Set git repo ownership for nodepool dib integration testing

We run nodepool-builder as root in the integration testing but
/home/zuul/src repos are owned by zuul. When git tries to do local
clones of these repos it fails because security concerns mean it will
not talk to git repos owned by a different user.

Address this by chowning /home/zuul/src and its contents to root:root.
We don't use the git config method because that would require modifying
the container image and that seems less ideal than making the test
environment match what we need.

Change-Id: Idf78c50180b7b989082befe797f5003ebb29ec5b
This commit is contained in:
Clark Boylan 2024-09-16 13:41:00 -07:00
parent 70b1172630
commit 612fb2e062

View File

@ -92,6 +92,20 @@
dest: /etc/nodepool/docker-compose.yaml
mode: 0600
- name: Change git repo ownership
# Git doesn't want to perform actions against local git repos owned
# by a user other than the one invoking the git commands for security
# reasons. We run podman-compose below as root which should run the
# builder as root. Therefore we need to chown the git repos to root
# so that we can use them as the source of information for the builds.
file:
path: /home/zuul/src/
state: directory
owner: 'root'
group: 'root'
recurse: true
become: yes
- name: Run podman compose pull
shell:
cmd: podman-compose pull