New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix git permission issue in CI build #5089
Conversation
8d18263
to
4a02fa8
Compare
Codecov Report
@@ Coverage Diff @@
## main #5089 +/- ##
=======================================
Coverage 89.60% 89.61%
=======================================
Files 227 227
Lines 51620 51619 -1
=======================================
+ Hits 46253 46256 +3
+ Misses 5367 5363 -4
Continue to review full report at Codecov.
|
e07d50a
to
ca29c2d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the better approach here is to make git skip that check by adjusting the configuration as we do in other places. E.g. 17844a4087
I am in favor of fixing the permission problem than disabling the new Git security checks. In this specific case, we have a mismatch between the owner of the checkout directory and the checkout. Is there any technical problem with this solution? You mentioned in Slack, that the user is controlled by the GitHub runner. This is true, but if GitHub decides to let the workflow run as another user as root, a lot of things (e.g., |
Running a recursive chown is several orders of magnitude slower than adjusting the git config and this does not account for the additional runtime of the check itself. The suggested solution with chown only works for that specific user and prevents sharing the checkout between multiple steps when the checkout directory is bind mounted into docker containers as we do in some of the other workflows. |
cd3ba04
to
1568cfa
Compare
The new permissions checks to fix CVE-2022-29187 in Git caused some issues in our CI pipeline. This patch adds the checkout directory to Git's "safe.directory" setting.
1568cfa
to
1593e4f
Compare
@svenklemm Changed, let's do in that way. |
The new permissions checks to fix CVE-2022-29187 in Git caused some issues in our CI pipeline. This patch adds the checkout directory to Git's "safe.directory" setting.
Failed CI run: https://github.com/timescale/timescaledb/actions/runs/3690974658/jobs/6248545042