Fix unsafe repository error (#65)

Mark the repository as safe.

It should be ok to do so in the action context because the vulnerability affects "multi-user shared machines" and this is a single-user Docker image. Details of why this is needed CVE-2022-24765: https://github.blog/2022-04-12-git-security-vulnerability-announced/

I will keep monitoring if there could be any problems and get in touch in you have more information.
This commit is contained in:
Carles Pina Estany 2022-04-13 10:17:12 +02:00 committed by GitHub
parent 483689a71c
commit ac0bb2c8f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions

View File

@ -1,6 +1,6 @@
FROM alpine:latest FROM alpine:latest
RUN apk add --no-cache git RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main git
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh

View File

@ -28,6 +28,9 @@ fi
CLONE_DIR=$(mktemp -d) CLONE_DIR=$(mktemp -d)
echo "[+] Git version"
git --version
echo "[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME" echo "[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME"
# Setup git # Setup git
git config --global user.email "$USER_EMAIL" git config --global user.email "$USER_EMAIL"
@ -97,6 +100,11 @@ ORIGIN_COMMIT="https://$GITHUB_SERVER/$GITHUB_REPOSITORY/commit/$GITHUB_SHA"
COMMIT_MESSAGE="${COMMIT_MESSAGE/ORIGIN_COMMIT/$ORIGIN_COMMIT}" COMMIT_MESSAGE="${COMMIT_MESSAGE/ORIGIN_COMMIT/$ORIGIN_COMMIT}"
COMMIT_MESSAGE="${COMMIT_MESSAGE/\$GITHUB_REF/$GITHUB_REF}" COMMIT_MESSAGE="${COMMIT_MESSAGE/\$GITHUB_REF/$GITHUB_REF}"
echo "[+] Set directory is safe ($CLONE_DIR)"
# Related to https://github.com/cpina/github-action-push-to-another-repository/issues/64 and https://github.com/cpina/github-action-push-to-another-repository/issues/64
# TODO: review before releasing it as a version
git config --global --add safe.directory "$CLONE_DIR"
echo "[+] Adding git commit" echo "[+] Adding git commit"
git add . git add .