Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GH actions are always failing to Git safe directory error, but returning success #1221

Closed
tuminoid opened this issue Jan 23, 2024 · 0 comments · Fixed by #1223
Closed

GH actions are always failing to Git safe directory error, but returning success #1221

tuminoid opened this issue Jan 23, 2024 · 0 comments · Fixed by #1223

Comments

@tuminoid
Copy link
Contributor

tuminoid commented Jan 23, 2024
edited
Loading

Hello tag security maintainers!

I randomly noticed that your Github actions are always failing to Git safe directory check, but returning success, ie. false positives.

In the Makefile you have targets that are called like make links, and then in ci/links.sh you want to iterate over changed files via for file_name in $(git diff --name-only $HEAD main); do but git returns nothing on stdout due safe directory failure (all output goes to stderr), so you end up linting nothing in any of your actions. set -e is not enabled for the scripts, so it just falls thru.

For example, on PR #1202 linter action logs

Run make lint
Running lint...


Creating network "tag-security_default" with the default driver
Creating tag-security_lint_run ... 
Creating tag-security_lint_run ... done

added [5](https://github.com/cncf/tag-security/actions/runs/7559235882/job/20582614675?pr=1202#step:3:6)9 packages in 3s

1[8](https://github.com/cncf/tag-security/actions/runs/7559235882/job/20582614675?pr=1202#step:3:9) packages are looking for funding
  run `npm fund` for details
npm notice 
npm notice New minor version of npm available! [10](https://github.com/cncf/tag-security/actions/runs/7559235882/job/20582614675?pr=1202#step:3:11).2.3 -> 10.3.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v10.3.0>
npm notice Run `npm install -g [email protected]` to update!
npm notice 
fatal: detected dubious ownership in repository at '/usr/src/app'
To add an exception for this directory, call:

	git config --global --add safe.directory /usr/src/app
warning: Not a git repository. Use --no-index to compare two paths outside a working tree
usage: git diff --no-index [<options>] <path> <path>
...

Same for spell check, links check and even the setup job.

If you run the linters locally over the repository content as suggested by the ci/*.sh scripts, you get:

  • about 10000+ markdownlinter complaints
  • 10000+ spelling errors (not including failing every word on the spanish whitepaper....)
  • 460 broken links

and so on.

This failure can be reproduced locally with make links, make lint, make spelling, as node:18 image used is also using recent enough Git.

edit: adjusted the numbers after actually counting them here: #1223 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: fix ci linter scripts Nordix/tag-security
1 participant
@tuminoid