fatal: detected dubious ownership in repository at '/github/workspace'

[MarcinWieczorek]

First of all thank you for creating the action, but I really need to use progressive mode. I have a legacy codebase with many errors. Linting only files changed in the commit would be even better than progressive mode, is it possible with this action?

Progressive mode doesn't seem to be working properly.
I don't have enough knowledge to establish if this is an issue with ansible-lint or your action.

My config:

progressive: true

My workflow:

name: Ansible Lint
on: [push, pull_request]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - name: Run ansible-lint
        uses: ansible-community/ansible-lint-action@main

Action output:

Run ansible-community/ansible-lint-action@main
/usr/bin/docker run --name quayioansiblecreatoreev095_ab0a3a --label 290506 --workdir /github/workspace --rm -e "INPUT_PATH" -e "INPUT_ARGS" -e "GITHUB_ACTIONS" -e "GITHUB_WORKFLOW" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true --entrypoint "/usr/local/bin/ansible-lint" -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/ansible-action/ansible-action":"/github/workspace" quay.io/ansible/creator-ee:v0.9.5  "-vvv" "--show-relpath"
DEBUG    Logging initialized to level 10
DEBUG    Options: Namespace(cache_dir='/github/home/.cache/ansible-compat/21a323', colored=False, configured=True, cwd=PosixPath('/github/workspace'), display_relative_path=False, exclude_paths=['.cache', '.git', '.hg', '.svn', '.tox'], format='rich', lintables=[], listrules=False, listtags=False, write_list=[], parseable=False, quiet=False, rulesdirs=['/usr/local/lib/python3.10/site-packages/ansiblelint/rules'], skip_list=[], tags=[], verbosity=3, warn_list=['avoid-implicit', 'experimental', 'fqcn[action]', 'fqcn[redirect]', 'jinja[spacing]', 'name[casing]', 'name[play]', 'role-name', 'warning[empty-playbook]'], kinds=[{'jinja2': '**/*.j2'}, {'jinja2': '**/*.j2.*'}, {'yaml': '.github/**/*.{yaml,yml}'}, {'text': '**/templates/**/*.*'}, {'execution-environment': '**/execution-environment.yml'}, {'ansible-lint-config': '**/.ansible-lint'}, {'ansible-lint-config': '**/.config/ansible-lint.yml'}, {'ansible-navigator-config': '**/ansible-navigator.{yaml,yml}'}, {'inventory': '**/inventory/**.{yaml,yml}'}, {'requirements': '**/meta/requirements.{yaml,yml}'}, {'galaxy': '**/galaxy.yml'}, {'reno': '**/releasenotes/*/*.{yaml,yml}'}, {'tasks': '**/tasks/**/*.{yaml,yml}'}, {'playbook': '**/playbooks/*.{yml,yaml}'}, {'playbook': '**/*playbook*.{yml,yaml}'}, {'role': '**/roles/*/'}, {'handlers': '**/handlers/*.{yaml,yml}'}, {'vars': '**/{host_vars,group_vars,vars,defaults}/**/*.{yaml,yml}'}, {'test-meta': '**/tests/integration/targets/*/meta/main.{yaml,yml}'}, {'meta': '**/meta/main.{yaml,yml}'}, {'meta-runtime': '**/meta/runtime.{yaml,yml}'}, {'arg_specs': '**/meta/argument_specs.{yaml,yml}'}, {'yaml': '.config/molecule/config.{yaml,yml}'}, {'requirements': '**/molecule/*/{collections,requirements}.{yaml,yml}'}, {'yaml': '**/molecule/*/{base,molecule}.{yaml,yml}'}, {'requirements': '**/requirements.{yaml,yml}'}, {'playbook': '**/molecule/*/*.{yaml,yml}'}, {'yaml': '**/{.ansible-lint,.yamllint}'}, {'yaml': '**/*.{yaml,yml}'}, {'yaml': '**/.*.{yaml,yml}'}], mock_filters=[], mock_modules=[], mock_roles=[], loop_var_prefix=None, var_naming_pattern=None, offline=False, project_dir='.', extra_vars=None, enable_list=[], skip_action_validation=True, strict=False, rules={}, profile=None, progressive=True, rulesdir=[], use_default_rules=False, config_file='/github/workspace/.ansible-lint', version=False, cache_dir_lock=<filelock._unix.UnixFileLock object at 0x7f9ab15bacb0>)
DEBUG    /github/workspace
INFO     Set ANSIBLE_LIBRARY=/github/home/.cache/ansible-compat/21a323/modules:/github/home/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/github/home/.cache/ansible-compat/21a323/collections:/github/home/.ansible/collections:/usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/github/home/.cache/ansible-compat/21a323/roles:/github/home/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Set ANSIBLE_LIBRARY=/github/home/.cache/ansible-compat/21a323/modules:/github/home/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/github/home/.cache/ansible-compat/21a323/collections:/github/home/.ansible/collections:/usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/github/home/.cache/ansible-compat/21a323/roles:/github/home/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
DEBUG    Effective yamllint rules used: {'braces': {'level': 'error', 'forbid': False, 'min-spaces-inside': 0, 'max-spaces-inside': 1, 'min-spaces-inside-empty': -1, 'max-spaces-inside-empty': -1}, 'brackets': {'level': 'error', 'forbid': False, 'min-spaces-inside': 0, 'max-spaces-inside': 0, 'min-spaces-inside-empty': -1, 'max-spaces-inside-empty': -1}, 'colons': {'level': 'error', 'max-spaces-before': 0, 'max-spaces-after': 1}, 'commas': {'level': 'error', 'max-spaces-before': 0, 'min-spaces-after': 1, 'max-spaces-after': 1}, 'comments': {'level': 'warning', 'require-starting-space': True, 'ignore-shebangs': True, 'min-spaces-from-content': 1}, 'comments-indentation': False, 'document-end': False, 'document-start': False, 'empty-lines': {'level': 'error', 'max': 2, 'max-start': 0, 'max-end': 0}, 'empty-values': False, 'float-values': False, 'hyphens': {'level': 'error', 'max-spaces-after': 1}, 'indentation': {'level': 'error', 'spaces': 'consistent', 'indent-sequences': True, 'check-multi-line-strings': False}, 'key-duplicates': {'level': 'error'}, 'key-ordering': False, 'line-length': {'level': 'error', 'max': 160, 'allow-non-breakable-words': True, 'allow-non-breakable-inline-mappings': False}, 'new-line-at-end-of-file': {'level': 'error'}, 'new-lines': {'level': 'error', 'type': 'unix'}, 'octal-values': False, 'quoted-strings': False, 'trailing-spaces': {'level': 'error'}, 'truthy': {'level': 'warning', 'allowed-values': ['true', 'false'], 'check-keys': True}}
WARNING  Failed to discover lintable files using git: fatal: detected dubious ownership in repository at '/github/workspace'
To add an exception for this directory, call:

