From cc42267d4f0637ddfa12608be74e40a3647e7436 Mon Sep 17 00:00:00 2001
From: Krzysztof Kalinowski <krzysztof.kalinowski@reef.pl>
Date: Tue, 7 Feb 2023 10:19:27 +0100
Subject: [PATCH] Marking all directories as safe in CI/CD
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Despite actions/checkout already doing this, `setuptools_scm` fails
on linux (and only on linux) because of "detected dubious ownership
in repository" error. This is connected to (among others):
- https://github.com/actions/checkout/issues/1048
- https://github.com/actions/runner-images/issues/6775
- https://github.blog/2022-04-12-git-security-vulnerability-announced/

What more:
- Our git version is 2.30.2, while the issue should be noticable from 2.35
- On Jan 11 there was upgrade to Ubuntu 22.04 git version, but to 2.4x – so
  it should affect us
- Issue appeared on Dec 2022 and disappeared without a trace, it'd mean
  that some dependencies changes in the meantime
- actions/checkout@v3 already does this operation for exactly the directory
  it's pulling the repository in

Current "dirty fix" is proposed until a better solution is found.
---
 .github/workflows/cd.yml | 1 +
 .github/workflows/ci.yml | 1 +
 CHANGELOG.md             | 1 +
 3 files changed, 3 insertions(+)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 11b9dc7ae..95159782f 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -69,6 +69,7 @@ jobs:
           apt-get -y update
           apt-get -y install patchelf
           python -m pip install --upgrade nox pip setuptools
+          git config --global --add safe.directory '*'
       - name: Bundle the distribution
         id: bundle
         run: nox -vs bundle >> $GITHUB_OUTPUT
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d047d5b82..5200db371 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -121,6 +121,7 @@ jobs:
           apt-get -y update
           apt-get -y install patchelf
           python -m pip install --upgrade nox pip setuptools
+          git config --global --add safe.directory '*'
       - name: Bundle the distribution
         id: bundle
         run: nox -vs bundle >> $GITHUB_OUTPUT
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d26da9caa..e2acad82f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * GitHub CI uses GITHUB_OUTPUT instead of deprecated set-output
 * Releases now feature digests of each file
 * Change default Python version in CI/CD to 3.11
+* Temporary marking all directories as `safe.directory` inside CI/CD when bundling
 
 ## [3.6.0] - 2022-09-20