MIRRORS/meta-raspberrypi
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-raspberrypi.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

ci: Fix dco-check job with newer git versions

Browse Source 
Due to https://nvd.nist.gov/vuln/detail/cve-2022-24765, git introduced a
feature where without explicitly allowing it, it won't parse or consider
hooks that are owned by another git user while erroring out with:

  fatal: detected dubious ownership in repository at [...]

This won't be an issue in our setup due to how we guard the code via PRs
so we configure git to avoid this check.

Signed-off-by: Andrei Gherzan <andrei@gherzan.com>
This commit is contained in:
Andrei Gherzan 2022-11-07 14:52:09 +01:00
parent f581683ffc
commit 2d4b29296a
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/docker-images/dco-check/entrypoint.sh vendored
View File

@ -16,6 +16,14 @@ GIT_REPO_PATH="/work"
[ -d "$GIT_REPO_PATH/.git" ] || [ -d "$GIT_REPO_PATH/.git" ] ||
error "Can't find a git checkout under $GIT_REPO_PATH ." error "Can't find a git checkout under $GIT_REPO_PATH ."
cd "$GIT_REPO_PATH" cd "$GIT_REPO_PATH"
# The GitHub runner user and the container user might differ making git error
# out with:
# error: fatal: detected dubious ownership in repository at '/work'
# Avoid this as the security risk is minimum here while guarding the git hooks
# via PRs.
git config --global --add safe.directory /work
dco-check \ dco-check \
--verbose \ --verbose \
--default-branch "origin/$BASE_REF" --default-branch "origin/$BASE_REF"