ci: use codebuild for x86_64-gnu-distcheck job

Author: marcoieni

src/ci/docker/host-x86_64/x86_64-gnu-distcheck/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:22.04
+FROM ghcr.io/rust-lang/ubuntu:22.04
 
 ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y --no-install-recommends \

src/ci/docker/run.sh

@@ -296,16 +296,20 @@ else
   args="$args --volume $objdir:/checkout/obj"
   args="$args --volume $HOME/.cargo:/cargo"
   args="$args --volume /tmp/toolstate:/tmp/toolstate"
+fi
 
-  id=$(id -u)
-  if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
-    # Rootless podman creates a separate user namespace, where an inner
-    # LOCAL_USER_ID will map to a different subuid range on the host.
-    # The "keep-id" mode maps the current UID directly into the container.
-    args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
-  else
-    args="$args --env LOCAL_USER_ID=$id"
-  fi
+id=$(id -u)
+if [[ "$id" != 0 && "$(docker version)" =~ Podman ]]; then
+  # Rootless podman creates a separate user namespace, where an inner
+  # LOCAL_USER_ID will map to a different subuid range on the host.
+  # The "keep-id" mode maps the current UID directly into the container.
+  args="$args --env NO_CHANGE_USER=1 --userns=keep-id"
+elif [[ "$id" != 0 ]]; then
+  args="$args --env LOCAL_USER_ID=$id"
+else
+  # We're running as root.
+  # We set the user id to `1001` instead of `0` to avoid running the container as root.
+  args="$args --env LOCAL_USER_ID=1001"
 fi
 
 if [ "$dev" = "1" ]

src/ci/github-actions/jobs.yml

@@ -309,7 +309,7 @@ auto:
     <<: *job-linux-4c
 
   - name: x86_64-gnu-distcheck
-    <<: *job-linux-8c
+    <<: *job-linux-36c-codebuild
 
   # The x86_64-gnu-llvm-20 job is split into multiple jobs to run tests in parallel.
   # x86_64-gnu-llvm-20-1 skips tests that run in x86_64-gnu-llvm-20-{2,3}.

src/ci/run.sh

@@ -2,6 +2,29 @@
 
 set -e
 
+# Change ownership of the given path to the user if the filesystem is writable
+change_ownership_if_writable() {
+    local path=$1
+    local owner="user:user"
+    local current_owner
+    current_owner=$(stat -f "%Su:%Sg" "$path" 2>/dev/null)
+
+    local test_file="$path/.write_test"
+    echo "Testing if $path is writable by $owner"
+    # Test if filesystem is writable by attempting to touch a temporary file
+    if touch "$test_file" 2>/dev/null; then
+        # We wrote the file just for testing. We can remove it now.
+        rm "$test_file"
+        if [ "$current_owner" != "$owner" ]; then
+            echo "Changing ownership of $path to $owner"
+            chown -R $owner "$path"
+        fi
+    else
+        echo "$path is read-only, skipping ownership change"
+    fi
+    echo "Ownership of $path is $current_owner"
+}
+
 if [ -n "$CI_JOB_NAME" ]; then
   echo "[CI_JOB_NAME=$CI_JOB_NAME]"
 fi
@@ -16,6 +39,12 @@ if [ "$NO_CHANGE_USER" = "" ]; then
     export HOME=/home/user
     unset LOCAL_USER_ID
 
+    # Give ownership of necessary directories to the user
+    change_ownership_if_writable .
+    mkdir -p /cargo
+    change_ownership_if_writable /cargo
+    change_ownership_if_writable /checkout
+
     # Ensure that runners are able to execute git commands in the worktree,
     # overriding the typical git protections. In our docker container we're running
     # as root, while the user owning the checkout is not root.