-
Notifications
You must be signed in to change notification settings - Fork 1
Description
Overview
Is your feature request related to a problem? Please describe.
The phylum-ci Docker image is created with a user install of the phylum Python package. The user during image creation is root. This means containers running from that image can't be used to access the phylum-ci and phyum-init script entry points (binaries) by non-root users.
This is a problem for some CI environments. For instance, Azure Pipelines creates containers from a given image with a user named vsts_azpcontainer and an id of 1001, in a group named azure_pipelines_sudo. Tasks/scripts/commands run from that container are done so with this user, which doesn't have access to the /root/.local/bin directory where the phylum Python package script entry points are located.
Describe the solution you'd like
Allow the script entry points provided by the phylum Python package and exposed in the phylum-ci Docker image to be available for use by any user of a running container based on that image.
Describe alternatives you've considered
It could also be possible to create a separate Docker image for this use case and keep the current one intact.
Additional context
Proof that the phylum-ci binary can not be accessed by non-root users:
Azure Pipelines log when creating a container from the phylumio/phylum-ci image:
Acceptance criteria
-
phylum-ciandphylum-initscript entry points (binaries) can be used by non-root users of containers based on thephylum-ciDocker image -
phylum-ciandphylum-initscript entry points (binaries) can be used by the root user of containers based on thephylum-ciDocker image - Testing for existing integrations shows no regressions

