From 4a389bb6ddfe2e98001d7bd391e894860b510541 Mon Sep 17 00:00:00 2001
From: "Duggan, John" <dugganjw@ornl.gov>
Date: Thu, 3 Jul 2025 14:04:38 +0000
Subject: [PATCH] Allow groups to be shared with containers without setting the
 user

---
 .gitlab-ci.yml                                 | 4 ++--
 lib/galaxy/jobs/runners/__init__.py            | 3 +++
 lib/galaxy/tool_util/deps/container_classes.py | 4 ++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 72cc0c838b..bc8d4048ed 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,8 +9,8 @@ variables:
   CONTAINER_GALAXY_URL: "${NDIP_DOCKER_REPOSITORY}/${CI_PROJECT_PATH}"
   CONTAINER_GALAXY_BASE_URL: "${CONTAINER_GALAXY_URL}/base"
   CONTAINER_GALAXY_COMMIT_URL: "${CONTAINER_GALAXY_URL}/commit"
-  GALAXY_VERSION_PYTHON: 24.2.dev2+ornl
-  GALAXY_VERSION_DOCKER: 24.2.dev2.ornl
+  GALAXY_VERSION_PYTHON: 24.2.dev4+ornl
+  GALAXY_VERSION_DOCKER: 24.2.dev4.ornl
 
 # This import is for the func_rse_docker_* functions
 before_script:
diff --git a/lib/galaxy/jobs/runners/__init__.py b/lib/galaxy/jobs/runners/__init__.py
index 70f3b26505..86b4e95dec 100644
--- a/lib/galaxy/jobs/runners/__init__.py
+++ b/lib/galaxy/jobs/runners/__init__.py
@@ -541,6 +541,7 @@ class BaseJobRunner:
             return
 
         set_user = user_oidc_config.get("docker_set_user", False)
+        set_user_groups = user_oidc_config.get("docker_set_user_groups", False)
         env_var = user_oidc_config.get("docker_add_user_to_env", None)
 
         if not set_user and not env_var:
@@ -572,6 +573,8 @@ class BaseJobRunner:
 
         if set_user:
             destination_info["set_host_user"] = username
+        if set_user_groups:
+            destination_info["host_user_to_set_groups_from"] = username
         if env_var:
             destination_info["pass_host_user_to_env"] = env_var + "=" + username
         return
diff --git a/lib/galaxy/tool_util/deps/container_classes.py b/lib/galaxy/tool_util/deps/container_classes.py
index 2391d7fc7b..c38c48ba9c 100644
--- a/lib/galaxy/tool_util/deps/container_classes.py
+++ b/lib/galaxy/tool_util/deps/container_classes.py
@@ -481,8 +481,12 @@ class DockerContainer(Container, HasDockerLikeVolumes):
         run_extra_arguments = self.prop("run_extra_arguments", docker_util.DEFAULT_RUN_EXTRA_ARGUMENTS)
         group_command = ""
         host_user = self.destination_info.get("set_host_user", None)
+        user_with_groups = self.destination_info.get("host_user_to_set_groups_from", None)
         if host_user:
             group_command = string.Template(SET_USER_GROUPS_TEMPLATE).safe_substitute(username=host_user)
+        elif user_with_groups:
+            group_command = string.Template(SET_USER_GROUPS_TEMPLATE).safe_substitute(username=user_with_groups)
+        if group_command:
             if run_extra_arguments:
                 run_extra_arguments = run_extra_arguments + " $GROUPADD"
             else:
-- 
GitLab