fix: Kevin prod 2140 build ansible harness image (#213)

* initialize harness ansible build * add non-root user * update ownership
pluralsh · Jun 6, 2024 · c6549d4 · c6549d4
1 parent 02b37ce
commit c6549d4
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/dockerfiles/harness/ansible.Dockerfile b/dockerfiles/harness/ansible.Dockerfile
@@ -10,9 +10,16 @@ FROM ${HARNESS_BASE_IMAGE} as harness
 # Build Ansible from Python Image
 FROM python:${PYTHON_VERSION}-alpine as final
 
+# Create necessary directories and set their ownership to UID/GID 65532
+RUN mkdir /plural && chown -R 65532:65532 /plural
+RUN mkdir /tmp/plural && chown -R 65532:65532 /tmp/plural
+
 # Copy Harness bin from the Harness Image
 COPY --from=harness /harness /usr/local/bin/harness
 
+# Change ownership of the harness binary to UID/GID 65532
+RUN chown -R 65532:65532 /usr/local/bin/harness
+
 # Install build dependencies, Ansible, and openssh-client
 ARG ANSIBLE_VERSION=9.0.0
 RUN apk add --no-cache --virtual .build-deps \
@@ -26,4 +33,7 @@ RUN apk add --no-cache --virtual .build-deps \
     apk add --no-cache openssh-client && \
     apk del .build-deps
 
-ARG PYTHON_VERSION
+# Switch to the non-root user
+USER 65532:65532
+
+WORKDIR /plural