From 2951541da3dc43e986ad55d3cd49a7e15902ed9e Mon Sep 17 00:00:00 2001
From: Matt Boris <mboris@mozilla.com>
Date: Wed, 12 Feb 2025 21:03:23 -0500
Subject: [PATCH] feat: add `run-task-as-current-user` gw payload builder
 option

---
 src/taskgraph/transforms/task.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/taskgraph/transforms/task.py b/src/taskgraph/transforms/task.py
index b340514ad..ce8503a30 100644
--- a/src/taskgraph/transforms/task.py
+++ b/src/taskgraph/transforms/task.py
@@ -649,6 +649,8 @@ def build_docker_worker_payload(config, task, task_def):
         Optional("os-groups"): [str],
         # feature for test task to run as administarotr
         Optional("run-as-administrator"): bool,
+        # feature for task to run as current OS user
+        Optional("run-task-as-current-user"): bool,
         # optional features
         Required("chain-of-trust"): bool,
         Optional("taskcluster-proxy"): bool,
@@ -757,6 +759,12 @@ def build_generic_worker_payload(config, task, task_def):
             "generic-worker:run-as-administrator:{}".format(task["worker-type"]),
         )
 
+    if worker.get("run-task-as-current-user", False):
+        features["runTaskAsCurrentUser"] = True
+        task_def["scopes"].append(
+            "generic-worker:run-task-as-current-user:{}".format(task["worker-type"]),
+        )
+
     if features:
         task_def["payload"]["features"] = features