Skip to content

Add aws-user and github-user to CI docker images, drop --user root#6356

Merged
Fedr merged 2 commits into
masterfrom
docker-github-user
Jul 2, 2026
Merged

Add aws-user and github-user to CI docker images, drop --user root#6356
Fedr merged 2 commits into
masterfrom
docker-github-user

Conversation

@Fedr

@Fedr Fedr commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

All CI docker images now end with the same two non-root users, and github-user (UID 1001) is the default:

RUN useradd -u 8877 -m aws-user
RUN useradd -u 1001 -m github-user
USER github-user

UID 1001 matches the runner user on GitHub-hosted runners, so job containers can write to the runner-mounted directories (_runner_file_commands, workspace) without running as root; aws-user keeps UID 8877 available for self-hosted runners via an explicit --user aws-user.

Accordingly, options: --user root is removed from all workflows (build-test-ubuntu-x64, build-test-ubuntu-arm64, build-test-linux-vcpkg, generate-c-bindings, update-docs-manual), and the container-options matrix plumbing in pip-build and release-tests is dropped entirely — every container now runs as its image's default user. For the stock distro images used in pip tests this is no behavior change (their default user is already root); MeshLib images now run as github-user.

Changes for the previously existing users:

  • ubuntu22/ubuntu24 had user (UID 8877, default): renamed to aws-user, default is now github-user.
  • emscripten/emscripten-build-c-bindings had user (UID 1001, default): renamed to github-user, same UID, so the effective runtime user is unchanged.
  • emscripten-generate-c-bindings and rockylinux8/9-vcpkg had no user (ran as root, or with --user root): they now default to github-user.

…workflows

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Comment thread .github/workflows/release-tests.yml Outdated
- platform: "x86_64"
runner: ubuntu-latest
container-options: "--user root"
container-options: " "

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need this option at all?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@Fedr Fedr merged commit bab7986 into master Jul 2, 2026
44 checks passed
@Fedr Fedr deleted the docker-github-user branch July 2, 2026 12:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants