rerun

jdetter · jdetter · commit 37d40e4df07b · 2025-09-16T14:56:26.000-05:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -279,42 +279,81 @@ jobs:
         env:
           UE_ROOT_PATH: /home/ue4/UnrealEngine
         run: |
-          # Ensure these mounts are owned by the user we'll run as
-          for p in "$GITHUB_WORKSPACE" "$RUNNER_TEMP" "$RUNNER_TOOL_CACHE"; do
+
+          REPO="$GITHUB_WORKSPACE"                       # /__w/SpacetimeDB/SpacetimeDB
+          PARENT="$(dirname "$REPO")"                    # /__w/SpacetimeDB
+          GRAND="$(dirname "$PARENT")"                   # /__w
+
+          # 0) Make repo parents traversable for 1001
+          chmod a+rx "$GRAND" "$PARENT" || true
+
+          # 1) Ensure these mounts are owned by the user we'll run as
+          for p in "$REPO" "$RUNNER_TEMP" "$RUNNER_TOOL_CACHE"; do
             [ -n "${p:-}" ] && [ -d "$p" ] && chown -R 1001:1001 "$p" || true
           done
 
-          # Create the build user if needed
+          # 2) Make the UE tree readable/executable for UID 1001 (so tests can stat/execute Build.sh)
+          apt-get update
+          apt-get install -y acl curl ca-certificates
+
+          UE_DIR="${UE_ROOT_PATH:-/home/ue4/UnrealEngine}"
+          if [ -d "$UE_DIR" ]; then
+            # allow traversal into /home/ue4 and UE dirs
+            setfacl -m u:1001:rx /home/ue4 || chmod o+rx /home/ue4
+            setfacl -R -m u:1001:rX "$UE_DIR" || chmod -R a+rX "$UE_DIR"
+            # ensure the specific script is executable by all
+            if [ -f "$UE_DIR/Engine/Build/BatchFiles/Linux/Build.sh" ]; then
+              chmod a+rx "$UE_DIR/Engine/Build/BatchFiles/Linux/Build.sh"
+            fi
+            echo "UE perms check:"
+            namei -l "$UE_DIR/Engine/Build/BatchFiles/Linux/Build.sh" || true
+          else
+            echo "WARNING: UE_ROOT_PATH '$UE_DIR' not found"
+          fi
+
+          # 3) Fix the root repo's .git tree (read/traverse) just in case
+          if [ -d "$REPO/.git" ]; then
+            chown -R 1001:1001 "$REPO/.git" || true
+            find "$REPO/.git" -type d -exec chmod 755 {} \; || true
+            find "$REPO/.git" -type f -exec chmod 644 {} \; || true
+            mkdir -p "$REPO/.git/info"; : > "$REPO/.git/info/exclude"
+            chown 1001:1001 "$REPO/.git/info" "$REPO/.git/info/exclude" || true
+            chmod 755 "$REPO/.git/info"; chmod 644 "$REPO/.git/info/exclude" || true
+          fi
+
+          # 4) Create the build user if needed
           getent group 1001 >/dev/null || groupadd -g 1001 runnergrp
           getent passwd 1001 >/dev/null || useradd -u 1001 -g 1001 -m -s /bin/bash runnerusr
 
-          # Use the runner's tool cache so Rust persists across runs
+          # 5) Persist Rust under the tool cache so it survives runs
           export CARGO_HOME="${RUNNER_TOOL_CACHE:-/tmp}/cargo"
           export RUSTUP_HOME="${RUNNER_TOOL_CACHE:-/tmp}/rustup"
           mkdir -p "$CARGO_HOME" "$RUSTUP_HOME"
           chown -R 1001:1001 "$CARGO_HOME" "$RUSTUP_HOME"
 
-          # Make sure curl exists
-          apt-get update
-          apt-get install -y curl ca-certificates
-
-          # Install rustup + toolchain for the 1001 user (rust-toolchain.toml will be honored)
-          sudo -E -H -u runnerusr bash -lc '
-            set -euxo pipefail
-            export CARGO_HOME='"$CARGO_HOME"'
-            export RUSTUP_HOME='"$RUSTUP_HOME"'
-            export PATH="$CARGO_HOME/bin:$PATH"
-            if ! command -v cargo >/dev/null 2>&1; then
-              curl -sSf https://sh.rustup.rs | sh -s -- -y
-            fi
-            # Preload the toolchain requested by rust-toolchain.toml
-            cd "$GITHUB_WORKSPACE"
-            export PATH="$CARGO_HOME/bin:$PATH"
-            rustup show >/dev/null
-            cd "$GITHUB_WORKSPACE/sdks/unreal"
-            cargo --version
-            cargo test
-          '
+          # 6) Run as the unprivileged user with a clean HOME
+          sudo -E -H -u runnerusr env \
+            HOME=/home/runnerusr \
+            XDG_CONFIG_HOME=/home/runnerusr/.config \
+            CARGO_HOME="$CARGO_HOME" \
+            RUSTUP_HOME="$RUSTUP_HOME" \
+            PATH="$CARGO_HOME/bin:$PATH" \
+            bash -lc '
+              set -euxo pipefail
+              mkdir -p "$XDG_CONFIG_HOME"
+              if ! command -v cargo >/dev/null 2>&1; then
+                curl -sSf https://sh.rustup.rs | sh -s -- -y
+              fi
+              rustup show >/dev/null
+              git config --global --add safe.directory "$GITHUB_WORKSPACE" || true
+
+              # final sanity on the UE script as UID 1001
+              ls -l "$UE_ROOT_PATH/Engine/Build/BatchFiles/Linux/Build.sh" || true
+
+              cd "$GITHUB_WORKSPACE/sdks/unreal"
+              cargo --version
+              cargo test
+            '
   cli_docs:
     name: Check CLI docs
     permissions: read-all
