diff --git a/lib/impl/sandbox_helper.sh b/lib/impl/sandbox_helper.sh
index 294fc6b..8b76ae1 100644
--- a/lib/impl/sandbox_helper.sh
+++ b/lib/impl/sandbox_helper.sh
@@ -28,18 +28,19 @@ while [[ $# -gt 0 ]]; do
       ;;
     *)
       echo "Unknown option: $1" >&2
+      echo "use --include-dirty, --no-sandbox, --keep-tmp and --keep-env <ENV>" >&2
       exit 1
       ;;
   esac
 done
 
-if [ "$NO_SANDBOX" = false ]; then
+if [ $NO_SANDBOX = false ]; then
   echo "Running with simple sandboxing"
-  TMPDIR=$(mktemp -dt "nix-gitlab-ci.XXX")
-  if [ "$KEEP_TMP" = false ]; then
-    trap "rm -rf '$TMPDIR'" EXIT
+  NGCI_TMPDIR=$(mktemp -dt "nix-gitlab-ci.XXX")
+  if [ $KEEP_TMP = false ]; then
+    trap "rm -rf '$NGCI_TMPDIR'" EXIT
   else
-    echo "Temp dir will be preserved at: $TMPDIR"
+    echo "Temp dir will be preserved at: $NGCI_TMPDIR"
   fi
 
   # check if dirty
@@ -50,14 +51,15 @@ if [ "$NO_SANDBOX" = false ]; then
     git diff --staged > "$DIRTY_PATCH"
     trap "rm -f '$DIRTY_PATCH'" EXIT
   fi
-  git clone . $TMPDIR
-  pushd $TMPDIR >/dev/null
-  if [[ ! -z "$DIRTY_PATCH" && "$INCLUDE_DIRTY" = true ]]; then
+  git clone . $NGCI_TMPDIR
+  pushd $NGCI_TMPDIR >/dev/null
+  if [[ ! -z "$DIRTY_PATCH" && $INCLUDE_DIRTY = true ]]; then
     echo "Copying dirty changes..."
     git apply "$DIRTY_PATCH" 2>/dev/null || echo "Failed to copy dirty changes"
+    git add . # required so the files are staged again
   fi
 
-  echo "Running job in $TMPDIR"
+  echo "Running job in $NGCI_TMPDIR"
   env -i $(
     if [[ -n "$KEEP_ENV" ]]; then
       IFS=',' read -ra VARS <<< "$KEEP_ENV"