diff --git a/Dockerfile b/Dockerfile
index efd698e7..d4563402 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -53,7 +53,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a \
 
 FROM docker.io/library/alpine:3.18.2@sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1
 
-WORKDIR /repository
+WORKDIR /home/burrito
 
 # Install required packages
 RUN apk add --update --no-cache git bash openssh
@@ -70,7 +70,7 @@ RUN addgroup \
   adduser \
   --disabled-password \
   --no-create-home \
-  --home /home/burrito \
+  --home $(pwd) \
   --uid $UID \
   --ingroup $GROUP \
   $USER
@@ -79,7 +79,6 @@ RUN addgroup \
 COPY --from=builder /workspace/bin/burrito /usr/local/bin/burrito
 
 RUN chmod +x /usr/local/bin/burrito
-RUN chown -R burrito:burrito /repository
 
 # Use an unprivileged user
 USER 65532:65532
diff --git a/internal/controllers/terraformrun/pod.go b/internal/controllers/terraformrun/pod.go
index 85c5f01c..d846d5fe 100644
--- a/internal/controllers/terraformrun/pod.go
+++ b/internal/controllers/terraformrun/pod.go
@@ -158,6 +158,10 @@ func mergeMaps(a, b map[string]string) map[string]string {
 func defaultPodSpec(config *config.Config, layer *configv1alpha1.TerraformLayer, repository *configv1alpha1.TerraformRepository) corev1.PodSpec {
 	return corev1.PodSpec{
 		Volumes: []corev1.Volume{
+			{
+				Name:         "repository",
+				VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},
+			},
 			{
 				Name: "ssh-known-hosts",
 				VolumeSource: corev1.VolumeSource{
@@ -174,10 +178,15 @@ func defaultPodSpec(config *config.Config, layer *configv1alpha1.TerraformLayer,
 		ServiceAccountName: "burrito-runner",
 		Containers: []corev1.Container{
 			{
-				Name:  "runner",
-				Image: fmt.Sprintf("ghcr.io/padok-team/burrito:%s", version.Version),
-				Args:  []string{"runner", "start"},
+				Name:       "runner",
+				Image:      fmt.Sprintf("ghcr.io/padok-team/burrito:%s", version.Version),
+				WorkingDir: "/repository",
+				Args:       []string{"runner", "start"},
 				VolumeMounts: []corev1.VolumeMount{
+					{
+						Name:      "repository",
+						MountPath: "/repository",
+					},
 					{
 						MountPath: "/home/burrito/.ssh/known_hosts",
 						Name:      "ssh-known-hosts",