From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Romain Naour <romain.naour@smile.fr>
Cc: Romain Naour <romain.naour@gmail.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 2/2] gitlab-ci: fix pipelines
Date: Tue, 7 Feb 2023 23:15:17 +0100 [thread overview]
Message-ID: <20230207221517.GC2817@scaer> (raw)
In-Reply-To: <d171cfa3-b5ad-35d2-7a7e-016dc5f8513a@smile.fr>
Romain, All,
On 2023-02-07 22:57 +0100, Romain Naour spake thusly:
> Is "fix pipelines" your WIP patch subject ?
> "gitlab-ci: ignore ownership of the git tree" seems better?
No, I really intended to write "fix pipeline".
Indeed, the subject of a commit log should be a summary of the semantic
change, not of how it is done.
Thanks for the review! :-)
Regards,
Yann E. MORIN.
> Le 07/02/2023 à 22:33, Yann E. MORIN a écrit :
> > When gitlab prepares a job to run, it checks out the repository with a
> > non-root user, and spawns a container that runs as root, with some UID
> > mapping that makes the files be owned by root in the container. However,
> > our pipelines run as a nont-root user.
> >
> > Commit bde165f7ad (.gitlab-ci.yml: update Docker image to use) updated
> > the docker image that is used to run in our pipelines.
> >
> > That new image includes a git version that is stricter about the
> > ownership of the git tree it is acting in: git aborts in error when the
> > user running it does not own the repository.
> >
> > We use `git ls-tree` quite a lot in our check-{flake8,package,symbols}
> > rules, so they all fail (in various ways).
> >
> > To fix this, we either need to fix the ownership or tell git to ignore
> > the situation.
> >
> > It is most probably impossible to change the ownership of the files: we
> > run as non-root,and the files belong to root (in the container). So
> > we're stuck.
> >
> > The alternative, is to do as git suggest, and tell it to ignore the
> > situation. In a local setup, this woujld be very insecure, but in the
> > pipelines, this is in a throw-away container, wehre a single user exists
> > and is running, so we don't care much (if at all).
> >
> > Add a global before_script that registers the git config to ignore
> > ownership issues in the buildroot repository; see [0] for the definition
> > of the CI_PROJECT_DIR variable. Note: unlike what is said in there, and
> > in [1], the value actually seen in CI_PROJECT_DIR is already prefixed
> > with CI_BUILDS_DIR (the documentation is unclear about that point).
> >
> > [0] https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
> > [1] https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section
>
> Reviewed-by: Romain Naour <romain.naour@smile.fr>
>
>
> >
> > Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
> > Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
> > Cc: Romain Naour <romain.naour@gmail.com>
> > Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> > ---
> > support/misc/gitlab-ci.yml.in | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/support/misc/gitlab-ci.yml.in b/support/misc/gitlab-ci.yml.in
> > index 9c1faf0d5f..38aca31fb5 100644
> > --- a/support/misc/gitlab-ci.yml.in
> > +++ b/support/misc/gitlab-ci.yml.in
> > @@ -1,3 +1,6 @@
> > +before_script:
> > + - git config --global --add safe.directory ${CI_PROJECT_DIR}
>
> Note: I checked if we have the issue using the utils/docker-run directly,
> enabling safe.directory is not necessary.
>
> Best regards,
> Romain
>
>
> > +
> > .check-check-package_base:
> > script:
> > - python3 -m pytest -v utils/checkpackagelib/
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-02-07 22:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-07 21:33 [Buildroot] [PATCH 0/2] gitlab-ci: fix pipelines with the newer docker image (branch yem/pipelines) Yann E. MORIN
2023-02-07 21:33 ` [Buildroot] [PATCH 1/2] gitlab-ci: don't use before_script in job templates Yann E. MORIN
2023-02-07 21:47 ` Romain Naour
2023-02-07 21:55 ` Yann E. MORIN
2023-02-07 21:33 ` [Buildroot] [PATCH 2/2] gitlab-ci: fix pipelines Yann E. MORIN
2023-02-07 21:57 ` Romain Naour
2023-02-07 22:15 ` Yann E. MORIN [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230207221517.GC2817@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=romain.naour@gmail.com \
--cc=romain.naour@smile.fr \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox