philips-software · rjaegers · Nov 20, 2023 · Nov 20, 2023 · Nov 20, 2023 · Nov 20, 2023
@@ -1,5 +1,9 @@
 FROM ubuntu:22.04@sha256:8eab65df33a6de2844c9aefd19efe8ddb87b7df5e9185a4ab73af936225685bb
 
+ARG USERNAME=amp
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 ARG BATS_VERSION=1.10.0
 ARG CCACHE_VERSION=4.8.3
 ARG CLANG_VERSION=16
@@ -14,6 +18,12 @@
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+HEALTHCHECK NONE
+
+# Add a non-root user
+RUN groupadd --gid "${USER_GID}" "${USERNAME}" \
+ && useradd --uid "${USER_UID}" --gid "${USER_GID}" --shell /bin/bash -m "${USERNAME}"
+
 # Install the base system with all tool dependencies
 COPY .devcontainer/apt-requirements-base.json /tmp/apt-requirements-base.json
 # hadolint ignore=DL3008
@@ -87,7 +97,9 @@
  && git -C /usr/local clone -b v2.1.0 https://github.com/bats-core/bats-assert.git
 
 # Install xwin
-RUN wget -qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin"
+RUN wget -qO - "https://github.com/Jake-Shadle/xwin/releases/download/${XWIN_VERSION}/xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl.tar.gz" | tar -xzv -C /usr/local/bin --strip-components=1 "xwin-${XWIN_VERSION}-$(uname -m)-unknown-linux-musl/xwin" \
+ && mkdir /winsdk \
+ && chown "${USER_UID}:${USER_GID}" /winsdk
 
 # Update all tool alternatives to the correct version
 RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-12 20 \
@@ -97,3 +109,5 @@
  && update-alternatives --install /usr/bin/mull-runner mull-runner /usr/local/bin/mull-runner-${CLANG_VERSION} 10 \
  && update-alternatives --install /usr/lib/mull-ir-frontend mull-ir-frontend /usr/local/lib/mull-ir-frontend-${CLANG_VERSION} 10 \
  && update-alternatives --install /usr/bin/python python /usr/bin/python3 10
+
+USER "${USERNAME}"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -38,7 +38,7 @@ jobs:
       - name: Run Tests
         run: |
           set -Eeuo pipefail
-          docker run --rm --mount type=bind,src="$(pwd)/test",dst=/ws -w /ws ${{ github.repository }}:test bats --formatter junit testsuite.bats | tee test-report.xml
+          docker run --rm --mount type=bind,src="$(pwd)/test",dst=/tmp/test -w /tmp/test ${{ github.repository }}:test bats --formatter junit testsuite.bats | tee test-report.xml
       - uses: EnricoMi/publish-unit-test-result-action@ca89ad036b5fcd524c1017287fb01b5139908408 # v2.11.0
         if: always()
         with:

@@ -16,11 +16,11 @@ setup_file() {
     xwin --accept-license splat --preserve-ms-arch-notation
   fi
 
-  cp -r .xwin-cache/splat/ /winsdk
+  cp -r .xwin-cache/splat/* /winsdk/
 }
 
 teardown_file() {
-  rm -rf .xwin-hash/ /winsdk
+  rm -rf .xwin-hash/ /winsdk/*
 }
 
 setup() {