[JENKINS-38699] Only check for git repo in current workspace dir #1064
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The CliGit implementation of hasGitRepo() has the strange and surprising behavior that if a workspace contains a directory named ".git" and that directory is not a git repository (for example, an empty directory), then command line git will search upwards in the file system tree to find a git repository and will perform its operations on the repository it finds. That is the right behavior for a user running command line git. It allows them to change to different directories and have the same experience with command line git. It is a dangerous behavior when deciding to run `git clean` or other destructive operations in a Jenkins agent workspace. If the agent workspace is damaged, then the git commands search upwards, outside the agent workspace. This change causes the git plugin to only search in the workspace, not any of the parent directories of the workspace. Special thanks to @arpoch for patient work understanding the problem, proposing a solution to the problem, and providing tests that show the problem.
9 tasks
MarkEWaite
commented
Apr 3, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
JENKINS-38699 - Only check for git repo in current workspace dir
Do not allow command line git operations to extend beyond the workspace.
Checklist
Types of changes
Further comments
The CliGit implementation of hasGitRepo() has the strange and surprising behavior that if a workspace contains a directory named ".git" and that directory is not a git repository (for example, an empty directory), then command line git will search upwards in the file system tree to find a git repository and will perform its operations on the repository it finds. That is the right behavior for a user running command line git. It allows them to change to different directories and have the same experience with command line git. JGit has a different behavior. It does not search upwards for a repository.
It is a dangerous behavior when deciding to run
git cleanor other destructive operations in a Jenkins agent workspace. If the agent workspace is damaged, then the git commands search upwards, outside the agent workspace. This change causes the git plugin to only search in the workspace, not any of the parent directories of the workspace.The new method
hasGitRepo(boolean checkParentDirectories)allows the existing CliGit implementation and the existing JGit implementation ofhasGitRepo()to continue as they are, while the git plugin uses the new API to not check parent directories in any case.Special thanks to @arpoch for patient work understanding the problem, proposing a solution to the problem, and providing tests that show the problem.