Merge pull request #115 from wings-software/CI-15981

feat: [CI-15981]: use non-root user for drone-git docker image for wi…

docker/Dockerfile.windows.1809.rootless

@@ -0,0 +1,35 @@
+# escape=`
+
+FROM mcr.microsoft.com/windows/servercore:ltsc2019 as core
+
+
+FROM mcr.microsoft.com/windows/servercore:1809 AS git
+SHELL ["powershell.exe", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+
+RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
+    Invoke-WebRequest -UseBasicParsing https://github.com/git-for-windows/git/releases/download/v2.39.2.windows.1/MinGit-2.39.2-64-bit.zip -OutFile git.zip; `
+    Expand-Archive git.zip -DestinationPath C:\git;
+
+# Download and extract Git LFS (Updated to v3.6.0)
+RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
+    Invoke-WebRequest -UseBasicParsing https://github.com/git-lfs/git-lfs/releases/download/v3.6.0/git-lfs-windows-amd64-v3.6.0.zip -OutFile git-lfs.zip; `
+    Expand-Archive git-lfs.zip -DestinationPath C:\git-lfs;
+
+RUN Add-WindowsCapability -Online -Name OpenSSH.Client*
+
+
+FROM mcr.microsoft.com/powershell:nanoserver-1809
+COPY --from=git /git /git
+COPY --from=git /git-lfs /git-lfs
+
+COPY --from=git C:\Windows\System32\OpenSSH\ /openssh
+COPY --from=core /windows/system32/netapi32.dll /windows/system32/netapi32.dll
+
+ADD windows/* /bin/
+
+# https://github.com/PowerShell/PowerShell/issues/6211#issuecomment-367477137
+USER ContainerAdministrator
+RUN setx /M PATH "%PATH%;C:\Program Files\PowerShell;C:\git\cmd;C:\git\mingw64\bin;C:\git\usr\bin;C:\openssh;C:\git-lfs\git-lfs-3.6.0"
+SHELL ["pwsh", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+USER ContainerUser
+CMD [ "pwsh", "C:\\bin\\clone.ps1" ]

docker/Dockerfile.windows.ltsc2022.rootless

@@ -0,0 +1,31 @@
+# escape=`
+
+FROM mcr.microsoft.com/windows/servercore:ltsc2022 AS git
+SHELL ["powershell.exe", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+
+RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
+    Invoke-WebRequest -UseBasicParsing https://github.com/git-for-windows/git/releases/download/v2.39.2.windows.1/MinGit-2.39.2-64-bit.zip -OutFile git.zip; `
+    Expand-Archive git.zip -DestinationPath C:\git;
+
+# Download and extract Git LFS
+RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
+    Invoke-WebRequest -UseBasicParsing https://github.com/git-lfs/git-lfs/releases/download/v3.6.0/git-lfs-windows-amd64-v3.6.0.zip -OutFile git-lfs.zip; `
+    Expand-Archive git-lfs.zip -DestinationPath C:\git-lfs;
+
+RUN Add-WindowsCapability -Online -Name OpenSSH.Client*
+
+
+FROM mcr.microsoft.com/powershell:windowsservercore-ltsc2022
+COPY --from=git /git /git
+COPY --from=git /git-lfs /git-lfs
+
+COPY --from=git C:\Windows\System32\OpenSSH\ /openssh
+
+ADD windows/* /bin/
+
+# https://github.com/PowerShell/PowerShell/issues/6211#issuecomment-367477137
+USER ContainerAdministrator
+RUN setx /M PATH "%PATH%;C:\Program Files\PowerShell;C:\git\cmd;C:\git\mingw64\bin;C:\git\usr\bin;C:\openssh;C:\git-lfs\git-lfs-3.6.0"
+SHELL ["pwsh", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+USER ContainerUser
+CMD [ "pwsh", "C:\\bin\\clone.ps1" ]

docker/manifest.rootless.tmpl

@@ -17,13 +17,13 @@ manifests:
       architecture: arm64
       os: linux
   -
-    image: harness/drone-git:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-windows-1809-amd64
+    image: harness/drone-git:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-windows-1809-amd64-rootless
     platform:
       architecture: amd64
       os: windows
       version: 1809
   -
-    image: harness/drone-git:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-windows-ltsc2022-amd64
+    image: harness/drone-git:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-windows-ltsc2022-amd64-rootless
     platform:
       architecture: amd64
       os: windows