1 files changed, 30 insertions, 18 deletions

diff --git a/stage2/GitDependency.scala b/stage2/GitDependency.scala
index 8faabc5..650fd09 100644
--- a/stage2/GitDependency.scala
+++ b/stage2/GitDependency.scala
@@ -3,6 +3,7 @@ import java.io._
 import java.nio.file.Files.readAllBytes
 import java.net._
 import org.eclipse.jgit.api._
+import org.eclipse.jgit.internal.storage.file._
 import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider
 import org.eclipse.jgit.lib.Ref
 
@@ -22,35 +23,46 @@ case class GitDependency(
   private val credentialsFile = context.projectDirectory ++ "/git.login"
 
   private object checkoutCache extends Cache[File]
+
+  private def authenticate(_git: CloneCommand) =
+    if(!credentialsFile.exists){
+      _git
+    } else {
+      val (user, password) = {
+        // TODO: implement safer method than reading credentials from plain text file
+        val c = new String(readAllBytes(credentialsFile.toPath)).split("\n").head.trim.split(":")
+        (c(0), c.drop(1).mkString(":"))
+      }
+      _git.setCredentialsProvider( new UsernamePasswordCredentialsProvider(user, password) )
+    }
+
   def checkout: File = checkoutCache{
     val checkoutDirectory = context.cache ++ s"/git/$domain/$path/$ref"
-    if(checkoutDirectory.exists){
+    val _git = if(checkoutDirectory.exists){
       logger.git(s"Found existing checkout of $url#$ref in $checkoutDirectory")
+      val _git = new Git(new FileRepository(checkoutDirectory ++ "/.git"))
+      val actualRef = _git.getRepository.getBranch
+      if(actualRef != ref){
+        logger.git(s"actual ref '$actualRef' does not match expected ref '$ref' - fetching and checking out")
+        _git.fetch().call()
+        _git.checkout().setName(ref).call
+      }
+      _git
     } else {
       logger.git(s"Cloning $url into $checkoutDirectory")
-      val git = {
-        val _git = Git
+      val _git = authenticate(
+        Git
           .cloneRepository()
           .setURI(url)
           .setDirectory(checkoutDirectory)
-      
-        if(!credentialsFile.exists){
-          _git
-        } else {
-          val (user, password) = {
-            // TODO: implement safer method than reading credentials from plain text file
-            val c = new String(readAllBytes(credentialsFile.toPath)).split("\n").head.trim.split(":")
-            (c(0), c.drop(1).mkString(":"))
-          }
-          _git.setCredentialsProvider( new UsernamePasswordCredentialsProvider(user, password) )
-        }
-      }.call()
+      ).call()
 
       logger.git(s"Checking out ref $ref")
-      git.checkout()
-         .setName(ref)
-         .call()
+      _git.checkout().setName(ref).call()
+      _git
     }
+    val actualRef = _git.getRepository.getBranch
+    assert( actualRef == ref, s"actual ref '$actualRef' does not match expected ref '$ref'")
     checkoutDirectory
   }
   private object dependencyCache extends Cache[DependencyImplementation]