From 88c4fc90d68cdf2c512446ccb8631876c21aafbe Mon Sep 17 00:00:00 2001
From: Denis Blanchette <dblanchette@coveo.com>
Date: Mon, 7 Oct 2024 10:29:25 -0400
Subject: [PATCH] fix: Add git safe directory

---
 .github/workflows/java-maven-openjdk-codeql.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/java-maven-openjdk-codeql.yml b/.github/workflows/java-maven-openjdk-codeql.yml
index 52d419d..fc7b7cc 100644
--- a/.github/workflows/java-maven-openjdk-codeql.yml
+++ b/.github/workflows/java-maven-openjdk-codeql.yml
@@ -40,6 +40,11 @@ jobs:
       security-events: write
 
     steps:
+      # Allow calling Git on a working copy owned by another user than the current one.
+      # see: https://github.blog/2022-04-12-git-security-vulnerability-announced/
+      - name: Git directory permission fix
+        run: git config --global --add safe.directory $GITHUB_WORKSPACE
+
       # Fix HOME variable as GitHub is overriding it, and it breaks assumptions from maven.
       - run: echo "HOME=/root" >> $GITHUB_ENV