From 1adba2808f4c0462bf0a5b31312b9b3f0eb5bb43 Mon Sep 17 00:00:00 2001
From: Robin Avery <robin@ribbanya.dev>
Date: Sat, 11 Nov 2023 18:51:54 -0500
Subject: [PATCH] Run Linux docker containers as current user (#1003)

---
 .github/README.md                           |  1 +
 .github/packages/build-linux/Dockerfile     | 22 ++++++++++-----------
 .github/packages/build-linux/entrypoint.sh  |  2 +-
 .github/packages/check-issues/entrypoint.sh |  2 +-
 .github/packages/check-issues/setup.sh      |  4 ++--
 .github/packages/dump-asm/entrypoint.sh     |  2 +-
 .github/packages/gen-pages/entrypoint.sh    |  4 ++--
 .github/workflows/build-melee.yml           | 10 +++++++---
 .github/workflows/dump-asm.yml              |  5 ++++-
 .github/workflows/publish-packages.yml      | 21 ++++++++++++++++----
 .github/workflows/publish-pages.yml         |  5 ++++-
 11 files changed, 51 insertions(+), 27 deletions(-)

diff --git a/.github/README.md b/.github/README.md
index a5d03e8475..375bcb8129 100644
--- a/.github/README.md
+++ b/.github/README.md
@@ -105,6 +105,7 @@ make_flags='GENERATE_MAP=1'
 build_target="$melee_path/build"
 
 docker run --rm \
+  --user "$(id -u):$(id -g)" \
   --volume "$melee_path:/input:ro" \
   --volume "$build_target:/output" \
   --env MAKE_FLAGS="$make_flags" \
diff --git a/.github/packages/build-linux/Dockerfile b/.github/packages/build-linux/Dockerfile
index 1ddbed5725..69b1f7585f 100644
--- a/.github/packages/build-linux/Dockerfile
+++ b/.github/packages/build-linux/Dockerfile
@@ -1,6 +1,6 @@
 FROM rust:latest as build-rust
-RUN git clone 'https://github.com/InusualZ/dadosod.git' \
-    && cd dadosod \
+COPY tools/dadosod /dadosod
+RUN cd dadosod \
     && cargo build -r
 
 FROM ubuntu:latest AS linux-base
@@ -9,9 +9,6 @@ COPY --from=ghcr.io/decompals/wibo:latest \
     ${WIBO_PATH} \
     ${WIBO_PATH}
 COPY requirements.txt /tmp/
-COPY --from=build-rust \
-     /dadosod/target/release/dadosod \
-     /usr/local/bin/dadosod
 ARG DEVKITPRO=/opt/devkitpro
 ARG DEVKITPPC=${DEVKITPRO}/devkitPPC
 COPY --from=devkitpro/devkitppc:latest  \
@@ -30,23 +27,26 @@ ENV PATH="$DEVKITPPC/bin:$PATH"
 COPY .github/packages/build-linux/melee-mwcc /usr/local/bin
 RUN chmod +x /usr/local/bin/melee-mwcc
 
-FROM linux-base AS build-linux
-ENV MAKE_FLAGS="GENERATE_MAP=1"
+FROM linux-base AS linux-rw
 VOLUME [ "/input", "/output" ]
+
+FROM linux-rw AS build-linux
+ENV MAKE_FLAGS="GENERATE_MAP=1"
 COPY .github/packages/build-linux/entrypoint.sh /usr/local/bin
 RUN chmod +x /usr/local/bin/entrypoint.sh
 ENTRYPOINT entrypoint.sh
 
-FROM linux-base AS gen-pages
-VOLUME [ "/input", "/output" ]
+FROM linux-rw AS gen-pages
 COPY .github/packages/gen-pages/entrypoint.sh /usr/local/bin
 RUN chmod +x /usr/local/bin/entrypoint.sh
 ENTRYPOINT entrypoint.sh
 
-FROM linux-base AS dump-asm
+FROM linux-rw AS dump-asm
 ARG SHORT_SHA
 ARG TREE_URL
-VOLUME [ "/input", "/output" ]
+COPY --from=build-rust \
+    /dadosod/target/release/dadosod \
+    /usr/local/bin/dadosod
 COPY .github/packages/dump-asm/readme.py /usr/local/bin
 RUN chmod +x /usr/local/bin/readme.py
 COPY .github/packages/dump-asm/entrypoint.sh /usr/local/bin
diff --git a/.github/packages/build-linux/entrypoint.sh b/.github/packages/build-linux/entrypoint.sh
index 2ca2476d0b..f943b88389 100644
--- a/.github/packages/build-linux/entrypoint.sh
+++ b/.github/packages/build-linux/entrypoint.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -euox pipefail
+set -euo pipefail
 
 git clone /input /tmp/input
 cd /tmp/input
diff --git a/.github/packages/check-issues/entrypoint.sh b/.github/packages/check-issues/entrypoint.sh
index 0cded74796..418be25cc9 100644
--- a/.github/packages/check-issues/entrypoint.sh
+++ b/.github/packages/check-issues/entrypoint.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -euox pipefail
+set -euo pipefail
 
 cd /input
 
diff --git a/.github/packages/check-issues/setup.sh b/.github/packages/check-issues/setup.sh
index ad9746ad30..3293998a39 100644
--- a/.github/packages/check-issues/setup.sh
+++ b/.github/packages/check-issues/setup.sh
@@ -1,5 +1,5 @@
-#!/bin/sh
-set -e
+#!/bin/bash
+set -euo pipefail
 
