Fix git error in stream jobs

New versions of git refuse to run on git repos owned by a user other than the caller. This is due to a fix for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 The stream jobs install Zuul as root while the repo is owned by zuul. This causes pbr to run git which runs afoul of that issue. To correct this, run a wheel build as the zuul user first and install the wheel. Change-Id: Id48245f715760c436ae46415f057358e1b687181
author: James E. Blair <jim@acmegating.com> 2022-04-13 14:03:02 -0700
committer: James E. Blair <jim@acmegating.com> 2022-04-13 14:17:04 -0700
commit: 5a07b18b7200df104a5407126cacd7f27b914a4c (patch)
tree: f6e9331d41dc370ed4f22b39ab7de897a2dadc37
parent: c34cc252b06ccbc919dc85db2aade5205e43d217 (diff)
download: zuul-5a07b18b7200df104a5407126cacd7f27b914a4c.tar.gz
1 files changed, 12 insertions, 2 deletions
diff --git a/playbooks/zuul-stream/pre.yaml b/playbooks/zuul-stream/pre.yaml
index 63cad9d04..cafdc0133 100644
--- a/playbooks/zuul-stream/pre.yaml
+++ b/playbooks/zuul-stream/pre.yaml
@@ -9,10 +9,20 @@
 
   post_tasks:
 
-    - name: Install software
+    - name: Install pip
       shell: |+
         python3 -m pip install --upgrade pip setuptools wheel
-        python3 -m pip install src/opendev.org/zuul/zuul
+      become: yes
+
+    - name: Build wheel
+      shell:
+        chdir: src/opendev.org/zuul/zuul
+        cmd: |+
+          python3 setup.py bdist_wheel
+
+    - name: Install software
+      shell: |+
+        python3 -m pip install src/opendev.org/zuul/zuul/dist/*.whl
       become: yes
 
     - name: Install managed ansible versions
author	James E. Blair <jim@acmegating.com>	2022-04-13 14:03:02 -0700
committer	James E. Blair <jim@acmegating.com>	2022-04-13 14:17:04 -0700
commit	5a07b18b7200df104a5407126cacd7f27b914a4c (patch)
tree	f6e9331d41dc370ed4f22b39ab7de897a2dadc37
parent	c34cc252b06ccbc919dc85db2aade5205e43d217 (diff)
download	zuul-5a07b18b7200df104a5407126cacd7f27b914a4c.tar.gz