diff options
author | Colin Walters <walters@verbum.org> | 2021-08-26 09:53:56 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2021-08-26 14:40:34 -0400 |
commit | fdeee165f6f82b2902fb791e33472e4600845a2b (patch) | |
tree | 288a2b270392c8191923fabcce2592bc00876698 /.github/workflows | |
parent | 28a079291910d9772fc3b19820d0cb0d946c095f (diff) | |
download | ostree-fdeee165f6f82b2902fb791e33472e4600845a2b.tar.gz |
ci: Run main GH action CI build+test as non-root
This is really the standard best practice, matching how
e.g. dpkg/rpm work, as well as most local development
environments (including mine) with e.g. `toolbox`.
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/tests.yml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index df1b1e07..c17a1c0d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -120,8 +120,11 @@ jobs: - name: Install dependencies run: ./ci/gh-install.sh ${{ matrix.extra-packages }} + - name: Add non-root user + run: "useradd builder && chown -R -h builder: ." + - name: Build and test - run: ./ci/gh-build.sh ${{ matrix.configure-options }} + run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }} env: # GitHub hosted runners currently have 2 CPUs, so run 2 # parallel make jobs. |