From e6639f8c736caef893851592564ab0fbd181444b Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Date: Feb 10 2024 22:03:27 +0000
Subject: Allow repository access in rootless CI containers


GitLab CI clones the repository as root, but we prefer to use a
regular user for some of our job specific containers.
Add a helper script and call it before the respective script
executions to work around the "dubious ownership" error as there
does not seem to be a GitLab CI solution to clone as the target
user.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

---

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 33150d3..426baaa 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,13 +21,17 @@ lint:
   extends:
     - .test_common
   image: registry.opensuse.org/opensuse/infrastructure/containers_tumbleweed/heroes-salt-validation:latest
-  script: bin/lint.sh
+  script:
+    - bin/set_gitlab_ci_safe_directory.sh
+    - bin/lint.sh
 
 validate:
   extends:
     - .test_common
   image: registry.opensuse.org/opensuse/infrastructure/containers_tumbleweed/heroes-salt-validation:latest
-  script: bin/test_validate.sh
+  script:
+    - bin/set_gitlab_ci_safe_directory.sh
+    - bin/test_validate.sh
 
 show_highstate:
   extends:
@@ -98,4 +102,5 @@ deploy:
   needs:
     - sync
   script:
+    - bin/set_gitlab_ci_safe_directory.sh
     - bin/deploy.py --mode test --no-mine-update --debug
diff --git a/bin/set_gitlab_ci_safe_directory.sh b/bin/set_gitlab_ci_safe_directory.sh
new file mode 100755
index 0000000..ccf1a58
--- /dev/null
+++ b/bin/set_gitlab_ci_safe_directory.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+# GitLab CI clones as root, but some of our containers use a sane user
+# https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29022
+git config --global --add safe.directory /builds/infra/salt