search

mszostok / codeowners-validator

The GitHub CODEOWNERS file validator
Apache License 2.0
221 stars 47 forks source link

Apply hot fix to resolve issue with untrusted git repository for `not-owned` checker #148

Closed mszostok closed 2 years ago

mszostok commented 2 years ago

Description

Changes proposed in this pull request:

Because of the security vulnerability fix (https://github.blog/2022-04-12-git-security-vulnerability-announced/), the not-owned check exists with error:

==> Executing [Experimental] Not Owned File Checker (1.584027ms)
    [Internal Error] fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
: command "git": exit status 128

Issue affects the GitHub Actions that use container because the container runs as a different user that the user from the VM, and the checkout runs natively on VM, see: https://github.com/actions/checkout/issues/760#issuecomment-1097978177

As a "hot-fix" we can simply trust a given repository. I will monitor the https://github.com/actions/checkout/issues/766 issue and check if there will be some official guidelines on how to approach that or maybe GitHub will solve it natively.