From 6c9c0306ac6f208e1e3486dbb3fd5078bccc2201 Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Tue, 28 May 2024 11:31:59 +0000
Subject: [PATCH] ci: pause-image no sudo

Build pause-image without sudo docker this is not needed. This is part 5 of N

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .../static-build/pause-image/build-static-pause-image.sh   | 4 ++--
 tools/packaging/static-build/pause-image/build.sh          | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/tools/packaging/static-build/pause-image/build-static-pause-image.sh b/tools/packaging/static-build/pause-image/build-static-pause-image.sh
index c844daa92d..6bf9dbb934 100755
--- a/tools/packaging/static-build/pause-image/build-static-pause-image.sh
+++ b/tools/packaging/static-build/pause-image/build-static-pause-image.sh
@@ -19,8 +19,8 @@ pull_pause_image_from_remote() {
 	echo "pull pause image from remote"
 
 	skopeo copy "${pause_image_repo}":"${pause_image_version}" oci:pause:"${pause_image_version}"
-	umoci unpack --image pause:"${pause_image_version}"  "${DESTDIR}/pause_bundle"
+	umoci unpack --rootless --image pause:"${pause_image_version}"  "${DESTDIR}/pause_bundle"
 	rm "${DESTDIR}/pause_bundle/umoci.json"
 }
 
-pull_pause_image_from_remote $@
+pull_pause_image_from_remote "$@"
diff --git a/tools/packaging/static-build/pause-image/build.sh b/tools/packaging/static-build/pause-image/build.sh
index d546d1d258..6e7d4d506b 100755
--- a/tools/packaging/static-build/pause-image/build.sh
+++ b/tools/packaging/static-build/pause-image/build.sh
@@ -28,16 +28,17 @@ package_output_dir="${package_output_dir:-}"
 container_image="${PAUSE_IMAGE_CONTAINER_BUILDER:-$(get_pause_image_name)}"
 [ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build"
 
-sudo docker pull ${container_image} || \
-	(sudo docker $BUILDX build $PLATFORM \
+docker pull ${container_image} || \
+	(docker $BUILDX build $PLATFORM \
 		-t "${container_image}" "${script_dir}" && \
 	 # No-op unless PUSH_TO_REGISTRY is exported as "yes"
 	 push_to_registry "${container_image}")
 
-sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	-w "${PWD}" \
 	--env DESTDIR="${DESTDIR}" \
 	--env pause_image_repo="${pause_image_repo}" \
 	--env pause_image_version="${pause_image_version}" \
+	--user "$(id -u)":"$(id -g)" \
 	"${container_image}" \
 	bash -c "${pause_image_builder}"