Reset git client's extraheader list to remove local config

.github/workflows/ci.yml

@@ -1,119 +0,0 @@
-name: CI
-on:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-      - uses: actions/setup-python@v2
-        with:
-          python-version: '3.x'
-      - run: npm ci
-      - run: npm run clean
-      - run: npm run test
-      - run: npm run package
-      - uses: actions/upload-artifact@v2
-        with:
-          name: dist
-          path: dist
-
-  test:
-    needs: [build]
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        target: [built, committed]
-    steps:
-      - if: github.event_name == 'push'
-        uses: actions/checkout@v2
-      - if: github.event_name == 'pull_request'
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.head_ref }}
-      - if: matrix.target == 'built'
-        uses: actions/download-artifact@v2
-        with:
-          name: dist
-          path: dist
-
-      - name: Create change
-        run: date +%s > report.txt
-
-      - name: Create Pull Request
-        id: cpr
-        uses: ./
-        with:
-          commit-message: '[CI] test ${{ matrix.target }}'
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-          title: '[CI] test ${{ matrix.target }}'
-          body: |
-            - CI test case for target '${{ matrix.target }}'
-
-            Auto-generated by [create-pull-request][1]
-
-            [1]: https://github.com/peter-evans/create-pull-request
-          branch: ci-test-${{ matrix.target }}
-
-      - name: Close Pull
-        uses: peter-evans/close-pull@v1
-        with:
-          pull-request-number: ${{ steps.cpr.outputs.pr_number }}
-          comment: '[CI] test ${{ matrix.target }}'
-          delete-branch: true
-
-  commentTestSuiteHelp:
-    if: github.event_name == 'pull_request'
-    needs: [test]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Find Comment
-        uses: peter-evans/find-comment@v1
-        id: fc
-        with:
-          issue-number: ${{ github.event.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: Full test suite slash command
-
-      - if: steps.fc.outputs.comment-id == ''
-        name: Create comment
-        uses: peter-evans/create-or-update-comment@v1
-        with:
-          issue-number: ${{ github.event.number }}
-          body: |
-            Full test suite slash command (repository admin only)
-            ```
-            /test repository=${{ github.event.pull_request.head.repo.full_name }} branch=${{ github.event.pull_request.head.ref }} build=true
-            ```
-
-  package:
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
-    needs: [test]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: dist
-          path: dist
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v2
-        with:
-          commit-message: Update distribution
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-          title: Update distribution
-          body: |
-            - Updates the distribution for changes on `master`
-
-            Auto-generated by [create-pull-request][1]
-
-            [1]: https://github.com/peter-evans/create-pull-request
-          branch: update-distribution

.github/workflows/cpr-example-command.yml

@@ -13,9 +13,9 @@ jobs:
         id: cpr
         uses: ./
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Add report file
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          committer: Peter Evans <peter-evans@users.noreply.github.com>
           title: '[Example] Add report file'
           body: |
             New report
@@ -29,9 +29,7 @@ jobs:
           milestone: 1
           project: Example Project
           project-column: To do
-          draft: false
           branch: example-patches
-          request-to-parent: false
       - name: Check outputs
         run: |
           echo "Pull Request Number - ${{ env.PULL_REQUEST_NUMBER }}"
@@ -39,6 +37,7 @@ jobs:
       - name: Add reaction
         uses: peter-evans/create-or-update-comment@v1
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
           comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
           reaction-type: hooray

README.md

@@ -27,20 +27,22 @@ Create Pull Request action will:
 ```yml
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 You can also pin to a [specific release](https://github.com/peter-evans/create-pull-request/releases) version in the format `@v2.x.x`
 
 ### Action inputs
 
-All inputs are **optional**. If not set, sensible default values will be used.
+With the exception of `token`, all inputs are **optional**. If not set, sensible default values will be used.
 
-**Note**: If you want pull requests created by this action to trigger an `on: push` or `on: pull_request` workflow then you cannot use the default `GITHUB_TOKEN`. See the [documentation here](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#triggering-further-workflow-runs) for workarounds.
+**Note**: If you want pull requests created by this action to trigger an `on: push` or `on: pull_request` workflow then you must use a [Personal Access Token](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line) instead of the default `GITHUB_TOKEN`. Alternatively, allow the action to [push using SSH](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#push-using-ssh-deploy-keys) by configuring a deploy key.
