diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-03-15 11:08:11 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-03-15 11:24:20 +0300 |
commit | 50437c677227f20134d4f2dfb057f956e3b26570 (patch) | |
tree | 17dbe6a2640ca105dcdbaf3e78cabcb2208127d0 | |
parent | d7fcf59e9183da0785b81ff07e0bcf2ca7c115f8 (diff) |
ci: Run Coverage job as unprivileged user
In 889450266 (ci: Run tests as unprivileged user, 2022-01-13) we have
converted tests to run as unprivileged user. Back then we forgot to also
adjust the Coverage job though, which is still running as a privileged
user.
Convert the job to also run tests unprivileged. This fixes an upcoming
test failure we're about to introduce where housekeeping tasks remove a
file that it shouldn't be able to because of a lack of permissions.
-rw-r--r-- | .gitlab-ci.yml | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a20e24297..84c9940f1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -192,7 +192,9 @@ test: test:coverage: <<: *test_definition script: - - make cover + # We need to explicitly build all prerequisites so that we can run tests unprivileged. + - make build prepare-tests $(pwd)/_build/tools/gocover-cobertura + - setpriv --reuid=9999 --regid=9999 --clear-groups --no-new-privs env HOME=/dev/null make cover SKIP_RSPEC_BUILD=YesPlease artifacts: reports: cobertura: _build/cover/cobertura.xml |