From 3e518a1bd322309750f1d8cb2ed0f6e611a3eaf7 Mon Sep 17 00:00:00 2001
From: Cristian Cepeda <43882+pastuxso@users.noreply.github.com>
Date: Fri, 9 Aug 2024 17:39:17 -0500
Subject: [PATCH] Attempt to perform make test-docker as a non-root user

---
 Makefile                         |  7 ++-
 docker/runme-test-env.Dockerfile | 28 ++++++++---
 main_permissions_test.go         | 79 +++++++++++++++-----------------
 3 files changed, 65 insertions(+), 49 deletions(-)

diff --git a/Makefile b/Makefile
index e3eccd631..10b11c0e1 100644
--- a/Makefile
+++ b/Makefile
@@ -59,6 +59,9 @@ test-docker: test-docker/setup test-docker/run
 test-docker/setup:
 	docker build \
 		-t runme-test-env:latest \
+		--no-cache \
+		--build-arg DOCKER_UID=$(shell id -u) \
+		--build-arg DOCKER_GID=$(shell id -g) \
 		-f ./docker/runme-test-env.Dockerfile .
 	docker volume create dev.runme.test-env-gocache
 
@@ -69,8 +72,8 @@ test-docker/cleanup:
 .PHONY: test-docker/run
 test-docker/run:
 	docker run --rm \
-		-v $(shell pwd):/workspace \
-		-v dev.runme.test-env-gocache:/root/.cache/go-build \
+		-v $(shell pwd):/home/runme/workspace \
+		-v dev.runme.test-env-gocache:/home/runme/.cache/go-build \
 		runme-test-env:latest
 
 .PHONY: test/update-snapshots
diff --git a/docker/runme-test-env.Dockerfile b/docker/runme-test-env.Dockerfile
index aca7d3fde..d0f098cd3 100644
--- a/docker/runme-test-env.Dockerfile
+++ b/docker/runme-test-env.Dockerfile
@@ -13,28 +13,44 @@ RUN apt-get update && apt-get install -y \
     python3 \
     unzip
 
+ARG DOCKER_UID
+ARG DOCKER_GID
+
 # Install node.js
 RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
     && apt-get install -y nodejs
 
+ENV HOME=/home/runme
+ENV WORKSPACE=/home/runme/workspace
+
+RUN groupadd --gid $DOCKER_GID runme && \
+    adduser --system --uid $DOCKER_UID --gid $DOCKER_GID runme && \
+    mkdir -p $WORKSPACE && \
+    mkdir -p $HOME/.cache/go-build && \
+    mkdir -p $HOME/bin
+
 # Install deno
 ENV DENO_INSTALL=$HOME/.deno
-RUN curl -fsSL https://deno.land/install.sh | sh \
-    && cp $DENO_INSTALL/bin/deno /usr/local/bin/deno
+RUN curl -fsSL https://deno.land/install.sh | sh
+
+RUN chown -R runme:runme $HOME
+
+USER runme
 
 # Configure workspace
-WORKDIR /workspace
+WORKDIR $WORKSPACE
 
 # Handle permissions when mounting a host directory to /workspace
-RUN git config --global --add safe.directory /workspace
+RUN git config --global --add safe.directory $WORKSPACE
 
 # Populate Go cache. We do it in an old way
 # because --mount is not supported in CMD.
-COPY go.sum go.mod /workspace/
+COPY --chown=runme:runme go.sum go.mod $WORKSPACE/
 RUN go mod download -x
 
 # Set output for the runmbe binary
-ENV BUILD_OUTPUT=/usr/local/bin/runme
+ENV BUILD_OUTPUT=$HOME/bin/runme
+ENV PATH=$HOME/.deno/bin:$HOME/bin:$PATH
 # Enable testing with race detector
 ENV RACE=false
 
diff --git a/main_permissions_test.go b/main_permissions_test.go
index 033b6612f..e6d2faca2 100644
--- a/main_permissions_test.go
+++ b/main_permissions_test.go
@@ -3,54 +3,51 @@
 package main
 
 import (
-	"bufio"
-	"os"
-	"strings"
 	"testing"
 
 	"github.com/rogpeppe/go-internal/testscript"
 )
 
-func isDocker() bool {
-	if _, err := os.Stat("/.dockerenv"); err == nil {
-		return true
-	}
-
-	paths := []string{"/proc/1/cgroup", "/proc/self/cgroup"}
-	for _, path := range paths {
-		file, err := os.Open(path)
-		if err != nil {
-			continue
-		}
-
-		scanner := bufio.NewScanner(file)
-		isDocker := false
-		for scanner.Scan() {
-			if strings.Contains(scanner.Text(), "docker") || strings.Contains(scanner.Text(), "kubepods") {
-				isDocker = true
-				break
-			}
-		}
-
-		if err := scanner.Err(); err != nil {
-			_ = file.Close()
-			return false
-		}
-
-		_ = file.Close()
-
-		if isDocker {
-			return true
-		}
-	}
-
-	return false
-}
+// func isDocker() bool {
+// 	if _, err := os.Stat("/.dockerenv"); err == nil {
+// 		return true
+// 	}
+
+// 	paths := []string{"/proc/1/cgroup", "/proc/self/cgroup"}
+// 	for _, path := range paths {
+// 		file, err := os.Open(path)
+// 		if err != nil {
+// 			continue
+// 		}
+
+// 		scanner := bufio.NewScanner(file)
+// 		isDocker := false
+// 		for scanner.Scan() {
+// 			if strings.Contains(scanner.Text(), "docker") || strings.Contains(scanner.Text(), "kubepods") {
+// 				isDocker = true
+// 				break
+// 			}
+// 		}
+
+// 		if err := scanner.Err(); err != nil {
+// 			_ = file.Close()
+// 			return false
+// 		}
+
+// 		_ = file.Close()
+
+// 		if isDocker {
+// 			return true
+// 		}
+// 	}
+
+// 	return false
+// }
 
 func TestRunmeFilePermissions(t *testing.T) {
-	if isDocker() {
-		return
-	}
+	// if isDocker() {
+	// //	return
+	// }
 
 	testscript.Run(t, testscript.Params{
 		Dir:             "testdata/permissions",