 
 | Name | Description | Default |
 | --- | --- | --- |
-| `token` | `GITHUB_TOKEN` or a `repo` scoped [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line). | `GITHUB_TOKEN` |
-| `path` | Relative path under `GITHUB_WORKSPACE` to the repository. | `GITHUB_WORKSPACE` |
+| `token` | `GITHUB_TOKEN` or a `repo` scoped [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line). | |
+| `path` | Relative path under `$GITHUB_WORKSPACE` to the repository. | `$GITHUB_WORKSPACE` |
 | `commit-message` | The message to use when committing changes. | `[create-pull-request] automated change` |
 | `committer` | The committer name and email address in the format `Display Name <email@address.com>`. | Defaults to the GitHub Actions bot user. See [Committer and author](#committer-and-author) for details. |
 | `author` | The author name and email address in the format `Display Name <email@address.com>`. | Defaults to the GitHub Actions bot user. See [Committer and author](#committer-and-author) for details. |
@@ -49,13 +51,11 @@ All inputs are **optional**. If not set, sensible default values will be used.
 | `labels` | A comma separated list of labels. | |
 | `assignees` | A comma separated list of assignees (GitHub usernames). | |
 | `reviewers` | A comma separated list of reviewers (GitHub usernames) to request a review from. | |
-| `team-reviewers` | A comma separated list of GitHub teams to request a review from. A `repo` scoped [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) may be required. See [this issue](https://github.com/peter-evans/create-pull-request/issues/155). | |
+| `team-reviewers` | A comma separated list of GitHub teams to request a review from. | |
 | `milestone` | The number of the milestone to associate this pull request with. | |
 | `project` | The name of the project for which a card should be created. Requires `project-column`. | |
 | `project-column` | The name of the project column under which a card should be created. Requires `project`. | |
-| `draft` | Create a [draft pull request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests#draft-pull-requests). | `false` |
 | `branch` | The branch name. See [Branch naming](#branch-naming) for details. | `create-pull-request/patch` |
-| `request-to-parent` | Create the pull request in the parent repository of the checked out fork. See [push pull request branches to a fork](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork) for details. | `false` |
 | `base` | Sets the pull request base branch. | Defaults to the branch checked out in the workflow. |
 | `branch-suffix` | The branch suffix type. Valid values are `random`, `timestamp` and `short-commit-hash`. See [Branch naming](#branch-naming) for details. | |
 
@@ -68,6 +68,8 @@ Note that in order to read the step output the action step must have an id.
       - name: Create Pull Request
         id: cpr
         uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
       - name: Check outputs
         run: |
           echo "Pull Request Number - ${{ env.PULL_REQUEST_NUMBER }}"
@@ -112,13 +114,13 @@ If there are files or directories you want to ignore you can simply add them to
 
 If neither `committer` or `author` inputs are supplied the action will default to making commits that appear to be made by the GitHub Actions bot user.
 
-The following configuration can be used to have commits authored by the user who triggered the workflow event.
+In most cases, where the committer and author are the same, just the committer can be set.
 ```yml
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          token: ${{ secrets.GITHUB_TOKEN }}
+          committer: Peter Evans <peter-evans@users.noreply.github.com>
 ```
 
 ### Controlling commits
@@ -141,6 +143,8 @@ As well as relying on the action to handle uncommitted changes, you can addition
         run: date +%s > report.txt
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ## Reference Example
@@ -165,8 +169,8 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Add report file
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          committer: Peter Evans <peter-evans@users.noreply.github.com>
+          author: Peter Evans <peter-evans@users.noreply.github.com>
           title: '[Example] Add report file'
           body: |
             New report
@@ -181,9 +185,7 @@ jobs:
           milestone: 1
           project: Example Project
           project-column: To do
-          draft: false
           branch: example-patches
-          request-to-parent: false
       - name: Check outputs
         run: |
           echo "Pull Request Number - ${{ env.PULL_REQUEST_NUMBER }}"

action.yml

@@ -3,7 +3,7 @@ description: 'Creates a pull request for changes to your repository in the actio
 inputs:
   token:
     description: 'GITHUB_TOKEN or a repo scoped PAT'
-    default: ${{ github.token }}
+    required: true
   path:
     description: 'Relative path under $GITHUB_WORKSPACE to the repository.'
   commit-message:
@@ -32,9 +32,6 @@ inputs:
     description: 'The name of the project column under which a card should be created.'
   branch:
     description: 'The pull request branch name.'
-  request-to-parent:
-    description: 'Create the pull request in the parent repository of the checked out fork.'
-    default: false
   base:
     description: 'The pull request base branch.'
   branch-suffix:
@@ -46,5 +43,5 @@ runs:
   using: 'node12'
   main: 'dist/index.js'
 branding:
-  icon: 'git-pull-request'
+  icon: 'git-pull-request'  
   color: 'gray-dark'

dist/cpr/create_or_update_pull_request.py

@@ -4,20 +4,6 @@ from github import Github, GithubException
 import os
 
 
-def string_to_bool(str):
-    if str is None:
-        return False
-    else:
-        return str.lower() in [
-            "true",
-            "1",
-            "t",
-            "y",
-            "yes",
-            "on",
-        ]
-
-
 def cs_string_to_list(str):
     # Split the comma separated string into a list
     l = [i.strip() for i in str.split(",")]
@@ -70,43 +56,25 @@ def create_or_update_pull_request(
     team_reviewers,
     project_name,
     project_column_name,
-    draft,
-    request_to_parent,
 ):
-    github_repo = head_repo = Github(github_token).get_repo(github_repository)
-    if string_to_bool(request_to_parent):
-        github_repo = github_repo.parent
-        if github_repo is None:
-            raise ValueError(
-                "The checked out repository is not a fork. Input 'request-to-parent' should be set to false."
