From 7d20fbb7aa4b3cc32a441b94d6d7178e9001c145 Mon Sep 17 00:00:00 2001
From: Berend de Boer <berend@pobox.com>
Date: Fri, 16 Sep 2022 16:44:31 +1200
Subject: [PATCH] ci: enable docker access

Tests need docker access actually, needed to follow instructions here
https://github.com/projen/projen/issues/2094 to enable this.
---
 .github/workflows/build.yml        |  3 +++
 .github/workflows/release.yml      |  2 ++
 .github/workflows/upgrade-main.yml |  2 ++
 .projenrc.ts                       | 12 +++++++++++-
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index da9b023..7846ca1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,6 +19,8 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
+      - name: Change permissions on /var/run/docker.sock
+        run: sudo chown superchain /var/run/docker.sock
       - name: Install dependencies
         run: yarn install --check-files
       - name: build
@@ -47,6 +49,7 @@ jobs:
           path: dist
     container:
       image: jsii/superchain:1-buster-slim-node14
+      options: --group-add sudo
   self-mutation:
     needs: build
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 257fad6..a6b8e31 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,6 +24,8 @@ jobs:
         run: |-
           git config user.name "github-actions"
           git config user.email "github-actions@github.com"
+      - name: Change permissions on /var/run/docker.sock
+        run: sudo chown superchain /var/run/docker.sock
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
       - name: release
diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml
index 8b5b3cf..3c3e09e 100644
--- a/.github/workflows/upgrade-main.yml
+++ b/.github/workflows/upgrade-main.yml
@@ -18,6 +18,8 @@ jobs:
         uses: actions/checkout@v3
         with:
           ref: main
+      - name: Change permissions on /var/run/docker.sock
+        run: sudo chown superchain /var/run/docker.sock
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
       - name: Upgrade dependencies
diff --git a/.projenrc.ts b/.projenrc.ts
index 9742681..e0a76ff 100644
--- a/.projenrc.ts
+++ b/.projenrc.ts
@@ -1,4 +1,4 @@
-import { awscdk } from "projen"
+import { awscdk, JsonPatch } from "projen"
 
 const tmpDirectories = ["cdk.context.json", ".idea/", "cdk.out/", ".envrc"]
 
@@ -37,6 +37,12 @@ const project = new awscdk.AwsCdkConstructLibrary({
     "source-map-support",
   ],
   devDeps: ["@types/ms", "@types/pg", "@types/aws-lambda", "testcontainers", "esbuild"],
+  workflowBootstrapSteps: [
+    {
+      name: "Change permissions on /var/run/docker.sock",
+      run: "sudo chown superchain /var/run/docker.sock",
+    },
+  ],
 })
 project.addGitIgnore("*~")
 if (project.eslint) {
@@ -45,4 +51,8 @@ if (project.eslint) {
     quotes: ["error", "double"],
   })
 }
+const buildWorkflow = project.tryFindObjectFile(".github/workflows/build.yml")
+if (buildWorkflow && buildWorkflow.patch) {
+  buildWorkflow.patch(JsonPatch.add("/jobs/build/container/options", "--group-add sudo"))
+}
 project.synth()