fatal: unsafe repository ('/github/workspace' is owned by someone else)

[MarkChenYutian]

Hi, I'm using the (modified version of) YAT Jekyll theme along with this jekyll-deploy-action. Everything works really well for several months, but several days ago, when I push to the GitHub repo, I occasionally receive run failures from GitHub Action.

Here's part of the GitHub Action log:

... (omitted)
* [Ok] Set up job
* [Ok] Build jeffreytse/jekyll-deploy-action@v0.3.1
* [Ok] Run actions/checkout@v2
* [Ok] Run actions/cache@v2
* [Err!] Run jeffreytse/jekyll-deploy-action@v0.3.1

... (omitted)
fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
Fetching https://github.com/eventmachine/eventmachine.git
... (omitted)

I've tried several times, but this bug/error only occurs occasionally. Here are some key GitHub Action logs related to this problem:

• First time the error starts to show up: https://github.com/MarkChenYutian/blog/actions/runs/2282365089
• After I upgrade the github/workflow to the latest version of this repo, the action runs successfully: https://github.com/MarkChenYutian/blog/actions/runs/2284135154
• However, on the next day, the error shows up again: https://github.com/MarkChenYutian/blog/actions/runs/2284245202

When this problem starts to show up, I didn't change anything about the github/workflow, any suggestions or possible reason of such error?

My GitHub Repo's address is here, if needed

[jeffreytse]

Hi @MarkChenYutian

Thanks for your issue, this issue is due to the security fix from the Git security vulnerability recently announced:

https://github.blog/2022-04-12-git-security-vulnerability-announced/.

Relevant GH issue: https://github.com/actions/checkout/issues/760

Thanks & Regards

[MarkChenYutian]

Thanks for the quick reply! I've read through the issue you linked in response but still can't figure out a way to resolve this problem. I've added the following steps in the job according to the discussion in the issue:

build_and_deploy:
    runs-on: ubuntu-latest
    steps:
      # ADDED TWO STEPS BELOW
      - name: bypass-security-err
        run: git config --global --add safe.directory /__w/MarkChenYutian/blog
      - name: bypass-security-err-2
        run: git config --global --add safe.directory /github/workspace

      - uses: actions/checkout@v2
      # Use GitHub Actions' cache to cache dependencies on servers
      - uses: actions/cache@v2
        with:
          path: vendor/bundle
          key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
          restore-keys: |
            ${{ runner.os }}-gems-
    ...(omitted)

but it didn't seem to work. Do you have any further suggestions ...?

[jeffreytse]

Hi @MarkChenYutian

I have fixed this issue, you can try again with the latest version.

Thanks & Regards

[MarkChenYutian]

Not working still... Perhaps because the workflow is still using v0.3.1 of jekyll-deploy-action instead of the latest version?

[jeffreytse]

Hi @MarkChenYutian

Please use actions/checkout@v3 and jekyll-deploy-action@master.

Thanks & Regards

[MarkChenYutian]

There's still this fatal error:

fatal: unsafe repository ('/github/workspace/vendor/bundle/ruby/2.7.0/cache/bundler/git/eventmachine-e3d3e89487250965501abc7691f83311d8df32b1' is owned by someone else)

(with checkout@v3 and jekyll-deploy-action@master)

Here's the log: https://github.com/MarkChenYutian/blog/runs/6338487604?check_suite_focus=true

[jeffreytse]

@MarkChenYutian Just did some changes, please rerun your action again and tell me the result.

[MarkChenYutian]

Still failed: https://github.com/MarkChenYutian/blog/runs/6338543771?check_suite_focus=true

[jeffreytse]

Hi @MarkChenYutian

You can rerun again, I have test, and it's successful.

Thanks & Regards

[MarkChenYutian]

Hi @jeffreytse

It worked! Thanks so much for the quick response and all these follow-ups!

So many Thanks!