-            )
-
-    head_branch = f"{head_repo.owner.login}:{branch}"
-
     # Create the pull request
+    github_repo = Github(github_token).get_repo(github_repository)
     try:
         pull_request = github_repo.create_pull(
-            title=title,
-            body=body,
-            base=base,
-            head=head_branch,
-            draft=string_to_bool(draft),
-        )
-        print(
-            f"Created pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
+            title=title, body=body, base=base, head=branch
         )
+        print(f"Created pull request #{pull_request.number} ({branch} => {base})")
     except GithubException as e:
         if e.status == 422:
             # A pull request exists for this branch and base
+            head_branch = "{}:{}".format(github_repository.split("/")[0], branch)
             # Get the pull request
             pull_request = github_repo.get_pulls(
                 state="open", base=base, head=head_branch
             )[0]
             # Update title and body
             pull_request.as_issue().edit(title=title, body=body)
-            print(
-                f"Updated pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
-            )
+            print(f"Updated pull request #{pull_request.number} ({branch} => {base})")
         else:
             print(str(e))
             raise

dist/cpr/create_pull_request.py

@@ -129,7 +129,10 @@ if protocol == "HTTPS":
     # Mask the basic credential in logs and debug output
     print(f"::add-mask::{basic_credential}")
     repo.git.set_persistent_git_options(
-        c=f"http.https://github.com/.extraheader=AUTHORIZATION: basic {basic_credential}"
+        c=[
+            f"http.{repo_url}/.extraheader=",
+            f"http.{repo_url}/.extraheader=AUTHORIZATION: basic {basic_credential}",
+        ]
     )
 
 # Determine if the checked out ref is a valid base for a pull request
@@ -224,6 +227,4 @@ if result["action"] in ["created", "updated"]:
         os.environ.get("CPR_TEAM_REVIEWERS"),
         os.environ.get("CPR_PROJECT_NAME"),
         os.environ.get("CPR_PROJECT_COLUMN_NAME"),
-        os.environ.get("CPR_DRAFT"),
-        os.environ.get("CPR_REQUEST_TO_PARENT"),
     )

dist/cpr/requirements.txt

@@ -1,4 +1,2 @@
-setuptools==46.1.3
-wheel==0.34.2
-GitPython==3.1.1
-PyGithub==1.50
+GitPython==3.0.8
+PyGithub==1.46

dist/index.js

@@ -4215,14 +4215,6 @@ const isDocker = __webpack_require__(160);
 const core = __webpack_require__(470);
 const exec = __webpack_require__(986);
 const setupPython = __webpack_require__(104);
-const {
-  getRepoPath,
-  getAndUnsetConfigOption,
-  addConfigOption
-} = __webpack_require__(718);
-
-const EXTRAHEADER_OPTION = "http.https://github.com/.extraheader";
-const EXTRAHEADER_VALUE_REGEX = "^AUTHORIZATION:";
 
 async function run() {
   try {
@@ -4274,9 +4266,7 @@ async function run() {
       milestone: core.getInput("milestone"),
       project: core.getInput("project"),
       projectColumn: core.getInput("project-column"),
-      draft: core.getInput("draft"),
       branch: core.getInput("branch"),
-      request_to_parent: core.getInput("request-to-parent"),
       base: core.getInput("base"),
       branchSuffix: core.getInput("branch-suffix")
     };
@@ -4297,147 +4287,20 @@ async function run() {
     if (inputs.milestone) process.env.CPR_MILESTONE = inputs.milestone;
     if (inputs.project) process.env.CPR_PROJECT_NAME = inputs.project;
     if (inputs.projectColumn) process.env.CPR_PROJECT_COLUMN_NAME = inputs.projectColumn;
-    if (inputs.draft) process.env.CPR_DRAFT = inputs.draft;
     if (inputs.branch) process.env.CPR_BRANCH = inputs.branch;
-    if (inputs.request_to_parent) process.env.CPR_REQUEST_TO_PARENT = inputs.request_to_parent;
     if (inputs.base) process.env.CPR_BASE = inputs.base;
     if (inputs.branchSuffix) process.env.CPR_BRANCH_SUFFIX = inputs.branchSuffix;
 
-    // Get the repository path
-    var repoPath = getRepoPath(inputs.path);
-    // Get the extraheader config option if it exists
-    var extraHeaderOption = await getAndUnsetConfigOption(
-      repoPath,
-      EXTRAHEADER_OPTION,
-      EXTRAHEADER_VALUE_REGEX
-    );
-
     // Execute create pull request
     await exec.exec(python, [`${cpr}/create_pull_request.py`]);
   } catch (error) {
     core.setFailed(error.message);
-  } finally {
-    // Restore the extraheader config option
