GitLab CI: add git safe dir for project root

The GitLab CI runner mounts the $CI_PROJECT_DIR git project root from the outside but does not align the ownership of that directory with the user of the docker container. By that, git does not allow to perform any operation on that repository. As this is a well-known case, we mark that directory as a safe dir if needed and running in GitLab CI. Signed-off-by: Felix Moessbauer <[email protected]>
fmoessbauer · Mar 3, 2025 · 2556708 · 2556708
1 parent cb6db0b
commit 2556708
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/kas/libcmds.py b/kas/libcmds.py
@@ -310,13 +310,18 @@ def _setup_gitconfig(self):
                 if os.environ.get('GIT_CREDENTIAL_USEHTTPPATH', False):
                     config['credential']['useHttpPath'] = \
                         os.environ.get('GIT_CREDENTIAL_USEHTTPPATH')
-            # in GitLab CI, add ssh -> https rewrites if no config is present
-            ci_server = os.environ.get('CI_SERVER_HOST', None)
-            if get_context().managed_env == ME.GITLAB_CI and ci_server and \
-                    not self._ssh_config_present() and \
+
+            if get_context().managed_env == ME.GITLAB_CI and \
                     not os.path.exists(gitconfig_host):
-                logging.debug('Adding GitLab CI ssh -> https rewrites')
-                self._setup_gitlab_ci_ssh_rewrite(config)
+                ci_project_dir = os.environ.get('CI_PROJECT_DIR', False)
+                if ci_project_dir:
+                    logging.debug('Add git safe.directory %s', ci_project_dir)
+                    config.add_value('safe', 'directory', ci_project_dir)
+
+                ci_server = os.environ.get('CI_SERVER_HOST', None)
+                if ci_server and not self._ssh_config_present():
+                    logging.debug('Adding GitLab CI ssh -> https rewrites')
+                    self._setup_gitlab_ci_ssh_rewrite(config)
             config.write()
 
     def execute(self, ctx):

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -39,6 +39,7 @@
     'SSH_AUTH_SOCK',
     'CI_SERVER_HOST',
     'CI_JOB_TOKEN',
+    'CI_PROJECT_DIR',
     'GITLAB_CI',
     'GITHUB_ACTIONS',
     'REMOTE_CONTAINERS'

diff --git a/tests/test_commands.py b/tests/test_commands.py
@@ -98,6 +98,7 @@ def test_checkout_with_ci_rewrite(monkeykas, tmpdir):
         mp.setenv('GITLAB_CI', 'true')
         mp.setenv('CI_SERVER_HOST', 'github.com')
         mp.setenv('CI_JOB_TOKEN', 'not-needed')
+        mp.setenv('CI_PROJECT_DIR', '/build')
         kas.kas(['checkout', 'test-url-rewrite.yml'])