chore: remove upstream CI workflows (mirror inertization per internal#233)

.github/workflows/check-dist.yml

@@ -1,51 +0,0 @@
-# `dist/index.js` is a special file in Actions.
-# When you reference an action with `uses:` in a workflow,
-# `index.js` is the code that will run.
-# For our project, we generate this file through a build process
-# from other source files.
-# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
-name: Check dist
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
-
-jobs:
-  check-dist:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v6
-
-      - name: Set Node.js 24.x
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24.x
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Rebuild the index.js file
-        run: npm run build
-
-      - name: Compare the expected and actual dist/ directories
-        run: |
-          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
-            echo "Detected uncommitted changes after build.  See status below:"
-            git diff
-            exit 1
-          fi
-
-      # If dist/ was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v4
-        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
-        with:
-          name: dist
-          path: dist/

.github/workflows/codeql-analysis.yml

@@ -1,58 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '28 9 * * 0'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v6
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    - run: npm ci
-    - run: npm run build
-    - run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3

.github/workflows/licensed.yml

@@ -1,14 +0,0 @@
-name: Licensed
-
-on:
-  push: {branches: main}
-  pull_request: {branches: main}
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    name: Check licenses
-    steps:
-      - uses: actions/checkout@v6
-      - run: npm ci
-      - run: npm run licensed-check

.github/workflows/publish-immutable-actions.yml

@@ -1,20 +0,0 @@
-name: 'Publish Immutable Action Version'
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-
-    steps:
-      - name: Checking out
-        uses: actions/checkout@v6
-      - name: Publish
-        id: publish
-        uses: actions/publish-immutable-action@0.0.3