-    if (extraHeaderOption) {
-      if (
-        await addConfigOption(
-          repoPath,
-          EXTRAHEADER_OPTION,
-          extraHeaderOption.value
-        )
-      )
-        core.debug(`Restored config option '${EXTRAHEADER_OPTION}'`);
-    }
   }
 }
 
 run();
 
 
-/***/ }),
-
-/***/ 718:
-/***/ (function(module, __unusedexports, __webpack_require__) {
-
-const core = __webpack_require__(470);
-const exec = __webpack_require__(986);
-const path = __webpack_require__(622);
-
-function getRepoPath(relativePath) {
-  let githubWorkspacePath = process.env["GITHUB_WORKSPACE"];
-  if (!githubWorkspacePath) {
-    throw new Error("GITHUB_WORKSPACE not defined");
-  }
-  githubWorkspacePath = path.resolve(githubWorkspacePath);
-  core.debug(`githubWorkspacePath: ${githubWorkspacePath}`);
-
-  repoPath = githubWorkspacePath;
-  if (relativePath) repoPath = path.resolve(repoPath, relativePath);
-
-  core.debug(`repoPath: ${repoPath}`);
-  return repoPath;
-}
-
-async function execGit(repoPath, args, ignoreReturnCode = false) {
-  const stdout = [];
-  const options = {
-    cwd: repoPath,
-    ignoreReturnCode: ignoreReturnCode,
-    listeners: {
-      stdout: data => {
-        stdout.push(data.toString());
-      }
-    }
-  };
-
-  var result = {};
-  result.exitCode = await exec.exec("git", args, options);
-  result.stdout = stdout.join("");
-  return result;
-}
-
-async function addConfigOption(repoPath, name, value) {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--add", name, value],
-    true
-  );
-  return result.exitCode === 0;
-}
-
-async function unsetConfigOption(repoPath, name, valueRegex=".") {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--unset", name, valueRegex],
-    true
-  );
-  return result.exitCode === 0;
-}
-
-async function configOptionExists(repoPath, name, valueRegex=".") {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--name-only", "--get-regexp", name, valueRegex],
-    true
-  );
-  return result.exitCode === 0;
-}
-
-async function getConfigOption(repoPath, name, valueRegex=".") {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--get-regexp", name, valueRegex],
-    true
-  );
-  const option = result.stdout.trim().split(`${name} `);
-  return {
-    name: name,
-    value: option[1]
-  }
-}
-
-async function getAndUnsetConfigOption(repoPath, name, valueRegex=".") {
-  if (await configOptionExists(repoPath, name, valueRegex)) {
-    const option = await getConfigOption(repoPath, name, valueRegex);
-    if (await unsetConfigOption(repoPath, name, valueRegex)) {
-      core.debug(`Unset config option '${name}'`);
-      return option;
-    }
-  }
-  return null;
-}
-
-module.exports = {
-  getRepoPath,
-  execGit,
-  addConfigOption,
-  unsetConfigOption,
-  configOptionExists,
-  getConfigOption,
-  getAndUnsetConfigOption
-};
-
-
 /***/ }),
 
 /***/ 722:

docs/concepts-guidelines.md

@@ -9,12 +9,10 @@ This document covers terminology, how the action works, general usage guidelines
   - [Providing a consistent base](#providing-a-consistent-base)
   - [Pull request events](#pull-request-events)
   - [Restrictions on forked repositories](#restrictions-on-forked-repositories)
-  - [Triggering further workflow runs](#triggering-further-workflow-runs)
   - [Security](#security)
 - [Advanced usage](#advanced-usage)
   - [Creating pull requests in a remote repository](#creating-pull-requests-in-a-remote-repository)
   - [Push using SSH (deploy keys)](#push-using-ssh-deploy-keys)
-  - [Push pull request branches to a fork](#push-pull-request-branches-to-a-fork)
   - [Running in a container](#running-in-a-container)
   - [Creating pull requests on tag push](#creating-pull-requests-on-tag-push)
 
@@ -114,23 +112,6 @@ jobs:
     if: github.event.pull_request.head.repo.full_name == github.repository
 ```
 
-### Triggering further workflow runs
-
-Pull requests created by the action using the default `GITHUB_TOKEN` cannot trigger other workflows. If you have `on: pull_request` or `on: push` workflows acting as checks on pull requests, they will not run.
-
-> When you use the repository's GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run.
-
-[GitHub Actions: Events that trigger workflows](https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token)
-
-#### Workarounds to trigger further workflow runs
-
-There are a number of workarounds with different pros and cons.
