From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Romain Naour <romain.naour@smile.fr>
Cc: Romain Naour <romain.naour@gmail.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 2/2] gitlab-ci: fix pipelines
Date: Tue, 7 Feb 2023 23:15:17 +0100 [thread overview]
Message-ID: <20230207221517.GC2817@scaer> (raw)
In-Reply-To: <d171cfa3-b5ad-35d2-7a7e-016dc5f8513a@smile.fr>
Romain, All,
On 2023-02-07 22:57 +0100, Romain Naour spake thusly:
> Is "fix pipelines" your WIP patch subject ?
> "gitlab-ci: ignore ownership of the git tree" seems better?
No, I really intended to write "fix pipeline".
Indeed, the subject of a commit log should be a summary of the semantic
change, not of how it is done.
Thanks for the review! :-)
Regards,
Yann E. MORIN.
> Le 07/02/2023 à 22:33, Yann E. MORIN a écrit :
> > When gitlab prepares a job to run, it checks out the repository with a
> > non-root user, and spawns a container that runs as root, with some UID
> > mapping that makes the files be owned by root in the container. However,
> > our pipelines run as a nont-root user.
> >
> > Commit bde165f7ad (.gitlab-ci.yml: update Docker image to use) updated
> > the docker image that is used to run in our pipelines.
> >
> > That new image includes a git version that is stricter about the
> > ownership of the git tree it is acting in: git aborts in error when the
> > user running it does not own the repository.
> >
> > We use `git ls-tree` quite a lot in our check-{flake8,package,symbols}
> > rules, so they all fail (in various ways).
> >
> > To fix this, we either need to fix the ownership or tell git to ignore
> > the situation.
> >
> > It is most probably impossible to change the ownership of the files: we
> > run as non-root,and the files belong to root (in the container). So
> > we're stuck.
> >
> > The alternative, is to do as git suggest, and tell it to ignore the
> > situation. In a local setup, this woujld be very insecure, but in the
> > pipelines, this is in a throw-away container, wehre a single user exists
> > and is running, so we don't care much (if at all).
> >
> > Add a global before_script that registers the git config to ignore
> > ownership issues in the buildroot repository; see [0] for the definition
> > of the CI_PROJECT_DIR variable. Note: unlike what is said in there, and
> > in [1], the value actually seen in CI_PROJECT_DIR is already prefixed
> > with CI_BUILDS_DIR (the documentation is unclear about that point).
> >
> > [0] https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
> > [1] https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
>
> Reviewed-by: Romain Naour <romain.naour@smile.fr>
>
>
> >
> > Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
> > Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
> > Cc: Romain Naour <romain.naour@gmail.com>
> > Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> > ---
> > support/misc/gitlab-ci.yml.in | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/support/misc/gitlab-ci.yml.in b/support/misc/gitlab-ci.yml.in
> > index 9c1faf0d5f..38aca31fb5 100644
> > --- a/support/misc/gitlab-ci.yml.in
> > +++ b/support/misc/gitlab-ci.yml.in
> > @@ -1,3 +1,6 @@
> > +before_script:
> > + - git config --global --add safe.directory ${CI_PROJECT_DIR}
>
> Note: I checked if we have the issue using the utils/docker-run directly,
> enabling safe.directory is not necessary.
>
> Best regards,
> Romain
>
>
> > +
> > .check-check-package_base:
> > script:
> > - python3 -m pytest -v utils/checkpackagelib/
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-02-07 22:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-07 21:33 [Buildroot] [PATCH 0/2] gitlab-ci: fix pipelines with the newer docker image (branch yem/pipelines) Yann E. MORIN
2023-02-07 21:33 ` [Buildroot] [PATCH 1/2] gitlab-ci: don't use before_script in job templates Yann E. MORIN
2023-02-07 21:47 ` Romain Naour
2023-02-07 21:55 ` Yann E. MORIN
2023-02-07 21:33 ` [Buildroot] [PATCH 2/2] gitlab-ci: fix pipelines Yann E. MORIN
2023-02-07 21:57 ` Romain Naour
2023-02-07 22:15 ` Yann E. MORIN [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230207221517.GC2817@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=romain.naour@gmail.com \
--cc=romain.naour@smile.fr \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.