git checkouts always set to controller user, causing problems with latest git
32 views
Skip to first unread message
Björn Pedersen
Oct 28, 2022, 7:32:48 AM10/28/22
to Jenkins Users
In our setup we run the agents a separate user via ssh ( contoller: jenkins, agent: jenkinsworker).
In a pipeline we checkout some code:
```
node(agent) {
checkout git+ssh://.....
}
```
This results in the workdir and all git files belonging to the user jenkins, not jenkinsworker.
Trying to do a commit (with the need to run a commit-msg hook) fails to run the hook unless I explicitly allow the directory as safe and correct the hook path (it is set to /dev/null if the directory belongs to an other user ).
I would have expected the workdir to be owned by the agent user.
Mark Waite
Oct 28, 2022, 9:17:21 AM10/28/22
to Jenkins Users
I suspect that you'll find that something is misconfigured in your agent definition rather than an issue in the checkout step.
I think you'll be able to see that if you:
- Create a file in the workspace from inside the Pipeline
- Check the permissions of the created file
I suspect you'll see that the permissions are the same as the permissions generated by the checkout scm task.
This is the Pipeline script that I used to confirm it:
pipeline {
agent {
label '!windows' // sh step not available on windows
}
stages {
stage('Hello') {
steps {
writeFile file: 'a-test-file.txt', text: 'Some text inside the file'
sh 'ls -altr a-test-file.txt'
}
}
}
}
agent {
label '!windows' // sh step not available on windows
}
stages {
stage('Hello') {
steps {
writeFile file: 'a-test-file.txt', text: 'Some text inside the file'
sh 'ls -altr a-test-file.txt'
}
}
}
}
Björn Pedersen
Nov 2, 2022, 7:54:13 AM11/2/22
to Jenkins Users
Mark Waite schrieb am Freitag, 28. Oktober 2022 um 15:17:21 UTC+2:
I suspect that you'll find that something is misconfigured in your agent definition rather than an issue in the checkout step.I think you'll be able to see that if you:
- Create a file in the workspace from inside the Pipeline
- Check the permissions of the created file
I suspect you'll see that the permissions are the same as the permissions generated by the checkout scm task.
I found the core cause: https://github.com/jenkinsci/git-plugin/pull/1237/ disables the hooks by default. So I just need to re-nable hooks where they are needed.
Reply all
Reply to author
Forward
0 new messages