Dubious ownership detected

[bermeitinger-b]

Hi, our pipeline for org.signal.Signal breaks probably because of this commit #387 (or the update to bookworm in #393, which correlates to the dates of the failing jobs)

Action output for the update checker:

Run docker://ghcr.io/flathub/flatpak-external-data-checker:latest
/usr/bin/docker run --name ghcrioflathubflatpakexternaldatacheckerlatest_e1dc2c --label 0099bf --workdir /github/workspace --rm -e "GIT_AUTHOR_NAME" -e "GIT_COMMITTER_NAME" -e "GIT_AUTHOR_EMAIL" -e "GIT_COMMITTER_EMAIL" -e "EMAIL" -e "GITHUB_TOKEN" -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/org.signal.Signal/org.signal.Signal":"/github/workspace" ghcr.io/flathub/flatpak-external-data-checker:latest --update --never-fork org.signal.Signal.yaml
INFO    src.manifest: Checking 1 external data items
INFO    src.manifest: Started check [1/1] file signal-desktop-beta/signal-desktop-beta.deb (from org.signal.Signal.yaml)
INFO    src.lib.externaldata: Source signal-desktop-beta.deb: got new version 6.39.0-beta.2
INFO    src.manifest: Finished check [1/1] file signal-desktop-beta/signal-desktop-beta.deb (from org.signal.Signal.yaml)
INFO    src.manifest: Updating /github/workspace/org.signal.Signal.yaml
OUTDATED: signal-desktop-beta.deb
 Has a new version:
  URL:       https://updates.signal.org/desktop/apt/pool/s/signal-desktop-beta/signal-desktop-beta_6.39.0-beta.2_amd64.deb
  MD5:       d90e1c580084dd77983ff60146d5ecb6
  SHA1:      44e90d97711980ea18613b3457cca8053bc0177c
  SHA256:    d7ed70be432d128bc106cd9b4bdcd45799294b190fcb412a040534d5e97cba4a
  SHA512:    2a428fe162b662ace18bed0761b383737b9f643df2b8861aed0aa9482b8d7c302bffb9aeca290dfae80d09b4face0c3ce6656b62d34cdfcc5b27324e6d3808f1
  Size:      112070488
  Version:   6.39.0-beta.2
  Timestamp: 2023-11-09 01:24:08

INFO    src.manifest: Preparing to update appdata /github/workspace/org.signal.Signal.metainfo.xml
WARNING src.manifest: Guessed upstream source: file signal-desktop-beta/signal-desktop-beta.deb
INFO    src.manifest: Version changed, adding release to /github/workspace/org.signal.Signal.metainfo.xml
fatal: detected dubious ownership in repository at '/github/workspace'
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
Traceback (most recent call last):
  File "/app/flatpak-external-data-checker", line 30, in <module>
    main()
  File "/app/src/main.py", line 495, in main
    outdated_num, errors_num, updated = asyncio.run(run_with_args(args))
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/asyncio/runners.py", line 190, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/asyncio/runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/asyncio/base_events.py", line 653, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "/app/src/main.py", line 463, in run_with_args
    git_checkout = get_manifest_git_checkout(args.manifest)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/src/main.py", line 133, in get_manifest_git_checkout
    output = subprocess.check_output(
             ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 466, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['git', 'rev-parse', '--show-toplevel']' returned non-zero exit status 128.

Do we need to adapt the workflow commands?

[wjt]

I think it is indeed a regression in https://github.com/flathub/flatpak-external-data-checker/pull/387. The newly-added git rev-parse --show-toplevel incantation is failing, because the checkout is not marked as safe – which is what we are trying to fix by calling git rev-parse.

[wjt]

I opened #396 to revert that change. But the change was trying to fix a real bug.

I have the feeling that we are going about this the wrong way, and instead we should run the container with --user 1001 since the checkout is owned by that user, avoiding the whole "dubious ownership" issue.

[wjt]

OK, I believe that's fixed now. Thanks for the report!