From 99b7c93b132fc9624b9c9074da69c2d388f90881 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Salom=C3=A9=20Voltz?= Date: Wed, 20 Aug 2025 16:38:14 +0200 Subject: [PATCH 1/2] chore(git_shell): bypass git dubious ownership errors --- ..._running_into_an_ownership_issue_in_git.md | 42 +++++++++++++++++++ ggshield/utils/git_shell.py | 8 +++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md diff --git a/changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md b/changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md new file mode 100644 index 0000000000..c3e704c6ce --- /dev/null +++ b/changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md @@ -0,0 +1,42 @@ + + + + + +### Changed + +- Bypass git dubious ownership errors by default. + + + + diff --git a/ggshield/utils/git_shell.py b/ggshield/utils/git_shell.py index 5fae533ca1..c61dfe1bc6 100644 --- a/ggshield/utils/git_shell.py +++ b/ggshield/utils/git_shell.py @@ -214,7 +214,13 @@ def git( logger.debug("command=%s timeout=%d", command, timeout) result = subprocess.run( ( - [_get_git_path(), "-c", "core.quotePath=false"] + [ + _get_git_path(), + "-c", + "core.quotePath=false", + "-c", + "safe.directory=*", + ] + ( ["-c", "core.longpaths=true"] if platform.system() == "Windows" From 7dde64bd5513384aa3862e492afffbaaaca498e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Salom=C3=A9=20Voltz?= Date: Thu, 21 Aug 2025 17:34:13 +0200 Subject: [PATCH 2/2] chore(docker-config): Simplify config and remove entrypoint --- Dockerfile | 1 - ...gshield_running_into_an_ownership_issue_in_git.md | 2 +- docker/actions-secret-entrypoint.sh | 2 +- docker/entrypoint.sh | 12 ------------ 4 files changed, 2 insertions(+), 15 deletions(-) delete mode 100755 docker/entrypoint.sh diff --git a/Dockerfile b/Dockerfile index d6e51277e7..09beb71a94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,5 +24,4 @@ RUN pip install . WORKDIR /data VOLUME [ "/data" ] -ENTRYPOINT ["/app/docker/entrypoint.sh"] CMD ["ggshield"] diff --git a/changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md b/changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md index c3e704c6ce..0593091bf1 100644 --- a/changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md +++ b/changelog.d/20250820_163548_salome.voltz_scrt_5812_investigate_ggshield_running_into_an_ownership_issue_in_git.md @@ -18,7 +18,7 @@ For top level release notes, leave all the headers commented out. --> -### Changed +### Fixed - Bypass git dubious ownership errors by default. diff --git a/docker/actions-secret-entrypoint.sh b/docker/actions-secret-entrypoint.sh index 477274484b..7e3254199d 100755 --- a/docker/actions-secret-entrypoint.sh +++ b/docker/actions-secret-entrypoint.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash set -euo pipefail args=("$@") -exec /app/docker/entrypoint.sh ggshield secret scan -v ${args[@]} ci +exec ggshield secret scan -v ${args[@]} ci diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100755 index 7c045a3269..0000000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -export GG_GIT_CONFIG=/tmp/ggshield-git-config - -# Mark the current directory as safe. If we don't do this, git commands fail -# because the source in $PWD is owned by a different user than our `app` user. -# -# We use our own git config because ggshield ignores the global git configuration file. -git config --file "$GG_GIT_CONFIG" --add safe.directory "$PWD" - -exec "$@"