Add a Dockerfile that adds a non-root user to alpine/git base

[ghost]

Changes

In order to test Pipelines credentials in environments without
root users (i.e. in openshift clusters, or other more locked-down
envs) we need a container image that has a non-root user along
with a tool to exercise the credentials.

This commit adds an alpine-git-nonroot image to our plumbing repo
for use in testing credentials in non-root environments. It uses
alpine/git as its base and then adds a user called nonroot with
UID 1000 to it. This image's first intended use is as a Step in
an example TaskRun that will test creds-init credentials with
non-root securityContext. That PR is ongoing here:
tektoncd/pipeline#2671

Submitter Checklist

• Commit messages follow commit message best practices

[tekton-robot]

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

[ghost]

/kind misc

[tekton-robot]

This PR cannot be merged: expecting exactly one kind/ label

Available kind/ labels are:

kind/bug: Categorizes issue or PR as related to a bug.
kind/flake: Categorizes issue or PR as related to a flakey test
kind/cleanup: Categorizes issue or PR as related to cleaning up code, process, or technical debt.
kind/design: Categorizes issue or PR as related to design.
kind/documentation: Categorizes issue or PR as related to documentation.
kind/feature: Categorizes issue or PR as related to a new feature.
kind/misc: Categorizes issue or PR as a miscellaneuous one.

[vdemeester]

You may want to add a CI pipeline (and thus check) for this pipeline 👼 (see tekton/ci folder)

[vdemeester]

/lgtm
/cc @afrittoli

[ghost]

You may want to add a CI pipeline (and thus check) for this pipeline 👼 (see tekton/ci folder)

ok, I've added a nightly cronjob for the image, along with an entry in tekton/ci/plumbing-template.yaml... is that what I need to do for this or is there something else? Also... is this process documented anywhere? I'm just copy/pasting what I see for other images...

[vdemeester]

@sbwsg yeah that is perfect I think 😉 We are going to document this better and most likely do a walkthrough/demo on the overall ci/cd on plumbing to help contributors 👼 🤞

[afrittoli]

/mario build tekton/images/alpine-git-nonroot alpine-git-nonroot:mario

[tekton-robot]

at your service!

Here is the image you requested: built image|build logs

[afrittoli]

Nice, thank you!
/approve

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: afrittoli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [afrittoli]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment