From 508c03268ef507b37239e768692eea859bf51918 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= <lauri@k-space.ee>
Date: Wed, 16 Aug 2023 10:10:21 +0300
Subject: [PATCH] woodpecker-agent: Drop privileges

---
 woodpecker/woodpecker-agent.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/woodpecker/woodpecker-agent.yml b/woodpecker/woodpecker-agent.yml
index 94dbe47..d081884 100644
--- a/woodpecker/woodpecker-agent.yml
+++ b/woodpecker/woodpecker-agent.yml
@@ -68,11 +68,12 @@ spec:
     spec:
       serviceAccountName: woodpecker-agent
       securityContext:
-        {}
+        runAsNonRoot: true
+        runAsUser: 1000
       containers:
         - name: agent
           securityContext:
-            {}
+            readOnlyRootFilesystem: false
           image: woodpeckerci/woodpecker-agent:next@sha256:703480d98991bb80ee86aa081a7a9db7d4346b9d5bdeaa3f92688d195cd36800
           ports:
             - name: http