-
-- Use the default `GITHUB_TOKEN` and allow the action to create pull requests that have no checks enabled. Manually close pull requests and immediately reopen them. This will enable `on: pull_request` workflows to run and be added as checks.
-- Use a `repo` scoped [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) created on an account that has write access to the repository that pull requests are being created in. This is the standard workaround and [recommended by GitHub](https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token). However, the PAT cannot be scoped to a specific repository so the token becomes a very sensitive secret. If this is a concern, the PAT can instead be created for a dedicated [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements) that has collaborator access to the repository. Also note that because the account that owns the PAT will be the creator of pull requests, that user account will be unable to perform actions such as request changes or approve the pull request.
-- Use [SSH (deploy keys)](#push-using-ssh-deploy-keys) to push the pull request branch. This is arguably more secure than using a PAT because deploy keys can be set per repository. However, this method will only trigger `on: push` workflows.
-- Use a [machine account that creates pull requests from its own fork](#push-pull-request-branches-to-a-fork). This is the most secure because the PAT created only grants access to the machine account's fork, not the main repository. This method will trigger `on: pull_request` workflows to run. Workflows triggered `on: push` will not run because the push event is in the fork.
-
 ### Security
 
 From a security perspective it's good practice to fork third-party actions, review the code, and use your fork of the action in workflows.
@@ -180,48 +161,23 @@ How to use SSH (deploy keys) with create-pull-request action:
 1. [Create a new SSH key pair](https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) for your repository. Do not set a passphrase.
 2. Copy the contents of the public key (.pub file) to a new repository [deploy key](https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys) and check the box to "Allow write access."
 3. Add a secret to the repository containing the entire contents of the private key.
-4. As shown in the example below, configure `actions/checkout` to use the deploy key you have created.
+4. As shown in the example steps below, use the [`webfactory/ssh-agent`](https://github.com/webfactory/ssh-agent) action to install the private key and clone your repository. Remember to checkout the `base` of your pull request if it's not the default branch, e.g. `git checkout my-branch`.
 
 ```yml
     steps:
-      - uses: actions/checkout@v2
+      - uses: webfactory/ssh-agent@v0.2.0
         with:
-          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Checkout via SSH
+        run: git clone git@github.com:peter-evans/create-pull-request.git .
 
       # Make changes to pull request here
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
-```
-
-### Push pull request branches to a fork
-
-Instead of pushing pull request branches to the repository you want to update, you can push them to a fork of that repository.
-This allows you to employ the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) by using a dedicated user acting as a [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements).
-This user has no access to the main repository.
-It will use their own fork to push code and create the pull request.
-
-1. Create a new GitHub user and login.
-2. Fork the repository that you will be creating pull requests in.
-3. Create a [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
-4. Logout and log back in to your main user account.
-5. Add a secret to your repository containing the above PAT.
-6. As shown in the following example workflow, switch the git remote to the fork's URL after checkout and set the action input `request-on-parent` to `true`.
-
-```yaml
-      - uses: actions/checkout@v2
-
-      - run: |
-          git config user.password ${{ secrets.MACHINE_USER_PAT }}
-          git remote set-url origin https://github.com/machine-user/fork-of-repository
-          git fetch --unshallow -p origin
-
-      # Make changes to pull request here
-
-      - uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.MACHINE_USER_PAT }}
-          request-on-parent: true
+          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ### Running in a container
@@ -249,6 +205,8 @@ jobs:
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 **Ubuntu container example:**
@@ -272,6 +230,8 @@ jobs:
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ### Creating pull requests on tag push
@@ -305,6 +265,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           base: master
 
       - name: Delete tag branch
@@ -332,4 +293,6 @@ jobs:
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
 ```

docs/examples.md

@@ -45,6 +45,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: update authors
           title: Update AUTHORS
           body: Credit new contributors by updating AUTHORS
@@ -77,6 +78,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           branch: production-promotion
 ```
 
@@ -108,6 +110,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: update dependencies
           title: Automated Dependency Updates
           body: This is an auto-generated PR with dependency updates.
@@ -158,6 +161,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Update swagger-ui to ${{ steps.swagger-ui.outputs.release_tag }}
           title: Update SwaggerUI to ${{ steps.swagger-ui.outputs.release_tag }}
           body: |
@@ -200,6 +204,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: update local website copy
           title: Automated Updates to Local Website Copy
           body: This is an auto-generated PR with website updates.
@@ -294,6 +299,7 @@ jobs:
         if: steps.autopep8.outputs.exit-code == 2
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: autopep8 action fixes
           title: Fixes by autopep8 action
           body: This is an auto-generated PR with fixes by autopep8.