.github/workflows/test.yml

@@ -1,357 +0,0 @@
-name: Build and Test
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - releases/*
-
-
-# Note that when you see patterns like "ref: test-data/v2/basic" within this workflow,
-# these refer to "test-data" branches on this actions/checkout repo.
-# (For example, test-data/v2/basic -> https://github.com/actions/checkout/tree/test-data/v2/basic)
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 24.x
-      - uses: actions/checkout@v6
-      - run: npm ci
-      - run: npm run build
-      - run: npm run format-check
-      - run: npm run lint
-      - run: npm test
-      - name: Verify no unstaged changes
-        run: __test__/verify-no-unstaged-changes.sh
-
-  test:
-    strategy:
-      matrix:
-        runs-on: [ubuntu-latest, macos-latest, windows-latest]
-    runs-on: ${{ matrix.runs-on }}
-
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      # Basic checkout
-      - name: Checkout basic
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: basic
-      - name: Verify basic
-        shell: bash
-        run: __test__/verify-basic.sh
-
-      # Clean
-      - name: Modify work tree
-        shell: bash
-        run: __test__/modify-work-tree.sh
-      - name: Checkout clean
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: basic
-      - name: Verify clean
-        shell: bash
-        run: __test__/verify-clean.sh
-
-      # Side by side
-      - name: Checkout side by side 1
-        uses: ./
-        with:
-          ref: test-data/v2/side-by-side-1
-          path: side-by-side-1
-      - name: Checkout side by side 2
-        uses: ./
-        with:
-          ref: test-data/v2/side-by-side-2
-          path: side-by-side-2
-      - name: Verify side by side
-        shell: bash
-        run: __test__/verify-side-by-side.sh
-
-      # Filter
-      - name: Fetch filter
-        uses: ./
-        with:
-          filter: 'blob:none'
-          path: fetch-filter
-
-      - name: Verify fetch filter
-        run: __test__/verify-fetch-filter.sh
-
-      # Fetch tags
-      - name: Checkout with fetch-tags
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: fetch-tags-test
-          fetch-tags: true
-      - name: Verify fetch-tags
-        shell: bash
-        run: __test__/verify-fetch-tags.sh
-
-      # Sparse checkout
-      - name: Sparse checkout
-        uses: ./
-        with:
-          sparse-checkout: |
-            __test__
-            .github
-            dist
-          path: sparse-checkout
-
-      - name: Verify sparse checkout
-        run: __test__/verify-sparse-checkout.sh
-
-      # Disabled sparse checkout in existing checkout
-      - name: Disabled sparse checkout
-        uses: ./
-        with:
-          path: sparse-checkout
-
-      - name: Verify disabled sparse checkout
-        shell: bash
-        run: set -x && ls -l sparse-checkout/src/git-command-manager.ts
-
-      # Sparse checkout (non-cone mode)
-      - name: Sparse checkout (non-cone mode)
-        uses: ./
-        with:
-          sparse-checkout: |
-            /__test__/
-            /.github/
-            /dist/
-          sparse-checkout-cone-mode: false
-          path: sparse-checkout-non-cone-mode
-
-      - name: Verify sparse checkout (non-cone mode)
-        run: __test__/verify-sparse-checkout-non-cone-mode.sh
-
-      # LFS
-      - name: Checkout LFS
-        uses: ./
-        with:
-          repository: actions/checkout # hardcoded, otherwise doesn't work from a fork
-          ref: test-data/v2/lfs
-          path: lfs
-          lfs: true
-      - name: Verify LFS
-        shell: bash
-        run: __test__/verify-lfs.sh
-
-      # Submodules false
-      - name: Checkout submodules false
-        uses: ./
-        with:
-          ref: test-data/v2/submodule-ssh-url
-          path: submodules-false
-      - name: Verify submodules false
-        run: __test__/verify-submodules-false.sh
-
-      # Submodules one level
-      - name: Checkout submodules true
-        uses: ./
-        with:
-          ref: test-data/v2/submodule-ssh-url
-          path: submodules-true
-          submodules: true
-      - name: Verify submodules true
-        run: __test__/verify-submodules-true.sh
-
-      # Submodules recursive
-      - name: Checkout submodules recursive
-        uses: ./
-        with:
-          ref: test-data/v2/submodule-ssh-url
-          path: submodules-recursive
-          submodules: recursive
-      - name: Verify submodules recursive
-        run: __test__/verify-submodules-recursive.sh
-
-      # Worktree credentials
-      - name: Checkout for worktree test
-        uses: ./
-        with:
-          path: worktree-test
-      - name: Verify worktree credentials
