fix(daemon): add safe.directory=* to gitEnv to fix CI dubious ownership errors#1980
Merged
forrestchang merged 2 commits intomainfrom May 1, 2026
Merged
fix(daemon): add safe.directory=* to gitEnv to fix CI dubious ownership errors#1980forrestchang merged 2 commits intomainfrom
forrestchang merged 2 commits intomainfrom
Conversation
…ip errors TestRegisterTaskReposAllowsProjectOnlyURL and TestRegisterTaskReposSurvivesWorkspaceRefresh fail on GitHub Actions CI because git clone --bare from local temp directories triggers git's safe.directory ownership check when the runner UID differs from the directory owner. Set safe.directory=* via GIT_CONFIG env vars in gitEnv() so all daemon git subprocesses trust any directory. The daemon manages its own bare caches and worktrees, so the ownership check provides no security value. Co-authored-by: multica-agent <github@multica.ai>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Instead of resetting GIT_CONFIG_COUNT to 1, read the existing count from the environment and append safe.directory at the next available index. This preserves any env-scoped git config (auth, URL rewrites, extra headers) injected into the daemon process. Adds TestGitEnvPreservesExistingConfig to verify the append behavior. Co-authored-by: multica-agent <github@multica.ai>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
safe.directory=*viaGIT_CONFIG_*env vars togitEnv()inrepocache/cache.goTestRegisterTaskReposAllowsProjectOnlyURLandTestRegisterTaskReposSurvivesWorkspaceRefreshfailures on CI where git's ownership check rejects temp directories owned by a different UIDTestGitEnvto verify the new env varsContext
The backend CI (
go test ./...) has been intermittently failing on main due to git'ssafe.directoryownership check (introduced in Git 2.35.2). When tests create local git repos viat.TempDir()and the daemon's repo cache clones from them,git clone --barefails with "dubious ownership" because the CI runner UID differs from the directory owner.The daemon manages its own bare caches and worktrees, so the ownership check provides no security value here.
Test plan
go test ./internal/daemon/repocache/...passesgo test ./internal/daemon/...passesgo build ./...succeedsgo test ./...passes