From 2957a945a185b8fadc20b484fde55256e42717d5 Mon Sep 17 00:00:00 2001 From: rht Date: Thu, 14 Apr 2022 18:23:17 -0400 Subject: [PATCH] fix: Address GitHub workaround for CVE-2022-24765. This commit: - updates GH Actions checkout to v3 - apply additional work around stated in https://github.com/actions/checkout/issues/766 This fixes the problem with the following error message: ``` fatal: unsafe repository ('/github/workspace' is owned by someone else) To add an exception for this directory, call: git config --global --add safe.directory /github/workspace ``` The problem is due to the security fix from the Git security vulnerability recently announced: https://github.blog/2022-04-12-git-security-vulnerability-announced/. Relevant GH issue: https://github.com/actions/checkout/issues/760 --- README.md | 2 +- entrypoint.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8c60029896e1559..e13f4e8c26ee9a8 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ jobs: name: A job to publish zulip-archive in GitHub pages steps: - name: Checkout - uses: actions/checkout@v1 + uses: actions/checkout@v3 - name: Run archive id: archive uses: zulip/zulip-archive@master diff --git a/entrypoint.sh b/entrypoint.sh index 61901aec4a176b1..dd3a264c0c86aba 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -8,6 +8,9 @@ github_personal_access_token=$4 delete_history=$5 archive_branch=$6 +# See https://github.com/actions/checkout/issues/766 +git config --global --add safe.directory "$GITHUB_WORKSPACE" + checked_out_repo_path="$(pwd)" html_dir_path=$checked_out_repo_path json_dir_path="${checked_out_repo_path}/zulip_json"