Fix git-init for Git 2.35.2

https://github.blog/2022-04-12-git-security-vulnerability-announced/ was announced and then fixed in Git 2.35.2. This ends up creating issues like actions/checkout#760, where the directory the git repo lives isn't owned by the same user performing the git operations. This does appear to be affecting us - see https://tekton-releases.appspot.com/build/tekton-prow/pr-logs/pull/tektoncd_pipeline/4750/pull-tekton-pipeline-integration-tests/1514143139193950210/ for example, which has the telltale error message of `fatal: unsafe repository ('/workspace/go/src/github.com/GoogleContainerTools/skaffold' is owned by someone else)`. This is an attempt to fix that by having `git-init` call `git config --global --add safe.directory [repo dir]` before fetching, etc. Signed-off-by: Andrew Bayer <[email protected]>
tektoncd · Apr 13, 2022 · be58566 · be58566
1 parent 43d1869
commit be58566
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/pkg/git/git.go b/pkg/git/git.go
@@ -93,8 +93,16 @@ func Fetch(logger *zap.SugaredLogger, spec FetchSpec) error {
 		if err := os.Chdir(spec.Path); err != nil {
 			return fmt.Errorf("failed to change directory with path %s; err: %w", spec.Path, err)
 		}
-	} else if _, err := run(logger, "", "init"); err != nil {
-		return err
+		if _, err := run(logger, "", "config", "--add", "--global", "safe.directory", spec.Path); err != nil {
+			return err
+		}
+	} else {
+		if _, err := run(logger, "", "init"); err != nil {
+			return err
+		}
+		if _, err := run(logger, "", "config", "--add", "--global", "safe.directory", "/"); err != nil {
+			return err
+		}
 	}
 	if err := configSparseCheckout(logger, spec); err != nil {
 		return err