ci: Fix dco-check job with newer git versions

Due to https://nvd.nist.gov/vuln/detail/cve-2022-24765, git introduced a feature where without explicitly allowing it, it won't parse or consider hooks that are owned by another git user while erroring out with: fatal: detected dubious ownership in repository at [...] This won't be an issue in our setup due to how we guard the code via PRs so we configure git to avoid this check. Signed-off-by: Andrei Gherzan <andrei@gherzan.com>
2025-07-19 12:59:03 +02:00 · 2022-11-07 14:52:09 +01:00 · 2022-11-07 14:52:09 +01:00 · 2d4b29296a
commit 2d4b29296a
parent f581683ffc
1 changed files with 8 additions and 0 deletions
--- a/.github/workflows/docker-images/dco-check/entrypoint.sh
+++ b/.github/workflows/docker-images/dco-check/entrypoint.sh
@ -16,6 +16,14 @@ GIT_REPO_PATH="/work"
 [ -d "$GIT_REPO_PATH/.git" ] ||
 	error "Can't find a git checkout under $GIT_REPO_PATH ."
 cd "$GIT_REPO_PATH"
+
+# The GitHub runner user and the container user might differ making git error
+# out with:
+# 	error: fatal: detected dubious ownership in repository at '/work'
+# Avoid this as the security risk is minimum here while guarding the git hooks
+# via PRs.
+git config --global --add safe.directory /work
+
 dco-check \
 	--verbose \
 	--default-branch "origin/$BASE_REF"