From fdcbf74a7da4fb074d5c408eb2ec4ed75fb74bf4 Mon Sep 17 00:00:00 2001
From: Baranov Victor <bar.victor.2002@gmail.com>
Date: Sat, 25 Oct 2025 01:24:55 +0300
Subject: [PATCH] [Github][CI] Add default gha user for tooling containers
 (#164294)

This would solve

https://github.com/llvm/llvm-project/blob/c0073a9170aaa4f3504f7cdf20758176bcb14ac1/.github/workflows/pr-code-format.yml#L28-L34
---
 .../containers/github-action-ci-tooling/Dockerfile   | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/containers/github-action-ci-tooling/Dockerfile b/.github/workflows/containers/github-action-ci-tooling/Dockerfile
index 9d2aaf6bbd48..8aaa2e88f2ba 100644
--- a/.github/workflows/containers/github-action-ci-tooling/Dockerfile
+++ b/.github/workflows/containers/github-action-ci-tooling/Dockerfile
@@ -37,6 +37,14 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+# Create a new user with id 1001 as that is the user id that
+# Github Actions uses to perform the checkout action.
+RUN useradd gha -u 1001 -m -s /bin/bash
+RUN adduser gha sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+# Don't set USER gha right away because we still need to install packages
+# as root in 'ci-container-code-format' and 'ci-container-code-lint' containers
+
 
 FROM base AS ci-container-code-format
 ARG LLVM_VERSION
@@ -51,6 +59,8 @@ ENV PATH=${LLVM_SYSROOT}/bin:${PATH}
 COPY llvm/utils/git/requirements_formatting.txt requirements_formatting.txt
 RUN pip install -r requirements_formatting.txt --break-system-packages && \
     rm requirements_formatting.txt
+USER gha
+WORKDIR /home/gha
 
 
 FROM base AS ci-container-code-lint
@@ -80,3 +90,5 @@ RUN apt-get update && \
 COPY llvm/utils/git/requirements_linting.txt requirements_linting.txt
 RUN pip install -r requirements_linting.txt --break-system-packages && \
     rm requirements_linting.txt
+USER gha
+WORKDIR /home/gha