Skip to content

Commit 1114aed

Browse files
committed
Disable Git safe directory check
I noticed that `zip` was used instead of `git archive` GitHub workflows and traced it to this line in `pgxn-bundle`: ```sh if [ "true" == "$(git rev-parse --is-inside-work-tree 2>/dev/null)" ]; then ``` Removing the STDERR redirect revealed this error: ``` text fatal: detected dubious ownership in repository at '/repo' To add an exception for this directory, call: git config --global --add safe.directory /repo ``` PR #6 (aac074a) tried to fix it by setting the safe directory in `.entrypoint.sh`, and included tests that replicated the issue. Unfortunately it turns out that using the GitHub workflow [`container` syntax] skips the entrypoint, so it didn't work. Further research turned up [this SO answer], which reveals that the check can be disabled run setting the `safe.directory` to `'*'`. So add this command to the `Dockerfile`: ```sh git config --system --add safe.directory '*' ``` This disables the check system-wide in the container by putting the configuration into `/etc/gitconfig`. This persists into the running container, of course, letting any user in the container run Git on files it doesn't own --- in this case, `pgxn-bundle`'s `git archive` command. Resolves #5. [`container` syntax]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontainer [this SO answer]: https://stackoverflow.com/a/73100228/79202
1 parent 74933e5 commit 1114aed

2 files changed

Lines changed: 3 additions & 5 deletions

File tree

Dockerfile

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,9 @@ RUN chmod +x /usr/local/bin/apt.postgresql.org.sh \
1616
&& rm -r cpanm ~/.cpanm \
1717
&& echo Defaults lecture = never >> /etc/sudoers \
1818
&& perl -i -pe 's/\bALL$/NOPASSWD:ALL/g' /etc/sudoers \
19-
&& echo 'postgres ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers
19+
&& echo 'postgres ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \
20+
# Ensure Git can do stuff in the working directory (issue #5).
21+
&& git config --system --add safe.directory '*'
2022

2123
COPY bin/* /usr/local/bin/
2224

bin/entrypoint.sh

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,6 @@
22

33
set -e
44

5-
# Ensure Git can do stuff in the working directory.
6-
# https://github.com/pgxn/docker-pgxn-tools/issues/5
7-
git config --system --add safe.directory "$PWD"
8-
95
# Just continue if unprivileged user not requested.
106
[ -z "$AS_USER" ] && exec "$@"
117

0 commit comments

Comments
 (0)