feat: set and remove git safe directory

__test__/git-auth-helper.int.test.ts

@@ -46,4 +46,25 @@ describe('git-auth-helper tests', () => {
 
     await gitAuthHelper.removeAuth()
   })
+
+  it('tests adding and removing the safe.directory config', async () => {
+    await git.config('safe.directory', '/another-value', true, true)
+
+    await gitAuthHelper.removeSafeDirectory()
+    await gitAuthHelper.addSafeDirectory()
+
+    expect(
+      await git.configExists('safe.directory', REPO_PATH, true)
+    ).toBeTruthy()
+
+    await gitAuthHelper.addSafeDirectory()
+    await gitAuthHelper.removeSafeDirectory()
+
+    expect(
+      await git.configExists('safe.directory', REPO_PATH, true)
+    ).toBeFalsy()
+    expect(
+      await git.configExists('safe.directory', '/another-value', true)
+    ).toBeTruthy()
+  })
 })

dist/index.js

@@ -332,8 +332,9 @@ function createPullRequest(inputs) {
             // Create a git command manager
             const git = yield git_command_manager_1.GitCommandManager.create(repoPath);
             // Save and unset the extraheader auth config if it exists
-            core.startGroup('Save persisted git credentials');
+            core.startGroup('Prepare git configuration');
             gitAuthHelper = new git_auth_helper_1.GitAuthHelper(git);
+            yield gitAuthHelper.addSafeDirectory();
             yield gitAuthHelper.savePersistedAuth();
             core.endGroup();
             // Init the GitHub client
@@ -491,9 +492,10 @@ function createPullRequest(inputs) {
         }
         finally {
             // Remove auth and restore persisted auth config if it existed
-            core.startGroup('Restore persisted git credentials');
+            core.startGroup('Restore git configuration');
             yield gitAuthHelper.removeAuth();
             yield gitAuthHelper.restorePersistedAuth();
+            yield gitAuthHelper.removeSafeDirectory();
             core.endGroup();
         }
     });
@@ -549,14 +551,33 @@ const url_1 = __nccwpck_require__(7310);
 const utils = __importStar(__nccwpck_require__(918));
 class GitAuthHelper {
     constructor(git) {
+        this.safeDirectoryConfigKey = 'safe.directory';
+        this.safeDirectoryAdded = false;
         this.extraheaderConfigPlaceholderValue = 'AUTHORIZATION: basic ***';
         this.extraheaderConfigValueRegex = '^AUTHORIZATION:';
         this.persistedExtraheaderConfigValue = '';
         this.git = git;
-        this.gitConfigPath = path.join(this.git.getWorkingDirectory(), '.git', 'config');
+        this.workingDirectory = this.git.getWorkingDirectory();
+        this.gitConfigPath = path.join(this.workingDirectory, '.git', 'config');
         const serverUrl = this.getServerUrl();
         this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader`;
     }
+    addSafeDirectory() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const exists = yield this.git.configExists(this.safeDirectoryConfigKey, this.workingDirectory, true);
+            if (!exists) {
+                yield this.git.config(this.safeDirectoryConfigKey, this.workingDirectory, true, true);
+                this.safeDirectoryAdded = true;
+            }
+        });
+    }
+    removeSafeDirectory() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.safeDirectoryAdded) {
+                yield this.git.tryConfigUnset(this.safeDirectoryConfigKey, this.workingDirectory, true);
+            }
+        });
+    }
     savePersistedAuth() {
         return __awaiter(this, void 0, void 0, function* () {
             // Save and unset persisted extraheader credential in git config if it exists
@@ -737,14 +758,14 @@ class GitCommandManager {
             return yield this.exec(args, allowAllExitCodes);
         });
     }
-    config(configKey, configValue, globalConfig) {
+    config(configKey, configValue, globalConfig, add) {
         return __awaiter(this, void 0, void 0, function* () {
-            yield this.exec([
+            const args = ['config', globalConfig ? '--global' : '--local'];
-                'config',
+            if (add) {
-                globalConfig ? '--global' : '--local',
+                args.push('--add');
-                configKey,
+            }
-                configValue
+            args.push(...[configKey, configValue]);
-            ]);
+            yield this.exec(args);
         });
     }
     configExists(configKey, configValue = '.', globalConfig) {

src/create-pull-request.ts

@@ -45,8 +45,9 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
     const git = await GitCommandManager.create(repoPath)
 
