From 7a707c781a9af14512910b7a28247dc77cd759d5 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Mon, 27 Jun 2022 20:40:57 +0200
Subject: [PATCH] fix: limit scope of testing repo

---
 Dockerfile | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6edf288..cb7cc2b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,9 +7,7 @@ FROM jenkins/inbound-agent:${BASE}
 ARG USER=jenkins
 
 USER root
-RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
-    && apk upgrade -U --available --no-cache \
-    && apk add --no-cache \
+RUN apk upgrade -U --available --no-cache && apk add --no-cache \
     tini \
     make \
     yq \
@@ -17,7 +15,10 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/reposit
     fuse-overlayfs \
     podman \
     buildah \
-    aws-cli \
+    aws-cli
+
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
+    apk upgrade -U --available --no-cache && apk add --no-cache \
     trivy
 
 # Trivy html template
@@ -48,9 +49,9 @@ ENV _CONTAINERS_USERNS_CONFIGURED=""
 ENV BUILDAH_ISOLATION=chroot
 ENV TRIVY_TEMPLATE="@/home/jenkins/html.tpl"
 
-USER jenkins
+USER $USER
 
 # Allow container layers to be stored in PVCs
-VOLUME /home/jenkins/.local/share/containers
+VOLUME /home/$USER/.local/share/containers
 
 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/jenkins-agent"]