only insert external repos token if supplied

lib/external-queries.js

@@ -22,13 +22,10 @@ async function checkoutExternalRepository(repository, ref, apiDetails, tempDir,
         throw new Error(`'${repository}@${ref}' is not a valid repository and reference.`);
     }
     if (!fs.existsSync(checkoutLocation)) {
-        const repoCloneURL = new URL(apiDetails.url);
-        repoCloneURL.username = "x-access-token";
-        repoCloneURL.password = apiDetails.externalRepoAuth;
-        repoCloneURL.pathname += `/${repository}`;
+        const repoCloneURL = buildCheckoutURL(repository, apiDetails);
         await new toolrunner.ToolRunner(await safeWhich.safeWhich("git"), [
             "clone",
-            repoCloneURL.toString(),
+            repoCloneURL,
             checkoutLocation,
         ]).exec();
         await new toolrunner.ToolRunner(await safeWhich.safeWhich("git"), [
@@ -41,4 +38,17 @@ async function checkoutExternalRepository(repository, ref, apiDetails, tempDir,
     return checkoutLocation;
 }
 exports.checkoutExternalRepository = checkoutExternalRepository;
+function buildCheckoutURL(repository, apiDetails) {
+    const repoCloneURL = new URL(apiDetails.url);
+    if (apiDetails.externalRepoAuth !== undefined) {
+        repoCloneURL.username = "x-access-token";
+        repoCloneURL.password = apiDetails.externalRepoAuth;
+    }
+    if (!repoCloneURL.pathname.endsWith("/")) {
+        repoCloneURL.pathname += "/";
+    }
+    repoCloneURL.pathname += `${repository}`;
+    return repoCloneURL.toString();
+}
+exports.buildCheckoutURL = buildCheckoutURL;
 //# sourceMappingURL=external-queries.js.map