From 7a80dd1c39fc4ba387147c2cd2116f468fb5a704 Mon Sep 17 00:00:00 2001
From: Matthias Wild <Mauwii@outlook.de>
Date: Sat, 16 Sep 2023 20:47:17 +0200
Subject: [PATCH] fix checkout-action (#36)

* fix git checkout action
- Git version 2.35.2 introduces security fix that breaks action\checkout
- https://github.com/actions/checkout/issues/760

* update README

* execute Docker Scout only on PRs

* add examples for secrets and vars file

* add elif to cspell

* add .secrets and .vars to .gitignore
---
 .cspell.json             |  1 +
 .github/workflows/ci.yml |  9 +++++----
 .gitignore               |  2 ++
 .secrets.example         |  1 +
 .vars.example            |  1 +
 README.md                | 32 ++++++++++++++++++++++++++++----
 linux/ubuntu/Dockerfile  |  5 ++++-
 7 files changed, 42 insertions(+), 9 deletions(-)
 create mode 100644 .secrets.example
 create mode 100644 .vars.example

diff --git a/.cspell.json b/.cspell.json
index 56a831a..effec13 100644
--- a/.cspell.json
+++ b/.cspell.json
@@ -33,6 +33,7 @@
     "dnsutils",
     "dockerhub",
     "dpkg",
+    "elif",
     "fakeroot",
     "getversion",
     "gfortran",
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 35c19a8..dadf30d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -192,17 +192,18 @@ jobs:
       - name: Docker Scout
         id: docker-scout
         uses: docker/scout-action@v0.23.4
+        if: github.event_name == 'pull_request'
         with:
           # platform: linux/amd64
           command: sbom,compare
-          image: ${{ github.ref == 'refs/heads/main' && steps.meta.outputs.tags || env.PATH_TO_IMAGE }}
-          type: ${{ github.ref == 'refs/heads/main' && 'image' || 'archive' }}
+          image: ${{ env.PATH_TO_IMAGE }}
+          type: archive
           to: ${{ env.TO_TAG }}
           ignore-unchanged: true
           only-severities: critical
-          write-comment: ${{ github.event_name == 'pull_request' && github.actor != 'nektos/act' }}
+          write-comment: ${{ github.actor != 'nektos/act' }}
           keep-previous-comments: true
-          summary: ${{ github.event_name == 'pull_request' && github.actor != 'nektos/act' }}
+          summary: ${{ github.actor != 'nektos/act' }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
           organization: ${{ vars.DOCKERHUB_USER || github.repository_owner }}
 
diff --git a/.gitignore b/.gitignore
index 549fbd5..d1a4f6e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
 megalinter-reports/
+.secrets
+.vars
\ No newline at end of file
diff --git a/.secrets.example b/.secrets.example
new file mode 100644
index 0000000..1fe3bd5
--- /dev/null
+++ b/.secrets.example
@@ -0,0 +1 @@
+DOCKERHUB_TOKEN=<keep-me-secret>
diff --git a/.vars.example b/.vars.example
new file mode 100644
index 0000000..2495db1
--- /dev/null
+++ b/.vars.example
@@ -0,0 +1 @@
+DOCKERHUB_USER=<your_docker_hub_user>
diff --git a/README.md b/README.md
index 1f0bd36..c06ecdf 100644
--- a/README.md
+++ b/README.md
@@ -46,18 +46,42 @@ documentation📖][nektosDocs]
 
 ## How I run act on my M2-Max 💻
 
-- didnt work properly when installed via brew, so I installed it via GitHub-CLI:
+- installed HEAD Version of act via brew
 
   ```bash
-  gh extension install https://github.com/nektos/gh-act
+  brew install --HEAD act
   ```
 
-- set an alias:
+- set an alias to always pass the GITHUB_TOKEN
 
   ```bash
-  alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"'
+  # always add gh auth token to act
+  if validate_command act; then
+      alias act='act -s GITHUB_TOKEN="$(gh auth token)"'
+  # add alias to use gh act as act if gh-act is installed and act is not found
+  elif gh extension list | grep -q "nektos/gh-act"; then
+      alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"'
+  fi
   ```
 
+> Previously I had issues when using the brew version of act, which seem to be gone 🥳
+>
+> But if you run into kind of the same issues, this is how I used it as a github cli extension:
+>
+> - didnt work properly when installed via brew, so I installed it via GitHub-CLI:
+>
+>   ```bash
+>   gh extension install https://github.com/nektos/gh-act
+>   ```
+>
+> - set an alias:
+>
+>   ```bash
+>   if gh extension list | grep -q "nektos/gh-act"; then
+>     alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"'
+>   fi
+>   ```
+
 - Docker-Desktop settings:
 
   - Advanced:
diff --git a/linux/ubuntu/Dockerfile b/linux/ubuntu/Dockerfile
index 43b545b..e958a30 100644
--- a/linux/ubuntu/Dockerfile
+++ b/linux/ubuntu/Dockerfile
@@ -68,9 +68,12 @@ RUN bash -c "$(curl -fsSL https://raw.githubusercontent.com/ilikenwf/apt-fast/ma
     && rm -rf /var/lib/apt/lists/*
 
 # Install current version of git
+# hadolint ignore=SC2035
 RUN add-apt-repository -y ppa:git-core/ppa \
     && apt-get -y update \
-    && apt-get -y install --no-install-recommends git \
+    && apt-get -y install --no-install-recommends \
+        git \
+    && git config --global safe.directory * \
     && apt-get clean \
     && rm -rf /etc/apt/sources.list.d/* \
     && rm -rf /var/lib/apt/lists/*