ci: limit which env variables we pass through `sudo`

author Frantisek Sumsal <frantisek@sumsal.cz>

Wed, 13 Jul 2022 09:12:36 +0000 (11:12 +0200)

committer Frantisek Sumsal <frantisek@sumsal.cz>

Wed, 13 Jul 2022 10:56:37 +0000 (10:56 +0000)
author Frantisek Sumsal <frantisek@sumsal.cz>
Wed, 13 Jul 2022 09:12:36 +0000 (11:12 +0200)
committer Frantisek Sumsal <frantisek@sumsal.cz>
Wed, 13 Jul 2022 10:56:37 +0000 (10:56 +0000)
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml

index 2821d7fdd16c5150f60394360d364830bf22fa31..cd6c33eb64692d1bbe4a91faf76cee148161496c 100644 (file)
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -32,8 +32,14 @@ jobs:
        - name: Repository checkout
          uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        - name: Install build dependencies
-        run: sudo -E .github/workflows/unit_tests.sh SETUP
+        run: |
+          # Drop XDG_* stuff from /etc/environment, so we don't get the user
+          # XDG_* variables when running under sudo
+          sudo sed -i '/^XDG_/d' /etc/environment
+          # Pass only specific env variables through sudo, to avoid having
+          # the already existing XDG_* stuff on the "other side"
+          sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP
        - name: Build & test (${{ matrix.run_phase }}-${{ matrix.cryptolib }})
-        run: sudo -E .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
+        run: sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
          env:
            CRYPTOLIB: ${{ matrix.cryptolib }}
author	Frantisek Sumsal <frantisek@sumsal.cz>
	Wed, 13 Jul 2022 09:12:36 +0000 (11:12 +0200)
committer	Frantisek Sumsal <frantisek@sumsal.cz>
	Wed, 13 Jul 2022 10:56:37 +0000 (10:56 +0000)