From 8336017edaf9d707ecd6bac8ddea6202e49f0369 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?m=C3=BCde?= Date: Sat, 16 May 2026 03:00:44 +0200 Subject: [PATCH] lifecycle: annotated tags need a tagger identity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git_tag_annotated planted failed/ + denied/ as annotated tags via 'git tag -a' — which produces a git object and therefore needs user.name + user.email. without a global git config on the host that fell through to 'fatal: unable to auto-detect email address (got root@muede-lpt2.(none))' and the tag never landed. pass the hive-c0re identity inline with -c user.name=… -c user.email=… (same shape git_commit already uses), so the applied repo's deny/failure audit tags get planted reliably without depending on the host user's git config. --- hive-c0re/src/lifecycle.rs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/hive-c0re/src/lifecycle.rs b/hive-c0re/src/lifecycle.rs index 5958081..fff549c 100644 --- a/hive-c0re/src/lifecycle.rs +++ b/hive-c0re/src/lifecycle.rs @@ -598,9 +598,25 @@ pub async fn git_tag(dir: &Path, name: &str, target: &str) -> Result<()> { /// have to escape anything. pub async fn git_tag_annotated(dir: &Path, name: &str, target: &str, body: &str) -> Result<()> { use tokio::io::AsyncWriteExt; + // Annotated tags are git objects, so they need a tagger identity + // (same constraint as a commit). Pass the hive-c0re identity + // inline rather than relying on a global git config — applied + // repos are hive-c0re-owned and the host's user might not have + // user.email set. let mut child = git_command() .current_dir(dir) - .args(["tag", "-a", name, target, "-F", "-"]) + .args([ + "-c", + &format!("user.name={GIT_NAME}"), + "-c", + &format!("user.email={GIT_EMAIL}"), + "tag", + "-a", + name, + target, + "-F", + "-", + ]) .stdin(std::process::Stdio::piped()) .stdout(std::process::Stdio::piped()) .stderr(std::process::Stdio::piped())