checkout@v6 credentials don't work with Docker container actions - no workaround available

[juancarlosjr97]

Problem

Using actions/checkout@v6 does not work with workflows that use Docker container actions, regardless of configuration. Git authentication fails inside the container even though the runner version meets the v2.329.0+ requirement stated in the v6-beta release notes.

Environment

• Runner version: v2.329.0+ (confirmed in workflow logs)
• Checkout version: v6.0.1 / v6.0.2
• Runner type: GitHub-hosted (ubuntu-latest)
• Container action: juancarlosjr97/release-it-containerized@0.8.2

Workflow Configuration (Option 1 - Default)

- name: Checkout repository
  uses: actions/checkout@v6.0.1
  with:
    fetch-depth: 0
    token:  ${{ secrets.PROJECT_GITHUB_TOKEN }}
    persist-credentials: true  # default

- name: Running release-it using GitHub Action
  uses:  juancarlosjr97/release-it-containerized@0.8.2
  with:
    github_token: ${{ secrets.PROJECT_GITHUB_TOKEN }}

Result: ❌ Fails - container cannot access credentials

Workflow Configuration (Option 2 - Manual Credentials)

- name: Checkout repository
  uses: actions/checkout@v6.0.1
  with:
    fetch-depth:  0
    token: ${{ secrets.PROJECT_GITHUB_TOKEN }}
    persist-credentials: false  # Disable v6 credential mechanism

- name: Configure git credentials for container
  run: |
    git config --global credential.helper store
    echo "https://x-access-token:${{ secrets. PROJECT_GITHUB_TOKEN }}@github.com" > ~/.git-credentials

- name: Running release-it
  uses: juancarlosjr97/release-it-containerized@0.8.2
  with:
    github_token: ${{ secrets.PROJECT_GITHUB_TOKEN }}

Result: ❌ Also fails - manual credential setup doesn't work either

Expected Behavior

Git operations inside the Docker container action should authenticate successfully, as suggested by the v6-beta release notes:

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

Actual Behavior

• Option 1 (default persist-credentials: true): Container cannot access credentials stored via includeIf directives
• Option 2 (persist-credentials: false + manual setup): Manual credential configuration doesn't persist into the container environment

Neither the new v6 credential mechanism nor manual credential setup works with Docker container actions.

Only Working Solution

Downgrade to actions/checkout@v5:

- name: Checkout repository
  uses: actions/checkout@v5  # v5 uses HTTP Authorization headers which work universally
  with:
    fetch-depth: 0
    token:  ${{ secrets.PROJECT_GITHUB_TOKEN }}

This works because v5 uses HTTP Authorization headers directly in .git/config instead of path-based includeIf directives.

Related Issues

• juancarlosjr97/release-it-containerized#212 - This issue is blocking releases for the release-it-containerized action
• persist-credentials in separate file breaks GitHub authentication for Git worktrees #2318 - Similar issue with Git worktrees and includeIf paths
• actions/checkout@v6 broken on non-GitHub runners (Forgejo, Gitea, etc.) - hardcoded GitHub paths in includeIf directives break authentication #2321 - Similar issue on non-GitHub runners (Forgejo, Gitea) where includeIf paths don't match
• exec /__e/node20/bin/node: no such file or directory #1681 - Container action compatibility issues

Questions

1. Is v6 actually compatible with Docker container actions, or was this an oversight?
2. Should the documentation explicitly state that v6 doesn't support Docker container actions?
3. Would it be possible to detect container environments and fall back to the v5 HTTP Authorization header approach?
4. Are there plans to fix this, or should users continue using v5 for container-based workflows?

Impact

This blocks adoption of v6 for any workflow using Docker container actions. Users must stay on v5 until this is resolved.