fatal: detected dubious ownership in repository at '/github/workspace'

Question

fatal: detected dubious ownership in repository at '/github/workspace'

Closed this issue 2 years ago · 2 comments

Describe the bug
A clear and concise description of what the bug is.

When I used the github-action-gitleaks@v2 with source arg, the error occurred.

To Reproduce
Steps to reproduce the behavior:

Use this actions with source env.

      - name: "Check for secrets with Gitleaks"
        id: gitleaks
        uses: DariuszPorowski/github-action-gitleaks@v2
        with:
          source: apis/poi
          config: gitleaksconfig.toml
          report_format: "sarif"
          fail: false

error occurred

2:08AM ERR [git] fatal: detected dubious ownership in repository at '/github/workspace'
2:08AM ERR [git] To add an exception for this directory, call:
2:08AM ERR [git] 
2:08AM ERR [git] 	git config --global --add safe.directory /github/workspace
2:08AM ERR git error encountered, see logs
2:08AM WRN partial scan completed in 58.798585ms
2:08AM WRN no leaks found in partial scan

Expected behavior
A clear and concise description of what you expected to happen.

do not cause error when source arg is set

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context

This reason of this error is CVE-2022-24765. And I know that the code to fix CVE-2022-24765 is already implements in entrypoint.sh, line 59.

git config --global --add safe.directory "${INPUT_SOURCE}"

But from the error message, it appears that this implementation needs to be changed as follows.

git config --global --add safe.directory /github/workspace

Answer 1 · 2022-08-23T18:51:11.000Z

Hi @takashiuesaka Going to investigate this issue today. Thanks for your issue.

Answer 2 · 2023-02-07T22:25:28.000Z

This should be taken care of now that the line has been updated