Merge pull request #1174 from pikasTech/fix/1148-d518-source-safe-directory

fix(agentrun): trust YAML source workspace for root git reads
This commit is contained in:
Lyon
2026-06-28 00:31:26 +08:00
committed by GitHub
+3
View File
@@ -338,6 +338,7 @@ export function yamlLaneSourceStatusScript(spec: AgentRunLaneSpec): string {
"remote_branch_exists=false",
"remote_branch_commit=null",
"status_short=''",
"git config --global --add safe.directory \"$expected_workspace\" 2>/dev/null || true",
"if [ -d .git ] || git rev-parse --show-toplevel >/dev/null 2>&1; then",
" actual_workspace=$(pwd)",
" workspace_exists=true",
@@ -634,6 +635,7 @@ export function yamlLaneSourceRestoreScript(spec: AgentRunLaneSpec): string {
"tmp_dir=$(mktemp -d)",
"trap 'rm -rf \"$tmp_dir\"' EXIT",
"workspace_exists=false",
"git config --global --add safe.directory \"$workspace\" 2>/dev/null || true",
"if git -C \"$workspace\" rev-parse --git-dir >/dev/null 2>&1; then workspace_exists=true; fi",
"if [ \"$workspace_exists\" != true ]; then",
" WORKSPACE=\"$workspace\" BRANCH=\"$branch\" node <<'NODE'",
@@ -717,6 +719,7 @@ export function yamlLaneBuildImageSubmitScript(spec: AgentRunLaneSpec, sourceCom
`env_identity_files=${shQuote(JSON.stringify(build.envIdentityFiles))}`,
`build_args_json=${shQuote(JSON.stringify(buildArgs))}`,
"mkdir -p \"$state_dir\"",
"git config --global --add safe.directory \"$workspace\" 2>/dev/null || true",
"cd \"$workspace\"",
"git checkout \"$source_commit\"",
"env_identity=$(ENV_IDENTITY_FILES=\"$env_identity_files\" BUILD_ARGS_JSON=\"$build_args_json\" node <<'NODE'",