search

concourse / semver-resource

automated semantic version bumping
Apache License 2.0
97 stars 105 forks source link

Resource failing with "fatal: not in a git directory" when configured with "skip_ssl_verification: true" #106

Closed gid0 closed 2 years ago

gid0 commented 4 years ago

Hello,

Our users were using this kind of resource definition with the v1.0.2 release :

- name: app-version
  source:
    branch: master
    depth: 1
    driver: git
    file: apps/service/develop
    initial_version: 1.0.0
    private_key: ((ssh_key.private_key))
    skip_ssl_verification: true
    uri: ssh://git@local-git-server:7999/project/repo.git
  type: semver

When we switched to the v1.1.1 release of the resource type with Concourse 5.7.0, we started seeing this kind of failure on all the semver resources :

resource script '/opt/resource/check []' failed: exit status 1

stderr:
From ssh://local-git-server:7999/project/repo
 * branch            master     -> FETCH_HEAD
HEAD is now at 968d7e4 bump to 1.0.0-develop.21
fatal: not in a git directory
error checking for new versions: exit status 128

I tracked the culprit to be "skip_ssl_verification: true" : by removing it from the resource source, resources start working again.

I know that this flag has no meaning when using git over ssh but the resources were previously working with v1.0.2. I tried with v1.1.0 and they were failing too. This flag should be ignored when using git over ssh.

taylorsilva commented 4 years ago

As the command implies, there's a git command being ran outside of a git repo. Thanks to your investigation it appears to be:

https://github.com/concourse/semver-resource/blob/b820c58b603ad51f23db3cf15b8ab30475171c6c/driver/git.go#L183-L194

To fix this we can add the --global flag to the command. The git command will succeed when run outside a git dir.

I also think this setting, skip_ssl_verification does not really skip ssl verification at all since it's called after the repo is already cloned. https://github.com/concourse/semver-resource/blob/b820c58b603ad51f23db3cf15b8ab30475171c6c/driver/git.go#L123-L131

This patch may fix the issue. I don't have time to test right now. If someone wants to test and PR this we'd really appreciate it!

diff --git a/driver/git.go b/driver/git.go
index db9c3cf..ff4e7d9 100644
--- a/driver/git.go
+++ b/driver/git.go
@@ -120,12 +120,12 @@ func (driver *GitDriver) Check(cursor *semver.Version) ([]semver.Version, error)
        return nil, err
    }

-   err = driver.setUpRepo()
+   err = driver.skipSSLVerificationIfNeeded()
    if err != nil {
        return nil, err
    }

-   err = driver.skipSSLVerificationIfNeeded()
+   err = driver.setUpRepo()
    if err != nil {
        return nil, err
    }
@@ -182,7 +182,7 @@ func (driver *GitDriver) setUpRepo() error {

 func (driver *GitDriver) skipSSLVerificationIfNeeded() error {
    if driver.SkipSSLVerification {
-       gitSkipSSLVerification := exec.Command("git", "config", "http.sslVerify", "'false'")
+       gitSkipSSLVerification := exec.Command("git", "config", "--gobal", "http.sslVerify", "'false'")
        gitSkipSSLVerification.Stdout = os.Stderr
        gitSkipSSLVerification.Stderr = os.Stderr
        if err := gitSkipSSLVerification.Run(); err != nil {