Explicitly trust CWD by Git after checkout

Work around potential "dubious ownership" complaints from Git regarding the workspace used by GitHub task runners by explicitly marking the current working directory as trusted after checking out content from the repo. Since we're not sharing that space with other user accounts this should be a safe assumption to make. refs atc0005/go-ci#848
atc0005 · Feb 11, 2023 · 43ec8c9 · 43ec8c9
1 parent 6b6db89
commit 43ec8c9
Show file tree

Hide file tree

Showing 7 changed files with 143 additions and 0 deletions.
diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
@@ -38,6 +38,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       # Provided for contrast. Will likely remove this one at some point.
       - name: go list
         run: |

diff --git a/.github/workflows/go-mod-validation.yml b/.github/workflows/go-mod-validation.yml
@@ -35,6 +35,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: go mod tidy
         run: |
           go mod tidy -v
@@ -51,6 +62,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: go mod vendor
         run: |
           go mod vendor

diff --git a/.github/workflows/lint-and-build-using-ci-matrix.yml b/.github/workflows/lint-and-build-using-ci-matrix.yml
@@ -48,6 +48,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Remove repo-provided golangci-lint config file
         run: |
           # Remove the copy of the config file bundled with the repo/code so
@@ -83,6 +94,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Run all tests
         run: go test -mod=vendor -v ./...
 
@@ -105,6 +127,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Build using vendored dependencies
         # NOTE: This will fail if there is a doc.go file in the project root
         # with a message similar to:

diff --git a/.github/workflows/lint-and-build-using-make.yml b/.github/workflows/lint-and-build-using-make.yml
@@ -47,6 +47,17 @@ jobs:
       - name: Check out code into the Go module directory
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       # bsdmainutils provides "column" which is used by the Makefile
       - name: Install Ubuntu packages
         run: apt-get update && apt-get install -y --no-install-recommends make gcc bsdmainutils
@@ -96,6 +107,17 @@ jobs:
           # Needed in order to retrieve tags for use with go generate
           fetch-depth: 0
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Install Ubuntu packages (standard set)
         if: ${{ inputs.os-dependencies == '' }}
         # bsdmainutils provides "column" which is used by the Makefile

diff --git a/.github/workflows/lint-project-files.yml b/.github/workflows/lint-project-files.yml
@@ -48,6 +48,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Run Markdown linting tools
         # The `.markdownlint.yml` file specifies config settings for this
         # linter, including which linting rules to ignore.
@@ -70,6 +81,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Run hadolint against any Dockerfiles
         if: hashFiles('**/Dockerfile') != ''
         run: |

diff --git a/.github/workflows/quick-validation.yml b/.github/workflows/quick-validation.yml
@@ -35,6 +35,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Remove repo-provided golangci-lint config file
         run: |
           # Remove the copy of the config file bundled with the repo/code so

diff --git a/.github/workflows/vulnerability-analysis.yml b/.github/workflows/vulnerability-analysis.yml
@@ -46,6 +46,17 @@ jobs:
       - name: Checkout repository
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/[email protected]
@@ -89,6 +100,17 @@ jobs:
       - name: Check out code
         uses: actions/[email protected]
 
+      # Mark the current working directory as a safe directory in git to
+      # resolve "dubious ownership" complaints.
+      #
+      # https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+      # https://confluence.atlassian.com/bbkb/git-command-returns-fatal-error-about-the-repository-being-owned-by-someone-else-1167744132.html
+      # https://github.com/actions/runner-images/issues/6775
+      # https://github.com/actions/checkout/issues/766
+      - name: Mark the current working directory as a safe directory in git
+        # run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        run: git config --global --add safe.directory "${PWD}"
+
       - name: Analyze source code
         run: |
           echo "govulncheck version $(go version -m $(which govulncheck) | awk '$1 == "mod" { print $3 }')"