fix bug where repo not checked out (#15279)

Author: dsyme

pkg/cli/copilot_setup.go

@@ -13,13 +13,18 @@ import (
 
 var copilotSetupLog = logger.New("cli:copilot_setup")
 
+// getActionRef returns the action reference string based on action mode and version
+func getActionRef(actionMode workflow.ActionMode, version string) string {
+	if actionMode.IsRelease() && version != "" && version != "dev" {
+		return "@" + version
+	}
+	return "@main"
+}
+
 // generateCopilotSetupStepsYAML generates the copilot-setup-steps.yml content based on action mode
 func generateCopilotSetupStepsYAML(actionMode workflow.ActionMode, version string) string {
 	// Determine the action reference - use version tag in release mode, @main in dev mode
-	actionRef := "@main"
-	if actionMode.IsRelease() && version != "" && version != "dev" {
-		actionRef = "@" + version
-	}
+	actionRef := getActionRef(actionMode, version)
 
 	if actionMode.IsRelease() {
 		// Use the actions/setup-cli action in release mode
@@ -247,10 +252,7 @@ func renderCopilotSetupUpdateInstructions(filePath string, actionMode workflow.A
 	fmt.Fprintln(os.Stderr)
 
 	// Determine the action reference
-	actionRef := "@main"
-	if actionMode.IsRelease() && version != "" && version != "dev" {
-		actionRef = "@" + version
-	}
+	actionRef := getActionRef(actionMode, version)
 
 	if actionMode.IsRelease() {
 		fmt.Fprintln(os.Stderr, "      - name: Checkout repository")
@@ -279,10 +281,7 @@ func upgradeSetupCliVersion(workflow *Workflow, actionMode workflow.ActionMode,
 	}
 
 	upgraded := false
-	actionRef := "@main"
-	if actionMode.IsRelease() && version != "" && version != "dev" {
-		actionRef = "@" + version
-	}
+	actionRef := getActionRef(actionMode, version)
 
 	// Iterate through steps and update any actions/setup-cli steps
 	for i := range job.Steps {
@@ -321,10 +320,7 @@ func injectExtensionInstallStep(workflow *Workflow, actionMode workflow.ActionMo
 	var installStep, checkoutStep CopilotWorkflowStep
 
 	// Determine the action reference - use version tag in release mode, @main in dev mode
-	actionRef := "@main"
-	if actionMode.IsRelease() && version != "" && version != "dev" {
-		actionRef = "@" + version
-	}
+	actionRef := getActionRef(actionMode, version)
 
 	if actionMode.IsRelease() {
 		// In release mode, use the actions/setup-cli action

pkg/workflow/compiler_jobs.go

@@ -501,39 +501,21 @@ func (c *Compiler) buildCustomJobs(data *WorkflowData, activationJobCreated bool
 }
 
 // shouldAddCheckoutStep returns true if the workflow requires a checkout step.
-// A checkout is needed when the workflow uses custom agent files, accesses local
-// actions in dev/script mode, or needs to reference .github directory content.
+// The repository checkout is needed in the agent job to access workflow files,
+// custom agent files, and other repository content.
 //
-// The checkout step is skipped in the following cases:
+// The checkout step is only skipped when:
 //   - Custom steps already contain a checkout action
-//   - Workflow is in release mode without a custom agent file
 //
-// The checkout step is always added when:
-//   - A custom agent file is specified (via imports)
-//   - Running in dev or script mode (requires .github and .actions access)
-//   - Action mode is uninitialized (defaults to requiring checkout)
+// Otherwise, checkout is always added to ensure the agent has access to the repository.
 func (c *Compiler) shouldAddCheckoutStep(data *WorkflowData) bool {
-	// Check condition 1: If custom steps already contain checkout, don't add another one
+	// If custom steps already contain checkout, don't add another one
 	if data.CustomSteps != "" && ContainsCheckout(data.CustomSteps) {
 		log.Print("Skipping checkout step: custom steps already contain checkout")
-		return false // Custom steps already have checkout
-	}
-
-	// Check condition 2: If custom agent file is specified (via imports), checkout is required
-	if data.AgentFile != "" {
-		log.Printf("Adding checkout step: custom agent file specified: %s", data.AgentFile)
-		return true // Custom agent file requires checkout to access the file
-	}
-
-	// Check condition 3: Only skip checkout in explicit release mode without agent file
-	// Dev mode, script mode, and uninitialized mode all need checkout for .github and .actions access
-	if c.actionMode.IsRelease() {
-		// In release mode without agent file, checkout is not needed
-		log.Print("Skipping checkout step: release mode without agent file")
 		return false
 	}
 
-	// Default: add checkout for dev/script mode and uninitialized mode
-	log.Printf("Adding checkout step: %s mode requires .github and .actions access", c.actionMode)
+	// Always add checkout to ensure agent has repository access
+	log.Print("Adding checkout step: agent job requires repository access")
 	return true
 }

pkg/workflow/compiler_jobs_test.go

@@ -343,7 +343,7 @@ func TestShouldAddCheckoutStep(t *testing.T) {
 				CustomSteps: "",
 			},
 			actionMode: ActionModeRelease,
-			expected:   false,
+			expected:   true, // Checkout always needed unless already in steps
 		},
 		{
 			name: "dev mode without agent file",

pkg/workflow/compiler_yaml_main_job_test.go

@@ -766,7 +766,7 @@ func TestShouldAddCheckoutStepEdgeCases(t *testing.T) {
 			expectCheckout: true,
 		},
 		{
-			name: "no checkout in release mode without agent file",
+			name: "checkout required in release mode without agent file",
 			setupData: func() *WorkflowData {
 				return &WorkflowData{
 					Name: "Test",
@@ -775,7 +775,7 @@ func TestShouldAddCheckoutStepEdgeCases(t *testing.T) {
 			setupCompiler: func(c *Compiler) {
 				c.actionMode = ActionModeRelease
 			},
-			expectCheckout: false,
+			expectCheckout: true, // Checkout always needed unless already in steps
 		},
 		{
 			name: "checkout required when agent file specified",

pkg/workflow/engine_agent_import_test.go

@@ -378,9 +378,9 @@ func TestCheckoutWithAgentFromImports(t *testing.T) {
 		}
 	})
 
-	t.Run("no_checkout_without_agent_and_permissions", func(t *testing.T) {
+	t.Run("checkout_added_without_agent", func(t *testing.T) {
 		compiler := NewCompiler()
-		// Set action mode to release to prevent automatic contents:read addition
+		// Set action mode to release
 		compiler.SetActionMode(ActionModeRelease)
 
 		workflowData := &WorkflowData{
@@ -391,8 +391,8 @@ func TestCheckoutWithAgentFromImports(t *testing.T) {
 		}
 
 		shouldCheckout := compiler.shouldAddCheckoutStep(workflowData)
-		if shouldCheckout {
-			t.Error("Expected checkout NOT to be added in release mode without agent file and without contents permission")
+		if !shouldCheckout {
+			t.Error("Expected checkout to be added (always needed unless already in custom steps)")
 		}
 	})