Fix unsafe repository error (#65)

cpina · web-flow · commit ac0bb2c8f924 · 2022-04-13T10:17:12.000+02:00
Mark the repository as safe. It should be ok to do so in the action context because the vulnerability affects "multi-user shared machines" and this is a single-user Docker image. Details of why this is needed CVE-2022-24765: https://github.blog/2022-04-12-git-security-vulnerability-announced/ I will keep monitoring if there could be any problems and get in touch in you have more information.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:latest
 
-RUN apk add --no-cache git
+RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main git
 
 COPY entrypoint.sh /entrypoint.sh
 
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -28,6 +28,9 @@ fi
 
 CLONE_DIR=$(mktemp -d)
 
+echo "[+] Git version"
+git --version
+
 echo "[+] Cloning destination git repository $DESTINATION_REPOSITORY_NAME"
 # Setup git
 git config --global user.email "$USER_EMAIL"
@@ -97,6 +100,11 @@ ORIGIN_COMMIT="https://$GITHUB_SERVER/$GITHUB_REPOSITORY/commit/$GITHUB_SHA"
 COMMIT_MESSAGE="${COMMIT_MESSAGE/ORIGIN_COMMIT/$ORIGIN_COMMIT}"
 COMMIT_MESSAGE="${COMMIT_MESSAGE/\$GITHUB_REF/$GITHUB_REF}"
 
+echo "[+] Set directory is safe ($CLONE_DIR)"
+# Related to https://github.com/cpina/github-action-push-to-another-repository/issues/64 and https://github.com/cpina/github-action-push-to-another-repository/issues/64
+# TODO: review before releasing it as a version
+git config --global --add safe.directory "$CLONE_DIR"
+
 echo "[+] Adding git commit"
 git add .
 
