Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fatal: unsafe repository (REPO is owned by someone else) in other workflow steps after running checkout #766

Open
thboop opened this issue Apr 14, 2022 · 10 comments

Comments

@thboop
Copy link
Contributor

thboop commented Apr 14, 2022

Description

Git recently pushed a change in response to a cve that causes git commands to fail if the parent directory changes ownership from the current directory. You may see errors like

  /usr/bin/git remote add origin https://github.com/wez/wezterm
  Error: fatal: unsafe repository ('/__w/wezterm/wezterm' is owned by someone else)

on self hosted runners, or if your job uses a container.

Workaround: Checkout is failing

This was fixed in the checkout action #760

Please update to the latest version of checkout. v3, v3.0.1, v2 and v2.4.1 all contain the fix for this issue. If you are still seeing the checkout action fail on these versions, please file an issue.

Workaround: Other steps are failing

Since we don't persist that configuration, you may still see this error if your job uses git commands outside of the checkout action. If so, you just need to set the configuration value yourself.

Simply set the GITHUB_WORKSPACE as a safe directory.

git config --global --add safe.directory "$GITHUB_WORKSPACE"

If your github workspace starts off with //, you may need to set it via

git config --global --add safe.directory "%(prefix)/$GITHUB_WORKSPACE"

If you are failing inside a container action, you will need to run this inside your container action script.

Why is the parent directory owned by a different user?

When the runner maps the working directory mounts into your job container or step container they are owned by the runner user, not the container user, causing this issue. While any folders created may be owned by the container user.

Why don't we persist the configuration we use in actions/checkout

We could try to persist this temporary global configuration we set in checkout for the duration of your job, but there are few problems with that:

  1. If you run checkout on the root machine, and you have a container action with git commands, you are still going to fail unless you set the config in that container, which checkout can't do for another step
  2. Overwriting the git global config and not persisting any changes back to the original global config may break some user expectations on self hosted runners.
  3. It only really addresses this issue for checkout users, but this is more of an actions ecosystem problem

Whats next

This is better solved at an actions ecosystem level, rather than solving it in the checkout action. That way, users not using checkout and users using container actions can take advantage of that solution. This is something our team is actively looking into now.

@me-and
Copy link

me-and commented Apr 14, 2022

@thboop I agree with everything you've written here, and thank you for getting the fix for this action sorted so quickly! I think I'm a little confused about why this ticket is here, though; should this be raised and tracked over at actions/runner?

@thboop
Copy link
Contributor Author

thboop commented Apr 14, 2022

@thboop I agree with everything you've written here, and thank you for getting the fix for this action sorted so quickly! I think I'm a little confused about why this ticket is here, though; should this be raised and tracked over at actions/runner?

🏅 Its a good point that this is more appropriate for the runner repository, however given the nature of this breaking workflows, and the overall concern and questions folks had about what is happening and why, I though I would put it closer to where we are seeing the most users comment about this issue. I may move it in the near future over to the runner repo.

JasonGross added a commit to JasonGross/fiat-crypto that referenced this issue Apr 14, 2022
JasonGross added a commit to JasonGross/fiat-crypto that referenced this issue Apr 14, 2022
JasonGross added a commit to JasonGross/fiat-crypto that referenced this issue Apr 14, 2022
rht added a commit to rht/zulip-archive that referenced this issue Apr 14, 2022
This commit:
- updates GH Actions checkout to v3
- apply additional work around stated in actions/checkout#766

This fixes the problem with the following error message:
```
fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
```

The problem is due to the security fix from the Git security vulnerability
recently announced:
https://github.blog/2022-04-12-git-security-vulnerability-announced/.

Relevant GH issue: actions/checkout#760
rht added a commit to rht/zulip-archive that referenced this issue Apr 14, 2022
This commit:
- updates GH Actions checkout to v3
- apply additional work around stated in actions/checkout#766

This fixes the problem with the following error message:
```
fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
```

The problem is due to the security fix from the Git security vulnerability
recently announced:
https://github.blog/2022-04-12-git-security-vulnerability-announced/.

Relevant GH issue: actions/checkout#760
rht added a commit to rht/zulip-archive that referenced this issue Apr 15, 2022
This commit:
- updates GH Actions checkout to v3
- apply additional work around stated in actions/checkout#766

This fixes the problem with the following error message:
```
fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
```

The problem is due to the security fix from the Git security vulnerability
recently announced:
https://github.blog/2022-04-12-git-security-vulnerability-announced/.

Relevant GH issue: actions/checkout#760
luispfonseca added a commit to luispfonseca/ecb-govc-calendar that referenced this issue Apr 15, 2022
rht added a commit to rht/zulip-archive that referenced this issue Apr 15, 2022
This commit:
- updates GH Actions checkout to v3
- apply additional work around stated in actions/checkout#766

This fixes the problem with the following error message:
```
fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
```

The problem is due to the security fix from the Git security vulnerability
recently announced:
https://github.blog/2022-04-12-git-security-vulnerability-announced/.

Relevant GH issue: actions/checkout#760
JasonGross added a commit to JasonGross/fiat-crypto that referenced this issue Apr 15, 2022
JasonGross added a commit to JasonGross/fiat-crypto that referenced this issue Apr 15, 2022
benefiction added a commit to benefiction/resume-reader that referenced this issue Apr 15, 2022
@JasonGross
Copy link

JasonGross commented Apr 15, 2022

Simply set the GITHUB_WORKSPACE as a safe directory.

git config --global --add safe.directory "$GITHUB_WORKSPACE"

It seems like this is insufficient if there are submodules? (log)

timabbott pushed a commit to zulip/zulip-archive that referenced this issue Apr 15, 2022
This commit:
- updates GH Actions checkout to v3
- apply additional work around stated in actions/checkout#766

This fixes the problem with the following error message:
```
fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

    git config --global --add safe.directory /github/workspace
```

The problem is due to the security fix from the Git security vulnerability
recently announced:
https://github.blog/2022-04-12-git-security-vulnerability-announced/.

Relevant GH issue: actions/checkout#760
JasonGross added a commit to mit-plv/fiat-crypto that referenced this issue Apr 15, 2022
JasonGross added a commit to mit-plv/fiat-crypto that referenced this issue Apr 15, 2022
rickstaa added a commit to rickstaa/action-update-semver that referenced this issue Nov 7, 2023
This commit applies a hotfix for a upstream bug in
[checkout/issues/766](actions/checkout#766).
rickstaa added a commit to rickstaa/action-update-semver that referenced this issue Nov 7, 2023
This commit applies a hotfix for a upstream bug in
[checkout/issues/766](actions/checkout#766).
rickstaa added a commit to rickstaa/action-update-semver that referenced this issue Nov 7, 2023
This commit applies a hotfix for a upstream bug in
[checkout/issues/766](actions/checkout#766).
rickstaa added a commit to rickstaa/action-update-semver that referenced this issue Nov 7, 2023
This commit applies a hotfix for a upstream bug in
[checkout/issues/766](actions/checkout#766).
rickstaa added a commit to rickstaa/action-update-semver that referenced this issue Nov 7, 2023
This commit applies a hotfix for a upstream bug in
[checkout/issues/766](actions/checkout#766).
rickstaa added a commit to rickstaa/action-update-semver that referenced this issue Nov 7, 2023
This commit applies a hotfix for a upstream bug in
[checkout/issues/766](actions/checkout#766).

Co-authored-by: rickstaa <[email protected]>
@dave-code-ruiz
Copy link

dave-code-ruiz commented Nov 30, 2023

I fixed it with :

git config --global --add safe.directory "*"

but i dont know if it is the correct way

andi34 pushed a commit to andi34/mkdocs-deploy-gh-pages that referenced this issue Jan 17, 2024
@x-mass
Copy link

x-mass commented Jan 22, 2024

Even the action marks path as a safe directory, it overrides HOME env before. This was made intentionally (link). I don't know the exact reason though. When you run next step within workflow, HOME env is reset, and the dir becomes unsafe.
Here is a minimal example showing that changing HOME env makes the difference:

Example Workflow
name: Example of Missing Safe Dir

on:
  pull_request:
    branches: [ master ]
  push:
    branches: [ master ]

jobs:
  test-git-config:
    runs-on: ubuntu-22.04
    container: ubuntu:jammy-20240111

    steps:
      - name: Install Git CLI
        run: |
          apt-get update
          apt-get install git -y

