Possible bug / security issue with checkout action

[avahoffman]

@cansavvy wanted to make sure you saw this.

We were having some render-all workflows failing at git checkout:
https://github.com/jhudsl/GDSCN_Book_Statistics_for_Genomics_scRNA-seq/runs/8164703061?check_suite_focus=true
jhudsl/GDSCN_Book_Statistics_for_Genomics_scRNA-seq#11

Run git config --local user.email "itcrtrainingnetwork@gmail.com"
fatal: --local can only be used inside a git repository
Error: Process completed with exit code 128.

This looks similar to the issue here.

We solved it with the following (example here):

    steps:
      - name: Checkout files
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      # Set up git checkout
      - name: Set up git checkout
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git config --local user.email "itcrtrainingnetwork@gmail.com"
          git config --local user.name "jhudsl-robot"

Not sure if we want to implement this just yet, since the checkout actions team might have a fix for it. Suggest keeping a close eye on it!

[cansavvy]

Thanks for digging into this, @avahoffman If it's something that makes OTTR unusable, we should probably implement this fix and then we can undo the fix after the checkout bug is fixed.

[avahoffman]

@cansavvy I'm not really sure what's causing it. I relaunched a render-all in another repo and it was fine 🤔 Maybe something specific to the syncs?

[cansavvy]

Maybe something specific to the syncs?

Are you saying this because it has only happened with syncs and your regular PRs are running fine?

[cansavvy]

https://github.com/jhudsl/Documentation_and_Usability/runs/8165984943?check_suite_focus=true

This problem doesn't arise in syncs from general OTTR_Template. I think it may be something related to the pull_request.yml changes in AnVIL_Template. Happy to help look into it further. But I do believe this means this is not an OTTR_Template problem generally but an AnVIL_Template problem.

But let's keep this issue open until we know the real source of the problem. Either way, knowing the source of the issue is informative.

[avahoffman]

That's what I thought initially, but it's failing on a part of pull-request that we haven't changed.

I encountered a similar problem with an OTTR repo before that was fixed by changing the action version. The initial issue here seems to be related to the version of git running on the container.

I don't think we need to do anything now, just wanted to document this error so it's not maddening when someone else runs across it since this fix seems to work for now 🙂

[cansavvy]

There is an action required and ran before the render-preview that could affect it though. But I haven't looked into this enough.

So far, I'm not able to replicate the error so far which makes it all the more mysterious. I'll look into it later.

Thanks for documenting it, I agree that's a good call!

[avahoffman]

so mysterious haha. I'll look into it more time permitting!

[cansavvy]

I think now that we bumped up to @v4 this is addressed! But we can reopen if we see anything happening again!