name: checkout
description: Node-free checkout for Gitea Actions using preinstalled git.
inputs:
  ref:
    description: Branch, tag, or commit to fetch (defaults to current commit)
    required: false
    default: ""
  skip_ssl_verify:
    description: "true to disable SSL certificate verification (for edge cases)"
    required: false
    default: "false"
runs:
  using: composite
  steps:
    - shell: sh
      env:
        TOKEN: ${{ github.token || env.GITEA_TOKEN }}
        REPO:  ${{ github.repository }}
        REF:   ${{ inputs.ref || github.sha }}
        SERVER_URL: ${{ github.server_url }}
        SKIP_SSL: ${{ inputs.skip_ssl_verify }}
      run: |
        set -euo pipefail

        # Check that we have a token
        if [ -z "$TOKEN" ]; then
          echo "❌ No repository token found (GITHUB_TOKEN or GITEA_TOKEN)."
          exit 1
        fi

        BASE="${SERVER_URL:-${GITEA_SERVER_URL:-}}"
        if [ -z "$BASE" ]; then
          echo "❌ Missing server_url (SERVER_URL or GITEA_SERVER_URL)."
          exit 1
        fi

        # Create repo and set remote
        git init "$GITHUB_WORKSPACE"
        cd "$GITHUB_WORKSPACE"
        git remote add origin "${BASE%/}/${REPO}.git"

        # Handle SSL verification setting
        GIT_SSL_OPT=""
        if [ "$SKIP_SSL" = "true" ]; then
          echo "⚠️  SSL verification disabled for git fetch."
          GIT_SSL_OPT="-c http.sslVerify=false"
        fi

        # Fetch and checkout
        git -c http.extraHeader="Authorization: token $TOKEN" $GIT_SSL_OPT \
            fetch --depth=1 origin "$REF"
        git checkout FETCH_HEAD