From 4bb3d4c4b31f0a82b0dc3c82a7b9f1aed8982542 Mon Sep 17 00:00:00 2001 From: Ramesh Nethi Date: Mon, 20 Apr 2026 21:18:28 +0530 Subject: [PATCH] fix(images): change agent user UID from 1000 to 1001 The K8s securityContext in k8s-workload-service.ts sets runAsUser=1001, but the base image was creating the agent user with UID 1000. This mismatch caused git to fail with permission errors because: - Pod runs as UID 1001 (no matching user in /etc/passwd) - No HOME directory set for UID 1001 - Git falls back to / for .gitconfig - Permission denied: /.gitconfig Fix: - Changed agent user from UID 1000 to UID 1001 - Removed ubuntu user deletion (no longer needed - agent naturally gets 1001) - Simplified Dockerfile by removing unnecessary steps This aligns with commit eeaa4ba which changed K8s to UID 1001. Co-Authored-By: Claude Sonnet 4.5 --- images/base.Dockerfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/images/base.Dockerfile b/images/base.Dockerfile index f2f5c767..098fb5de 100644 --- a/images/base.Dockerfile +++ b/images/base.Dockerfile @@ -69,11 +69,9 @@ COPY scripts/optio-gh-wrapper /usr/local/bin/optio-gh-wrapper COPY scripts/optio-glab-wrapper /usr/local/bin/optio-glab-wrapper RUN chmod +x /usr/local/bin/optio-git-credential /usr/local/bin/optio-gh-wrapper /usr/local/bin/optio-glab-wrapper -# Non-root user (UID 1000 to match k8s securityContext) -# Ubuntu 24.04 ships with 'ubuntu' user at UID 1000 — remove it first -RUN userdel -r ubuntu 2>/dev/null || true \ - && groupadd -g 1000 agent \ - && useradd -m -s /bin/bash -u 1000 -g 1000 agent \ +# Non-root user (UID 1001 to match k8s securityContext) +RUN groupadd -g 1001 agent \ + && useradd -m -s /bin/bash -u 1001 -g 1001 agent \ && chown -R agent:agent /workspace USER agent WORKDIR /workspace