tutor/tutor-credentials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove hard-coded uid 1000
Some checks failed
Sync with private repo / sync (push) Has been cancelled
Details
Run tests / tests (3.12) (push) Has been cancelled
Details
Run tests / tests (3.9) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Florian du Garage Num 2025-09-30 21:42:59 +02:00
parent 95fe3e3cc3
commit d9867471a4
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tutorcredentials/patches/k8s-deployments
View File

@ -15,8 +15,8 @@ spec:
app.kubernetes.io/name: credentials
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsUser: {{ APP_USER_ID }}
runAsGroup: {{ APP_USER_ID }}
containers:
- name: credentials
image: {{ CREDENTIALS_DOCKER_IMAGE }}

2
tutorcredentials/templates/credentials/build/credentials/Dockerfile
View File

@ -111,7 +111,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
&& apt install -y libxml2 libmysqlclient-dev media-types mailcap
# From then on, run as unprivileged "app" user
ARG APP_USER_ID=1000
ARG APP_USER_ID={{ HOST_USER_ID }}
RUN if [ "$APP_USER_ID" = 0 ]; then echo "app user may not be root" && false; fi
RUN useradd --home-dir /openedx --create-home --shell /bin/bash --uid ${APP_USER_ID} app
USER ${APP_USER_ID}