Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apply hot fix to resolve issue with untrusted git repository for not-owned checker #148

Merged
merged 1 commit into from
Apr 15, 2022

Conversation

mszostok
Copy link
Owner

@mszostok mszostok commented Apr 14, 2022

Description

Changes proposed in this pull request:

Because of the security vulnerability fix (https://github.blog/2022-04-12-git-security-vulnerability-announced/), the not-owned check exists with error:

==> Executing [Experimental] Not Owned File Checker (1.584027ms)
    [Internal Error] fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

	git config --global --add safe.directory /github/workspace
: command "git": exit status 128

Issue affects the GitHub Actions that use container because the container runs as a different user that the user from the VM, and the checkout runs natively on VM, see: actions/checkout#760 (comment)

As a "hot-fix" we can simply trust a given repository. I will monitor the actions/checkout#766 issue and check if there will be some official guidelines on how to approach that or maybe GitHub will solve it natively.

@mszostok mszostok force-pushed the hotfix-git branch 4 times, most recently from 948bc70 to 4b1beee Compare April 15, 2022 11:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant