Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git safe directory issue with tf modules #133

Open
pat-s opened this issue Dec 27, 2024 · 3 comments
Open

git safe directory issue with tf modules #133

pat-s opened this issue Dec 27, 2024 · 3 comments

Comments

@pat-s
Copy link
Contributor

pat-s commented Dec 27, 2024
edited
Loading

Even when setting git config --global --add safe.directory explicitly in the step before, the error is thrown in the final tf call.

Actually safe dir support is already included in the clone plugin. So I actually call it two times in the linked pipeline without practical effect on future steps.

The included git safe dir supports works for all other steps and plugins with the exception of this one. I don't know yet why this happens (maybe the git config is somehow getting reset during the start of this plugin step?).

Initializing modules...
Downloading git::https://github.com/pat-s/terraform-hcloud-kube-hetzner.git?ref=all-patches for kube-hetzner...
╷
│ Error: Failed to download module
│ 
│   on kube.tf line 10:
│   10: module "kube-hetzner" {
│ 
│ Could not download module "kube-hetzner" (kube.tf:10) source code from
│ "git::[https://github.com/pat-s/terraform-hcloud-kube-hetzner.git?ref=all-patches":](https://github.com/pat-s/terraform-hcloud-kube-hetzner.git?ref=all-patches%22:)
│ error downloading
│ '[https://github.com/pat-s/terraform-hcloud-kube-hetzner.git?ref=all-patches':](https://github.com/pat-s/terraform-hcloud-kube-hetzner.git?ref=all-patches%27:)
│ /usr/bin/git exited with 128: fatal: detected dubious ownership in
│ repository at
│ '/woodpecker/src/git.devxy.io/devxy/hetzner-kube/.terraform/modules/kube-hetzner'
│ To add an exception for this directory, call:
│ 
│ 	git config --global --add safe.directory
│ /woodpecker/src/git.devxy.io/devxy/hetzner-kube/.terraform/modules/kube-hetzner
│ 
╵
@pat-s
Copy link
Contributor Author

pat-s commented Dec 31, 2024
edited
Loading

I am now using the opentofu image directly prepended with a safe.directory call. This works. Surely an edge case as I am downloading a custom git module and this won't be triggered for official modules, so I am OK to live with the workaround for some repos.

@xoxys
Copy link
Member

xoxys commented Dec 31, 2024

Would like to fix it for the plugin as well. Just hadnt time to look into it.

@xoxys
Copy link
Member

xoxys commented Jan 15, 2025

@pat-s after looking into this, I'm a bit confused:

Actually safe dir support is already included in the clone plugin.

The clone plugin is executing git config --global --replace-all safe.directory /woodpecker/src/... which means the git config is stored in $HOME/.gitconfig. In most cases it will be outside the workspace dir and is therefor not persisted across steps. So I dont see how other step containers should be able to reuse this git config.

Even when setting git config --global --add safe.directory explicitly in the step before, the error is thrown in the final tf call.

The same applies here.

The included git safe dir supports works for all other steps and plugins with the exception of this one.

Given the observations above, I don't know what you mean by that.

You can either run git config --local --replace-all safe.directory $CI_WORKSPACE (--local instead of --global) in a previous step or the plugin needs to do it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xoxys @pat-s