fix: make Docker images backward compatible with runAsUser: 1000#8102
fix: make Docker images backward compatible with runAsUser: 1000#8102
Conversation
- Remove --chown=65532:65532 from COPY for non-FIPS builds - Add chmod -R a+rX so files are world-readable regardless of uid - FIPS/DHI builds pass NONROOT_CHOWN=true for proper nonroot ownership Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🚨 Jira Linter FailedCommit: The Jira linter failed to validate your PR. Please check the error details below: 🔍 Click to view error detailsNext Steps
This comment will be automatically deleted once the linter passes. |
|
This PR adjusts the Docker image build process to restore backward compatibility for environments that use Files Changed Analysis
Architecture & Impact AssessmentWhat this PR accomplishes: Key technical changes introduced:
Affected system components:
Build Logic Flow: graph TD
A[Start Docker Build] --> B{NONROOT_CHOWN == true?};
B --|Yes (FIPS/DHI Build)|--> C[Set ownership to 65532:65532];
B --|No (Standard Build)|--> D[Keep default ownership];
C --> E[Make files world-readable];
D --> E;
E --> F[Final Image];
Scope Discovery & Context ExpansionThe scope of this change is narrowly focused on the container image packaging and CI/CD process. It does not alter the gateway's application logic. The primary impact is external, affecting how operators deploy and manage the Tyk Gateway container in secured environments like Kubernetes. The changes directly address feedback from users of the Tyk Helm chart who experienced breaking changes after recent image updates. No further code exploration is necessary as the impact is confined to the build artifacts. Metadata
Powered by Visor from Probelabs Last updated: 2026-04-20T16:51:46.064Z | Triggered by: pr_opened | Commit: 270c3e2 💡 TIP: You can chat with Visor using |
|
API Changes no api changes detected |
Security Issues (1)
Security Issues (1)
Performance Issues (1)
Powered by Visor from Probelabs Last updated: 2026-04-20T16:51:01.317Z | Triggered by: pr_opened | Commit: 270c3e2 💡 TIP: You can chat with Visor using |
Summary
--chown=65532:65532from non-FIPS Dockerfile builds to restore backward compatibility with helm charts usingrunAsUser: 1000chmod -R a+rXNONROOT_CHOWNbuild argTest plan
runAsUser: 1000(old helm default)runAsUser: 65532🤖 Generated with Claude Code