From 30b936fecb766e1404edccef857619d473ecc08f Mon Sep 17 00:00:00 2001
From: Andrew Kahr <22359829+AndrewKahr@users.noreply.github.com>
Date: Mon, 20 Nov 2023 19:56:48 -0800
Subject: [PATCH] Default to root user with option to use host user

---
 action.yml                             |   6 ++++++
 dist/index.js                          | Bin 22177358 -> 22177589 bytes
 dist/index.js.map                      | Bin 14648317 -> 14648588 bytes
 dist/platforms/ubuntu/entrypoint.sh    |   9 +++++++--
 src/model/build-parameters.ts          |   2 ++
 src/model/image-environment-factory.ts |   1 +
 src/model/input.ts                     |   4 ++++
 7 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/action.yml b/action.yml
index 989c2569..121174df 100644
--- a/action.yml
+++ b/action.yml
@@ -101,6 +101,12 @@ inputs:
     required: false
     default: ''
     description: '[CloudRunner] GitHub owner name or organization/team name'
+  runAsHostUser:
+    required: false
+    default: 'false'
+    description:
+      'Whether to run as a user that matches the host system or the default root container user. Only applicable to
+      Linux hosts and containers. This is useful for fixing permission errors on Self-Hosted runners.'
   chownFilesTo:
     required: false
     default: ''
diff --git a/dist/index.js b/dist/index.js
index dc3aac42a703b775526b6293e055ff2f7be75896..f55c9a5754ad0fa61144fc31a46181f3f2597b72 100644
GIT binary patch
delta 1594
zcmY+^XM7BH9LMojxEP6WMkdZ#iA-W0F@q2*A#qxSOH@)J4RVRq)F$@k?7bzLR5dYT
zwP?^(wPss;&(><IEk568Ja~T|{C}_C@8Q4rbdk%R;v$#aAWKkMMryb{a+p2cYEMiH
zGbg7G&q%k0h73wfO2|k_5BXp`*<{HwS)5P;CG$-d!&+Zsj5W#@9&3w?j_qZ$#zw?A
z&R7lZZXYZ<^5P8M`Gx%r8~eJxH*l<XclK}?vkgYC_g)jz{QS+CnP$JFgcSRt5%;{a
z;tLFLMk$m=8I*+!Tu}~gD31y-q9Q7xGOEBG9`J-0bk_$}Q4Q5$LJgQv6SYtqbx;?+
z@IyWLBLIO2LNG#59}N(ShG>MwXo9A&pc$GY3@y+St<V~6&=%onhxX`z2y{dzM4~gg
zpewqeJE9Pc9_Wb}#G)6h=#7u?G5Vk{`XLVeF#tBiBLM^P2?ik%N%$0lk&Gc2iWGc?
zR1Cv#j6fRfNJj=nViZPW494PfWa0~q!+1=<L`=eDOu<x4Ll&lE24-RwW@8TKVjkvW
z0TyBr7GnvP!hvO2julvmRalKRSc`R7j}6#}P1uYr*otk~jvd&EY~)}UzC<qa@D+CB
zYwW={$VUP8VjuS7019yshj182a1`I-I~>DtoWS=e!bzOMY5ag<{D?F731{&$e!)4M
z#|2!(C0xd@_zl0~3a;WBuHy!7;udb>4({R}?&AR-;t?L>37+B){E26Hju&`|SNIEm
z;~%`nzxWUT;|<=<iZ5`Q2c?8kQZXpbN-3qZQbsAOxG1hlImJyWuT)TsN=2oTQdy~@
zxGNrtr{bk}D?Un9rJ7P*F)1|^vr<#3rPNmHD0LNI#ZRfH_$vWQpc146D<MjKrGXNv
zG*lWXjg=-!Q^le*Q<^JbN(-f>(n@Kqv{BkB;YvHDz0yI6P&z7|lt`ts(naa2bW^%3
QQA)JZ!|4$JiPMvucWvM8%m4rY

