`git` broken on latest `1.14.0` image

[Ocramius]

Bug Report

1.14.0 crashes and leaks repository secrets.

Q	A
Version(s)	1.14.0

Summary

The 1.14.0 image has now been dropped, as a security precaution.

Two problems arise:

1. in case of git operations failing, we get a crash with un-masked secrets (really bad, although not exploitable, luckily)
2. because git added "security" around operating on repositories owned by other users, we have crashing release processes, like https://github.com/scoutapp/scout-apm-php-ext/runs/7518545888?check_suite_focus=true

Related: laminas/laminas-continuous-integration-action#99

[Ocramius]

I verified that 2 pull operations happened for 1.14.0: one was me, one was @asgrim. No other affected users, so deleting the tag was a safe approach here.

Yes, I did delete the git tag and the docker image too.

[Ocramius]

We basically need a post-startup git config --global --add safe.directory '*' command to be executed, I think.

[Ocramius]

Probably need to use a better credential handling around the token: https://stackoverflow.com/a/61465734/347063

That's something that we just need to test somehow 🤔

[weierophinney]

I've seen #199 - will you be addressing the safe.directory setting in a separate PR?

[Ocramius]

I hope so: needed to go AFK in a hurry, so I couldn't finish what I started