Skip to content

git config safe.directory inside docker containers #2033

New issue
New issue
Open
Open
git config safe.directory inside docker containers#2033
Labels
Runner BugBug fix scope to the runnerbugSomething isn't working
@EdJoPaTo

Description

@EdJoPaTo
EdJoPaTo
opened on Jul 30, 2022

Describe the bug

Recent versions of git require the .git folder to be owned by the same user. (as described here).

The actions/checkout action sets this for the cloned repo (/usr/bin/git config --global --add safe.directory …). Also see actions/checkout#766

Running a container (via uses: docker://…) however switches the user context and all git commands will fail with an error:

fatal: detected dubious ownership in repository at '/github/workspace'
To add an exception for this directory, call:

	git config --global --add safe.directory /github/workspace

Inspecting the docker run command the HOME variable is set and the home inside the container seems to be /github/home which is mapped to /home/runner/work/_temp/_github_home.
Creating the .gitconfig in this location before running the container resolves this problem:

- name: Fix git safe.directory in container
  run: mkdir -p /home/runner/work/_temp/_github_home && printf "[safe]\n\tdirectory = /github/workspace" > /home/runner/work/_temp/_github_home/.gitconfig

As these paths (HOME and PWD inside the container) are not stable and can be changed any time, the git config … logic should be done by the runner executing the docker command as its the only part in the process knowing these paths.

I do not think this is related to the images as the uses: docker:// logic is handled by the runner itself?

To Reproduce
Steps to reproduce the behavior:

Create this minimal workflow and let it run

on:
  push:

jobs:
  fails:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - uses: docker://docker.io/library/alpine:3.14
        with:
          entrypoint: /bin/ash
          args: -c "apk add git && git status"

(See above for the error message of the git command)

Expected behavior

The container should have a .gitconfig to run git commands normally like it is possible without container.
Stuff like the .git folder is mounted to the container too so a user can expect git to work fine.

Runner Version and Platform

Version of your runner? Hosted Runners on GitHub

Metadata

Metadata

Assignees

No one assigned

    Labels

    Runner BugBug fix scope to the runnerbugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions