fatal: detected dubious ownership in repository at '/github/workspace'
Closed this issue · 2 comments
Describe the bug
A clear and concise description of what the bug is.
When I used the github-action-gitleaks@v2 with source arg, the error occurred.
To Reproduce
Steps to reproduce the behavior:
- Use this actions with source env.
- name: "Check for secrets with Gitleaks"
id: gitleaks
uses: DariuszPorowski/github-action-gitleaks@v2
with:
source: apis/poi
config: gitleaksconfig.toml
report_format: "sarif"
fail: false
- error occurred
2:08AM ERR [git] fatal: detected dubious ownership in repository at '/github/workspace'
2:08AM ERR [git] To add an exception for this directory, call:
2:08AM ERR [git]
2:08AM ERR [git] git config --global --add safe.directory /github/workspace
2:08AM ERR git error encountered, see logs
2:08AM WRN partial scan completed in 58.798585ms
2:08AM WRN no leaks found in partial scan
Expected behavior
A clear and concise description of what you expected to happen.
do not cause error when source arg is set
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
This reason of this error is CVE-2022-24765. And I know that the code to fix CVE-2022-24765 is already implements in entrypoint.sh, line 59.
git config --global --add safe.directory "${INPUT_SOURCE}"
But from the error message, it appears that this implementation needs to be changed as follows.
git config --global --add safe.directory /github/workspace
Hi @takashiuesaka Going to investigate this issue today. Thanks for your issue.
This should be taken care of now that the line has been updated