[llvm] [Github] Default to non-root user in linux CI container (PR #119987)

Aiden Grossman via llvm-commits llvm-commits at lists.llvm.org
Mon Dec 16 12:34:54 PST 2024 

https://github.com/boomanaiden154 updated https://github.com/llvm/llvm-project/pull/119987

>From aa85add90b81a89924c10eb4633d82f6dce618e3 Mon Sep 17 00:00:00 2001
From: Aiden Grossman <aidengrossman at google.com>
Date: Sat, 14 Dec 2024 21:58:15 +0000
Subject: [PATCH 1/2] [Github] Default to non-root user in linux CI container

This patch sets the default user in the linux CI container to a non-root user,
which enables properly testing a couple of features, particularly in
libcxx.
---
 .github/workflows/containers/github-action-ci/Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/containers/github-action-ci/Dockerfile b/.github/workflows/containers/github-action-ci/Dockerfile
index da11803cad1042..0e560f6bfc5fff 100644
--- a/.github/workflows/containers/github-action-ci/Dockerfile
+++ b/.github/workflows/containers/github-action-ci/Dockerfile
@@ -60,3 +60,10 @@ RUN apt-get update && \
 
 ENV LLVM_SYSROOT=$LLVM_SYSROOT
 ENV PATH=${LLVM_SYSROOT}/bin:${PATH}
+
+# Create a new user to avoid test failures related to a lack of expected
+# permissions issues in some tests. Set the user id to 1001 as that is the
+# user id that Github Actions uses to perform the checkout action.
+RUN useradd gha -u 1001 -m -s /bin/bash
+USER gha
+

>From 2815496388297a99b2d9b9064178999b67d5816d Mon Sep 17 00:00:00 2001
From: Aiden Grossman <aidengrossman at google.com>
Date: Mon, 16 Dec 2024 20:34:41 +0000
Subject: [PATCH 2/2] Fix permissions issue

---
 .github/workflows/build-ci-container.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-ci-container.yml b/.github/workflows/build-ci-container.yml
index 23bbb6ddef9e6e..50729e0173506e 100644
--- a/.github/workflows/build-ci-container.yml
+++ b/.github/workflows/build-ci-container.yml
@@ -60,7 +60,7 @@ jobs:
       - name: Test Container
         run: |
           for image in ${{ steps.vars.outputs.container-name-tag }} ${{  steps.vars.outputs.container-name }}; do
-            podman run --rm -it $image /usr/bin/bash -x -c 'printf '\''#include <iostream>\nint main(int argc, char **argv) { std::cout << "Hello\\n"; }'\'' | clang++ -x c++ - && ./a.out | grep Hello'
+            podman run --rm -it $image /usr/bin/bash -x -c 'cd $HOME && printf '\''#include <iostream>\nint main(int argc, char **argv) { std::cout << "Hello\\n"; }'\'' | clang++ -x c++ - && ./a.out | grep Hello'
           done
 
   push-ci-container:

More information about the llvm-commits mailing list