From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 13 Jul 2022 09:12:36 +0000 (+0200)
Subject: ci: limit which env variables we pass through `sudo`
X-Git-Tag: v252-rc1~669
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d46e7c7cfd6c286a38298c067f16ac784c2a26f0;p=thirdparty%2Fsystemd.git

ci: limit which env variables we pass through `sudo`

to work around #23987.
---

diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 2821d7fdd16..cd6c33eb646 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -32,8 +32,14 @@ jobs:
       - name: Repository checkout
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - name: Install build dependencies
-        run: sudo -E .github/workflows/unit_tests.sh SETUP
+        run: |
+          # Drop XDG_* stuff from /etc/environment, so we don't get the user
+          # XDG_* variables when running under sudo
+          sudo sed -i '/^XDG_/d' /etc/environment
+          # Pass only specific env variables through sudo, to avoid having
+          # the already existing XDG_* stuff on the "other side"
+          sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh SETUP
       - name: Build & test (${{ matrix.run_phase }}-${{ matrix.cryptolib }})
-        run: sudo -E .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
+        run: sudo --preserve-env=CRYPTOLIB,GITHUB_ACTIONS,CI .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
         env:
           CRYPTOLIB: ${{ matrix.cryptolib }}