From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 20 Jun 2023 14:25:07 +0000 (+0200)
Subject: ci: tweak build dir's ACL when collecting coverage
X-Git-Tag: v2.40-rc1~374^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f5b49efe42c0928dc292efe24946cccad86d711e;p=thirdparty%2Futil-linux.git

ci: tweak build dir's ACL when collecting coverage

So gcov can create necessary directories/.gcda files even with dropped
privileges.
---

diff --git a/.github/workflows/cibuild.sh b/.github/workflows/cibuild.sh
index 00fae0ab82..8adac1ab68 100755
--- a/.github/workflows/cibuild.sh
+++ b/.github/workflows/cibuild.sh
@@ -162,6 +162,20 @@ for phase in "${PHASES[@]}"; do
             fi
         fi
 
+        if [[ "$COVERAGE" == "yes" ]]; then
+            # Make (almost) everything under current directory readable/writable
+            # for everyone to allow gcov to write the .gcda files even with
+            # dropped privileges
+            find . tests/helpers/ -maxdepth 1 -type d ! -name . ! -name tests \
+                                  -exec setfacl -R -m 'd:g::rwX,d:o::rwX' -m 'g::rwX,o::rwX' '{}' \;
+            # Make sure we can access $PWD as an unpriv user
+            path="$PWD"
+            while [[ "$path" != / ]]; do
+                chmod o+rx "$path"
+                path="$(dirname "$path")"
+            done
+        fi
+
         ./tests/run.sh --show-diff
 
         if [[ "$COVERAGE" == "yes" ]]; then