diff --git a/Dockerfile b/Dockerfile index 6dc3a77e..0442e5e6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -78,8 +78,9 @@ RUN addgroup \ # Copy the binary to the production image from the builder stage COPY --from=builder /workspace/bin/burrito /usr/local/bin/burrito +RUN mkdir -p /runner RUN chmod +x /usr/local/bin/burrito -RUN mkdir /repository && chown -R burrito:burrito /repository +RUN chown -R burrito:burrito /runner # Use an unprivileged user USER 65532:65532 diff --git a/internal/controllers/terraformrun/pod.go b/internal/controllers/terraformrun/pod.go index d846d5fe..85c5f01c 100644 --- a/internal/controllers/terraformrun/pod.go +++ b/internal/controllers/terraformrun/pod.go @@ -158,10 +158,6 @@ func mergeMaps(a, b map[string]string) map[string]string { func defaultPodSpec(config *config.Config, layer *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) corev1.PodSpec { return corev1.PodSpec{ Volumes: []corev1.Volume{ - { - Name: "repository", - VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, - }, { Name: "ssh-known-hosts", VolumeSource: corev1.VolumeSource{ @@ -178,15 +174,10 @@ func defaultPodSpec(config *config.Config, layer *configv1alpha1.TerraformLayer, ServiceAccountName: "burrito-runner", Containers: []corev1.Container{ { - Name: "runner", - Image: fmt.Sprintf("ghcr.io/padok-team/burrito:%s", version.Version), - WorkingDir: "/repository", - Args: []string{"runner", "start"}, + Name: "runner", + Image: fmt.Sprintf("ghcr.io/padok-team/burrito:%s", version.Version), + Args: []string{"runner", "start"}, VolumeMounts: []corev1.VolumeMount{ - { - Name: "repository", - MountPath: "/repository", - }, { MountPath: "/home/burrito/.ssh/known_hosts", Name: "ssh-known-hosts", diff --git a/internal/runner/runner.go b/internal/runner/runner.go index 95cb6326..c8230c76 100644 --- a/internal/runner/runner.go +++ b/internal/runner/runner.go @@ -33,7 +33,7 @@ import ( ) const PlanArtifact string = "/tmp/plan.out" -const WorkingDir string = "/repository" +const WorkingDir string = "/runner/repository" type Runner struct { config *config.Config