Summary
When a workflow uses a cross-repository checkout into a subdirectory (e.g. ${GITHUB_WORKSPACE}/github), the safe-outputs create_pull_request handler fails with:
{"result":"error","error":"Failed to pin branch 'dsyme/ci-perf/seeds-runner-track4-workload...'"}
The branch genuinely exists locally (the agent's own git branch --list confirms it), so the failure is not a missing branch.
Root cause
The safe-outputs MCP server runs git inside the cross-repo checkout subdirectory (repoCwd, resolved from the checkout manifest). That subdirectory is a separate git repository whose top-level is not GITHUB_WORKSPACE.
actions/setup/sh/configure_git_credentials.sh only adds GITHUB_WORKSPACE as a git safe.directory. The cross-repo checkout subdirectories are never trusted, so when the pinning step runs git rev-parse --verify refs/heads/<branch>^{commit} in that directory, git aborts with "dubious ownership". This surfaces as Failed to pin branch.
Evidence from the run: the agent's recovery step ran git config --global --add safe.directory /home/runner/work/github-automation/github-automation/github and then the git branch --list succeeded — confirming the dubious-ownership diagnosis.
Fix
configure_git_credentials.sh should consult the checkout manifest ($RUNNER_TEMP/gh-aw/safeoutputs/checkout-manifest.json) and add each cross-repo checkout path (${GITHUB_WORKSPACE}/<path>) as a git safe.directory, in addition to GITHUB_WORKSPACE.
Repro context
- Failing run: github/github-automation actions run 27759556197 (job 82130420621)
- Workflow:
.github/workflows/ci-perf.lock.yml
Summary
When a workflow uses a cross-repository checkout into a subdirectory (e.g.
${GITHUB_WORKSPACE}/github), the safe-outputscreate_pull_requesthandler fails with:The branch genuinely exists locally (the agent's own
git branch --listconfirms it), so the failure is not a missing branch.Root cause
The safe-outputs MCP server runs git inside the cross-repo checkout subdirectory (
repoCwd, resolved from the checkout manifest). That subdirectory is a separate git repository whose top-level is notGITHUB_WORKSPACE.actions/setup/sh/configure_git_credentials.shonly addsGITHUB_WORKSPACEas a gitsafe.directory. The cross-repo checkout subdirectories are never trusted, so when the pinning step runsgit rev-parse --verify refs/heads/<branch>^{commit}in that directory, git aborts with "dubious ownership". This surfaces asFailed to pin branch.Evidence from the run: the agent's recovery step ran
git config --global --add safe.directory /home/runner/work/github-automation/github-automation/githuband then thegit branch --listsucceeded — confirming the dubious-ownership diagnosis.Fix
configure_git_credentials.shshould consult the checkout manifest ($RUNNER_TEMP/gh-aw/safeoutputs/checkout-manifest.json) and add each cross-repo checkout path (${GITHUB_WORKSPACE}/<path>) as a gitsafe.directory, in addition toGITHUB_WORKSPACE.Repro context
.github/workflows/ci-perf.lock.yml