CI was failing trying to build the summon-aws-secrets binaries:
go: downloading github.com/jmespath/go-jmespath v0.4.0
error obtaining VCS status: exit status 128
Use -buildvcs=false to disable VCS stamping.
1
script returned exit code 1
Enabling GoReleaser's debug logging revealed the following logs:
• getting and validating git state
• running git args=[-c log.showSignature=false rev-parse --is-inside-work-tree]
• git result stderr=fatal: unsafe repository ('/summon-aws-secrets' is owned by someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /summon-aws-secrets
stdout=
This is a symptom of recent git versions (>v2.35.2) offering security fixes for CVE-2022-24765 for git on multi-user machines, include Docker containers.
Implemented Changes
Wrap goreleaser/goreleaser image in custom Dockerfile.releaser:
Include CyberArk corporate proxy CA certs, so binaries can be built locally by CYBR devs
Desired Outcome
CI was failing trying to build the
summon-aws-secrets
binaries:Enabling GoReleaser's debug logging revealed the following logs:
This is a symptom of recent git versions (>v2.35.2) offering security fixes for CVE-2022-24765 for git on multi-user machines, include Docker containers.
Implemented Changes
goreleaser/goreleaser
image in customDockerfile.releaser
:git config --global --add safe.directory /summon-aws-secrets
Dockerfile
Golang version to match version ingo.mod
CHANGELOG.md
for v0.4.1 releaseConnected Issue/Story
Resolves #[relevant GitHub issue(s), e.g. 76]
CyberArk internal issue link: ONYX-19910 ONYX-19912
Definition of Done
summon-aws-secret
failing CI buildChangelog
Test coverage
Documentation
README
s) were updated in this PRBehavior
Security