From ac0bb2c8f9246ed4df2994ad799cef891fc07c62 Mon Sep 17 00:00:00 2001 From: Carles Pina Estany Date: Wed, 13 Apr 2022 10:17:12 +0200 Subject: [PATCH] Fix unsafe repository error (#65) Mark the repository as safe. It should be ok to do so in the action context because the vulnerability affects "multi-user shared machines" and this is a single-user Docker image. Details of why this is needed CVE-2022-24765: https://github.blog/2022-04-12-git-security-vulnerability-announced/ I will keep monitoring if there could be any problems and get in touch in you have more information. --- Dockerfile | 2 +- entrypoint.sh | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4baf5a8..2b83c72 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:latest -RUN apk add --no-cache git +RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main git COPY entrypoint.sh /entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index 62b60d3..82ad593 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -28,6 +28,9 @@ fi CLONE_DIR=$(mktemp -d) +echo "[+] Git version" +git --version + echo "[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME" # Setup git git config --global user.email "$USER_EMAIL" @@ -97,6 +100,11 @@ ORIGIN_COMMIT="https://$GITHUB_SERVER/$GITHUB_REPOSITORY/commit/$GITHUB_SHA" COMMIT_MESSAGE="${COMMIT_MESSAGE/ORIGIN_COMMIT/$ORIGIN_COMMIT}" COMMIT_MESSAGE="${COMMIT_MESSAGE/\$GITHUB_REF/$GITHUB_REF}" +echo "[+] Set directory is safe ($CLONE_DIR)" +# Related to https://github.com/cpina/github-action-push-to-another-repository/issues/64 and https://github.com/cpina/github-action-push-to-another-repository/issues/64 +# TODO: review before releasing it as a version +git config --global --add safe.directory "$CLONE_DIR" + echo "[+] Adding git commit" git add .