Skip to content

Commit

Permalink
Add nonroot user to pipeline's build-base image
Browse files Browse the repository at this point in the history 
Prior to this commit the git-init image only provided a root
user, meaning git clones had to be performed as root.

After this commit the git-init image provides a nonroot user
with UID and GID of 65532 and a home directory of /home/nonroot.
Utilizing this UID results in creds-init credentials being placed
in /home/nonroot/.ssh when disable-home-env-overwrite is "true",
and results in the cloned files being owned by UID 65532.

The HOME environment variable is left untouched because the default
user in the image remains `root`.
  • Loading branch information
@tekton-robot
Scott authored and tekton-robot committed Feb 8, 2021
1 parent 6db8103 commit b7a5fc3
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion images/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
FROM alpine:3.11


RUN addgroup -S -g 65532 nonroot && adduser -S -u 65532 nonroot -G nonroot

RUN apk add --update git git-lfs openssh-client \
&& apk update \
&& apk upgrade

0 comments on commit b7a5fc3

Please sign in to comment.