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Test Git Configuration and Environment
        run: |
          # Test as is, fail
          echo "Testing git status command:"
          git status && echo success || echo fail

          # Save HOME value
          ORIGINAL_HOME=$HOME
          echo "Original HOME: $ORIGINAL_HOME"

          # Override HOME value, mark directory as safe
          export HOME=/tmp/newhome
          mkdir -p $HOME
          git config --global --add safe.directory /__w/checkout-action-issue/checkout-action-issue
          echo "Git config added in overridden HOME"

          # Test with overridden HOME, success
          echo "Testing git status command:"
          git status && echo success || echo fail

          # Reset HOME to original value
          export HOME=$ORIGINAL_HOME
          echo "HOME reset to original: $HOME"

          # Test again after resetting HOME
          echo "Testing git status command:"
          git status && echo success || echo fail

          # Mark directory as safe with original HOME
          git config --global --add safe.directory /__w/checkout-action-issue/checkout-action-issue

          # Test after marking directory as safe with original HOME, success
          echo "Testing git status command:"
          git status && echo success || echo fail
Output
Testing git status command:
fatal: detected dubious ownership in repository at '/__w/checkout-action-issue/checkout-action-issue'
To add an exception for this directory, call:

	git config --global --add safe.directory /__w/checkout-action-issue/checkout-action-issue
fail
Original HOME: /github/home
Git config added in overridden HOME
Testing git status command:
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean
success
HOME reset to original: /github/home
Testing git status command:
fatal: detected dubious ownership in repository at '/__w/checkout-action-issue/checkout-action-issue'
To add an exception for this directory, call:

	git config --global --add safe.directory /__w/checkout-action-issue/checkout-action-issue
fail
Testing git status command:
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean
success

lexm2 added a commit to TheHighlanders/Crewmate that referenced this issue May 15, 2024
lexm2 added a commit to TheHighlanders/Crewmate that referenced this issue May 16, 2024
mfisher87 added a commit to mfisher87/anonymized-mirror-action that referenced this issue Jun 11, 2024
Needed now, wasn't needed 4 years ago.

See: actions/checkout#766
nicomen added a commit to mojolicious/mojo-assetpack that referenced this issue Jun 19, 2024
nicomen added a commit to mojolicious/mojo-assetpack that referenced this issue Jun 19, 2024
Fix indentation that perltidy complains about

Use Debian tagged images for the the perl images
nicomen added a commit to mojolicious/mojo-assetpack that referenced this issue Jun 19, 2024
Add workaround for git diff issue: actions/checkout#766

Fix indentation that perltidy complains about

Use Debian tagged images for the the perl images
nicomen added a commit to mojolicious/mojo-assetpack that referenced this issue Jun 19, 2024
Add workaround for git diff issue: actions/checkout#766

Fix indentation that perltidy complains about

Use Debian tagged images for the the perl images

Use newer checkout version to avoid node deprecation warnings
Bronek added a commit to libfn/functional that referenced this issue Oct 20, 2024
Also squashed
* Fix actions (#102)
* Fix clang-format (#103)
* Pass CLANG_RELEASE explicitly (#104)
* Fix clang-format (#105)
* Fix clang-format (#106)
* Fix clang-format (#107)
* Fix clang-format (#108)
* Fix clang-format (#109)
* Fix clang-format (#110)
* Fix clang-format (#111)
* Fix clang-format (#112)
* Fix clang-format (#113)
* Fix clang-format (#114)
* Fix clang-format (#115)
* Fix clang-format (#116)

Persistent workflow errors were caused by actions/checkout#766
and badly configured `on:` workflow trigger
ivucica added a commit to ivucica/go-factorioblueprint that referenced this issue Nov 26, 2024
GNMoseke added a commit to differentiable-swift/swift-differentiation-testing that referenced this issue Jan 7, 2025
GNMoseke added a commit to differentiable-swift/swift-differentiation-testing that referenced this issue Jan 7, 2025
JaapWijnen pushed a commit to differentiable-swift/swift-differentiation-testing that referenced this issue Jan 7, 2025
@guettli
Copy link

guettli commented Jan 15, 2025

BTW, check that $HOME is correct by comparing getent passwd $(id -un) | cut -d: -f6 with $HOME. You might be affected by: HOME is overridden in Container

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants