Fails to run on GitHub Actions

[kimromi]

I get the following error in repositories that use Dockerfile with GitHub Actions.

reviewdog: PullRequest needs 'git' command: failed to run 'git rev-parse --show-prefix': exit status 128

• https://github.com/reviewdog/action-misspell
• https://github.com/reviewdog/action-stylelint
• https://github.com/reviewdog/action-coffeelint etc.

I have investigated and it seems to be related here.

• https://github.blog/2022-04-12-git-security-vulnerability-announced/
• https://stackoverflow.com/questions/71849415/cannot-add-parent-directory-to-safe-directory-on-git

fatal: unsafe repository ('/github/workspace' is owned by someone else)
To add an exception for this directory, call:

	git config --global --add safe.directory /github/workspace

How do we fix it?

[kimromi]

As a temporary fix, we changed the permissions of the directory where the target repository is checkeout in the workflow of GitHub Actions.

      - run: |
          sudo chown -R root:root $GITHUB_WORKSPACE

The user and directory permissions for executing git commands in the Docker container will match and errors will no longer occur.

[easimon]

For those, who (like me) are confused how a change in git 2.35.2 can break e.g. reviewdog/markdownlint, which effectively uses git 2.32.1 (since its using alpine 3.14): This new behaviour has been backported to all git versions >= 2.30.x, as stated in the Release Notes for 2.35.2

This release merges up the fixes that appear in v2.30.3,
v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security
issue CVE-2022-24765; see the release notes for these versions
for details.

[grische]

@ovalenzuela19 you can open a PR like this: sailingpalmtree/reviewdog-flakehell-action@07a9b80

on any reviewdog action you still encounter the issue with.

[YashNagayach95]

@review-dog Any update on this issue? Still facing the same issue.

[shogo82148]

Here is a workaround for this problem.
Please try it.

reviewdog/action-misspell#44

+git config --global --add safe.directory "$GITHUB_WORKSPACE" || exit 1

[YashNagayach95]

Here is a workaround for this problem. Please try it.

reviewdog/action-misspell#44

+git config --global --add safe.directory "$GITHUB_WORKSPACE" || exit 1

what exactly we can write in yml file of detekt config?

[diegocunhawarren]

• run: |
  sudo chown -R root:root $GITHUB_WORKSPACE

As he said here, you have to create a step before reviewdog step and add this

Example:

- name: "Give detekt permissions"
        run: |
          sudo chown -R root:root $GITHUB_WORKSPACE

- name: "Run detekt"
        uses: alaegin/Detekt-Action@v1.18.1
        with:
          reviewdog_level: warning
          github_token: ${{ secrets.github_token }}
          detekt_config: config/detekt/detekt.yml
          reviewdog_filter: file
          detekt_excludes: "**/build/**,**/.idea/**,**/test/**,**/androidTest/**"
          reviewdog_reporter: github-pr-review

[shogo82148]

Or up-vote to this pull request alaegin/Detekt-Action#38
and please contact to the author of the action.

[haya14busa]

Does this issue happen with self-hosted runners as well...?
actions/checkout#766