Use current user's ID when building via Docker

egibs commented 1 week ago

Melange Pull Request Template

Relates to: #1255

This PR introduces parity between Bubblewrap and Docker, that is, builds will default to the current UID with Docker but can still be configured via cfg.RunAs.

Functional Changes

[ ] This change can build all of Wolfi without errors (describe results in notes)

Notes:

SCA Changes

[ ] Examining several representative APKs show no regression / the desired effect (details in notes)

Notes:

Linter

[ ] The new check is clean across Wolfi
[ ] The new check is opt-in or a warning

Notes:

Works as expected -- on my Mac this defaulted to a UID of 501 rather than an empty string (which translates to 0).

I tested this via these commands:

$ go run . convert python botocore --python-version 3.11
$ go run . build py3.11-botocore.yaml --runner docker --arch x86_64,aarch64 --repository-append https://packages.wolfi.dev/os --keyring-append https://packages.wolfi.dev/os/wolfi-signing.rsa.pub

and then used []string{"id", "-u"} for the container Cmd to check the UID.

Original code:

...
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO running step "Build a Python wheel" arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO running step "Strip binaries" arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
2024/06/17 12:20:38 INFO running step "Strip binaries" arch=x86_64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO retrieving workspace from builder: 14c8e43d658a2b292b62ef9a7683053a1b52796896ca187004ffc3f65dbb1701 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
...

New code:

...
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO running step "Build a Python wheel" arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
2024/06/17 12:21:18 INFO running step "Build a Python wheel" arch=x86_64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO running step "Strip binaries" arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO retrieving workspace from builder: 6420e9b2cdda3b7168c2db4d99d70ea94a3a3c7a552195c6c2ee4de8f1fcd39c arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
...

joshrwolf commented 1 week ago

thanks for the contribution 🙏 ! would you mind resolving the conflicts and I'll kick off CI?

egibs commented 1 week ago

thanks for the contribution 🙏 ! would you mind resolving the conflicts and I'll kick off CI?

Done!

krishjainx commented 1 week ago

Kicked off CI! @egibs cc/ @joshrwolf

chainguard-dev / melange