Merge branch '63-confidential-issue' into 'main'

update securityContext

See merge request !90

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.52.0-bb.3] - 2023-08-31
+### Changed
+- Update configmap to work if runAsNonRoot is set
+
 ## [0.52.0-bb.2] - 2023-08-28
 ### Changed
 - Changed the image pull policy to always to ensure the access policies are checked

README.md

 # gitlab-runner
 
-![Version: 0.52.0-bb.2](https://img.shields.io/badge/Version-0.52.0--bb.2-informational?style=flat-square) ![AppVersion: v15.11.0](https://img.shields.io/badge/AppVersion-v15.11.0-informational?style=flat-square)
+![Version: 0.52.0-bb.3](https://img.shields.io/badge/Version-0.52.0--bb.3-informational?style=flat-square) ![AppVersion: v15.11.0](https://img.shields.io/badge/AppVersion-v15.11.0-informational?style=flat-square)
 
 GitLab Runner
 

chart/Chart.yaml

 apiVersion: v2
 name: gitlab-runner
-version: 0.52.0-bb.2
+version: 0.52.0-bb.3
 appVersion: v15.11.0
 description: GitLab Runner
 keywords:

chart/templates/configmap.yaml

@@ -13,9 +13,9 @@ data:
     #!/bin/bash
     set -e
 
-    mkdir -p /home/gitlab-runner/.gitlab-runner/
-
-    cp /configmaps/config.toml /home/gitlab-runner/.gitlab-runner/
+    export CONFIG_PATH_FOR_INIT="{{ ternary "/.gitlab-runner/" "/home/gitlab-runner/.gitlab-runner/" (and (hasKey .Values.securityContext "runAsNonRoot") (not .Values.securityContext.runAsNonRoot)) }}"
+    mkdir -p ${CONFIG_PATH_FOR_INIT}
+    cp /configmaps/config.toml ${CONFIG_PATH_FOR_INIT}
 
     {{- if and (eq (default 1.0 .Values.replicas) 1.0) .Values.sessionServer .Values.sessionServer.enabled }}
     quit() {
@@ -222,11 +222,11 @@ data:
         sleep 5
       else
         has_address=true
-        sed -i -e "s/SESSION_SERVER_IP/${ADDRESS}/g" /home/gitlab-runner/.gitlab-runner/config.toml
+        sed -i -e "s/SESSION_SERVER_IP/${ADDRESS}/g" ${CONFIG_PATH_FOR_INIT}/config.toml
       fi
     done
     {{- else }}
-    sed -i -e "s/SESSION_SERVER_IP/{{ .Values.sessionServer.publicIP }}/g" /home/gitlab-runner/.gitlab-runner/config.toml
+    sed -i -e "s/SESSION_SERVER_IP/{{ .Values.sessionServer.publicIP }}/g" ${CONFIG_PATH_FOR_INIT}/config.toml
     {{- end}}
   {{ end }}
 

chart/values.yaml

@@ -607,6 +607,7 @@ securityContext:
 ##
 podSecurityContext:
   runAsUser: 1001
+  runAsNonRoot: true
   # runAsGroup: 65533
   fsGroup: 65533
   # supplementalGroups: [65533]
@@ -616,6 +617,7 @@ podSecurityContext:
   # fsGroup: 999
 
 containerSecurityContext:
+  runAsNonRoot: true
   capabilities:
     drop: 
       - ALL