[UPSTREAM_BUG] Error: fatal: not in a git directory

[Intrepidd]

This action has been workign flawlessly for months, thanks !

Since yesterday I now get the fatal: not in a git directory error when running the action. The action version has not changed so this may be an issue with github actions itself or something may have changed ?

Run rickstaa/action-create-tag@v1
  with:
    tag: latest_release
    force_push_tag: true
    commit_sha: xxxx
    github_token: ***
/usr/bin/docker run --name xxx --label xxx --workdir /github/workspace --rm -e INPUT_TAG -e INPUT_FORCE_PUSH_TAG -e INPUT_COMMIT_SHA -e INPUT_GITHUB_TOKEN -e INPUT_MESSAGE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e GITHUB_STEP_SUMMARY -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/xxx":"/github/workspace" xxx:xxx
fatal: not in a git directory

Message by @rickstaa

Https://github.blog/2022-04-12-git-security-vulnerability-announced/ introduced the problem above. A official statement of the GitHub team about this problem can be found here.

I applied workaround #11, provided by @Intrepidd, to the main branch. This is also the suggested workaround in actions/checkout#766. This fix can be removed in the future when a patch has been applied to the action ecosystem (See actions/checkout#766). I will keep this issue open until an upstream fix has been applied.

[AgiMaulana-Justika]

it's happen to me too

[rickstaa]

@Intrepidd Thanks for reporting this. This might be due to spec changes in Git v2.35.2. Other actions I am a collaborator of also have problems. We might be able to use the workaround in reviewdog/action-yamllint#19. I will try to investigate this at the weekend.

[Intrepidd]

Fabulous, thanks a lot

[Intrepidd]

I opened #11 if you want to take a look into it :)

[bakoontz2]

I opened #11 if you want to take a look into it :)

I forked and tried your fix, unfortunately still getting the same error.

[Kobzol]

I have also tried this fix manually in my CI (as a step right before running action-create-tag) and it didn't help :/

[tiagoalmeidadarosa]

@bakoontz2 and @Kobzol In my fork I did a change in the docker file too (I just updated the alpine version to the latest) after adding the change in the #11 and it worked, look here: tiagoalmeidadarosa@6bf19be
Maybe it helps

[Kobzol]

Right, using a different git version is also probably a part of the cure. For me, CI broke when the Docker image started using 2.34.2-r0 instead of 2.34.1-r0. Maybe it would be useful to pin the git version in the Dockerfile.

[bakoontz2]

@tiagoalmeidadarosa Sadly that didn't work for me.

I followed the trail here and ended up hacking my build yaml:

    - uses: actions/checkout@v2

    - name: "Change perms on GITHUB_WORKSPACE"
      run: |
        sudo chown -R root:root $GITHUB_WORKSPACE
        sudo chmod -R 0777 $GITHUB_WORKSPACE

But I certainly don't consider this a real fix.

[rickstaa]

I quickly looked at the issue, and it seems to be caused by https://github.blog/2022-04-12-git-security-vulnerability-announced/. People came up with multiple workarounds in the last few days to fix this issue (this StackOverflow post). Two of these workarounds are found in #11, and #10 (comment) are two.

A statement from the GitHub theme is found at actions/checkout#766. They already incorporated a fix for this in the GitHub/checkout action and are now looking for a fix at the actions ecosystem level. I think the best solution is to use the @Kobzol suggestion and temporarily fix the git version to 2.34.1-r0.

I'm also happy to incorporate the workarounds given #11. Please let me know what you think is the best solution.

[bakoontz2]

@rickstaa #11 didn't work for me, so I'm not sure what that will accomplish. Although I do find it amusing I have sudo access in a runner, and there doesn't seem to be any security issue with this.

[rickstaa]

@bakoontz2 did you try changing the docker alpine version as explained in #10 (comment)? Nonetheless, my preference still goes to temporary fixing the git version till the Github team fixes the issue upstream. I will, however, wait till tomorrow so that others can also give their two cents.

[bakoontz2]

@rickstaa Working on that fix now...

[rickstaa]

Great! If you want to test a solution you can use https://github.com/rickstaa/action-test-repo/tree/test/action-create-tag for testing PR found in this repo (see rickstaa/action-test-repo#67).

[rickstaa]

@bakoontz2 I tried pinning the GitHub version to fix this issue (see #12). I, however, was not able to create a working docker in the short amount of time I had available for fixing #10. I tested the @Intrepidd solution, and it seems to work on all my systems. For now, I will therefore merge #10 into the main branch. It is both the recommended workaround (see actions/checkout#766) and the solution used in the majority of actions affected by this bug.

Can you please provide a reproducible example of why #10 is not working for you?

Tests

• ✅ [UPSTREAM_BUG] Error: fatal: not in a git directory #10: https://github.com/rickstaa/action-test-repo/actions/runs/2225431303
• ❌ fix: apply hotfix for git security error #10 #12: https://github.com/rickstaa/action-test-repo/runs/6171914493?check_suite_focus=true

[rickstaa]

I applied #11 to the main branch please test it out. 🚀

[bakoontz2]

@rickstaa I test v1.3.0 (which I believe has #11 applied), and all is working again. Thank you!

[Kobzol]

I can confirm that it also works for me! (I also upgraded to checkout@v3, not sure if that's necessary). Thanks :)

[rickstaa]

@bakoontz2 and @Kobzol, thanks a lot for letting me know! The fix should also work with checkout@v2. I added checkout@v3 to the README to be sure people do not get this error for other steps in the same job (see actions/checkout#766).