The change to git broke the Roundup Action's "Requirements" step and the change to ruby broke the "Changelog" step. (The changelog issue will be addressed in the github-actions-base repository in a separate issue.)
The issue with git is that version 2.36 introduced a fix to a security vulnerability (see the changelog for git and this more full explanation) wherein an suspicious owner of a parent directory is flagged if it's different from the owner of the current repository directory. This is the case with Github Actions since /github is owned by root but /github/workspace (the cloned repository) is owned by user 1001.
In order for the Roundup Action's "Requirements" step to work with git 2.36, it will need to set in the global git configuration that the workspace directory is safe.
π΅οΈ Expected behavior
I expected these two steps to work.
π To Reproduce
Use nasapds/github-actions-base:latest in the Roundup Action's Dockerfile as its FROM and watch things blow up mysteriously.
Checked for duplicates
No - I haven't checked
π Describe the bug
A commit made directly to the
main
branch ofgithub-actions-base
upgraded theFROM
image ofgithub-actions-base
from Alpine 3.14 to Alpine 3.16.This resulted in:
git
being upgraded from 2.32.0 β 2.36.5ruby
being upgraded from 2.7.4 β 3.1.4The change to
git
broke the Roundup Action's "Requirements" step and the change toruby
broke the "Changelog" step. (The changelog issue will be addressed in thegithub-actions-base
repository in a separate issue.)The issue with
git
is that version 2.36 introduced a fix to a security vulnerability (see the changelog forgit
and this more full explanation) wherein an suspicious owner of a parent directory is flagged if it's different from the owner of the current repository directory. This is the case with Github Actions since/github
is owned byroot
but/github/workspace
(the cloned repository) is owned by user1001
.In order for the Roundup Action's "Requirements" step to work with
git
2.36, it will need to set in the global git configuration that the workspace directory is safe.π΅οΈ Expected behavior
I expected these two steps to work.
π To Reproduce
Use
nasapds/github-actions-base:latest
in the Roundup Action'sDockerfile
as itsFROM
and watch things blow up mysteriously.π₯ Environment Info
Github Actions
π Version of Software Used
nasapds/github-actions-base:latest
π©Ί Test Data / Additional context
No response
π¦ Related requirements
π¦ #xyz
βοΈ Engineering Details
No response