-        shell: bash
-        run: __test__/verify-worktree.sh worktree-test worktree-branch
-
-      # Worktree credentials in container step
-      - name: Verify worktree credentials in container step
-        if: runner.os == 'Linux'
-        uses: docker://bitnami/git:latest
-        with:
-          args: bash __test__/verify-worktree.sh worktree-test container-worktree-branch
-
-      # Basic checkout using REST API
-      - name: Remove basic
-        if: runner.os != 'windows'
-        run: rm -rf basic
-      - name: Remove basic (Windows)
-        if: runner.os == 'windows'
-        shell: cmd
-        run: rmdir /s /q basic
-      - name: Override git version
-        if: runner.os != 'windows'
-        run: __test__/override-git-version.sh
-      - name: Override git version (Windows)
-        if: runner.os == 'windows'
-        run: __test__\\override-git-version.cmd
-      - name: Checkout basic using REST API
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: basic
-      - name: Verify basic
-        run: __test__/verify-basic.sh --archive
-
-  test-proxy:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/actions/test-ubuntu-git:main.20240221.114913.703z
-      options: --dns 127.0.0.1
-    services:
-      squid-proxy:
-        image: ubuntu/squid:latest
-        ports:
-          - 3128:3128
-    env:
-      https_proxy: http://squid-proxy:3128
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      # Basic checkout using git
-      - name: Checkout basic
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: basic
-      - name: Verify basic
-        run: __test__/verify-basic.sh
-
-      # Basic checkout using REST API
-      - name: Remove basic
-        run: rm -rf basic
-      - name: Override git version
-        run: __test__/override-git-version.sh
-      - name: Basic checkout using REST API
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: basic
-      - name: Verify basic
-        run: __test__/verify-basic.sh --archive
-
-  test-bypass-proxy:
-    runs-on: ubuntu-latest
-    env:
-      https_proxy: http://no-such-proxy:3128
-      no_proxy: api.github.com,github.com
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      # Basic checkout using git
-      - name: Checkout basic
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: basic
-      - name: Verify basic
-        run: __test__/verify-basic.sh
-      - name: Remove basic
-        run: rm -rf basic
-
-      # Basic checkout using REST API
-      - name: Override git version
-        run: __test__/override-git-version.sh
-      - name: Checkout basic using REST API
-        uses: ./
-        with:
-          ref: test-data/v2/basic
-          path: basic
-      - name: Verify basic
-        run: __test__/verify-basic.sh --archive
-
-  test-git-container:
-    runs-on: ubuntu-latest
-    container: bitnami/git:latest
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          path: localClone
-
-      # Basic checkout using git
-      - name: Checkout basic
-        uses: ./localClone
-        with:
-          ref: test-data/v2/basic
-      - name: Verify basic
-        run: |
-          if [ ! -f "./basic-file.txt" ]; then
-              echo "Expected basic file does not exist"
-              exit 1
-          fi
-
-          # Verify .git folder
-          if [ ! -d "./.git" ]; then
-            echo "Expected ./.git folder to exist"
-            exit 1
-          fi
-
-          # Verify auth token
-          git config --global --add safe.directory "*"
-          git fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main
-
-      # needed to make checkout post cleanup succeed
-      - name: Fix Checkout v6
-        uses: actions/checkout@v6
-        with:
-          path: localClone
-
-  test-output:
-    runs-on: ubuntu-latest
-    steps:
-      # Clone this repo
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          path: actions-checkout
-
-      # Basic checkout using git
-      - name: Checkout basic
-        id: checkout
-        uses: ./actions-checkout
-        with:
-          path: cloned-using-local-action
-          ref: test-data/v2/basic
-
-      # Verify output
-      - name: Verify output
-        run: |
-          echo "Commit: ${{ steps.checkout.outputs.commit }}"
-          echo "Ref: ${{ steps.checkout.outputs.ref }}"
-
-          if [ "${{ steps.checkout.outputs.ref }}" != "test-data/v2/basic" ]; then
-            echo "Expected ref to be test-data/v2/basic"
-            exit 1
-          fi
-
-          if [ "${{ steps.checkout.outputs.commit }}" != "82f71901cf8c021332310dcc8cdba84c4193ff5d" ]; then
-            echo "Expected commit to be 82f71901cf8c021332310dcc8cdba84c4193ff5d"
-            exit 1
-          fi

.github/workflows/update-main-version.yml

@@ -1,36 +0,0 @@
-name: Update Main Version
-run-name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
-
-on:
-  workflow_dispatch:
-    inputs:
-      target:
-        description: The tag or reference to use
-        required: true
-      major_version:
-        type: choice
-        description: The major version to update
-        options:
-          - v5
-          - v4
-          - v3
-          - v2
-
-jobs:
-  tag:
-    runs-on: ubuntu-latest
-    steps:
-    # Note this update workflow can also be used as a rollback tool.
-    # For that reason, it's best to pin `actions/checkout` to a known, stable version
-    # (typically, about two releases back).
-    - uses: actions/checkout@v6
-      with:
-        fetch-depth: 0
-    - name: Git config
-      run: |
-        git config user.name "github-actions[bot]"
-        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-    - name: Tag new target
-      run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
-    - name: Push new tag
-      run: git push origin ${{ github.event.inputs.major_version }} --force

.github/workflows/update-test-ubuntu-git.yml

@@ -1,59 +0,0 @@
-name: Publish test-ubuntu-git Container
-
-on:
-  # Use an on demand workflow trigger.  
-  # (Forked copies of actions/checkout won't have permission to update GHCR.io/actions, 
-  #  so avoid trigger events that run automatically.)
-  workflow_dispatch:
-    inputs:
-      publish:
-        description:  'Publish to ghcr.io? (main branch only)'
-        type: boolean
-        required: true
-        default: false
-
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: actions/test-ubuntu-git
-
-jobs:
-  build-and-push-image:
-    runs-on: ubuntu-latest
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
-    permissions:
-      contents: read
-      packages: write
- 
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-      # Use `docker/login-action` to log in to GHCR.io. 
-      # Once published, the packages are scoped to the account defined here.
-      - name: Log in to the ghcr.io container registry
-        uses: docker/login-action@v3.3.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Format Timestamp
-        id: timestamp
-        # Use `date` with a custom format to achieve the key=value format GITHUB_OUTPUT expects.
-        run: date -u "+now=%Y%m%d.%H%M%S.%3NZ" >> "$GITHUB_OUTPUT"
-
-      - name: Issue Image Publish Warning
-        if:  ${{ inputs.publish && github.ref_name != 'main' }}
-        run: echo "::warning::test-ubuntu-git images can only be published from the actions/checkout 'main' branch.  Workflow will continue with push/publish disabled."
-
-      # Use `docker/build-push-action` to build (and optionally publish) the image. 
-      - name: Build Docker Image (with optional Push)
-        uses: docker/build-push-action@v6.5.0
-        with:
-          context: .
-          file: images/test-ubuntu-git.Dockerfile
-          # For now, attempts to push to ghcr.io must target the `main` branch.
-          # In the future, consider also allowing attempts from `releases/*` branches.
-          push: ${{ inputs.publish && github.ref_name == 'main' }}
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}.${{ steps.timestamp.outputs.now }}

__test__/git-auth-helper.test.ts

@@ -974,46 +974,6 @@ describe('git-auth-helper tests', () => {
     ).toBe(false)
     expect((authHelper as any).testCredentialsConfigPath('')).toBe(false)
   })
-
-  const includeIfCleanupRegex_matchesBothVariants =
-    'includeIf cleanup regex matches both gitdir: and gitdir/i: keys'
-  it(includeIfCleanupRegex_matchesBothVariants, async () => {
-    // The cleanup regex must match both variants so credential
-    // removal works regardless of which was written
-    const regex = /^includeIf\.gitdir(\/i)?:/
-    expect(regex.test('includeIf.gitdir:D:/workspaces/repo/.git.path')).toBe(
-      true
-    )
-    expect(regex.test('includeIf.gitdir/i:D:/Workspaces/repo/.git.path')).toBe(
-      true
-    )
-    expect(regex.test('includeIf.gitdir/i:/github/workspace/.git.path')).toBe(
-      true
-    )
-    expect(regex.test('includeIf.gitdir:~/projects/foo/.git.path')).toBe(true)
-    expect(regex.test('includeIf.onbranch:main.path')).toBe(false)
-    expect(regex.test('include.path')).toBe(false)
-  })
-
-  const includeIfDirective_usesCorrectVariantForPlatform =
-    'includeIf directive uses gitdir/i on Windows and gitdir on other platforms'
-  it(includeIfDirective_usesCorrectVariantForPlatform, async () => {
-    await setup(includeIfDirective_usesCorrectVariantForPlatform)
-    const authHelper = gitAuthHelper.createAuthHelper(git, settings)
-    await authHelper.configureAuth()
-
-    const localConfigContent = (
-      await fs.promises.readFile(localGitConfigPath)
-    ).toString()
-
-    if (isWindows) {
-      expect(localConfigContent).toContain('includeIf.gitdir/i:')
-      expect(localConfigContent).not.toContain('includeIf.gitdir:')
-    } else {
-      expect(localConfigContent).toContain('includeIf.gitdir:')
-      expect(localConfigContent).not.toContain('includeIf.gitdir/i:')
-    }
-  })
 })
 
