From 99198d51d9512c5f297f92b4e443aba182364799 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sat, 15 Mar 2025 17:06:08 +0100
Subject: [PATCH] Fix fs owner in scratch-based container images (#4961)

---
 docker/Dockerfile.agent.multiarch           | 5 ++---
 docker/Dockerfile.server.multiarch.rootless | 5 ++---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/docker/Dockerfile.agent.multiarch b/docker/Dockerfile.agent.multiarch
index d7c4b24c7..1be1335e5 100644
--- a/docker/Dockerfile.agent.multiarch
+++ b/docker/Dockerfile.agent.multiarch
@@ -2,8 +2,7 @@ FROM --platform=$BUILDPLATFORM docker.io/golang:1.24 AS build
 
 RUN groupadd -g 1000 woodpecker && \
   useradd -u 1000 -g 1000 woodpecker && \
-  mkdir -p /etc/woodpecker && \
-  chown -R woodpecker:woodpecker /etc/woodpecker
+  mkdir -p /etc/woodpecker
 
 WORKDIR /src
 COPY . .
@@ -22,7 +21,7 @@ EXPOSE 3000
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 # copy agent binary
 COPY --from=build /src/dist/woodpecker-agent /bin/
-COPY --from=build /etc/woodpecker /etc
+COPY --from=build --chown=woodpecker:woodpecker /etc/woodpecker /etc
 COPY --from=build /etc/passwd /etc/passwd
 COPY --from=build /etc/group /etc/group
 
diff --git a/docker/Dockerfile.server.multiarch.rootless b/docker/Dockerfile.server.multiarch.rootless
index 1306fe43c..ee228bfe9 100644
--- a/docker/Dockerfile.server.multiarch.rootless
+++ b/docker/Dockerfile.server.multiarch.rootless
@@ -2,8 +2,7 @@ FROM --platform=$BUILDPLATFORM docker.io/golang:1.24 AS build
 
 RUN groupadd -g 1000 woodpecker && \
   useradd -u 1000 -g 1000 woodpecker && \
-  mkdir -p /var/lib/woodpecker && \
-  chown -R woodpecker:woodpecker /var/lib/woodpecker
+  mkdir -p /var/lib/woodpecker
 
 FROM scratch
 ARG TARGETOS TARGETARCH
@@ -20,7 +19,7 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certifica
 COPY dist/server/${TARGETOS}_${TARGETARCH}/woodpecker-server /bin/
 COPY --from=build /etc/passwd /etc/passwd
 COPY --from=build /etc/group /etc/group
-COPY --from=build /var/lib/woodpecker /var/lib/woodpecker
+COPY --from=build --chown=woodpecker:woodpecker /var/lib/woodpecker /var/lib/woodpecker
 
 USER woodpecker