From e081df5fecc6e844a68b1c2602305c30c0881e91 Mon Sep 17 00:00:00 2001
From: Louis Parkin <lparkin@stackstate.com>
Date: Fri, 26 Jan 2024 07:59:02 +0100
Subject: [PATCH] These two services don't run as 'nobofy' due to root user
 alone having read/write permission on opentelemetry-javaagent.jar. This
 commit fixes it.

---
 src/adservice/Dockerfile             | 2 +-
 src/frauddetectionservice/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/adservice/Dockerfile b/src/adservice/Dockerfile
index 425960e9c0..4986ebb172 100644
--- a/src/adservice/Dockerfile
+++ b/src/adservice/Dockerfile
@@ -24,7 +24,7 @@ ARG version=1.31.0
 WORKDIR /usr/src/app/
 
 COPY --from=builder /usr/src/app/ ./
-ADD https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v$version/opentelemetry-javaagent.jar /usr/src/app/opentelemetry-javaagent.jar
+ADD --chmod=644 https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v$version/opentelemetry-javaagent.jar /usr/src/app/opentelemetry-javaagent.jar
 ENV JAVA_TOOL_OPTIONS=-javaagent:/usr/src/app/opentelemetry-javaagent.jar
 
 EXPOSE ${AD_SERVICE_PORT}
diff --git a/src/frauddetectionservice/Dockerfile b/src/frauddetectionservice/Dockerfile
index 925728a30c..c95b435338 100644
--- a/src/frauddetectionservice/Dockerfile
+++ b/src/frauddetectionservice/Dockerfile
@@ -18,7 +18,7 @@ ARG version=1.31.0
 WORKDIR /usr/src/app/
 
 COPY --from=builder /usr/src/app/build/libs/frauddetectionservice-1.0-all.jar ./
-ADD https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v$version/opentelemetry-javaagent.jar /app/opentelemetry-javaagent.jar
+ADD --chmod=644 https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v$version/opentelemetry-javaagent.jar /app/opentelemetry-javaagent.jar
 ENV JAVA_TOOL_OPTIONS=-javaagent:/app/opentelemetry-javaagent.jar
 
 ENTRYPOINT [ "java", "-jar", "frauddetectionservice-1.0-all.jar" ]