From 2d4b29296a3e7bfc9f1537ee327f59d6c54e47ad Mon Sep 17 00:00:00 2001
From: Andrei Gherzan <andrei@gherzan.com>
Date: Mon, 7 Nov 2022 14:52:09 +0100
Subject: [PATCH] ci: Fix dco-check job with newer git versions

Due to https://nvd.nist.gov/vuln/detail/cve-2022-24765, git introduced a
feature where without explicitly allowing it, it won't parse or consider
hooks that are owned by another git user while erroring out with:

  fatal: detected dubious ownership in repository at [...]

This won't be an issue in our setup due to how we guard the code via PRs
so we configure git to avoid this check.

Signed-off-by: Andrei Gherzan <andrei@gherzan.com>
---
 .github/workflows/docker-images/dco-check/entrypoint.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/docker-images/dco-check/entrypoint.sh b/.github/workflows/docker-images/dco-check/entrypoint.sh
index 135d410..af2c507 100755
--- a/.github/workflows/docker-images/dco-check/entrypoint.sh
+++ b/.github/workflows/docker-images/dco-check/entrypoint.sh
@@ -16,6 +16,14 @@ GIT_REPO_PATH="/work"
 [ -d "$GIT_REPO_PATH/.git" ] ||
 	error "Can't find a git checkout under $GIT_REPO_PATH ."
 cd "$GIT_REPO_PATH"
+
+# The GitHub runner user and the container user might differ making git error
+# out with:
+# 	error: fatal: detected dubious ownership in repository at '/work'
+# Avoid this as the security risk is minimum here while guarding the git hooks
+# via PRs.
+git config --global --add safe.directory /work
+
 dco-check \
 	--verbose \
 	--default-branch "origin/$BASE_REF"