This makes it clear this is not an ngcpcfg tool specific file but one
more in line with the cfg-schema and friends. It also gives it a proper
extension to make it clear it is a YAML file.
Change-Id: I6f19945a3ffc0e1406024b60e401688d7d3c68cc
In more recent versions, Git upstream does an owner check for the
top-level directory (see git upstream commit 8959555ce), also see
https://github.blog/2022-04-12-git-security-vulnerability-announced/
This change is included in git versions >=2.30.3, >=2.31.2, >=2.34.2,
>=2.35.2 + >=2.36.0-rc2, and therefore also affects the Git package
v2.35.2-1 as present in current Debian/unstable (as of 2022-04-16).
Now due to this behavioral change, our unit tests fail with e.g.:
| err = ('fatal: unsafe repository '
| "('/tmp/pytest-of-root/pytest-0/test_status_build0/ngcpctl-pytest-base/ngcp-config' "
| 'is owned by someone else)\n'
| 'To add an exception for this directory, call:\n'
| '\n'
| '\tgit config --global --add safe.directory '
| '/tmp/pytest-of-root/pytest-0/test_status_build0/ngcpctl-pytest-base/ngcp-config\n')
| ex = 128
We're creating many temporary git repositories. Therefore, adding every
single repository via `git config --global --add safe.directory` as
suggested in git's error message isn't really a viable option for us.
Git upstream also recognized this, and as of git rev 0f85c4a30 it's
possible to opt-out of this check via `git config --global --add
safe.directory *`. This change is currently included only in Git
versions 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3 and 2.35.3, so not
available in Debian/unstable, yet.
But nevertheless, it's not really an ideal option for us, as we don't
want to mess with $HOME/.gitconfig ever, as this might not always be
some random directory inside a testing container, but pointing to an
actual user configuration.
The underlying reason, why this issue showed up in our Github actions is
caused by the fact, that the checkout of the artifacts is running as
user (also see https://github.com/actions/checkout/issues/47):
| uid=1001(runner) gid=121(docker) groups=121(docker),4(adm),101(systemd-journal)
But the docker containers are executed with root permissions in the
following steps. To properly handle this, we set the permissions of the
git repository to $UID/$GID of the executing user.
Even more tricky and worth being aware of, certain git actions might
fail due to permission issues, without telling you directly:
| root@8d1e4156f6d8:/tmp# mkdir testrepo/
| root@8d1e4156f6d8:/tmp# cd testrepo/
| root@8d1e4156f6d8:/tmp/testrepo# git init
| Initialized empty Git repository in /tmp/testrepo/.git/
| root@8d1e4156f6d8:/tmp/testrepo# chown testbuild .
| root@8d1e4156f6d8:/tmp/testrepo# git config --local user.email pytest@example.com
| fatal: --local can only be used inside a git repository
| root@8d1e4156f6d8:/tmp/testrepo# echo $?
| 128
| root@8d1e4156f6d8:/tmp/testrepo# chown root .
| root@8d1e4156f6d8:/tmp/testrepo# git config --local user.email pytest@example.com
| root@8d1e4156f6d8:/tmp/testrepo# echo $?
| 0
While at it, let's unify our git configuration, by using the following
settings for all our user configuration:
| git config --local user.email pytest@example.com
| git config --local user.name pytest
Change-Id: Icad0ea4c3daf22f17481f23b27fa17750bd623da
* We were missing the scenario when only the build files for an instance
had changes. The service for that instance was not restarted
Change-Id: I85ba86bc57c7fc8b6df1ac2ef1144c2d3952a4da
Guillem Jover
Michael Prokop
ngcp-config