GitLab CI: add git safe dir for project root

The GitLab CI runner mounts the $CI_PROJECT_DIR git project root from the outside but does not align the ownership of that directory with the user of the docker container. By that, git does not allow to perform any operation on that repository. As this is a well-known case, we mark that directory as a safe dir if running in GitLab CI. Xref: siemens#141 Signed-off-by: Felix Moessbauer <[email protected]>
fmoessbauer · Feb 13, 2025 · 0798fdc · 0798fdc
1 parent 0f773aa
commit 0798fdc
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/kas/libcmds.py b/kas/libcmds.py
@@ -310,13 +310,19 @@ def _setup_gitconfig(self):
                 if os.environ.get('GIT_CREDENTIAL_USEHTTPPATH', False):
                     config['credential']['useHttpPath'] = \
                         os.environ.get('GIT_CREDENTIAL_USEHTTPPATH')
-            # in GitLab CI, add ssh -> https rewrites if no config is present
-            ci_server = os.environ.get('CI_SERVER_HOST', None)
-            if get_context().managed_env == ME.GITLAB_CI and ci_server and \
-                    not self._ssh_config_present() and \
+
+            if get_context().managed_env == ME.GITLAB_CI and \
                     not os.path.exists(gitconfig_host):
-                logging.debug('Adding GitLab CI ssh -> https rewrites')
-                self._setup_gitlab_ci_ssh_rewrite(config)
+                ci_project_dir = os.environ.get('CI_PROJECT_DIR', False)
+                if ci_project_dir:
+                    logging.debug('Adding git safe.directory %s',
+                                  ci_project_dir)
+                    config.add_value('safe', 'directory', ci_project_dir)
+
+                ci_server = os.environ.get('CI_SERVER_HOST', None)
+                if ci_server and not self._ssh_config_present():
+                    logging.debug('Adding GitLab CI ssh -> https rewrites')
+                    self._setup_gitlab_ci_ssh_rewrite(config)
             config.write()
 
     def execute(self, ctx):

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -39,6 +39,7 @@
     'SSH_AUTH_SOCK',
     'CI_SERVER_HOST',
     'CI_JOB_TOKEN',
+    'CI_PROJECT_DIR',
     'GITLAB_CI',
     'GITHUB_ACTIONS',
     'REMOTE_CONTAINERS'

diff --git a/tests/test_commands.py b/tests/test_commands.py
@@ -98,6 +98,7 @@ def test_checkout_with_ci_rewrite(monkeykas, tmpdir):
         mp.setenv('GITLAB_CI', 'true')
         mp.setenv('CI_SERVER_HOST', 'github.com')
         mp.setenv('CI_JOB_TOKEN', 'not-needed')
+        mp.setenv('CI_PROJECT_DIR', '/build')
         kas.kas(['checkout', 'test-url-rewrite.yml'])