Fix CI permissions with container UID mismatch; document proper solution

[Copilot]

CI fails when actions/checkout@v4 attempts to write state files: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/...'

Container runs as UID 1000 (via ARG USER_UID=1000), but GitHub Actions mounts volumes owned by UID 1001, causing permission conflicts.

Immediate Fix

Added options: --user root to container configuration in .github/workflows/ci.yml:

container:
  image: ghcr.io/kaladron/cpp-image/dev-env:latest
  credentials:
    username: ${{ github.actor }}
    password: ${{ secrets.GITHUB_TOKEN }}
  options: --user root  # Temporary workaround

Documented Proper Solution

Created three guides for fixing in container image:

• CONTAINER_CHANGES_NEEDED.md - Quick reference: change ARG USER_UID=1001 in Dockerfile
• CONTAINER_SOLUTION.md - Four solution options with tradeoffs
• CONTAINER_FIX_GUIDE.md - Complete implementation guide with testing procedures

Recommended Container Changes

Change default UID in Dockerfile:

ARG USER_UID=1001  # Changed from 1000

Bake in CI dependencies for 30-60s speedup:

RUN apt-get update && \
    apt-get install -y libsqlite3-dev && \
    ln -sf /usr/bin/ld.lld-22 /usr/bin/ld.lld && \
    ln -sf /usr/bin/lld-22 /usr/bin/lld && \
    ln -sf /usr/bin/clang-scan-deps-22 /usr/bin/clang-scan-deps && \
    ln -sf /usr/bin/clang-format-22 /usr/bin/clang-format && \
    mkdir -p /lib/share/libc++ && \
    ln -sf /usr/lib/llvm-22/share/libc++/v1 /lib/share/libc++/v1 && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

After container update: remove options: --user root and delete "Install dependencies" step.

Alternative: Use options: --user 1001:1001 (safer than root, no container rebuild required).

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.