openwrt/.github/workflows
Petr Štetiar a7747e8670 ci: fix check kernel patches job
Currently the check fails due to the following error:

 warning: Not a git repository. Use --no-index to compare two paths outside a working tree
 usage: git diff --no-index [<options>] <path> <path>

Thats likely caused by commit 1cb8cdbf07 ("ci: use new buildbot worker
images with Debian 11") which contains a patched Git version with CVE
security fixes introduced in DLA-3239-2:

 Multiple issues were found in Git, a distributed revision control
 system. An attacker may cause other local users into executing arbitrary
 commands, leak information from the local filesystem, and bypass
 restricted shell.

 Note: Due to new security checks, access to repositories owned and
 accessed by different local users may now be rejected by Git; in case
 changing ownership is not practical, git displays a way to bypass these
 checks using the new "safe.directory" configuration entry.

So lets opt-out of this new behavior by setting `safe.directory=*` and
thus force Git to consider all Git repositories as safe regardless of
their owner, since we need to trust those sources anyway and it should
be likely more robust solution, then fiddling with filesystem
permissions.

Fixes: 1cb8cdbf07 ("ci: use new buildbot worker images with Debian 11")
References: https://www.debian.org/lts/security/2022/dla-3239-2
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-05-18 08:19:17 +02:00
..
scripts ci: show_build_failures: fix missing output for configure failures 2023-01-09 11:22:10 +01:00
build-tools.yml ci: use new buildbot worker images with Debian 11 2023-05-15 20:43:47 +02:00
build.yml ci: add Coverity Scan scheduled workflow 2023-04-26 17:24:50 +02:00
check-kernel-patches.yml ci: fix check kernel patches job 2023-05-18 08:19:17 +02:00
coverity.yml ci: add Coverity Scan scheduled workflow 2023-04-26 17:24:50 +02:00
Dockerfile.tools ci: use new buildbot worker images with Debian 11 2023-05-15 20:43:47 +02:00
formal.yml CI: bump actions/checkout action to v3 2022-10-12 16:47:46 +02:00
kernel.yml CI: kernel: skip subtarget test on non-specific target test 2023-03-22 00:36:33 +01:00
label-kernel.yml ci: allow custom kernel and target jobs based on labels 2023-01-27 11:04:07 +01:00
label-target.yml ci: allow custom kernel and target jobs based on labels 2023-01-27 11:04:07 +01:00
labeler.yml CI: labeler: fix wrong label for pr targeting stable branch 2022-12-01 01:51:58 +01:00
packages.yml CI: add concurrency limits for pr test 2023-01-11 14:31:57 +01:00
push-containers.yml CI: use openwrt official tools container by default 2023-01-31 16:36:57 +01:00
toolchain.yml CI: add concurrency limits for pr test 2023-01-11 14:31:57 +01:00
tools.yml CI: tools: add gnu-getopt to macOS CI 2023-01-23 15:48:07 +01:00