Set safe.directory within the container-based GH Action step

The LaTeX step that does the pr-pdfs workflow's actual PDF generation runs as our own GitHub Action, so runs within a Docker container and hence as a different Unix user from the uid that owns the checked-out files. As described in actions/checkout#766, such actions need to work around recent Git's directory ownership security check by marking the repository directory as a Git safe.directory. (IMHO this is something that should be taken care of by the GH runner's setup for container-based steps.) Make a separate run.sh entrypoint script so we can add this easily, and take advantage of the new script to improve the step's logging.
samtools · Feb 9, 2023 · 0957dd9 · 0957dd9
1 parent 778115b
commit 0957dd9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/.github/actions/texlive/action.yaml b/.github/actions/texlive/action.yaml
@@ -9,7 +9,6 @@ inputs:
 runs:
   using: docker
   image: docker://texlive/texlive:latest
-  entrypoint: /bin/sh
+  entrypoint: .github/actions/texlive/run.sh
   args:
-    - -c
     - ${{ inputs.run }}
diff --git a/.github/actions/texlive/run.sh b/.github/actions/texlive/run.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# This action runs inside a Docker container, running as a different Unix user
+# from the owner of the checked-out files. Avoid Git's directory ownership
+# security check by marking the repository directory as safe for Git, using
+# a path reflecting where it is mounted within the container.
+echo
+echo Marking repository directory as Git-safe
+echo "[command]git config --global --add safe.directory \"$GITHUB_WORKSPACE\""
+git config --global --add safe.directory "$GITHUB_WORKSPACE" || exit
+
+for cmd
+do
+    echo
+    echo "[command]$cmd"
+    eval "$cmd" || exit
+done