mirror of
https://github.com/cpina/github-action-push-to-another-repository.git
synced 2024-12-22 08:06:10 -07:00
Fix unsafe repository error (#65)
Mark the repository as safe. It should be ok to do so in the action context because the vulnerability affects "multi-user shared machines" and this is a single-user Docker image. Details of why this is needed CVE-2022-24765: https://github.blog/2022-04-12-git-security-vulnerability-announced/ I will keep monitoring if there could be any problems and get in touch in you have more information.
This commit is contained in:
parent
483689a71c
commit
ac0bb2c8f9
|
@ -1,6 +1,6 @@
|
||||||
FROM alpine:latest
|
FROM alpine:latest
|
||||||
|
|
||||||
RUN apk add --no-cache git
|
RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main git
|
||||||
|
|
||||||
COPY entrypoint.sh /entrypoint.sh
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
|
|
||||||
|
|
|
@ -28,6 +28,9 @@ fi
|
||||||
|
|
||||||
CLONE_DIR=$(mktemp -d)
|
CLONE_DIR=$(mktemp -d)
|
||||||
|
|
||||||
|
echo "[+] Git version"
|
||||||
|
git --version
|
||||||
|
|
||||||
echo "[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME"
|
echo "[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME"
|
||||||
# Setup git
|
# Setup git
|
||||||
git config --global user.email "$USER_EMAIL"
|
git config --global user.email "$USER_EMAIL"
|
||||||
|
@ -97,6 +100,11 @@ ORIGIN_COMMIT="https://$GITHUB_SERVER/$GITHUB_REPOSITORY/commit/$GITHUB_SHA"
|
||||||
COMMIT_MESSAGE="${COMMIT_MESSAGE/ORIGIN_COMMIT/$ORIGIN_COMMIT}"
|
COMMIT_MESSAGE="${COMMIT_MESSAGE/ORIGIN_COMMIT/$ORIGIN_COMMIT}"
|
||||||
COMMIT_MESSAGE="${COMMIT_MESSAGE/\$GITHUB_REF/$GITHUB_REF}"
|
COMMIT_MESSAGE="${COMMIT_MESSAGE/\$GITHUB_REF/$GITHUB_REF}"
|
||||||
|
|
||||||
|
echo "[+] Set directory is safe ($CLONE_DIR)"
|
||||||
|
# Related to https://github.com/cpina/github-action-push-to-another-repository/issues/64 and https://github.com/cpina/github-action-push-to-another-repository/issues/64
|
||||||
|
# TODO: review before releasing it as a version
|
||||||
|
git config --global --add safe.directory "$CLONE_DIR"
|
||||||
|
|
||||||
echo "[+] Adding git commit"
|
echo "[+] Adding git commit"
|
||||||
git add .
|
git add .
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user