MT#56935 Docker/testrunner: adjust setup for new safe.directory behavior of git

In more recent versions, Git upstream does an owner check for the
top-level directory (see git upstream commit 8959555ce), also see
https://github.blog/2022-04-12-git-security-vulnerability-announced/

This change is included in git versions >=2.30.3, >=2.31.2, >=2.34.2,
>=2.35.2 + >=2.36.0-rc2, and therefore also affects the Git package
v2.35.2-1 as present in current Debian/unstable (as of 2022-04-16).

Because of that libtcap-abi-check-docker fails for us with:

| fatal: detected dubious ownership in repository at '/code'
| To add an exception for this directory, call:
|
|       git config --global --add safe.directory /code

Running `git config --add safe.directory ...` as implemented in
jenkins-config's git rev 77040321 won't work though, as the resulting
.git/config won't be considered for security issues, so the `--global`
switch is essential and needs to be used as reported by the error
message mentioned above.

Now what was more tricky and required some more debugging:

We pass the environment of the Jenkins job down to the docker
environment (via --env-file=...), but we're running the docker container
with root user. Therefore the ~/.gitconfig inside the docker environment
is expected to be located at /var/lib/jenkins/, while we could only
prepare the one at /root/.gitconfig (without hardcoding jenkins UID etc
upfront in the docker image, which is clearly an approach to avoid).

So when we're running testrunner inside a docker environment and we are
running as user root, let's make sure to set $HOME to /root as one might
expect. Then the ~/.gitconfig with the safe.directory can be found as
expected.

Change-Id: I81b7764945f80cfb415779c2bc8bcf1fcd339b40
(cherry picked from commit 52e3b6688b)
(cherry picked from commit 80017b45fd)

t/Dockerfile

@@ -5,7 +5,7 @@ FROM docker.mgm.sipwise.com/sipwise-buster:latest
 # is updated with the current date. It will force refresh of all
 # of the base images and things like `apt-get update` won't be using
 # old cached versions when the Dockerfile is built.
-ENV REFRESHED_AT 2019-06-28
+ENV REFRESHED_AT 2023-12-05
 
 RUN apt-get update && \
     apt-get install --assume-yes \
@@ -16,6 +16,8 @@ RUN apt-get update && \
 
 RUN echo './t/testrunner' >>/root/.bash_history
 
+RUN git config --global --add safe.directory /code
+
 WORKDIR /code/
 
 ################################################################################

t/testrunner

@@ -36,6 +36,16 @@ if [ -z "${branch:-}" ] ; then
   branch="none"
 fi
 
+# only run inside docker environments as root user
+if [ -f /.dockerenv ] && [[ "$(id -u)" == "0" ]] ; then
+  # the environment passed to docker might claim to have
+  # /var/lib/jenkins for $HOME, but we might be running
+  # under user root, so ensure the ~/.gitconfig can be found
+  # at the appropriate place
+  echo "Fixing HOME for user root (changing from '${HOME}' to '/root')"
+  export HOME=/root/
+fi
+
 if [[ "${release}" =~ ^release-mr ]] ; then
   echo "release detected"
   short_release=${release%%-update}