Tag create-repo and publish-repo repositories (#1312)

Author: Itxaka

.github/build.yaml.gomplate

@@ -67,6 +67,15 @@
 
 {{{ end }}}
 
+{{{define "git_permissions" }}}
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
+{{{ end }}}
+
 {{{define "make"}}}
   {{{ $config := (datasource "config") }}}
   {{{ $target := . }}}
@@ -199,6 +208,7 @@
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
   {{{- end }}}
+      {{{ tmpl.Exec "git_permissions" }}}
       {{{ tmpl.Exec "make" "create-repo" }}}
       - name: Upload results
         uses: actions/upload-artifact@v2
@@ -597,6 +607,7 @@
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      {{{ tmpl.Exec "git_permissions" }}}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-blue-arm64.yaml

@@ -89,6 +89,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -215,6 +221,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-blue-x86_64.yaml

@@ -87,6 +87,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -213,6 +219,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-green-arm64.yaml

@@ -89,6 +89,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -562,6 +568,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-green-x86_64.yaml

@@ -87,6 +87,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -786,6 +792,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-orange-arm64.yaml

@@ -91,6 +91,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -217,6 +223,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-orange-x86_64.yaml

@@ -87,6 +87,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -213,6 +219,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-teal-arm64.yaml

@@ -89,6 +89,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -215,6 +221,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-master-teal-x86_64.yaml

@@ -87,6 +87,12 @@ jobs:
             BASE_NAME=`basename -s .package.tar.zst.mtree $f`
             sudo -E .github/append_manifests.py build/$BASE_NAME.metadata.yaml $f mtree
           done
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo
@@ -213,6 +219,12 @@ jobs:
           popd
           sudo -E ./.github/build
           ls -liah $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Publish to DockerHub 🚀
         run: |
           sudo -E make publish-repo

.github/workflows/build-nightly-blue-x86_64.yaml

@@ -76,6 +76,12 @@ jobs:
           sudo -E ./.github/build
           ls -liah $PWD/build
           sudo chmod -R 777 $PWD/build
+      - name: Fix git permissions for CVE-2022-24765
+        # This fixes running git commands on our git directory under sudo user
+        # See https://github.blog/2022-04-12-git-security-vulnerability-announced/ for more info
+        run: |
+          sudo git config --global --add safe.directory ${{ github.workspace }}
+          git config --global --add safe.directory ${{ github.workspace }}
       - name: Run make create-repo
         run: |
           sudo -E make create-repo