systemd/SOURCES/0138-ci-limit-which-env-variables-we-pass-through-sudo.patch
2022-11-15 07:41:42 +00:00

36 lines
1.6 KiB
Diff

From 433d2036ecf211e9a7c85d57e4c91d8723f80cbb Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 13 Jul 2022 11:12:36 +0200
Subject: [PATCH] ci: limit which env variables we pass through `sudo`
to work around #23987.
(cherry picked from commit d46e7c7cfd6c286a38298c067f16ac784c2a26f0)
Related: #2087652
---
.github/workflows/unit_tests.yml | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 2afde5d59d..58b7b7cdb2 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -28,8 +28,14 @@ jobs:
- name: Repository checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
- name: Install build dependencies
- run: sudo -E .github/workflows/unit_tests.sh SETUP
+ run: |
+ # Drop XDG_* stuff from /etc/environment, so we don't get the user
+ # XDG_* variables when running under sudo
+ sudo sed -i '/^XDG_/d' /etc/environment
+ # Pass only specific env variables through sudo, to avoid having
+ # the already existing XDG_* stuff on the "other side"
+ sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP
- name: Build & test (${{ matrix.run_phase }}-${{ matrix.cryptolib }})
- run: sudo -E .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
+ run: sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
env:
CRYPTOLIB: ${{ matrix.cryptolib }}