Workflow runs fail with detected dubious ownership in repository at '/github/workspace'

[localheinz]

Workflow runs in FakerPHP/Faker fail using

on:
  pull_request:
  push:
    branches:
      - "main"
      - "[0-9].*"

name: BC Check

jobs:
  roave-bc-check:
    name: Roave BC Check
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Roave BC Check
        uses: docker://nyholm/roave-bc-check-ga

with

fatal: detected dubious ownership in repository at '/github/workspace'
To add an exception for this directory, call:

	git config --global --add safe.directory /github/workspace

For reference, see https://github.com/FakerPHP/Faker/actions/runs/3639090757/jobs/6142063932.

[oleksandr-mykhailenko]

I have the same issue right now

[colinodell]

This seems to be relevant: actions/runner#2033

[Legion112]

@colinodell do we need to wait for the fix form GitHub action?

I also have the same issue https://github.com/SoftFineWare/discriminator-default-normalizer/actions/runs/3644144924/jobs/6153088587

[samdark]

Same here: https://github.com/yiisoft/var-dumper/actions/runs/3934125473/jobs/6728546653

[staabm]

any news on this issue? just ran into it while doing the very first setup with this action/container

[samdark]

We've fixed it w/ custom workflow we reuse: https://github.com/yiisoft/actions/blob/master/.github/workflows/bc.yml

[staabm]

running the tool in github action without docker is also twice as fast, so this gave me some nice perf boost on the way :)

thanks - works for me.

[mxr576]

I think there is a simple fix for this problem, I am also using this trick in my Docker images. Based on my local testing, it also works here.

Please check #35.

[pimjansen]

@localheinz the proposed solution is not working here though. I assume it has something to do with the owner of the actions build agent and the volume mount towards this image which holds different ownership.

[pimjansen]

I have a running example now that solves this issue (just by configuration). Anyone who could verify the same or has a "better" solution?

on:
  pull_request:
  push:
    branches:
      - "main"
      - "[0-9].*"

name: BC Check

jobs:
  roave-bc-check:
    name: Roave BC Check
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Check for breaking changes
        run: |
          docker run -u $(id -u) -v $(pwd):/app nyholm/roave-bc-check-ga

The main thing is that i added the user flag to the docker engine which is the same user as the existing host. I noticed that in the container UID 0 and GID 0 is used. For the github actions container this is UID 1001 and GID 123 which is the docker group.

By setting the user to the command it runs fine again where there is (as far as i know) no issue in ownership between the checkout and the actual command inside the container (which also holds GIT).

Another solution maybe would be to ignore GIT inside the container but no idea where it is used for though