From 881b1e766efc16a8dcd78c0f435875b194d77bb2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Otto=20S=C3=B6derholm?= <otto.soderholm@iki.fi>
Date: Wed, 20 Apr 2022 15:42:19 +0300
Subject: [PATCH 1/7] Fix https://github.com/actions/checkout/issues/760

---
 entrypoint.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/entrypoint.sh b/entrypoint.sh
index c1b3f3e..3df91d5 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -15,6 +15,7 @@ GIT_SSH_NO_VERIFY_HOST=${INPUT_GIT_SSH_NO_VERIFY_HOST}
 GIT_SSH_KNOWN_HOSTS=${INPUT_GIT_SSH_KNOWN_HOSTS}
 HAS_CHECKED_OUT="$(git rev-parse --is-inside-work-tree 2>/dev/null || /bin/true)"
 
+git config --global --add safe.directory /github/workspace
 
 if [[ "${HAS_CHECKED_OUT}" != "true" ]]; then
     echo "WARNING: repo not checked out; attempting checkout" > /dev/stderr

From 8d60e57f2abf4483d5e4b8fe0fa8ef472209c56b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Otto=20S=C3=B6derholm?= <otto.soderholm@iki.fi>
Date: Wed, 20 Apr 2022 16:15:01 +0300
Subject: [PATCH 2/7] Clean up check if inside git working tree

---
 entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 3df91d5..32d135a 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -13,7 +13,7 @@ GIT_SSH_PUBLIC_KEY=${INPUT_GIT_SSH_PUBLIC_KEY}
 GIT_PUSH_ARGS=${INPUT_GIT_PUSH_ARGS:-"--tags --force --prune"}
 GIT_SSH_NO_VERIFY_HOST=${INPUT_GIT_SSH_NO_VERIFY_HOST}
 GIT_SSH_KNOWN_HOSTS=${INPUT_GIT_SSH_KNOWN_HOSTS}
-HAS_CHECKED_OUT="$(git rev-parse --is-inside-work-tree 2>/dev/null || /bin/true)"
+HAS_CHECKED_OUT="$(git rev-parse --is-inside-work-tree 2>/dev/null)"
 
 git config --global --add safe.directory /github/workspace
 

From 63fcdaa633f3993d553bbe7c87c3191922174720 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Otto=20S=C3=B6derholm?= <otto.soderholm@iki.fi>
Date: Wed, 20 Apr 2022 16:23:12 +0300
Subject: [PATCH 3/7] Revert previous commit and and move safe.directory

---
 entrypoint.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 32d135a..2c47495 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -5,6 +5,8 @@ if [[ "${DEBUG}" -eq "true" ]]; then
     set -x
 fi
 
+git config --global --add safe.directory /github/workspace
+
 GIT_USERNAME=${INPUT_GIT_USERNAME:-${GIT_USERNAME:-"git"}}
 REMOTE=${INPUT_REMOTE:-"$*"}
 REMOTE_NAME=${INPUT_REMOTE_NAME:-"mirror"}
@@ -13,9 +15,7 @@ GIT_SSH_PUBLIC_KEY=${INPUT_GIT_SSH_PUBLIC_KEY}
 GIT_PUSH_ARGS=${INPUT_GIT_PUSH_ARGS:-"--tags --force --prune"}
 GIT_SSH_NO_VERIFY_HOST=${INPUT_GIT_SSH_NO_VERIFY_HOST}
 GIT_SSH_KNOWN_HOSTS=${INPUT_GIT_SSH_KNOWN_HOSTS}
-HAS_CHECKED_OUT="$(git rev-parse --is-inside-work-tree 2>/dev/null)"
-
-git config --global --add safe.directory /github/workspace
+HAS_CHECKED_OUT="$(git rev-parse --is-inside-work-tree 2>/dev/null || /bin/true)"
 
 if [[ "${HAS_CHECKED_OUT}" != "true" ]]; then
     echo "WARNING: repo not checked out; attempting checkout" > /dev/stderr

From 4db353efe616b472b8f716bd000ce5d1f9087698 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Otto=20S=C3=B6derholm?= <otto.soderholm@iki.fi>
Date: Wed, 20 Apr 2022 16:47:56 +0300
Subject: [PATCH 4/7] Upgrade action/checkout to v3

