From fd6196def24af0a18c1db04f176580c8f6aafdaa Mon Sep 17 00:00:00 2001
From: Sebastian Krupinski <krupinski01@gmail.com>
Date: Mon, 23 Feb 2026 20:34:07 -0500
Subject: [PATCH] fix: use sudo

Signed-off-by: Sebastian Krupinski <krupinski01@gmail.com>
---
 .github/workflows/test.yml |  5 +++++
 action.yml                 | 17 ++++++++++++-----
 scripts/configure.sh       |  7 ++++++-
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 1626344..c585a1a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -345,6 +345,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
       
+      - name: Install dependencies
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -y jq curl
+      
       - name: Test invalid JSON (domains)
         id: test_invalid_domains
         continue-on-error: true
diff --git a/action.yml b/action.yml
index 4d6bcb5..e1e507e 100644
--- a/action.yml
+++ b/action.yml
@@ -25,10 +25,13 @@ runs:
       run: |
         echo "::group::Checking prerequisites"
         
-        # Check if running as root
+        # Check if running as root or if sudo is available
         if [ "$(id -u)" -ne 0 ]; then
-          echo "::error::This action must run as root. Use 'sudo' or run in a container with root privileges."
-          exit 1
+          if ! command -v sudo &> /dev/null; then
+            echo "::error::This action must run as root or 'sudo' must be available."
+            exit 1
+          fi
+          echo "ℹ Running as non-root user — will use sudo for privileged steps."
         fi
         
         # Check for required commands
@@ -49,7 +52,9 @@ runs:
       run: |
         echo "::group::Installing Stalwart Mail Server"
         chmod +x "${{ github.action_path }}/scripts/install.sh"
-        "${{ github.action_path }}/scripts/install.sh"
+        SUDO=""
+        if [ "$(id -u)" -ne 0 ]; then SUDO="sudo -E"; fi
+        $SUDO "${{ github.action_path }}/scripts/install.sh"
         echo "::endgroup::"
     
     - name: Configure Stalwart
@@ -72,7 +77,9 @@ runs:
         
         echo "::group::Configuring Stalwart"
         chmod +x "${{ github.action_path }}/scripts/configure.sh"
-        "${{ github.action_path }}/scripts/configure.sh"
+        SUDO=""
+        if [ "$(id -u)" -ne 0 ]; then SUDO="sudo -E"; fi
+        $SUDO "${{ github.action_path }}/scripts/configure.sh"
         echo "::endgroup::"
     
     - name: Display completion message
diff --git a/scripts/configure.sh b/scripts/configure.sh
index 1cdc16d..133a335 100755
--- a/scripts/configure.sh
+++ b/scripts/configure.sh
@@ -58,7 +58,12 @@ main() {
     
     # Save admin password to temp file for testing/debugging (remove in production)
     echo "$current_password" > /tmp/stalwart_admin_password
-    chmod 600 /tmp/stalwart_admin_password
+    # Use 644 so the invoking (non-root) runner user can read the file
+    chmod 644 /tmp/stalwart_admin_password
+    # If invoked via sudo, transfer ownership back to the calling user
+    if [ -n "${SUDO_USER:-}" ]; then
+        chown "$SUDO_USER" /tmp/stalwart_admin_password
+    fi
     
     # Create domains if provided
     if [ -n "$DOMAINS_JSON" ]; then