runatlantis · kvanzuijlen · Mar 1, 2024 · Mar 1, 2024 · Mar 1, 2024 · Mar 8, 2024
@@ -44,7 +44,13 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
     CGO_ENABLED=0 go build -trimpath -ldflags "-s -w -X 'main.version=${ATLANTIS_VERSION}' -X 'main.commit=${ATLANTIS_COMMIT}' -X 'main.date=${ATLANTIS_DATE}'" -v -o atlantis .
 
-FROM debian:${DEBIAN_TAG} as debian-base
+FROM debian:${DEBIAN_TAG} AS debian-base
+
+# Set up the 'atlantis' user and adjust permissions. User with uid 1000 is for backwards compatibility
+RUN useradd --uid 100 --system --create-home --user-group --shell /bin/bash atlantis && \
+    useradd --uid 1000 --system --home=/home/atlantis/ --groups atlantis --shell /bin/bash atlantis2 && \
+    chown atlantis:atlantis /home/atlantis/ && \
+    chmod ug+rwx /home/atlantis/
 
 # Install packages needed to run Atlantis.
 # We place this last as it will bust less docker layer caches when packages update
@@ -64,7 +70,7 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-FROM debian-base as deps
+FROM debian-base AS deps
 
 # Get the architecture the image is being built for
 ARG TARGETPLATFORM
@@ -140,7 +146,7 @@ HEALTHCHECK --interval=5m --timeout=3s \
 
 # Set up the 'atlantis' user and adjust permissions
 RUN addgroup atlantis && \
-    adduser -S -G atlantis atlantis && \
+    adduser -u 100 -S -G atlantis atlantis && \
     chown atlantis:root /home/atlantis/ && \
     chmod u+rwx /home/atlantis/
 
@@ -179,11 +185,6 @@ EXPOSE ${ATLANTIS_PORT:-4141}
 HEALTHCHECK --interval=5m --timeout=3s \
   CMD curl -f http://localhost:${ATLANTIS_PORT:-4141}/healthz || exit 1
 
-# Set up the 'atlantis' user and adjust permissions
-RUN useradd --create-home --user-group --shell /bin/bash atlantis && \
-    chown atlantis:root /home/atlantis/ && \
-    chmod u+rwx /home/atlantis/
-
 # copy atlantis binary
 COPY --from=builder /app/atlantis /usr/local/bin/atlantis
 # copy terraform binaries