try running without nonroot

Signed-off-by: Carolyn Van Slyck <me@carolynvanslyck.com>

.github/workflows/build.yml

@@ -27,6 +27,9 @@ jobs:
         run: go run mage.go EnsureMage
       - name: Test
         run: mage -v Test
+        env:
+          PORTER_AGENT_REPOSITORY: carolynvs/porter-agent
+          PORTER_AGENT_VERSION: canary-dev
       - name: Report Unit Test Coverage
         uses: codecov/codecov-action@v1
         with:

config/manager/kustomization.yaml

@@ -13,6 +13,6 @@ configMapGenerator:
   name: manager-config
 
 images:
-- digest: sha256:935f36db1078f41e7614750d3d3f791135fc1e418aeb782814828a7b36a24ea2
+- digest: sha256:959a96e68a2b8d117c52575ab9dd4ecb24d97902574fc8f992c281d75ffcc67d
   name: manager
   newName: localhost:5000/porterops-controller

controllers/agentaction_controller.go

@@ -409,9 +409,9 @@ func (r *AgentActionReconciler) createAgentJob(ctx context.Context, log logr.Log
 					// Mount the volumes used by this pod as the nonroot user
 					// Porter's agent doesn't run as root and won't have access to files on the volume
 					// otherwise.
-					SecurityContext: &corev1.PodSecurityContext{
-						FSGroup: pointer.Int64Ptr(65532),
-					},
+					//SecurityContext: &corev1.PodSecurityContext{
+					//	FSGroup: pointer.Int64Ptr(65532),
+					//},
 				},
 			},
 		},

controllers/agentaction_controller_test.go

@@ -441,6 +441,7 @@ func TestAgentActionReconciler_createAgentJob(t *testing.T) {
 	assert.Equal(t, "porter-config", podTemplate.Spec.Volumes[1].Name, "expected the porter-config volume")
 	assert.Equal(t, "porter-workdir", podTemplate.Spec.Volumes[2].Name, "expected the porter-workdir volume")
 	assert.Equal(t, "porteraccount", podTemplate.Spec.ServiceAccountName, "incorrect service account for the pod")
+	//assert.Equal(t, 65532, podTemplate.Spec.SecurityContext.FSGroup, "incorrect fs group")
 
 	// Verify the agent container
 	agentContainer := podTemplate.Spec.Containers[0]