delta 1457
zcmWmEXI~8f0EO}2CCSYw4Jx5jq(bu=722i9-r3oE?=56y@4aV6lD)~u-h1!8x97b0
zKOf+{I2k$F#+)<R#&mDf=wwq$vdMs4$eo#NGE4Kw3`;Uw(Ih20%M5v7j=ZoyJ{Vz%
z{3w8eC<H55qcCh>3p?1O2#Uf1j&MRTIHNd9pd?)2ic)ZcJ3LStW#Eaj@PapdP!8o$
z0lx5qKLQYlAec}Ql~5T~5R4FnqAIGPI>Hc+2t*<Z(TG7T;!p$eNI*^0LLzFT4(g&F
z>Z1V~q7fQH+crfrG)EFzpe0(NHQJyp+94V3(E%ON37ydeUC|BQ(E~lv3%$_?ebEp7
zF#rQG2!k;MLop1)F#;no3ZpRwV=)dX7>@~<h*V6%WK6+SOhX!`V+Lko7G`4(=3*Y^
zV*wUo5f)<!mSP!}V+B@X6;@*n)?yvjV*@r~6E<TD(y<lWupK*)ft|?2E@WXh_Fyme
zVLuMwAP(U$j^HSc;W$p<B(iY|r*Q^nk%MzMj|;enOSp_HxQc7IjvKg%TeyuoxQlzZ
zj|X^&M|g}Uc#3Cuju&`|S9py#c#C&<j}Q2WPxy>4_=<1%jvx4mU-*qb_=|t3(OHJ6
zP;x1`6*DD|Vy@&>ER=kTQL$9=D+QE-N+HEcu~rHzHj1rcr`Rh+l%k4*;;1+&#S~|y
zxKctXskkVvN-4!naaTN)(n=Y{Qz@%>Dc*{YQcfwaR8V{sKgC}OPy&@8#iUeJDk+tf
yDoU^tqJ%0{m1;_LB}@rdB9uraN{LotlvpKBsiDLx2}(_+mXc^Vz@Hf2Zu$?%v7Rgd

diff --git a/dist/index.js.map b/dist/index.js.map
index 6f16cb34d7228988949499d3aa0c00a6b3e1ff10..c72ad08ff8d9e7cbba7b326cb543e4bc810fb100 100644
GIT binary patch
delta 1209
zcmY+-Syaqn7{~E5V+#GJW~NjkW`t7qeWws*YgA*6l**PtQ-o||86`AYUVHZJhVW->
zSt1l7`+DJmJI-;z1;=+>IJ)?p^S;mdJ-_Fd?YDb=-fwq@siEEIR%}p7Vt0t@M`3}&
zL;N_UzUg|%r9U;nit>+@pOk;UzS&-blqEIZpM|zsp(;<;eotXnXfJt7@(DM;^GZ>X
z?Jo(hDxV?>gX~5VYmyiot-EYD8pVQKe@U)+<*Qb>#^vT^wJN(&Bf{gglF(Vy?M1;C
zPo1ceydD3dVXml$DEp@A#icb4tIc6mK#2xW!42+ch(>4(4@gkM6JF3j3mv@SgC_8W
zAN<i20kXr|?7{~rBg-6NiJEW8G+9JaLh~l|2DNJgeQasT%@K$eXep;9>&+9jv8J(!
z5pju8F>&#Urntyh5$@Fcdj8jznjv&feV|<D)PJ2;ul0t`5Zbg}G9=WHlVb=;OG>wh
zea#F8TV;StD+Hl6+Mq3h5rTFIMHt$n13ID;I-?7^q8qxS2YR9xdZQ2eq96KW00v?Z
z1|u917=ob~hDZ#@2t*+oBQXl2F$QB110%*E7IBD&3F9#V6EO*sF$D>jifKs1bR;1e
zGmwH*q+upzVK(MqF48d%X3WO|EJOw@$V3(vVKK6?1WU0DIarPrScz3w4J+1QE!JT@
zY}kNY<Y6Q7u?d^81qHBUD+*DBVw6B&8@6Kyc48NHV-HHP7yGau2XGLFa2RDcf}=Qw
z<2ZqnIEB-2;0(^99OrNz7a-#zF2RY*xPq&=hU=)n4cx>n+(sqt;4Z3g5BKo^)u_Qk
iJi=qt;t8Ij4$tr$FYpqt@EULM7Vq$0t_=9lXU-pU;u;$O

