Merge pull request #1174 from pikasTech/fix/1148-d518-source-safe-directory
fix(agentrun): trust YAML source workspace for root git reads
This commit is contained in:
@@ -338,6 +338,7 @@ export function yamlLaneSourceStatusScript(spec: AgentRunLaneSpec): string {
|
||||
"remote_branch_exists=false",
|
||||
"remote_branch_commit=null",
|
||||
"status_short=''",
|
||||
"git config --global --add safe.directory \"$expected_workspace\" 2>/dev/null || true",
|
||||
"if [ -d .git ] || git rev-parse --show-toplevel >/dev/null 2>&1; then",
|
||||
" actual_workspace=$(pwd)",
|
||||
" workspace_exists=true",
|
||||
@@ -634,6 +635,7 @@ export function yamlLaneSourceRestoreScript(spec: AgentRunLaneSpec): string {
|
||||
"tmp_dir=$(mktemp -d)",
|
||||
"trap 'rm -rf \"$tmp_dir\"' EXIT",
|
||||
"workspace_exists=false",
|
||||
"git config --global --add safe.directory \"$workspace\" 2>/dev/null || true",
|
||||
"if git -C \"$workspace\" rev-parse --git-dir >/dev/null 2>&1; then workspace_exists=true; fi",
|
||||
"if [ \"$workspace_exists\" != true ]; then",
|
||||
" WORKSPACE=\"$workspace\" BRANCH=\"$branch\" node <<'NODE'",
|
||||
@@ -717,6 +719,7 @@ export function yamlLaneBuildImageSubmitScript(spec: AgentRunLaneSpec, sourceCom
|
||||
`env_identity_files=${shQuote(JSON.stringify(build.envIdentityFiles))}`,
|
||||
`build_args_json=${shQuote(JSON.stringify(buildArgs))}`,
|
||||
"mkdir -p \"$state_dir\"",
|
||||
"git config --global --add safe.directory \"$workspace\" 2>/dev/null || true",
|
||||
"cd \"$workspace\"",
|
||||
"git checkout \"$source_commit\"",
|
||||
"env_identity=$(ENV_IDENTITY_FILES=\"$env_identity_files\" BUILD_ARGS_JSON=\"$build_args_json\" node <<'NODE'",
|
||||
|
||||
Reference in New Issue
Block a user