ci: use codebuild for x86_64-gnu-distcheck job

marcoieni · marcoieni · commit e51012cd9f79 · 2025-04-28T16:28:18.000+02:00
diff --git a/src/ci/docker/run.sh b/src/ci/docker/run.sh
@@ -296,16 +296,20 @@ else
   args="$args --volume $objdir:/checkout/obj"
   args="$args --volume $HOME/.cargo:/cargo"
   args="$args --volume /tmp/toolstate:/tmp/toolstate"
+fi
 
-  id=$(id -u)
-  if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
-    # Rootless podman creates a separate user namespace, where an inner
-    # LOCAL_USER_ID will map to a different subuid range on the host.
-    # The "keep-id" mode maps the current UID directly into the container.
-    args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
-  else
-    args="$args --env LOCAL_USER_ID=$id"
-  fi
+id=$(id -u)
+if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
+  # Rootless podman creates a separate user namespace, where an inner
+  # LOCAL_USER_ID will map to a different subuid range on the host.
+  # The "keep-id" mode maps the current UID directly into the container.
+  args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
+elif [[ "$id" != 0 ]]; then
+  args="$args --env LOCAL_USER_ID=$id"
+else
+  # We're running as root.
+  # We set the user id to `1001` instead of `0` to avoid running the container as root.
+  args="$args --env LOCAL_USER_ID=1001"
 fi
 
 if [ "$dev" = "1" ]
diff --git a/src/ci/github-actions/jobs.yml b/src/ci/github-actions/jobs.yml
@@ -309,7 +309,7 @@ auto:
     <<: *job-linux-4c
 
   - name: x86_64-gnu-distcheck
-    <<: *job-linux-8c
+    <<: *job-linux-36c-codebuild
 
   # The x86_64-gnu-llvm-20 job is split into multiple jobs to run tests in parallel.
   # x86_64-gnu-llvm-20-1 skips tests that run in x86_64-gnu-llvm-20-{2,3}.
diff --git a/src/ci/run.sh b/src/ci/run.sh
@@ -2,6 +2,26 @@
 
 set -e
 
+# Change ownership of the given path to the user if the filesystem is writable
+change_ownership_if_writable() {
+    local path=$1
+    local owner="user:user"
+    local current_owner
+    current_owner=$(stat -f "%Su:%Sg" "$path" 2>/dev/null)
+
+    local test_file="$path/.write_test"
+    # Test if filesystem is writable by attempting to touch a temporary file
+    if touch "$test_file" 2>/dev/null; then
+        # We wrote the file just for testing. We can remove it now.
+        rm "$test_file"
+        if [ "$current_owner" != "$owner" ]; then
+            chown -R $owner "$path"
+        fi
+    else
+        echo "$path is read-only, skipping ownership change"
+    fi
+}
+
 if [ -n "$CI_JOB_NAME" ]; then
   echo "[CI_JOB_NAME=$CI_JOB_NAME]"
 fi
@@ -16,6 +36,12 @@ if [ "$NO_CHANGE_USER" = "" ]; then
     export HOME=/home/user
     unset LOCAL_USER_ID
 
+    # Give ownership of necessary directories to the user
+    change_ownership_if_writable .
+    mkdir -p /cargo
+    change_ownership_if_writable /cargo
+    change_ownership_if_writable /checkout
+
     # Ensure that runners are able to execute git commands in the worktree,
     # overriding the typical git protections. In our docker container we're running
     # as root, while the user owning the checkout is not root.
