diff --git a/dev/pr/gcs-wif-pipelinerun.yaml b/dev/pr/gcs-wif-pipelinerun.yaml index 6c23e9a1e..13b4513a3 100644 --- a/dev/pr/gcs-wif-pipelinerun.yaml +++ b/dev/pr/gcs-wif-pipelinerun.yaml @@ -28,7 +28,7 @@ spec: projected: sources: - serviceAccountToken: - audience: https://iam.googleapis.com/projects/272779626560/locations/global/workloadIdentityPools/openshift-pool/providers/opeshift-wif + audience: openshift expirationSeconds: 3600 path: token diff --git a/internal/provider/oci/fetch_test.go b/internal/provider/oci/fetch_test.go index 39e6cb957..bd8ce098b 100644 --- a/internal/provider/oci/fetch_test.go +++ b/internal/provider/oci/fetch_test.go @@ -81,11 +81,12 @@ func TestFetchInvalidFolder(t *testing.T) { err = crane.Push(img, fmt.Sprintf("%s/test/crane:%s", u.Host, hash)) assert.NoError(t, err, "Failed to push image to registry") - folder := "/root" + folder := "/tmp/readonly-dir-for-unit-testing" + _ = os.MkdirAll(folder, 0o555) + defer os.RemoveAll(folder) insecure := false err = Fetch(context.Background(), hash, target, folder, insecure) - assert.Error(t, err, "Fetch should return an error when folder is not writable") assert.Contains(t, err.Error(), "permission denied", "Error should indicate permission issues for the folder") } diff --git a/internal/tar/file-utils.go b/internal/tar/file-utils.go index c2c5aeb47..aacf91e5e 100644 --- a/internal/tar/file-utils.go +++ b/internal/tar/file-utils.go @@ -37,6 +37,9 @@ func Tarit(source, target string) error { return err } + if info.IsDir() { + header.Mode = 0o755 // create directories with same permissions. + } header.Name = strings.TrimPrefix(path, source) if err := tarball.WriteHeader(header); err != nil { @@ -70,6 +73,7 @@ func Tarit(source, target string) error { } func Untar(ctx context.Context, file *os.File, target string) error { + log.Printf("Untaring file %s to %s", file.Name(), target) f, err := os.Open(file.Name()) if err != nil { return err