, targetPath, {recursive: true}) // Copy on Windows (Windows Defender may have a lock)
+    } else {
+      await io.mv(sourcePath, targetPath)
+    }
+  }
+  io.rmRF(extractPath)
+}
+
+async function downloadArchive(
+  accessToken: string,
+  owner: string,
+  repo: string,
+  ref: string,
+  commit: string
+): Promise<Buffer> {
+  const octokit = new github.GitHub(accessToken)
+  const params: ReposGetArchiveLinkParams = {
+    owner: owner,
+    repo: repo,
+    archive_format: IS_WINDOWS ? 'zipball' : 'tarball',
+    ref: commit || ref
+  }
+  const response = await octokit.repos.getArchiveLink(params)
+  if (response.status != 200) {
+    throw new Error(
+      `Unexpected response from GitHub API. Status: ${response.status}, Data: ${response.data}`
+    )
+  }
+
+  return Buffer.from(response.data) // response.data is ArrayBuffer
+}
--- a/src/main.ts
+++ b/src/main.ts
@ -3,8 +3,7 @@ import * as coreCommand from '@actions/core/lib/command'
 import * as gitSourceProvider from './git-source-provider'
 import * as inputHelper from './input-helper'
 import * as path from 'path'
-
-const cleanupRepositoryPath = process.env['STATE_repositoryPath'] as string
+import * as stateHelper from './state-helper'

 async function run(): Promise<void> {
  try {
@ -31,14 +30,14 @@ async function run(): Promise<void> {

 async function cleanup(): Promise<void> {
  try {
-    await gitSourceProvider.cleanup(cleanupRepositoryPath)
+    await gitSourceProvider.cleanup(stateHelper.RepositoryPath)
  } catch (error) {
    core.warning(error.message)
  }
 }

 // Main
-if (!cleanupRepositoryPath) {
+if (!stateHelper.IsPost) {
  run()
 }
 // Post
--- a/src/retry-helper.ts
+++ b/src/retry-helper.ts
@ -0,0 +1,61 @@
+import * as core from '@actions/core'
+
+const defaultMaxAttempts = 3
+const defaultMinSeconds = 10
+const defaultMaxSeconds = 20
+
+export class RetryHelper {
+  private maxAttempts: number
+  private minSeconds: number
+  private maxSeconds: number
+
+  constructor(
+    maxAttempts: number = defaultMaxAttempts,
+    minSeconds: number = defaultMinSeconds,
+    maxSeconds: number = defaultMaxSeconds
+  ) {
+    this.maxAttempts = maxAttempts
+    this.minSeconds = Math.floor(minSeconds)
+    this.maxSeconds = Math.floor(maxSeconds)
+    if (this.minSeconds > this.maxSeconds) {
+      throw new Error('min seconds should be less than or equal to max seconds')
+    }
+  }
+
+  async execute<T>(action: () => Promise<T>): Promise<T> {
+    let attempt = 1
+    while (attempt < this.maxAttempts) {
+      // Try
+      try {
+        return await action()
+      } catch (err) {
+        core.info(err.message)
+      }
+
+      // Sleep
+      const seconds = this.getSleepAmount()
+      core.info(`Waiting ${seconds} seconds before trying again`)
+      await this.sleep(seconds)
+      attempt++
+    }
+
+    // Last attempt
+    return await action()
+  }
+
+  private getSleepAmount(): number {
+    return (
+      Math.floor(Math.random() * (this.maxSeconds - this.minSeconds + 1)) +
+      this.minSeconds
+    )
+  }
+
+  private async sleep(seconds: number): Promise<void> {
+    return new Promise(resolve => setTimeout(resolve, seconds * 1000))
+  }
+}
+
+export async function execute<T>(action: () => Promise<T>): Promise<T> {
+  const retryHelper = new RetryHelper()
+  return await retryHelper.execute(action)
+}
--- a/src/state-helper.ts
+++ b/src/state-helper.ts
@ -0,0 +1,30 @@
+import * as core from '@actions/core'
+import * as coreCommand from '@actions/core/lib/command'
+
+/**
+ * Indicates whether the POST action is running
+ */
+export const IsPost = !!process.env['STATE_isPost']
+
+/**
+ * The repository path for the POST action. The value is empty during the MAIN action.
+ */
+export const RepositoryPath =
+  (process.env['STATE_repositoryPath'] as string) || ''
+
+/**
+ * Save the repository path so the POST action can retrieve the value.
+ */
+export function setRepositoryPath(repositoryPath: string) {
+  coreCommand.issueCommand(
+    'save-state',
+    {name: 'repositoryPath'},
+    repositoryPath
+  )
+}
+
+// Publish a variable so that when the POST action runs, it can determine it should run the cleanup logic.
+// This is necessary since we don't have a separate entry point.
+if (!IsPost) {
+  coreCommand.issueCommand('save-state', {name: 'isPost'}, 'true')
+}