@@ -352,6 +358,7 @@ The recommended method is to use [`set-output`](https://help.github.com/en/githu
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           title: ${{ steps.vars.outputs.pr_title }}
           body: ${{ steps.vars.outputs.pr_body }}
 ```
@@ -367,6 +374,7 @@ Alternatively, [`set-env`](https://help.github.com/en/github/automating-your-wor
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
           title: ${{ env.PULL_REQUEST_TITLE }}
           body: ${{ env.PULL_REQUEST_BODY }}
 ```

jest.config.js

@@ -1,3 +0,0 @@
-process.env = Object.assign(process.env, {
-  GITHUB_WORKSPACE: __dirname
-});

package.json

@@ -6,7 +6,6 @@
   "scripts": {
     "clean": "rm -rf dist",
     "lint": "eslint src/index.js",
-    "test": "eslint src/index.js && jest",
     "build": "ncc build src/index.js -o dist",
     "vendor-deps": "pip download -r src/cpr/requirements.txt --no-binary=:all: -d dist/vendor",
     "package": "npm run build && npm run vendor-deps"
@@ -23,14 +22,13 @@
   },
   "homepage": "https://github.com/peter-evans/create-pull-request",
   "dependencies": {
-    "@actions/core": "1.2.0",
-    "@actions/exec": "1.0.2",
-    "@actions/tool-cache": "1.1.2",
-    "is-docker": "2.0.0"
+    "@actions/core": "^1.1.1",
+    "@actions/exec": "^1.0.1",
+    "@actions/tool-cache": "^1.1.2",
+    "is-docker": "^2.0.0"
   },
   "devDependencies": {
-    "@zeit/ncc": "0.22.1",
-    "eslint": "6.8.0",
-    "jest": "25.5.3"
+    "@zeit/ncc": "0.21.1",
+    "eslint": "6.8.0"
   }
 }

renovate.json

@@ -1,11 +1,5 @@
 {
   "extends": [
     "config:base"
-  ],
-  "packageRules": [
-    {
-      "depTypeList": ["devDependencies"],
-      "automerge": true
-    }
   ]
 }

src/cpr/create_or_update_pull_request.py

@@ -4,20 +4,6 @@ from github import Github, GithubException
 import os
 
 
-def string_to_bool(str):
-    if str is None:
-        return False
-    else:
-        return str.lower() in [
-            "true",
-            "1",
-            "t",
-            "y",
-            "yes",
-            "on",
-        ]
-
-
 def cs_string_to_list(str):
     # Split the comma separated string into a list
     l = [i.strip() for i in str.split(",")]
@@ -70,43 +56,25 @@ def create_or_update_pull_request(
     team_reviewers,
     project_name,
     project_column_name,
-    draft,
-    request_to_parent,
 ):
-    github_repo = head_repo = Github(github_token).get_repo(github_repository)
-    if string_to_bool(request_to_parent):
-        github_repo = github_repo.parent
-        if github_repo is None:
-            raise ValueError(
-                "The checked out repository is not a fork. Input 'request-to-parent' should be set to false."
-            )
-
-    head_branch = f"{head_repo.owner.login}:{branch}"
-
     # Create the pull request
+    github_repo = Github(github_token).get_repo(github_repository)
     try:
         pull_request = github_repo.create_pull(
-            title=title,
-            body=body,
-            base=base,
-            head=head_branch,
-            draft=string_to_bool(draft),
-        )
-        print(
-            f"Created pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
+            title=title, body=body, base=base, head=branch
         )
+        print(f"Created pull request #{pull_request.number} ({branch} => {base})")
     except GithubException as e:
         if e.status == 422:
             # A pull request exists for this branch and base
+            head_branch = "{}:{}".format(github_repository.split("/")[0], branch)
             # Get the pull request
             pull_request = github_repo.get_pulls(
                 state="open", base=base, head=head_branch
             )[0]
             # Update title and body
             pull_request.as_issue().edit(title=title, body=body)
-            print(
-                f"Updated pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
-            )
+            print(f"Updated pull request #{pull_request.number} ({branch} => {base})")
         else:
             print(str(e))
             raise

src/cpr/create_pull_request.py

@@ -129,7 +129,10 @@ if protocol == "HTTPS":
     # Mask the basic credential in logs and debug output
     print(f"::add-mask::{basic_credential}")
     repo.git.set_persistent_git_options(
-        c=f"http.https://github.com/.extraheader=AUTHORIZATION: basic {basic_credential}"
+        c=[
+            f"http.{repo_url}/.extraheader=",
+            f"http.{repo_url}/.extraheader=AUTHORIZATION: basic {basic_credential}",
