While trying to run the newly build gitlint docker image as part of the recent gitlint 0.18.0 release, I noticed the following error:
$ docker run -v $(pwd):/repo jorisroovers/gitlint:latest --debug
[ output cut ]
DEBUG: gitlint.git ('log', '-1', '--pretty=%H')
An error occurred while executing 'git log -1 --pretty=%H': b"fatal: detected dubious ownership in repository at '/repo'\nTo add an exception for this directory, call:\n\n\tgit config --global --add safe.directory /repo"
After some digging, I discovered this is because recent versions of git (>= 2.35.2) require the .git folder to be owned by the user running the git command, which won't be the case when mounting a git repo as a volume in docker. This is a fix for CVE-2022-24765 which is described in more depth on a github blog.
The fix for gitlint seems to be straightforward, just adding the following to our Dockerfile:
While trying to run the newly build gitlint docker image as part of the recent gitlint 0.18.0 release, I noticed the following error:
After some digging, I discovered this is because recent versions of git (>= 2.35.2) require the
.git
folder to be owned by the user running thegit
command, which won't be the case when mounting a git repo as a volume in docker. This is a fix for CVE-2022-24765 which is described in more depth on a github blog.The fix for gitlint seems to be straightforward, just adding the following to our
Dockerfile
: