Don't run as root within the container.

Neither Git nor Bazel appreciates that. Change-Id: I81e2fcf34aad9c4fbdc613d8cd1ea564fb682129 Reviewed-on: https://code-review.googlesource.com/c/re2/+/62190 Reviewed-by: Jeff Bailey <[email protected]> Reviewed-by: Paul Wankadia <[email protected]>
google · Nov 7, 2023 · d2c81a3 · d2c81a3
1 parent 24d460a
commit d2c81a3
Showing 1 changed file with 4 additions and 8 deletions.
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
@@ -11,7 +11,9 @@ jobs:
     runs-on: ${{ matrix.arch.runs-on }}
     container:
       image: quay.io/pypa/${{ matrix.os }}_${{ matrix.arch.python-name }}
-      options: --init
+      # Don't run as root within the container.
+      # Neither Git nor Bazel appreciates that.
+      options: --init --user runner:docker
     strategy:
       fail-fast: false
       matrix:
@@ -41,13 +43,7 @@ jobs:
         env:
           SOURCE_DATE_EPOCH: ${{ env.timestamp }}
         run: |
-          # TODO(junyer): Get rid of this hack whenever @rules_python no longer
-          # fails due to Bazel running as root. (It sounds more likely than the
-          # Docker container changing to be built with the `USER` instruction.)
-          useradd "${GITHUB_ACTOR}"
-          chown -R "${GITHUB_ACTOR}" ..
-          su -c 'python -m build --wheel' "${GITHUB_ACTOR}"
-          chown -R "${USER}" ..
+          python -m build --wheel
           python -m auditwheel repair --wheel-dir=. dist/*
         shell: bash
         working-directory: python