delta 1048
zcmW;HS4@)u6o%n+*xDAP6l%2&oZvtOH%@SG>p*d1#f1pC!Bs746|uI0{LZ=;iWIB<
zDn+dmH(IwS7wV-6ns}j!#J5~L$(NHa=j7z&)++wlY8CE8WxhkA7RpunKZOZ8jo`}A
z`2?*rTq6cs4Jx@%6D!e(7QOtJq|_8G33NS~+TSUGAi8{pAgR+-BqWE*H9}NHSb<Qf
zB{`~OX`c9Om9lP;@a?-U(rF5*yYs`MD;C^pN+n-qF;3Ipz%<8hwb`u_NFjq9^`L+f
z^`U|q8U!I24G;n?LZL$#!l6e)7|;lfMZ4Abv)bl0H$hW0Lvzt<jz~`uv&tfBX50M6
z7HEl9XpJ^#i%3MF9onM<IwBgK&>3A2gIIJ$H*`l2^h7W8MjZN}FZ!WB24EoKk$^!M
zj3F3`VHl1P7>Q9BjWHODaTpI1CSW2aVKNdi1yhlPX_$@~n2A{k{5}WCm<u!JAqDfX
z01L4Qi;;>YNW)U3BLkUOhUHj+l~{$<Sc5ENV=dNUJvLw?EZBt2up$Rruoc^2!*=XI
zE_NahyI{v|IN-z{<f8z4Q3wJ1upb9-5QlIWE*!y89K&&(z)76KX`I1XoI?@L;{u9t
z5hZY=6qn$^Wn95kh`5I9xPdZwQI4Cqh1>Aq4({R}?&AR-q5_Zb7*FsN&+r^CP>Gj#
c1wUTn4c_7%-s1y4;uEUy8DB)du{tjGKmHu&WdHyG

diff --git a/dist/platforms/ubuntu/entrypoint.sh b/dist/platforms/ubuntu/entrypoint.sh
index 9a22c8e9..04cab042 100755
--- a/dist/platforms/ubuntu/entrypoint.sh
+++ b/dist/platforms/ubuntu/entrypoint.sh
@@ -52,7 +52,12 @@ else
   echo "Not updating Android SDK."
 fi
 
-# Switch to the host user so we can create files with the correct ownership
-su $USERNAME -c "$SHELL -c 'source /steps/runsteps.sh'"
+if [[ "RUN_AS_HOST_USER" == "true" ]]; then
+  # Switch to the host user so we can create files with the correct ownership
+  su $USERNAME -c "$SHELL -c 'source /steps/runsteps.sh'"
+else
+  # Run as root
+  source /steps/runsteps.sh
+fi
 
 exit $?
diff --git a/src/model/build-parameters.ts b/src/model/build-parameters.ts
index a91e165e..6710a4da 100644
--- a/src/model/build-parameters.ts
+++ b/src/model/build-parameters.ts
@@ -59,6 +59,7 @@ class BuildParameters {
   public kubeVolumeSize!: string;
   public kubeVolume!: string;
   public kubeStorageClass!: string;
+  public runAsHostUser!: String;
   public chownFilesTo!: string;
   public commandHooks!: string;
   public pullInputList!: string[];
@@ -168,6 +169,7 @@ class BuildParameters {
       sshAgent: Input.sshAgent,
       sshPublicKeysDirectoryPath: Input.sshPublicKeysDirectoryPath,
       gitPrivateToken: Input.gitPrivateToken || (await GithubCliReader.GetGitHubAuthToken()),
+      runAsHostUser: Input.runAsHostUser,
       chownFilesTo: Input.chownFilesTo,
       dockerCpuLimit: Input.dockerCpuLimit,
       dockerMemoryLimit: Input.dockerMemoryLimit,
diff --git a/src/model/image-environment-factory.ts b/src/model/image-environment-factory.ts
index 6162b50b..2df52f1a 100644
--- a/src/model/image-environment-factory.ts
+++ b/src/model/image-environment-factory.ts
@@ -62,6 +62,7 @@ class ImageEnvironmentFactory {
       { name: 'ANDROID_EXPORT_TYPE', value: parameters.androidExportType },
       { name: 'ANDROID_SYMBOL_TYPE', value: parameters.androidSymbolType },
       { name: 'CUSTOM_PARAMETERS', value: parameters.customParameters },
+      { name: 'RUN_AS_HOST_USER', value: parameters.runAsHostUser },
       { name: 'CHOWN_FILES_TO', value: parameters.chownFilesTo },
       { name: 'GITHUB_REF', value: process.env.GITHUB_REF },
       { name: 'GITHUB_SHA', value: process.env.GITHUB_SHA },
diff --git a/src/model/input.ts b/src/model/input.ts
index 85f45733..c12abe00 100644
--- a/src/model/input.ts
+++ b/src/model/input.ts
@@ -193,6 +193,10 @@ class Input {
     return Input.getInput('gitPrivateToken');
   }
 
+  static get runAsHostUser(): string {
+    return Input.getInput('runAsHostUser') || 'false';
+  }
+
   static get chownFilesTo() {
     return Input.getInput('chownFilesTo') || '';
   }