Fix securityContext linter issues with dirk and vouch

NethermindEth · Jan 24, 2024 · ea47939 · ea47939
1 parent 587da93
commit ea47939
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 16 deletions.
diff --git a/charts/dirk/values.yaml b/charts/dirk/values.yaml
@@ -113,13 +113,14 @@ podSecurityContext:
   fsGroup: 1000
   runAsUser: 1000
 
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 10000
+  fsGroup: 10000
 
 service:
   type: ClusterIP

diff --git a/charts/vouch/values.yaml b/charts/vouch/values.yaml
@@ -133,14 +133,14 @@ podSecurityContext:
   fsGroup: 1000
   runAsUser: 1000
 
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 10000
+  fsGroup: 10000
 service:
   type: ClusterIP
   httpPort: 8881

diff --git a/scripts/validate-pr.sh b/scripts/validate-pr.sh
@@ -8,7 +8,8 @@ set -o pipefail
 : "${TARGET_BRANCH:?Environment variable must be set}"
 
 main() {
-    export repo_root=$(git rev-parse --show-toplevel)
+    repo_root=$(git rev-parse --show-toplevel)
+    export repo_root
 
     local changed
     changed=$(ct list-changed --target-branch "$TARGET_BRANCH")