ci: Run main GH action CI build+test as non-root

This is really the standard best practice, matching how
e.g. dpkg/rpm work, as well as most local development
environments (including mine) with e.g. `toolbox`.
This commit is contained in:
Colin Walters 2021-08-26 09:53:56 -04:00
parent 28a0792919
commit fdeee165f6

View File

@ -120,8 +120,11 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: ./ci/gh-install.sh ${{ matrix.extra-packages }} run: ./ci/gh-install.sh ${{ matrix.extra-packages }}
- name: Add non-root user
run: "useradd builder && chown -R -h builder: ."
- name: Build and test - name: Build and test
run: ./ci/gh-build.sh ${{ matrix.configure-options }} run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }}
env: env:
# GitHub hosted runners currently have 2 CPUs, so run 2 # GitHub hosted runners currently have 2 CPUs, so run 2
# parallel make jobs. # parallel make jobs.