 async function setup(testName: string): Promise<void> {

dist/index.js

@@ -151,12 +151,6 @@ const stateHelper = __importStar(__nccwpck_require__(4866));
 const urlHelper = __importStar(__nccwpck_require__(9437));
 const uuid_1 = __nccwpck_require__(5840);
 const IS_WINDOWS = process.platform === 'win32';
-// Use case-insensitive gitdir matching on Windows to handle path casing mismatches
-// between the runner's GITHUB_WORKSPACE and the actual filesystem casing.
-// See: https://github.com/actions/checkout/issues/2345
-const INCLUDE_IF_GITDIR = IS_WINDOWS
-    ? 'includeIf.gitdir/i:'
-    : 'includeIf.gitdir:';
 const SSH_COMMAND_KEY = 'core.sshCommand';
 function createAuthHelper(git, settings) {
     return new GitAuthHelper(git, settings);
@@ -276,7 +270,7 @@ class GitAuthHelper {
                     let submoduleGitDir = path.dirname(configPath); // The config file is at .git/modules/submodule-name/config
                     submoduleGitDir = submoduleGitDir.replace(/\\/g, '/'); // Use forward slashes, even on Windows
                     // Configure host includeIf
-                    yield this.git.config(`${INCLUDE_IF_GITDIR}${submoduleGitDir}.path`, credentialsConfigPath, false, // globalConfig?
+                    yield this.git.config(`includeIf.gitdir:${submoduleGitDir}.path`, credentialsConfigPath, false, // globalConfig?
                     false, // add?
                     configPath);
                     // Container submodule git directory
@@ -286,7 +280,7 @@ class GitAuthHelper {
                     relativeSubmoduleGitDir = relativeSubmoduleGitDir.replace(/\\/g, '/'); // Use forward slashes, even on Windows
                     const containerSubmoduleGitDir = path.posix.join('/github/workspace', relativeSubmoduleGitDir);
                     // Configure container includeIf
-                    yield this.git.config(`${INCLUDE_IF_GITDIR}${containerSubmoduleGitDir}.path`, containerCredentialsPath, false, // globalConfig?
+                    yield this.git.config(`includeIf.gitdir:${containerSubmoduleGitDir}.path`, containerCredentialsPath, false, // globalConfig?
                     false, // add?
                     configPath);
                 }
@@ -416,10 +410,10 @@ class GitAuthHelper {
                 let gitDir = path.join(this.git.getWorkingDirectory(), '.git');
                 gitDir = gitDir.replace(/\\/g, '/'); // Use forward slashes, even on Windows
                 // Configure host includeIf
-                const hostIncludeKey = `${INCLUDE_IF_GITDIR}${gitDir}.path`;
+                const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`;
                 yield this.git.config(hostIncludeKey, credentialsConfigPath);
                 // Configure host includeIf for worktrees
-                const hostWorktreeIncludeKey = `${INCLUDE_IF_GITDIR}${gitDir}/worktrees/*.path`;
+                const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`;
                 yield this.git.config(hostWorktreeIncludeKey, credentialsConfigPath);
                 // Container git directory
                 const workingDirectory = this.git.getWorkingDirectory();
@@ -431,10 +425,10 @@ class GitAuthHelper {
                 // Container credentials config path
                 const containerCredentialsPath = path.posix.join('/github/runner_temp', path.basename(credentialsConfigPath));
                 // Configure container includeIf
-                const containerIncludeKey = `${INCLUDE_IF_GITDIR}${containerGitDir}.path`;
+                const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`;
                 yield this.git.config(containerIncludeKey, containerCredentialsPath);
                 // Configure container includeIf for worktrees
-                const containerWorktreeIncludeKey = `${INCLUDE_IF_GITDIR}${containerGitDir}/worktrees/*.path`;
+                const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`;
                 yield this.git.config(containerWorktreeIncludeKey, containerCredentialsPath);
             }
         });
@@ -571,7 +565,7 @@ class GitAuthHelper {
             const credentialsPaths = new Set();
             try {
                 // Get all includeIf.gitdir keys
-                const keys = yield this.git.tryGetConfigKeys('^includeIf\\.gitdir(/i)?:', false, // globalConfig?
+                const keys = yield this.git.tryGetConfigKeys('^includeIf\\.gitdir:', false, // globalConfig?
                 configPath);
                 for (const key of keys) {
                     // Get all values for this key

