rickstaa/action-get-semver

[UPSTREAM_BUG] Error: fatal: not in a git directory

rickstaa opened this issue · 0 comments

Git recently pushed a change in response to a cve that causes git commands to fail if the parent directory changes ownership from the current directory. You may see errors like:

/usr/bin/git remote add origin https://github.com/wez/wezterm
Error: fatal: unsafe repository ('/__w/wezterm/wezterm' is owned by someone else)

or

Run rickstaa/action-create-tag@v1
  with:
    tag: latest_release
    force_push_tag: true
    commit_sha: xxxx
    github_token: ***
/usr/bin/docker run --name xxx --label xxx --workdir /github/workspace --rm -e INPUT_TAG -e INPUT_FORCE_PUSH_TAG -e INPUT_COMMIT_SHA -e INPUT_GITHUB_TOKEN -e INPUT_MESSAGE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e GITHUB_STEP_SUMMARY -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/xxx":"/github/workspace" xxx:xxx
fatal: not in a git directory

The Github Team gave an official statement and work-around at actions/checkout#766. Until GitHub has applied a fix to the action ecosystem, the workaround in #15 will be used. I will remove this workaround after the bug has been fixed upstream. I will keep this issue open to discuss problems while the workaround is used.