feat: updates Dockerfile to have controller, and runner image run as non-root user

nxtcoder17 · nxtcoder17 · commit 57263dcc57de · 2025-05-24T11:40:55.000+05:30
diff --git a/Dockerfile.ci b/Dockerfile.ci
@@ -26,4 +26,5 @@ EOF
 
 FROM scratch
 COPY --from=builder /tmp/plugin-helm-controller /plugin-helm-controller
+USER 1001
 ENTRYPOINT ["/plugin-helm-controller"]
diff --git a/IMAGES/helm-job-runner/Dockerfile-nix b/IMAGES/helm-job-runner/Dockerfile-nix
@@ -3,10 +3,6 @@ FROM alpine:latest AS builder
 RUN apk add nix
 WORKDIR /app
 
-# Mount your local /nix/store for cache re-use
-# RUN --mount=type=cache,target=/nix,from=nixos/nix:2.21.1,source=/nix
-# RUN nix --extra-experimental-features "nix-command flakes" --option filter-syscalls false develop --command "echo downloaded nix"
-# COPY --from=nixos/nix:2.21.1 /nix /nix
 RUN --mount=type=cache,from=project-root,source=flake.nix,target=flake.nix \
   --mount=type=cache,from=project-root,source=flake.lock,target=flake.lock \
   <<EOF
@@ -20,9 +16,8 @@ cp -R $(nix-store -qR /tmp/output/result) /tmp/nix-store-closure
 EOF
 
 FROM scratch
-
 WORKDIR /app
 COPY --from=builder /tmp/nix-store-closure /nix/store
 COPY --from=builder /tmp/output/ /app/
-
+USER 1001
 ENV PATH=/app/result/bin