     // Save and unset the extraheader auth config if it exists
-    core.startGroup('Save persisted git credentials')
+    core.startGroup('Prepare git configuration')
     gitAuthHelper = new GitAuthHelper(git)
+    await gitAuthHelper.addSafeDirectory()
     await gitAuthHelper.savePersistedAuth()
     core.endGroup()
 
@@ -252,9 +253,10 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
     core.setFailed(utils.getErrorMessage(error))
   } finally {
     // Remove auth and restore persisted auth config if it existed
-    core.startGroup('Restore persisted git credentials')
+    core.startGroup('Restore git configuration')
     await gitAuthHelper.removeAuth()
     await gitAuthHelper.restorePersistedAuth()
+    await gitAuthHelper.removeSafeDirectory()
     core.endGroup()
   }
 }

src/git-auth-helper.ts

@@ -8,6 +8,9 @@ import * as utils from './utils'
 export class GitAuthHelper {
   private git: GitCommandManager
   private gitConfigPath: string
+  private workingDirectory: string
+  private safeDirectoryConfigKey = 'safe.directory'
+  private safeDirectoryAdded = false
   private extraheaderConfigKey: string
   private extraheaderConfigPlaceholderValue = 'AUTHORIZATION: basic ***'
   private extraheaderConfigValueRegex = '^AUTHORIZATION:'
@@ -15,15 +18,39 @@ export class GitAuthHelper {
 
   constructor(git: GitCommandManager) {
     this.git = git
-    this.gitConfigPath = path.join(
+    this.workingDirectory = this.git.getWorkingDirectory()
-      this.git.getWorkingDirectory(),
+    this.gitConfigPath = path.join(this.workingDirectory, '.git', 'config')
-      '.git',
-      'config'
-    )
     const serverUrl = this.getServerUrl()
     this.extraheaderConfigKey = `http.${serverUrl.origin}/.extraheader`
   }
 
+  async addSafeDirectory(): Promise<void> {
+    const exists = await this.git.configExists(
+      this.safeDirectoryConfigKey,
+      this.workingDirectory,
+      true
+    )
+    if (!exists) {
+      await this.git.config(
+        this.safeDirectoryConfigKey,
+        this.workingDirectory,
+        true,
+        true
+      )
+      this.safeDirectoryAdded = true
+    }
+  }
+
+  async removeSafeDirectory(): Promise<void> {
+    if (this.safeDirectoryAdded) {
+      await this.git.tryConfigUnset(
+        this.safeDirectoryConfigKey,
+        this.workingDirectory,
+        true
+      )
+    }
+  }
+
   async savePersistedAuth(): Promise<void> {
     // Save and unset persisted extraheader credential in git config if it exists
     this.persistedExtraheaderConfigValue = await this.getAndUnset()

src/git-command-manager.ts

@@ -72,14 +72,15 @@ export class GitCommandManager {
   async config(
     configKey: string,
     configValue: string,
-    globalConfig?: boolean
+    globalConfig?: boolean,
+    add?: boolean
   ): Promise<void> {
-    await this.exec([
+    const args: string[] = ['config', globalConfig ? '--global' : '--local']
-      'config',
+    if (add) {
-      globalConfig ? '--global' : '--local',
+      args.push('--add')
-      configKey,
+    }
-      configValue
+    args.push(...[configKey, configValue])
-    ])
+    await this.exec(args)
   }
 
   async configExists(