+        ]
     )
 
 # Determine if the checked out ref is a valid base for a pull request
@@ -224,6 +227,4 @@ if result["action"] in ["created", "updated"]:
         os.environ.get("CPR_TEAM_REVIEWERS"),
         os.environ.get("CPR_PROJECT_NAME"),
         os.environ.get("CPR_PROJECT_COLUMN_NAME"),
-        os.environ.get("CPR_DRAFT"),
-        os.environ.get("CPR_REQUEST_TO_PARENT"),
     )

src/cpr/requirements.txt

@@ -1,4 +1,2 @@
-setuptools==46.1.3
-wheel==0.34.2
-GitPython==3.1.1
-PyGithub==1.50
+GitPython==3.0.8
+PyGithub==1.46

src/git.js

@@ -1,97 +0,0 @@
-const core = require("@actions/core");
-const exec = require("@actions/exec");
-const path = require("path");
-
-function getRepoPath(relativePath) {
-  let githubWorkspacePath = process.env["GITHUB_WORKSPACE"];
-  if (!githubWorkspacePath) {
-    throw new Error("GITHUB_WORKSPACE not defined");
-  }
-  githubWorkspacePath = path.resolve(githubWorkspacePath);
-  core.debug(`githubWorkspacePath: ${githubWorkspacePath}`);
-
-  repoPath = githubWorkspacePath;
-  if (relativePath) repoPath = path.resolve(repoPath, relativePath);
-
-  core.debug(`repoPath: ${repoPath}`);
-  return repoPath;
-}
-
-async function execGit(repoPath, args, ignoreReturnCode = false) {
-  const stdout = [];
-  const options = {
-    cwd: repoPath,
-    ignoreReturnCode: ignoreReturnCode,
-    listeners: {
-      stdout: data => {
-        stdout.push(data.toString());
-      }
-    }
-  };
-
-  var result = {};
-  result.exitCode = await exec.exec("git", args, options);
-  result.stdout = stdout.join("");
-  return result;
-}
-
-async function addConfigOption(repoPath, name, value) {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--add", name, value],
-    true
-  );
-  return result.exitCode === 0;
-}
-
-async function unsetConfigOption(repoPath, name, valueRegex=".") {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--unset", name, valueRegex],
-    true
-  );
-  return result.exitCode === 0;
-}
-
-async function configOptionExists(repoPath, name, valueRegex=".") {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--name-only", "--get-regexp", name, valueRegex],
-    true
-  );
-  return result.exitCode === 0;
-}
-
-async function getConfigOption(repoPath, name, valueRegex=".") {
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--get-regexp", name, valueRegex],
-    true
-  );
-  const option = result.stdout.trim().split(`${name} `);
-  return {
-    name: name,
-    value: option[1]
-  }
-}
-
-async function getAndUnsetConfigOption(repoPath, name, valueRegex=".") {
-  if (await configOptionExists(repoPath, name, valueRegex)) {
-    const option = await getConfigOption(repoPath, name, valueRegex);
-    if (await unsetConfigOption(repoPath, name, valueRegex)) {
-      core.debug(`Unset config option '${name}'`);
-      return option;
-    }
-  }
-  return null;
-}
-
-module.exports = {
-  getRepoPath,
-  execGit,
-  addConfigOption,
-  unsetConfigOption,
-  configOptionExists,
-  getConfigOption,
-  getAndUnsetConfigOption
-};

src/git.test.js

@@ -1,98 +0,0 @@
-const path = require("path");
-const {
-  getRepoPath,
-  execGit,
-  addConfigOption,
-  unsetConfigOption,
-  configOptionExists,
-  getConfigOption,
-  getAndUnsetConfigOption
-} = require("./git");
-
-test("getRepoPath", async () => {
-  expect(getRepoPath()).toEqual(process.env["GITHUB_WORKSPACE"]);
-  expect(getRepoPath("foo")).toEqual(
-    path.resolve(process.env["GITHUB_WORKSPACE"], "foo")
-  );
-});
-
-test("execGit", async () => {
-  const repoPath = getRepoPath();
-  const result = await execGit(
-    repoPath,
-    ["config", "--local", "--name-only", "--get-regexp", "remote.origin.url"],
-    true
-  );
-  expect(result.exitCode).toEqual(0);
-  expect(result.stdout.trim()).toEqual("remote.origin.url");
-});
-
-test("add and unset config option", async () => {
-  const repoPath = getRepoPath();
-  const add = await addConfigOption(repoPath, "test.add.and.unset.config.option", "foo");
-  expect(add).toBeTruthy();
-  const unset = await unsetConfigOption(repoPath, "test.add.and.unset.config.option");
-  expect(unset).toBeTruthy();
-});
-
-test("add and unset config option with value regex", async () => {
-  const repoPath = getRepoPath();
-  const add = await addConfigOption(repoPath, "test.add.and.unset.config.option", "foo bar");
-  expect(add).toBeTruthy();
-  const unset = await unsetConfigOption(repoPath, "test.add.and.unset.config.option", "^foo");
-  expect(unset).toBeTruthy();
-});
-
-test("configOptionExists returns true", async () => {
