Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

git config safe.directory inside docker containers

See original GitHub issue

Describe the bug

Recent versions of git require the .git folder to be owned by the same user. (as described here).

The actions/checkout action sets this for the cloned repo (/usr/bin/git config --global --add safe.directory …). Also see https://github.com/actions/checkout/issues/766

Running a container (via uses: docker://…) however switches the user context and all git commands will fail with an error:

fatal: detected dubious ownership in repository at '/github/workspace'
To add an exception for this directory, call:

	git config --global --add safe.directory /github/workspace

Inspecting the docker run command the HOME variable is set and the home inside the container seems to be /github/home which is mapped to /home/runner/work/_temp/_github_home. Creating the .gitconfig in this location before running the container resolves this problem:

- name: Fix git safe.directory in container
  run: mkdir -p /home/runner/work/_temp/_github_home && printf "[safe]\n\tdirectory = /github/workspace" > /home/runner/work/_temp/_github_home/.gitconfig

As these paths (HOME and PWD inside the container) are not stable and can be changed any time, the git config … logic should be done by the runner executing the docker command as its the only part in the process knowing these paths.

I do not think this is related to the images as the uses: docker:// logic is handled by the runner itself?

To Reproduce Steps to reproduce the behavior:

Create this minimal workflow and let it run

on:
  push:

jobs:
  fails:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - uses: docker://docker.io/library/alpine:3.14
        with:
          entrypoint: /bin/ash
          args: -c "apk add git && git status"

(See above for the error message of the git command)

Expected behavior

The container should have a .gitconfig to run git commands normally like it is possible without container. Stuff like the .git folder is mounted to the container too so a user can expect git to work fine.

Runner Version and Platform

Version of your runner? Hosted Runners on GitHub

Issue Analytics

  • State:open
  • Created a year ago
  • Reactions:33
  • Comments:7 (1 by maintainers)

github_iconTop GitHub Comments

16reactions
mefistoteliscommented, Aug 3, 2022

Got the same issue, though in different scenario. My workaround was to just change owner of the directory after checkout:

jobs:
  ubuntu-gcc:
    runs-on: ubuntu-20.04
    name: "Linux Ubuntu"
    container:
      image: ubuntu:20.04
    env:
      DEBIAN_FRONTEND: noninteractive
      TZ: Etc/UTC
    steps:
      - name: Install GIT
        run: |
          # install GIT, as without it checkout would use REST API
          apt update
          apt install -y \
            git

      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set ownership
        run: |
          # this is to fix GIT not liking owner of the checkout dir
          chown -R $(id -u):$(id -g) $PWD
3reactions
DanRStevenscommented, Sep 7, 2022

I’ve also encountered this issue when running my Docker images on GitHub Actions, and have been able to reproduce while running my container locally.

This seems to be more generally a problem with running a Docker container as the root user, while having data mounted for a regular user account. When testing locally, I can start my Docker container by adding the flag --user="$(id --user):$(id --group)" to the docker run command, and the error won’t be shown. As an added bonus, any output generated by the build in the Docker container and written to the mounted folder will end up having correct ownership on the host system once I’ve exited the Docker container.

Read more comments on GitHub >

github_iconTop Results From Across the Web

I cannot add the parent directory to *safe.directory* in Git
Add the repository directory as a safe directory with the recommended command: git config --global --add safe. · Update the Git-Version which ...
Read more >
Avoiding Dubious Ownership in Dev Containers - Ken Muse
This means that the folder in the container is often owned by root (UID 0). With a dev container, that typically means that...
Read more >
Fix that damn Git Unsafe Repository - Rick Strahl's Web Log
git config --global --add safe.directory <Git folder>. This works fine, but it's a long command and you have to essentially do this for...
Read more >
Github Actions: detected dubious ownership in repository ...
The specified command marks the directory /github/workspace as safe even if it is owned by someone other than the current user. This is...
Read more >
config value 'safe.directory' was not found (#375730) · Issues
Open the master branch in the webide; Add a file and update another file ... gitlab: gitaly: git: config: - key: "safe.directory" value:...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Temporary failure resolving 'deb.debian.org'

Next page

Composite: Step Outputs are not available when in nested composite actions