Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ci] fix git checkout for CI jobs (fixes #5151) #5152

Merged
merged 1 commit into from
Apr 15, 2022
Merged

[ci] fix git checkout for CI jobs (fixes #5151) #5152

merged 1 commit into from
Apr 15, 2022

Conversation

jameslamb
Copy link
Collaborator

Fixes #5151.

A security vulnerability was recently discovered in git, where the use of global git config files like C:\.git\config could allow one user to run arbitrary code as another user. Detailed at https://github.blog/2022-04-12-git-security-vulnerability-announced/.

As reported in actions/checkout#760, something in the combination of how the checkout GitHub Action works, how containerized GitHub Actions jobs work, and the security patches published to newer versions of git is causing LightGBM's containerized CI jobs on GitHub Actions to fail.

This PR proposes fixing that issue by explicitly telling git to trust the directory the checkout action clones into.

Notes for Reviewers

I hope we'll be able to revert this in the future if/when there is a change to https://github.com/actions/checkout. Just putting up this PR for now to unblock development on the project.

@jameslamb jameslamb marked this pull request as ready for review April 14, 2022 04:39
@jameslamb jameslamb requested a review from StrikerRUS as a code owner April 14, 2022 04:39
This was referenced Apr 15, 2022
Merged
Merged
StrikerRUS
StrikerRUS approved these changes Apr 15, 2022
View reviewed changes
Copy link
Collaborator

@StrikerRUS StrikerRUS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for quick workaround!

@StrikerRUS StrikerRUS merged commit 3ad26a4 into master Apr 15, 2022
@StrikerRUS StrikerRUS deleted the fix/git-ci branch April 15, 2022 02:17
This was referenced Apr 22, 2022
Merged
Merged
@jameslamb jameslamb mentioned this pull request Oct 7, 2022
Closed
40 tasks
@jameslamb jameslamb mentioned this pull request Dec 30, 2022
Merged
@github-actions
Copy link

This pull request has been automatically locked since there has not been any recent activity since it was closed. To start a new related discussion, open a new issue at https://github.com/microsoft/LightGBM/issues including a reference to this.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@StrikerRUS StrikerRUS StrikerRUS approved these changes

Assignees
No one assigned
Labels
maintenance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ci] containerized CI jobs failing: "unsafe repository"
2 participants
@jameslamb @StrikerRUS