fix(safe-outputs): trust cross-repo checkout dirs from manifest (dubious ownership)

[dsyme]

Summary

Fixes #40079.

Safe-outputs create_pull_request (and other git-running handlers) fail with Failed to pin branch '<branch>' when a workflow uses a cross-repository checkout into a subdirectory (e.g. ${GITHUB_WORKSPACE}/github). The branch exists locally, but git aborts the git rev-parse pinning command with "dubious ownership" because the subdirectory is a separate git repository that was never trusted as a safe.directory.

Root cause

actions/setup/sh/configure_git_credentials.sh only added GITHUB_WORKSPACE as a git safe.directory. The safe-outputs MCP server resolves cross-repo checkouts to subdirectories (repoCwd, from the checkout manifest) and runs git there — those directories were untrusted.

Fix

configure_git_credentials.sh now consults the checkout manifest ($RUNNER_TEMP/gh-aw/safeoutputs/checkout-manifest.json, or GH_AW_CHECKOUT_MANIFEST) and adds each recorded cross-repo checkout subdirectory (${GITHUB_WORKSPACE}/<path>) as a safe.directory, alongside the workspace itself.

• Uses node (already present in both the agent job and the gh-aw-node container) to parse the JSON manifest.
• Defensively rejects manifest paths that resolve outside the workspace (path traversal).
• No-ops gracefully when the manifest, RUNNER_TEMP, or node are absent.

Tests

Added actions/setup/js/configure_git_credentials.test.cjs covering:

• cross-repo subdirectories trusted from the manifest
• empty-path entries skipped
• path-traversal entries rejected
• GH_AW_CHECKOUT_MANIFEST override honored
• no-manifest case still succeeds

[Copilot]

Pull request overview

This PR addresses safe-outputs failures when workflows perform cross-repository checkouts into workspace subdirectories by expanding git safe.directory configuration to include checkout subdirectories recorded in the checkout manifest, preventing “dubious ownership” errors during local git operations.

Changes:

• Extend actions/setup/sh/configure_git_credentials.sh to parse the checkout manifest (optionally overridden via GH_AW_CHECKOUT_MANIFEST) and add each in-workspace checkout subdirectory to git config --global safe.directory.
• Add Vitest coverage for manifest-based safe.directory behavior, including path traversal rejection and override support.

Show a summary per file

File	Description
actions/setup/sh/configure_git_credentials.sh	Adds manifest-driven safe.directory entries for cross-repo checkout subdirectories to avoid dubious ownership failures in safe-outputs handlers.
actions/setup/js/configure_git_credentials.test.cjs	Adds unit tests validating safe.directory additions, traversal rejection, override behavior, and no-manifest behavior.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 2

[github-actions]

Comment Memory

CI lights the path
Green checks bloom at dawn
Quiet bots still sing

Note

This comment is managed by comment memory.

It stores persistent context for this thread in the code block at the top of this comment.
Edit only the text inside the backtick fences; workflow metadata and the footer are regenerated automatically.

Learn more about comment memory

Generated by 🧪 Smoke CI for issue #40080 · ◷