 apt update
 
diff --git a/.github/packages/dump-asm/entrypoint.sh b/.github/packages/dump-asm/entrypoint.sh
index 5244807bd5..6fa7d9d74d 100644
--- a/.github/packages/dump-asm/entrypoint.sh
+++ b/.github/packages/dump-asm/entrypoint.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -euox pipefail
+set -euo pipefail
 
 git clone /input /tmp/input
 cd /tmp/input
diff --git a/.github/packages/gen-pages/entrypoint.sh b/.github/packages/gen-pages/entrypoint.sh
index d9420edf9f..43c6ee23b2 100644
--- a/.github/packages/gen-pages/entrypoint.sh
+++ b/.github/packages/gen-pages/entrypoint.sh
@@ -1,5 +1,5 @@
-#!/bin/sh
-set -e
+#!/bin/bash
+set -euo pipefail
 
 git clone /input /tmp/input
 cd /tmp/input
diff --git a/.github/workflows/build-melee.yml b/.github/workflows/build-melee.yml
index 6b3b28143c..6280f97f20 100644
--- a/.github/workflows/build-melee.yml
+++ b/.github/workflows/build-melee.yml
@@ -55,10 +55,13 @@ jobs:
       env:
         MAKE_FLAGS: ${{ matrix.make_flags }}
       run: |
+        output="${{ github.workspace }}/output"
+        mkdir -p "$output"
         docker run --rm \
-          --volume "$PWD:/input:ro" \
-          --volume /tmp/output:/output \
-          --env MAKE_FLAGS="$MAKE_FLAGS" \
+          --user "$(id -u):$(id -g)" \
+          --volume "$PWD":/input:ro \
+          --volume "$output:/output" \
+          --env MAKE_FLAGS="NON_MATCHING=1" \
           "$REGISTRY/$IMAGE"
 
     - name: Upload map
@@ -182,6 +185,7 @@ jobs:
     - name: Check for code issues
       run: |
         result=$(docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD:/input:ro" \
             "$REGISTRY/$IMAGE")
         echo "$result"
diff --git a/.github/workflows/dump-asm.yml b/.github/workflows/dump-asm.yml
index bc6508e9fe..b6ab5899ce 100644
--- a/.github/workflows/dump-asm.yml
+++ b/.github/workflows/dump-asm.yml
@@ -49,11 +49,14 @@ jobs:
 
       - name: Dump assembly
         run: |
+          output="${{ github.workspace }}/output"
+          mkdir -p "$output"
           short_sha="$(echo "${{ github.sha }}" | cut -c 1-7)"
           tree_url="${{ github.server_url }}/${{ github.repository }}/tree/${{ github.sha }}"
           docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD:/input:ro" \
-            --volume /tmp/output:/output \
+            --volume "$output:/output" \
             -e SHORT_SHA="$short_sha" \
             -e TREE_URL="$tree_url" \
             ${{ env.REGISTRY }}/${{ env.IMAGE }}
diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml
index 0f79b378fa..f3bca72420 100644
--- a/.github/workflows/publish-packages.yml
+++ b/.github/workflows/publish-packages.yml
@@ -64,18 +64,24 @@ jobs:
       - name: Try building Melee (GENERATE_MAP=1)
         if: startsWith(matrix.target, 'build-')
         run: |
+          output="${{ github.workspace }}/output/generate_map"
+          mkdir -p "$output"
           docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD:/input:ro" \
-            --volume /tmp/output/generate_map:/output \
+            --volume "$output:/output" \
             --env MAKE_FLAGS="GENERATE_MAP=1" \
             "$IMAGE:test"
 
       - name: Try building Melee (NON_MATCHING=1)
         if: startsWith(matrix.target, 'build-')
         run: |
+          output="${{ github.workspace }}/output/non_matching"
+          mkdir -p "$output"
           docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD":/input:ro \
-            --volume /tmp/output/non_matching:/output \
+            --volume "$output:/output" \
             --env MAKE_FLAGS="NON_MATCHING=1" \
             "$IMAGE:test"
 
@@ -83,25 +89,32 @@ jobs:
         if: matrix.target == 'check-issues'
         run: |
           docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD:/input:ro" \
             "$IMAGE:test"
 
       - name: Try generating pages
         if: matrix.target == 'gen-pages'
         run: |
+          output="${{ github.workspace }}/output"
+          mkdir -p "$output"
           docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD:/input:ro" \
-            --volume /tmp/output:/output \
+            --volume "$output:/output" \
             "$IMAGE:test"
 
       - name: Try dumping assembly
         if: matrix.target == 'dump-asm'
         run: |
+          output="${{ github.workspace }}/output"
+          mkdir -p "$output"
           short_sha="$(echo "${{ github.sha }}" | cut -c 1-7)"
           tree_url="${{ github.server_url }}/${{ github.repository }}/tree/${{ github.sha }}"
           docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD:/input:ro" \
-            --volume /tmp/output:/output \
+            --volume "$output:/output" \
             -e SHORT_SHA="$short_sha" \
             -e TREE_URL="$tree_url" \
             "$IMAGE:test"
diff --git a/.github/workflows/publish-pages.yml b/.github/workflows/publish-pages.yml
index a51486987a..5818ef27b9 100644
--- a/.github/workflows/publish-pages.yml
+++ b/.github/workflows/publish-pages.yml
@@ -50,9 +50,12 @@ jobs:
 
       - name: Generate pages
         run: |
+          output="${{ github.workspace }}/output"
+          mkdir -p "$output"
           docker run --rm \
+            --user "$(id -u):$(id -g)" \
             --volume "$PWD:/input:ro" \
-            --volume /tmp/output:/output \
+            --volume "$output:/output" \
             ${{ env.REGISTRY }}/${{ env.IMAGE }}
 
       - name: Upload generated pages