diff options
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r-- | .gitlab-ci.yml | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 149b4cd2a..38a6a4133 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -157,16 +157,17 @@ build:binaries: test: <<: *test_definition script: - # This command will make all directories except of our build directory and Ruby code unwritable. - # The purpose is to verify that there is no test which writes into those directories anymore, as - # they should all instead use a temporary directory for runtime data. - - find . -type d \( -path ./_build -o -path ./ruby \) -prune -o -type d -exec chmod a-w {} \; # If we're testing with bundled Git, then we don't want to have the Git # installation around. Otherwise, Git would be able to resolve its binaries # by just looking at its own GIT_PREFIX and then pick binaries from that # installation directory. - if test -n "${WITH_BUNDLED_GIT}"; then rm -rf _build/deps/git/install; fi - - make ${TARGET} + # We need to prepare test dependencies as privileged user. + - make build prepare-tests + # But the actual tests should run unprivileged. This assures that we pay + # proper attention to permission bits and that we don't modify the source + # directory. + - setpriv --reuid=9999 --regid=9999 --clear-groups --no-new-privs env HOME=/dev/null make ${TARGET} SKIP_RSPEC_BUILD=YesPlease parallel: matrix: # These definitions are for the non-default Git versions. @@ -234,7 +235,8 @@ test:nightly: <<: *test_definition script: - go version - - make all ${TARGET} + - make build prepare-tests + - setpriv --reuid=9999 --regid=9999 --clear-groups --no-new-privs env HOME=/dev/null make ${TARGET} SKIP_RSPEC_BUILD=YesPlease parallel: matrix: - GIT_VERSION: [ "master", "next" ] |