fix: enhance entrypoint script with repository path validation and safe directory configuration (#207)

github-actions[bot] · ChristophShyper · web-flow · commit 1fe3c8f517b3 · 2026-05-23T01:41:12.000+02:00
Co-authored-by: ChristophShyper &lt;45788587+ChristophShyper@users.noreply.github.com&gt;
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -48,21 +48,24 @@ if [[ ! -d "${REPO_DIR}" ]]; then
   echo "[ERROR] Repository path does not exist: ${REPO_DIR}"
   exit 1
 fi
-if ! git -C "${REPO_DIR}" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
-  echo "[ERROR] Path is not a git repository: ${REPO_DIR}"
-  exit 1
-fi
-echo "[INFO] Using repository path: ${REPO_DIR}"
 
 # Keep all global git config isolated to a temp file
 export GIT_CONFIG_GLOBAL
 GIT_CONFIG_GLOBAL="$(mktemp /tmp/action-commit-push-git-config-XXXXXX)"
 trap 'rm -f "${GIT_CONFIG_GLOBAL}"' EXIT
 
-# Set git credentials
+# Configure safe directories before git repo validation
 git config --global safe.directory "${GITHUB_WORKSPACE}"
 git config --global safe.directory /github/workspace
 git config --global safe.directory "${REPO_DIR}"
+
+if ! git -C "${REPO_DIR}" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+  echo "[ERROR] Path is not a git repository: ${REPO_DIR}"
+  exit 1
+fi
+echo "[INFO] Using repository path: ${REPO_DIR}"
+
+# Set git credentials
 git -C "${REPO_DIR}" remote set-url origin "https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@${INPUT_ORGANIZATION_DOMAIN}/${GITHUB_REPOSITORY}"
 git -C "${REPO_DIR}" config user.name "${GITHUB_ACTOR}"
 git -C "${REPO_DIR}" config user.email "${GITHUB_ACTOR}@users.noreply.${INPUT_ORGANIZATION_DOMAIN}"
diff --git a/tests/docker/local-image.yml b/tests/docker/local-image.yml
@@ -23,6 +23,34 @@ commandTests:
     args:
       - -lc
       - test ! -e /git-lfs*.deb
+
+  - name: Entrypoint handles default repository path
+    command: bash
+    args:
+      - -lc
+      - |
+        set -e
+        rm -rf /tmp/ws /tmp/remote.git
+        mkdir -p /tmp/ws
+        git init /tmp/ws
+        git -C /tmp/ws config user.name test
+        git -C /tmp/ws config user.email test@example.com
+        touch /tmp/ws/.keep
+        git -C /tmp/ws add .
+        git -C /tmp/ws commit -m init
+        git init --bare /tmp/remote.git
+        git -C /tmp/ws remote add origin /tmp/remote.git
+        GITHUB_WORKSPACE=/tmp/ws \
+        GITHUB_ACTOR=tester \
+        GITHUB_REPOSITORY=owner/repo \
+        GITHUB_OUTPUT=/tmp/github_output.txt \
+        GITHUB_TOKEN=fake \
+        INPUT_ORGANIZATION_DOMAIN=github.com \
+        INPUT_REPOSITORY_PATH=. \
+        INPUT_AMEND=false \
+        INPUT_ALLOW_EMPTY_COMMIT=false \
+        INPUT_TARGET_BRANCH='' \
+        /entrypoint.sh
 fileExistenceTests:
   - name: entrypoint exists
     path: /entrypoint.sh
