ci: Run GH action CI build+test as non-root

This is really the standard best practice, matching how e.g. dpkg/rpm work, as well as most local development environments (including mine) with e.g. `toolbox`.
ostreedev · Aug 26, 2021 · ea2ec16 · ea2ec16
1 parent 30909a2
commit ea2ec16
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -120,8 +120,11 @@ jobs:
       - name: Install dependencies
         run: ./ci/gh-install.sh ${{ matrix.extra-packages }}
 
+      - name: Add non-root user
+        run: "useradd builder && chown -R -h builder: ."
+
       - name: Build and test
-        run: ./ci/gh-build.sh ${{ matrix.configure-options }}
+        run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }}
         env:
           # GitHub hosted runners currently have 2 CPUs, so run 2
           # parallel make jobs.