From 1b80e8294c4f527146520c55163d6211303a921b Mon Sep 17 00:00:00 2001
From: bunker-admin <admin@thebunkerops.ca>
Date: Wed, 20 May 2026 12:14:39 -0600
Subject: [PATCH] fix(ccp-agent): whitelist /app/instance for git
 safe.directory

The agent container runs as root but the bind-mounted instance directory
is owned by the host user (UID 1000 = `node` in the container). Modern
git refuses to operate on such repos without an explicit safe.directory
entry, breaking upgrade-check.sh's `git fetch/log` calls on source-installed
tenants. Verified empirically on soroush after the previous fix landed.

Bunker Admin
---
 changemaker-control-panel/agent/Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/changemaker-control-panel/agent/Dockerfile b/changemaker-control-panel/agent/Dockerfile
index cf3aca7..7833ee0 100644
--- a/changemaker-control-panel/agent/Dockerfile
+++ b/changemaker-control-panel/agent/Dockerfile
@@ -12,6 +12,12 @@ FROM node:20-alpine
 # shells out to (upgrade-check.sh, upgrade.sh, backup.sh). Without them, every
 # /upgrade/* and /backup/* call returns "command not found" failures.
 RUN apk add --no-cache docker-cli docker-cli-compose git rsync bash curl jq python3
+# Agent runs as root, but the bind-mounted /app/instance is owned by the host
+# user (UID 1000 = `node` inside the container). Modern git refuses to operate
+# on repos with mismatched ownership without an explicit safe.directory entry.
+# Wildcard whitelist all paths — the agent only mounts a single host directory
+# anyway (the instance's project root).
+RUN git config --system --add safe.directory '*'
 WORKDIR /app
 COPY package*.json ./
 RUN npm ci --production