	git config --global --add safe.directory /github/workspace
INFO     Looking up for files, excluding .cache|.git|.hg|.svn|.tox ...
INFO     Executing syntax check on playbook2/playbook2.yml (0.57s)
INFO     Executing syntax check on playbook1/playbook1.yml (0.59s)
DEBUG    Examining playbook1/playbook1.yml of type playbook
WARNING  Ignored exception from VariableNamingRule.<bound method VariableNamingRule.matchyaml of var-naming: All variables should be named using only lowercase and underscores.> while processing playbook1/playbook1.yml (playbook): 'NoneType' object has no attribute 'keys'
DEBUG    Examining playbook2/playbook2.yml of type playbook
WARNING  Ignored exception from VariableNamingRule.<bound method VariableNamingRule.matchyaml of var-naming: All variables should be named using only lowercase and underscores.> while processing playbook2/playbook2.yml (playbook): 'NoneType' object has no attribute 'keys'
INFO     Matches found, running again on previous revision in order to detect regressions
Traceback (most recent call last):
  File "/usr/local/bin/ansible-lint", line 8, in <module>
    sys.exit(_run_cli_entrypoint())
  File "/usr/local/lib/python3.10/site-packages/ansiblelint/__main__.py", line 314, in _run_cli_entrypoint
    sys.exit(main(sys.argv))
  File "/usr/local/lib/python3.10/site-packages/ansiblelint/__main__.py", line 223, in main
    with _previous_revision():
  File "/usr/lib64/python3.10/contextlib.py", line 135, in __enter__
    return next(self.gen)
  File "/usr/local/lib/python3.10/site-packages/ansiblelint/__main__.py", line 276, in _previous_revision
    revision = subprocess.run(
  File "/usr/lib64/python3.10/subprocess.py", line 524, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['git', 'rev-parse', 'HEAD^1']' returned non-zero exit status 128.

[ssbarnea]

Progressive mode does not work for you became you did not make a full checkout.

[MarcinWieczorek]

I have tried using current example from the README, still the same error. I have tried fetch-depth before I posted this issue. I set it to 0 just to make sure, but I think 2 should also be allowed.

[MarcinWieczorek]

Can I expect further help or maybe reopening the issue if necessary?

[ssbarnea]

@MarcinWieczorek Please post a link to a job failing. If original repo is not public, create a public one that contains the minimum code needed for reproducing the error.

[MarcinWieczorek]

I have made my playground public. https://github.com/MarcinWieczorek/ansible-action

[ghalse]

Just to note I get the same error when using progressive on v6.10.2, even with fetch-depth 0.

[ssbarnea]

Some details on https://medium.com/@thecodinganalyst/git-detect-dubious-ownership-in-repository-e7f33037a8f -- I am working on a fix, even if the root cause is not originating from us, being likely a GHA container engine misconfiguration.

[ssbarnea]

https://github.com/ansible/ansible-lint-action/releases/tag/v6.11.0 fixed that.

[MarcinWieczorek]

I can confirm that this works. Thanks!

I'm looking forward to use this action and maybe help improving the ansible-lint itself as proposed in this discussion:
ansible/ansible-lint#1412
Now that the action works I believe it will be easier ;)

[ssbarnea]

@MarcinWieczorek You are more than welcomed. This one took longer than expected to fix because it was a far edge-case.