From c78e410373842b5a5c6989e1e1f41ceeaac000d8 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Fri, 11 Nov 2022 10:43:43 +1100
Subject: [PATCH] gerrit-build: jammy updates: update to nodejs 18.x, allow
 submodule clones

It seems there's no jammy repositories for nodejs 10.x.  Upstream
reccommends "at least" LTS v16 -- the current LTS is 18 so let's try
that.

Also update the git config to allow the submodule clones per the
recent CVE's.

[1] https://gerrit.googlesource.com/gerrit/+/master/polygerrit-ui/README.md#installing-node_js-and-npm-packages

Change-Id: I1492e4c136c18155eb3cb7fed24b413b250c78b5
---
 playbooks/zuul/gerrit/repos.yaml      | 2 +-
 playbooks/zuul/gerrit/submodules.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/playbooks/zuul/gerrit/repos.yaml b/playbooks/zuul/gerrit/repos.yaml
index 07ac521bd3..821aea44f7 100644
--- a/playbooks/zuul/gerrit/repos.yaml
+++ b/playbooks/zuul/gerrit/repos.yaml
@@ -3,7 +3,7 @@
     - role: ensure-java
       java_version: 11
     - role: ensure-nodejs
-      node_version: 10
+      node_version: 18
     - ensure-bazelisk
   tasks:
     - name: Install essential build packages
diff --git a/playbooks/zuul/gerrit/submodules.yaml b/playbooks/zuul/gerrit/submodules.yaml
index 8837275f06..155bf145e5 100644
--- a/playbooks/zuul/gerrit/submodules.yaml
+++ b/playbooks/zuul/gerrit/submodules.yaml
@@ -1,8 +1,8 @@
 - hosts: all
   tasks:
-
+    # https://github.blog/2022-10-18-git-security-vulnerabilities-announced/
     - name: Checkout submodules
-      shell: "if [ -d {{ item }} ] ; then git submodule update --init {{ item }} ; fi"
+      shell: "if [ -d {{ item }} ] ; then git -c protocol.file.allow=always submodule update --init {{ item }} ; fi"
       args:
         chdir: /home/zuul/src/gerrit.googlesource.com/gerrit
       loop: