From ed2fca7170c295c2c2af5cf57027665ad9c4b5e9 Mon Sep 17 00:00:00 2001
From: Felix Moessbauer <felix.moessbauer@siemens.com>
Date: Thu, 13 Feb 2025 14:36:34 +0100
Subject: [PATCH] GitLab CI: add git safe dir for project root

The GitLab CI runner mounts the $CI_PROJECT_DIR git project root from
the outside but does not align the ownership of that directory with the
user of the docker container. By that, git does not allow to perform any
operation on that repository.

As this is a well-known case, we mark that directory as a safe dir if
running in GitLab CI.

Xref: https://github.com/siemens/kas/pull/141
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 kas/libcmds.py         | 18 ++++++++++++------
 tests/conftest.py      |  1 +
 tests/test_commands.py |  1 +
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/kas/libcmds.py b/kas/libcmds.py
index e1ef8bac..62561c39 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -310,13 +310,19 @@ def _setup_gitconfig(self):
                 if os.environ.get('GIT_CREDENTIAL_USEHTTPPATH', False):
                     config['credential']['useHttpPath'] = \
                         os.environ.get('GIT_CREDENTIAL_USEHTTPPATH')
-            # in GitLab CI, add ssh -> https rewrites if no config is present
-            ci_server = os.environ.get('CI_SERVER_HOST', None)
-            if get_context().managed_env == ME.GITLAB_CI and ci_server and \
-                    not self._ssh_config_present() and \
+
+            if get_context().managed_env == ME.GITLAB_CI and \
                     not os.path.exists(gitconfig_host):
-                logging.debug('Adding GitLab CI ssh -> https rewrites')
-                self._setup_gitlab_ci_ssh_rewrite(config)
+                ci_project_dir = os.environ.get('CI_PROJECT_DIR', False)
+                if ci_project_dir:
+                    logging.debug('Adding git safe.directory %s',
+                                  ci_project_dir)
+                    config.add_value('safe', 'directory', ci_project_dir)
+
+                ci_server = os.environ.get('CI_SERVER_HOST', None)
+                if ci_server and not self._ssh_config_present():
+                    logging.debug('Adding GitLab CI ssh -> https rewrites')
+                    self._setup_gitlab_ci_ssh_rewrite(config)
             config.write()
 
     def execute(self, ctx):
diff --git a/tests/conftest.py b/tests/conftest.py
index 0d2aa5ce..07514a5a 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -39,6 +39,7 @@
     'SSH_AUTH_SOCK',
     'CI_SERVER_HOST',
     'CI_JOB_TOKEN',
+    'CI_PROJECT_DIR',
     'GITLAB_CI',
     'GITHUB_ACTIONS',
     'REMOTE_CONTAINERS'
diff --git a/tests/test_commands.py b/tests/test_commands.py
index 531f9d9b..a9448f39 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -98,6 +98,7 @@ def test_checkout_with_ci_rewrite(monkeykas, tmpdir):
         mp.setenv('GITLAB_CI', 'true')
         mp.setenv('CI_SERVER_HOST', 'github.com')
         mp.setenv('CI_JOB_TOKEN', 'not-needed')
+        mp.setenv('CI_PROJECT_DIR', '/build')
         kas.kas(['checkout', 'test-url-rewrite.yml'])