From 2a55c38982e5a1a1aea9975a7d16ae91782c410c Mon Sep 17 00:00:00 2001
From: Chris Novakovic <chris@chrisn.me.uk>
Date: Tue, 2 Dec 2025 15:50:33 +0000
Subject: [PATCH] Use UID/GID 1001 for `runner` user/group

When running a GHA job in a container, the runner transparently mounts
the workspace as a volume inside the container. This directory is owned
by the runner image's `runner` user, which on GitHub's official Ubuntu
images has the UID 1001 and GID 1001. Use the same UID and GID for the
`runner` user inside the alpine-builder image to eliminate errors when
attempting to write to the workspace (e.g. by checking out code) inside
the alpine-builder image.
---
 README.md                    | 5 +++--
 alpine-builder.Containerfile | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 98e05f3..bb8e21a 100644
--- a/README.md
+++ b/README.md
@@ -8,8 +8,9 @@ other purpose.
 
 - Images are only built for the `linux/amd64` and `linux/arm64` platforms, since these are the only Linux platforms
   supported by Please.
-- By default, commands are executed in the container by the `runner` user. This user is allowed to run sudo without a
-  password.
+- By default, commands are executed in the container by the `runner` user (UID 1001), whose primary group is similarly
+  `runner` (GID 1001). These match the user and group names and IDs used by the equivalent user in GitHub's official
+  Ubuntu runner images. The `runner` user is allowed to run sudo without a password.
 - Additional run-time dependencies for Please and the `pleasew` script are installed from the Alpine Linux repositories:
   - `bash`
   - `curl`
diff --git a/alpine-builder.Containerfile b/alpine-builder.Containerfile
index 22883db..8b88d8d 100644
--- a/alpine-builder.Containerfile
+++ b/alpine-builder.Containerfile
@@ -15,9 +15,10 @@ RUN apk --no-cache add \
     python3 python3-dev py3-pip
 
 # Create a non-root user (that can still run commands as root if required), and use it by default.
-# This is identical to how the GitHub-hosted runners are configured.
+# The user and group names are identical to those on GitHub's official Ubuntu runner images.
 RUN apk --no-cache add sudo && \
-    adduser -D runner && \
+    addgroup -g 1001 runner && \
+    adduser -u 1001 -G runner -D runner && \
     echo runner:runner | chpasswd && \
     echo 'Defaults:runner !requiretty' > /etc/sudoers.d/runner && \
     echo 'runner ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/runner && \