src/git-auth-helper.ts

@@ -13,12 +13,6 @@ import {IGitCommandManager} from './git-command-manager'
 import {IGitSourceSettings} from './git-source-settings'
 
 const IS_WINDOWS = process.platform === 'win32'
-// Use case-insensitive gitdir matching on Windows to handle path casing mismatches
-// between the runner's GITHUB_WORKSPACE and the actual filesystem casing.
-// See: https://github.com/actions/checkout/issues/2345
-const INCLUDE_IF_GITDIR = IS_WINDOWS
-  ? 'includeIf.gitdir/i:'
-  : 'includeIf.gitdir:'
 const SSH_COMMAND_KEY = 'core.sshCommand'
 
 export interface IGitAuthHelper {
@@ -188,7 +182,7 @@ class GitAuthHelper {
 
         // Configure host includeIf
         await this.git.config(
-          `${INCLUDE_IF_GITDIR}${submoduleGitDir}.path`,
+          `includeIf.gitdir:${submoduleGitDir}.path`,
           credentialsConfigPath,
           false, // globalConfig?
           false, // add?
@@ -210,7 +204,7 @@ class GitAuthHelper {
 
         // Configure container includeIf
         await this.git.config(
-          `${INCLUDE_IF_GITDIR}${containerSubmoduleGitDir}.path`,
+          `includeIf.gitdir:${containerSubmoduleGitDir}.path`,
           containerCredentialsPath,
           false, // globalConfig?
           false, // add?
@@ -377,11 +371,11 @@ class GitAuthHelper {
       gitDir = gitDir.replace(/\\/g, '/') // Use forward slashes, even on Windows
 
       // Configure host includeIf
-      const hostIncludeKey = `${INCLUDE_IF_GITDIR}${gitDir}.path`
+      const hostIncludeKey = `includeIf.gitdir:${gitDir}.path`
       await this.git.config(hostIncludeKey, credentialsConfigPath)
 
       // Configure host includeIf for worktrees
-      const hostWorktreeIncludeKey = `${INCLUDE_IF_GITDIR}${gitDir}/worktrees/*.path`
+      const hostWorktreeIncludeKey = `includeIf.gitdir:${gitDir}/worktrees/*.path`
       await this.git.config(hostWorktreeIncludeKey, credentialsConfigPath)
 
       // Container git directory
@@ -403,11 +397,11 @@ class GitAuthHelper {
       )
 
       // Configure container includeIf
-      const containerIncludeKey = `${INCLUDE_IF_GITDIR}${containerGitDir}.path`
+      const containerIncludeKey = `includeIf.gitdir:${containerGitDir}.path`
       await this.git.config(containerIncludeKey, containerCredentialsPath)
 
       // Configure container includeIf for worktrees
-      const containerWorktreeIncludeKey = `${INCLUDE_IF_GITDIR}${containerGitDir}/worktrees/*.path`
+      const containerWorktreeIncludeKey = `includeIf.gitdir:${containerGitDir}/worktrees/*.path`
       await this.git.config(
         containerWorktreeIncludeKey,
         containerCredentialsPath
@@ -560,7 +554,7 @@ class GitAuthHelper {
     try {
       // Get all includeIf.gitdir keys
       const keys = await this.git.tryGetConfigKeys(
-        '^includeIf\\.gitdir(/i)?:',
+        '^includeIf\\.gitdir:',
         false, // globalConfig?
         configPath
       )