From 4bc702cd84dcb20ebf0a475c30efc4d96ac9207f Mon Sep 17 00:00:00 2001
From: "max.mehl" <max.mehl@fsfe.org>
Date: Fri, 5 Aug 2022 13:30:41 +0200
Subject: [PATCH 1/3] add workspace as safe Git directory

Implement a wrapper as entrypoint that sets the correct Git permissions and
uses the environment variable to define the workspace directory.
---
 Dockerfile              |  6 +++---
 reuse-action-wrapper.sh | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100755 reuse-action-wrapper.sh

diff --git a/Dockerfile b/Dockerfile
index c605ee4..e8b979b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,9 +4,9 @@
 
 FROM fsfe/reuse:latest
 
-# Go to automatically mounted workspace
-WORKDIR /github/workspace
+# Copy reuse wrapper used as entrypoint
+COPY reuse-action-wrapper.sh /bin/reuse-action-wrapper
 
 # Run reuse lint
-ENTRYPOINT ["reuse"]
+ENTRYPOINT ["/bin/reuse-action-wrapper"]
 CMD ["lint"]
diff --git a/reuse-action-wrapper.sh b/reuse-action-wrapper.sh
new file mode 100755
index 0000000..a728cba
--- /dev/null
+++ b/reuse-action-wrapper.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env sh
+
+# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. <https://fsfe.org>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Set workspace directory as safe Git directory
+# See https://github.blog/2022-04-12-git-security-vulnerability-announced/
+git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+# Enter directory
+cd "$GITHUB_WORKSPACE" || exit 1
+
+# Run REUSE
+reuse "$@"

From 5ae4d611ea34297c05053b4f32440a1e63579174 Mon Sep 17 00:00:00 2001
From: "max.mehl" <max.mehl@fsfe.org>
Date: Fri, 5 Aug 2022 14:23:14 +0200
Subject: [PATCH 2/3] test some other commands in local action

---
 .github/workflows/reuse.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index f6a4e1d..86e426c 100644
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -10,8 +10,16 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: REUSE Compliance Check
+    - uses: actions/checkout@v3
+    - name: REUSE version
+      uses: ./
+      with:
+        args: --version
+    - name: REUSE lint
       uses: ./
       with:
         args: --include-submodules lint
+    - name: REUSE SPDX SBOM
+      uses: ./
+      with:
+        args: spdx

From a085ecfc94d691576bfa207bc87819e2ae670f66 Mon Sep 17 00:00:00 2001
From: "max.mehl" <max.mehl@fsfe.org>
Date: Fri, 5 Aug 2022 14:25:15 +0200
Subject: [PATCH 3/3] update checkout action to v3

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 5389f2a..757f98a 100644
--- a/README.md
+++ b/README.md
@@ -38,8 +38,8 @@ on: [push, pull_request]
 jobs:
   test:
     runs-on: ubuntu-latest
-    steps: 
-    - uses: actions/checkout@v2
+    steps:
+    - uses: actions/checkout@v3
     - name: REUSE Compliance Check
       uses: fsfe/reuse-action@v1
 ```
@@ -47,8 +47,8 @@ jobs:
 If you would like to run other subcommands, you could use the following snippet which outputs a the SPDX bill of materials:
 
 ```yml
-    - uses: actions/checkout@v2
-    - name: REUSE Compliance Check
+    - uses: actions/checkout@v3
+    - name: REUSE SPDX SBOM
       uses: fsfe/reuse-action@v1
       with:
         args: spdx
@@ -57,7 +57,7 @@ If you would like to run other subcommands, you could use the following snippet
 In the same fashion, it is possible to add optional arguments like `--include-submodules`:
 
 ```yml
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: REUSE Compliance Check
       uses: fsfe/reuse-action@v1
       with: