From caf789e7af6f952a306e9a66354ee6ef6043c8b4 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 23 Feb 2025 13:18:10 -0500
Subject: [PATCH] Put a regular user step first.

---
 .../0.1/buildkit-rootless-daemonless.yaml             | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml b/task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
index 15453bf..caf601d 100644
--- a/task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
+++ b/task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
@@ -69,6 +69,17 @@ spec:
     - name: metadata-out
       emptyDir: {}
   steps:
+    - name: run-as-user
+      image: $(params.BUILDER_IMAGE)
+      workingDir: "$(workspaces.source.path)"
+      script: |
+        #!/usr/bin/env sh
+        set -euo pipefail
+        echo "yo"
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
     - name: setup-cache-ownership
       image: $(params.BUILDER_IMAGE)
       workingDir: "$(workspaces.source.path)"