From f0c55a27c79ed92333a59c2a623d530061f414dc Mon Sep 17 00:00:00 2001
From: Adeeb Shihadeh <adeebshihadeh@gmail.com>
Date: Sun, 10 May 2026 15:37:47 -0700
Subject: [PATCH] build.sh: chown workspace back after manylinux Docker run

Container runs as root and creates files owned by UID 0 in the bind-
mounted workspace. The host runner user can't read some of them
(e.g. curl-src/config.{guess,sub}), so actions/cache's tar fails with
'Cannot open: Permission denied' and the cache save is skipped. Every
CI run was cold cache as a result.
---
 build.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/build.sh b/build.sh
index 629d2c0..8b6b3d3 100755
--- a/build.sh
+++ b/build.sh
@@ -20,6 +20,8 @@ if [[ "$USE_MANYLINUX" == "1" && -z "${BUILD_SH_IN_MANYLINUX:-}" ]]; then
   docker run --rm \
     -e BUILD_SH_IN_MANYLINUX=1 \
     -e BUILD_SH_REUSE_MANYLINUX_ARTIFACTS="${BUILD_SH_REUSE_MANYLINUX_ARTIFACTS:-}" \
+    -e BUILD_SH_HOST_UID="$(id -u)" \
+    -e BUILD_SH_HOST_GID="$(id -g)" \
     -e HOME=/tmp \
     -e UV_CACHE_DIR=/work/.uv-cache \
     -e UV_PYTHON=/opt/python/cp312-cp312/bin/python3 \
@@ -80,3 +82,9 @@ du -hs dist/* | sort -hr
 
 echo
 echo "Done in $((SECONDS - START_SECS))s"
+
+# Hand workspace ownership back to the host runner so actions/cache can
+# tar everything we just produced (manylinux runs as root).
+if [[ -n "${BUILD_SH_IN_MANYLINUX:-}" && -n "${BUILD_SH_HOST_UID:-}" ]]; then
+  chown -R "$BUILD_SH_HOST_UID:${BUILD_SH_HOST_GID:-0}" "$ROOT_DIR"
+fi