Fix unsafe repository error (#65)

Mark the repository as safe. It should be ok to do so in the action context because the vulnerability affects "multi-user shared machines" and this is a single-user Docker image. Details of why this is needed CVE-2022-24765: https://github.blog/2022-04-12-git-security-vulnerability-announced/ I will keep monitoring if there could be any problems and get in touch in you have more information.
2024-12-21 23:56:09 -07:00 · 2022-04-13 10:17:12 +02:00 · 2022-04-13 10:17:12 +02:00 · ac0bb2c8f9
commit ac0bb2c8f9
parent 483689a71c
2 changed files with 9 additions and 1 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 FROM alpine:latest

-RUN apk add --no-cache git
+RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main git

 COPY entrypoint.sh /entrypoint.sh

--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -28,6 +28,9 @@ fi

 CLONE_DIR=$(mktemp -d)

+echo "[+] Git version"
+git --version
+
 echo "[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME"
 # Setup git
 git config --global user.email "$USER_EMAIL"
@ -97,6 +100,11 @@ ORIGIN_COMMIT="https://$GITHUB_SERVER/$GITHUB_REPOSITORY/commit/$GITHUB_SHA"
 COMMIT_MESSAGE="${COMMIT_MESSAGE/ORIGIN_COMMIT/$ORIGIN_COMMIT}"
 COMMIT_MESSAGE="${COMMIT_MESSAGE/\$GITHUB_REF/$GITHUB_REF}"

+echo "[+] Set directory is safe ($CLONE_DIR)"
+# Related to https://github.com/cpina/github-action-push-to-another-repository/issues/64 and https://github.com/cpina/github-action-push-to-another-repository/issues/64
+# TODO: review before releasing it as a version
+git config --global --add safe.directory "$CLONE_DIR"
+
 echo "[+] Adding git commit"
 git add .