-  const repoPath = getRepoPath();
-  const result = await configOptionExists(repoPath, "remote.origin.url");
-  expect(result).toBeTruthy();
-});
-
-test("configOptionExists returns false", async () => {
-  const repoPath = getRepoPath();
-  const result = await configOptionExists(repoPath, "this.key.does.not.exist");
-  expect(result).toBeFalsy();
-});
-
-test("get config option", async () => {
-  const repoPath = getRepoPath();
-  const add = await addConfigOption(repoPath, "test.get.config.option", "foo");
-  expect(add).toBeTruthy();
-  const option = await getConfigOption(repoPath, "test.get.config.option");
-  expect(option.value).toEqual("foo");
-  const unset = await unsetConfigOption(repoPath, "test.get.config.option");
-  expect(unset).toBeTruthy();
-});
-
-test("get config option with value regex", async () => {
-  const repoPath = getRepoPath();
-  const add = await addConfigOption(repoPath, "test.get.config.option", "foo bar");
-  expect(add).toBeTruthy();
-  const option = await getConfigOption(repoPath, "test.get.config.option", "^foo");
-  expect(option.value).toEqual("foo bar");
-  const unset = await unsetConfigOption(repoPath, "test.get.config.option", "^foo");
-  expect(unset).toBeTruthy();
-});
-
-test("get and unset config option is successful", async () => {
-  const repoPath = getRepoPath();
-  const add = await addConfigOption(repoPath, "test.get.and.unset.config.option", "foo");
-  expect(add).toBeTruthy();
-  const getAndUnset = await getAndUnsetConfigOption(repoPath, "test.get.and.unset.config.option");
-  expect(getAndUnset.value).toEqual("foo");
-});
-
-test("get and unset config option is successful with value regex", async () => {
-  const repoPath = getRepoPath();
-  const add = await addConfigOption(repoPath, "test.get.and.unset.config.option", "foo bar");
-  expect(add).toBeTruthy();
-  const getAndUnset = await getAndUnsetConfigOption(repoPath, "test.get.and.unset.config.option", "^foo");
-  expect(getAndUnset.value).toEqual("foo bar");
-});
-
-test("get and unset config option is unsuccessful", async () => {
-  const repoPath = getRepoPath();
-  const getAndUnset = await getAndUnsetConfigOption(repoPath, "this.key.does.not.exist");
-  expect(getAndUnset).toBeNull();
-});

src/index.js

@@ -3,14 +3,6 @@ const isDocker = require("is-docker");
 const core = require("@actions/core");
 const exec = require("@actions/exec");
 const setupPython = require("./setup-python");
-const {
-  getRepoPath,
-  getAndUnsetConfigOption,
-  addConfigOption
-} = require("./git");
-
-const EXTRAHEADER_OPTION = "http.https://github.com/.extraheader";
-const EXTRAHEADER_VALUE_REGEX = "^AUTHORIZATION:";
 
 async function run() {
   try {
@@ -62,9 +54,7 @@ async function run() {
       milestone: core.getInput("milestone"),
       project: core.getInput("project"),
       projectColumn: core.getInput("project-column"),
-      draft: core.getInput("draft"),
       branch: core.getInput("branch"),
-      request_to_parent: core.getInput("request-to-parent"),
       base: core.getInput("base"),
       branchSuffix: core.getInput("branch-suffix")
     };
@@ -85,37 +75,14 @@ async function run() {
     if (inputs.milestone) process.env.CPR_MILESTONE = inputs.milestone;
     if (inputs.project) process.env.CPR_PROJECT_NAME = inputs.project;
     if (inputs.projectColumn) process.env.CPR_PROJECT_COLUMN_NAME = inputs.projectColumn;
-    if (inputs.draft) process.env.CPR_DRAFT = inputs.draft;
     if (inputs.branch) process.env.CPR_BRANCH = inputs.branch;
-    if (inputs.request_to_parent) process.env.CPR_REQUEST_TO_PARENT = inputs.request_to_parent;
     if (inputs.base) process.env.CPR_BASE = inputs.base;
     if (inputs.branchSuffix) process.env.CPR_BRANCH_SUFFIX = inputs.branchSuffix;
 
-    // Get the repository path
-    var repoPath = getRepoPath(inputs.path);
-    // Get the extraheader config option if it exists
-    var extraHeaderOption = await getAndUnsetConfigOption(
-      repoPath,
-      EXTRAHEADER_OPTION,
-      EXTRAHEADER_VALUE_REGEX
-    );
-
     // Execute create pull request
     await exec.exec(python, [`${cpr}/create_pull_request.py`]);
   } catch (error) {
     core.setFailed(error.message);
-  } finally {
-    // Restore the extraheader config option
-    if (extraHeaderOption) {
-      if (
-        await addConfigOption(
-          repoPath,
-          EXTRAHEADER_OPTION,
-          extraHeaderOption.value
-        )
-      )
-        core.debug(`Restored config option '${EXTRAHEADER_OPTION}'`);
-    }
   }
 }