Description

In dogfood, a commit on a claimed prebuild workspace was authored as Prebuilds Owner instead of a real user.

• Commit: https://github.com/coder/coder/commit/5f1f2d987501e77369bcce594bab1d67d48b483d.patch
• PR:https://github.com/coder/coder/pull/19742/commits
• Internal slack thread: https://codercom.slack.com/archives/C07GRNNRW03/p1757468203149319

Current Behavior

The Write Coder on Coder template includes the git-config module, which sets environment variables GIT_AUTHOR_NAME, GIT_COMMITTER_NAME, GIT_AUTHOR_EMAIL, and GIT_COMMITTER_EMAIL from data.coder_workspace_owner: https://github.com/coder/registry/blob/main/registry/coder/modules/git-config/main.tf
In the template, the module runs when data.coder_workspace.me.start_count > 0. Since start_count is set to 1 for the start transition, this runs for both prebuild creation and prebuild claim.
As a result, on prebuild creation the module sets these environment variables to Prebuilds Owner and prebuilds@system, making it possible for any pre-claim or in-claim processes to author commits with the prebuild identity.

Likely root cause: A race at claim combined with the fact that commit identity and push auth are separate. During prebuild creation, git-config exported GIT_AUTHOR_NAME and GIT_COMMITTER_EMAIL as Prebuilds Owner. A terminal spawned while claim was still applying, inherited those env vars. After claim, Coder provisioned push credentials (SSH key/agent or HTTPS credential helper). The commit used the prebuild identity from the environment variables, and the subsequent push succeeded because git push uses runtime credentials. This yields a commit with Prebuilds Owner as author and a successful push under the user’s credentials.

Steps to reproduce

1. Connect to an unclaimed prebuild (or start an app/terminal that runs pre‑claim).
2. Check env: GIT_AUTHOR_NAME and GIT_COMMITTER_EMAIL show Prebuilds Owner.
3. Create a commit, and the author is Prebuilds Owner.
4. Claim the prebuild.
5. Push the commit, and the author remains Prebuilds Owner.

Possible solutions

• Configuring the git-config module to only execute when a prebuild claim is performed does not set the environment variables for the prebuilds user:

  module "git-config" { count = data.coder_workspace.me.is_prebuild ? 0 : data.coder_workspace.me.start_count source = "dev.registry.coder.com/coder/git-config/coder" version = "1.0.31" agent_id = coder_agent.dev.id # If you prefer to commit with a different email, this allows you to do so. allow_email_change = true } 

• Configure the git-config module to not set the environment variables in case of prebuild creation
• Another possible solution would be to set ´data.coder_workspace_owner´ to empty values on prebuild creation. This, however, would be a breaking change and might break templates that use this value even when it is set for the prebuilds user.