(WIP) Testing workaround for git upstream change ref 8959555ce (v0.01)

See https://github.blog/2022-04-12-git-security-vulnerability-announced/ we're running as: uid=1001(runner) gid=121(docker) groups=121(docker),4(adm),101(systemd-journal) See actions/checkout#47 Change-Id: I9e0520626ca4090abeb519fb8cc04b92c8bf9c7c
sipwise · Apr 15, 2022 · 871ac4c · 871ac4c
1 parent a7f0d41
commit 871ac4c
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 1 deletion.
diff --git a/.github/actions/debpkg-sid/entrypoint.sh b/.github/actions/debpkg-sid/entrypoint.sh
@@ -6,6 +6,19 @@ echo "*** Starting execution of '$0' ***"
 echo "** Installing build dependencies **"
 apt-get -y build-dep .
 
+echo "Running as"
+id
+
+echo "Debug: groups"
+getent group
+
+echo "Debug: users"
+getent passwd
+
+echo "Debug: trying to identify 1001/121 user"
+id 1001 || true
+groups $(id -un) || true
+
 echo "** Building Debian package **"
 dpkg-buildpackage
 

diff --git a/.github/workflows/debpkg.yml b/.github/workflows/debpkg.yml
@@ -38,6 +38,19 @@ jobs:
     - name: Checkout source
       uses: actions/checkout@v2
 
+    - name: User information
+      run: id
+
+    - name: File listing (before)
+      run: find . -ls
+
+    - name: Fix permissions
+      run: chown -R root:root ./
+
+    - name: File listing (after)
+      run: find . -ls
+
+
     - name: Execute Docker debpkg action
       uses: ./.github/actions/debpkg-sid
 

diff --git a/Makefile b/Makefile
@@ -61,5 +61,6 @@ perlcheck:
 
 test:
 	mkdir -p $(RESULTS)
+	id || true
 	cd t ; py.test-3 --junit-xml=$(RESULTS)/pytest.xml -vv -l
 # EOF
diff --git a/t/fixtures/programs.py b/t/fixtures/programs.py
@@ -1,5 +1,6 @@
 import pytest
 from os import getuid
+import os
 from pathlib import Path
 import subprocess
 import sys
@@ -147,18 +148,24 @@ def process_pool(env, cfg, git):
         src = cfg.get("ngcpcfg", key_base)
         copy_tree(src, src, dst_pool)
         cfg.set("ngcpcfg", key_base, str(dst_pool))
+
+        print("debugging: running as user {}".format(getuid()))
+        print("debugging: directory listing: {}".format(os.system("ls -la")))
+
         ex, out, err = git.add("templates")
         assert ex == 0
         # print("{}\nstdout:\n{}stderr:{}\n".format("git add", out, err))
         env[key_base] = cfg.get("ngcpcfg", key_base)
         # for now we only support TEMPLATE_POOL_BASE
         env["SERVICES_POOL_BASE"] = env[key_base]
         cfg.set("ngcpcfg", "SERVICES_POOL_BASE", str(dst_pool))
+
         # each CONFIG_TOOL dir has to be a git repository
         for dir in cfg.get("ngcpcfg", "CONFIG_POOL").split(' '):
             dir_path = Path(outdir).joinpath(dir[1:])
             print("create empty git repository at {}".format(dir_path))
             gitrepo.extract_archive(str(EMPTY_GIT), dir_path)
+            print("debugging: directory listing: {}".format(os.system("ls -la")))
 
     def process_conf(env, cfg, git):
         base = Path(cfg.get("ngcpcfg", "NGCPCTL_MAIN"))
@@ -201,6 +208,7 @@ def prepare_conf(env={}):
         with gitrepo.in_folder(ngcpctl_dir) as git:
             git.config("user.email", "fake@pytest.fake")
             git.config("user.name", "pytest")
+            git.config("--global --add safe.directory", "*")
             process_conf(testenv, config, git)
             # generate NGCPCFG with config values
             testenv["NGCPCFG"] = gen_cfg(config, ngcpctl_dir)
@@ -296,4 +304,4 @@ def run(helper, *args, env={}):
         )
         return result
 
-    return run
+    return run