---
 .github/workflows/main.yml |  4 +++-
 README.md                  | 12 +++++++++---
 entrypoint.sh              |  2 +-
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 811d394..ceb8fd3 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -18,7 +18,9 @@ jobs:
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
     - name: mirror-repository
       uses: spyoungtech/mirror-action@v0.5.0
       with:
diff --git a/README.md b/README.md
index 57a6b87..3662f1f 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,9 @@ For example, this project uses the following workflow to mirror from GitHub to G
 on: [push]
   ...
       steps:
-        - uses: actions/checkout@v1
+        - uses: actions/checkout@v3
+          with:
+            fetch-depth: 0
         - uses: yesolutions/mirror-action@master
           with:
             REMOTE: 'https://gitlab.com/spyoungtech/mirror-action.git'
@@ -40,7 +42,9 @@ Pretty much the same, but using `GIT_SSH_PRIVATE_KEY` and `GIT_SSH_KNOWN_HOSTS`
 
 ```yaml
       steps:
-        - uses: actions/checkout@v1
+        - uses: actions/checkout@v3
+          with:
+            fetch-depth: 0
         - uses: yesolutions/mirror-action@master
           with:
             REMOTE: 'ssh://git@gitlab.com/spyoungtech/mirror-action.git'
@@ -58,7 +62,9 @@ you can do so by using the `GIT_SSH_NO_VERIFY_HOST` input option. e.g.
 
 ```yaml
       steps:
-        - uses: actions/checkout@v1
+        - uses: actions/checkout@v3
+          with:
+            fetch-depth: 0
         - uses: yesolutions/mirror-action@master
           with:
             REMOTE: git@gitlab.com/spyoungtech/mirror-action.git
diff --git a/entrypoint.sh b/entrypoint.sh
index 2c47495..5099097 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -22,7 +22,7 @@ if [[ "${HAS_CHECKED_OUT}" != "true" ]]; then
     echo "WARNING: this may result in missing commits in the remote mirror" > /dev/stderr
     echo "WARNING: this behavior is deprecated and will be removed in a future release" > /dev/stderr
     echo "WARNING: to remove this warning add the following to your yml job steps:" > /dev/stderr
-    echo " - uses: actions/checkout@v1" > /dev/stderr
+    echo " - uses: actions/checkout@v3" > /dev/stderr
     if [[ "${SRC_REPO}" -eq "" ]]; then
         echo "WARNING: SRC_REPO env variable not defined" > /dev/stderr
         SRC_REPO="https://github.com/${GITHUB_REPOSITORY}.git" > /dev/stderr

From 86c3ac85cf052cf37480dcf388843d9cbffabbf3 Mon Sep 17 00:00:00 2001
From: Spencer Phillip Young <spencer.young@spyoung.com>
Date: Wed, 20 Apr 2022 11:24:55 -0700
Subject: [PATCH 5/7] Update main.yml

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ceb8fd3..c2e88a6 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -22,7 +22,7 @@ jobs:
       with:
         fetch-depth: 0
     - name: mirror-repository
-      uses: spyoungtech/mirror-action@v0.5.0
+      uses: spyoungtech/mirror-action@cve-2022-24765
       with:
         REMOTE: git@gitlab.com:spyoungtech/mirror-action.git
         GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_KEY }}

From 67c5257e719986247dadcb2cd8a4779f4eaf2ccf Mon Sep 17 00:00:00 2001
From: Spencer Phillip Young <spencer.young@spyoung.com>
Date: Wed, 20 Apr 2022 18:33:34 -0700
Subject: [PATCH 6/7] pin upstream image

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 00080c2..a602e88 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine/git:latest
+FROM alpine/git@sha256:ec76d75a4b5367f16cf6dc859e23c06656761ad4dfcb1716c1800582ce05f5e8
 
 RUN apk --no-cache add bash
 

From ab56006544b8d7037226f1d24d41ffce5b69d691 Mon Sep 17 00:00:00 2001
From: Spencer Phillip Young <spencer.young@spyoung.com>
Date: Thu, 21 Apr 2022 00:13:52 -0700
Subject: [PATCH 7/7] use 0.5.1

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index c2e88a6..08bd0e7 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -22,7 +22,7 @@ jobs:
       with:
         fetch-depth: 0
     - name: mirror-repository
-      uses: spyoungtech/mirror-action@cve-2022-24765
+      uses: spyoungtech/mirror-action@v0.5.1
       with:
         REMOTE: git@gitlab.com:spyoungtech/mirror-action.git
         GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_KEY }}