From ff79373d88ff0391204b07e1816ffff7bf9d52c6 Mon Sep 17 00:00:00 2001
From: "bingshen.wbs" <bingshen.wbs@alibaba-inc.com>
Date: Thu, 14 Apr 2022 15:56:48 +0800
Subject: [PATCH] fix ci git permission add src  to safe dir refer:
 https://github.blog/2022-04-12-git-security-vulnerability-announced/

Signed-off-by: bingshen.wbs <bingshen.wbs@alibaba-inc.com>
---
 .github/workflows/build.yml | 3 ++-
 hack/lib/release-images.sh  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4c7b725..d58e48b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -66,4 +66,5 @@ jobs:
       - name: Build and push
         env:
           REPO: ${{ env.ALI_REGISTRY }}
-        run: make REPO=$REPO push
\ No newline at end of file
+        run: make REPO=$REPO push
+        if: ${{ github.event_name != 'pull_request' && github.event.action != 'unassigned' }}
diff --git a/hack/lib/release-images.sh b/hack/lib/release-images.sh
index 5036b75..6a87f6e 100644
--- a/hack/lib/release-images.sh
+++ b/hack/lib/release-images.sh
@@ -56,6 +56,7 @@ build_multi_arch_binaries() {
         apk --no-cache add bash git; \
         cd /opt/src; umask 0022; \
         rm -rf ${YURT_BIN_DIR}/* ;"
+    sub_commands+="git config --global --add safe.directory /opt/src; "
     sub_commands+="GOARCH=amd64 bash ./hack/make-rules/build.sh ${bin_target}; "
     sub_commands+="chown -R $(id -u):$(id -g) /opt/src/_output"