Skip to content

Fix: disable git's safe.directory handling completely (for testuser) #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 14, 2022
Merged

Fix: disable git's safe.directory handling completely (for testuser) #97

merged 1 commit into from
Jun 14, 2022

Conversation

Ocramius
Copy link
Member

This commit repeats 42ae46d ( #95 ),
but this time accounts for the fact that we run our CI operations with the testuser
account.

Q A
Documentation no
Bugfix yes
BC Break no
New Feature no
RFC no
QA no

@Ocramius
Fix: disable git's safe.directory handling completely (for `testu…
585739f 
…ser`)

This commit repeats 42ae46d ( laminas#95 ),
but this time accounts for the fact that we run our CI operations with the `testuser`
account.
@Ocramius Ocramius added the Bug Something isn't working label Jun 14, 2022
@Ocramius Ocramius added this to the 1.20.2 milestone Jun 14, 2022
@Ocramius Ocramius self-assigned this Jun 14, 2022
@Ocramius
Copy link
Member Author

YOLO shipping this to see if it fixes laminas/laminas-validator#129 builds.

Sorry for anyone having to watch me merge un-reviewed changes 🙈

@Ocramius Ocramius merged commit 7608d35 into laminas:1.20.x Jun 14, 2022
@Ocramius Ocramius deleted the fix/allow-git-operations-on-untrusted-repositories branch June 14, 2022 08:55
@github-actions github-actions bot mentioned this pull request Jun 14, 2022
Merged
@Ocramius
Copy link
Member Author

Still looks like it's broken: https://github.com/laminas/laminas-validator/runs/6877065969

🤷

Ideas anybody?

@gsteel
Copy link
Member

gsteel commented Jun 14, 2022

Not really… But can the container run under UID 1000?
actions/checkout#760 (comment)

Or, can the git config command be run from a shell script before checkout? I'm just guessing, but it's like the sudo in dockerfile isn't targeting the correct user maybe?

@gsteel
Copy link
Member

gsteel commented Jun 14, 2022

Also, the checkout is chowned after checkout in entrypoint.sh - that implies that the checkout is not performed by testuser. Could the git config call be moved to entrypoint.sh?

laminas-continuous-integration-action/entrypoint.sh

Line 209 in 5b833b4

chown -R testuser .

@Ocramius
Copy link
Member Author

But can the container run under UID 1000?

It probably can, but there's no guarantee that the worker will stay stable with UID 1000.

Also, the checkout is chowned after checkout in entrypoint.sh - that implies that the checkout is not performed by testuser. Could the git config call be moved to entrypoint.sh?

We can probably adjust entrypoint.sh too, yes!

@gsteel gsteel mentioned this pull request Jun 14, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Ocramius Ocramius

Labels
Bug Something isn't working
Projects
None yet
Milestone
1.20.2
Development

Successfully merging this pull request may close these issues.
2 participants
@Ocramius @gsteel