diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9fccefd4..1b8fbf6a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,8 +14,6 @@ jobs:
     timeout-minutes: 5
 
     steps:
-      - run: command -v docker
-      - run: ls -la $(command -v docker)
       - name: github-cleanup
         uses: renovatebot/internal-tools@v0
         continue-on-error: true
diff --git a/src/renovate.ts b/src/renovate.ts
index edc6df36..c30d1121 100644
--- a/src/renovate.ts
+++ b/src/renovate.ts
@@ -20,8 +20,11 @@ class Renovate {
   }
 
   async runDockerContainer(): Promise<void> {
-    // workaround for docker group missmatch: 116 (host) vs 999 (container)
-    await exec('sudo', ['chmod', 'o=rw', '/var/run/docker.sock']);
+    const groups = await fs.promises.readFile('/etc/group', {
+      encoding: 'utf-8',
+    });
+    const [, group] = /^docker:x:([1-9][0-9]*):$/.exec(groups);
+    // await exec('sudo', ['chmod', 'o=rw', '/var/run/docker.sock']);
     const commandArguments = [
       '--rm',
       `--env ${this.configFileEnv}=${this.configFileMountPath()}`,
@@ -29,6 +32,7 @@ class Renovate {
       `--volume ${this.configFile}:${this.configFileMountPath()}`,
       `-v /var/run/docker.sock:/var/run/docker.sock`,
       `-v /tmp:/tmp`,
+      `-u 1000:${group}`,
       this.docker.image(),
     ];
     const command = `docker run ${commandArguments.join(' ')}`;