Clarify the expected user & user account information for the gitlab-runner-ubi-images/gitlab-runner-helper-ocp image

Description

While working on a support ticket, I discovered that the /etc/passwd file in our gitlab-runner-ubi-images/gitlab-runner-helper-ocp image has changed between versions v17.2.1 and v17.3.0. This image is referenced in the documentation under Running with non-root user.

The change affects the gid of the user when the helper image boots up. I ran both images for testing purposes and observed the following:

### For gitlab-runner-helper-ocp:v17.2.1
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
...
gitlab-runner:x:999:998::/home/gitlab-runner:/bin/bash
$ id && whoami
uid=1001 gid=0(root) groups=0(root)
whoami: cannot find name for user ID 1001

### For gitlab-runner-helper-ocp:v17.3.0
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
...
gitlab-runner:x:1001:1001::/home/gitlab-runner:/bin/bash
$ id && whoami
uid=1001(gitlab-runner) gid=1001(gitlab-runner) groups=1001(gitlab-runner)
gitlab-runner

While this change doesn’t seem to affect the functionality of the helper image, it does alter the ownership of cache files transferred from previous jobs. Specifically, the gid of the cache files changes from gid 0 to gid 1001:

When using the v17.2.1 image, the cache files are owned by 1001:0.
When using the v17.3.0 image, the cache files are owned by 1001:1001.

Clarification

What are the expected uid and gid of the running user in the helper image?
What is the expected owner of the cache files in the build job when using the gitlab-runner-helper-ocp image?

Links to related issues and merge requests / references

I believe the changes was made as part of this MR: Refactor for ubi-micro, no microdnf (gitlab-org/ci-cd/gitlab-runner-ubi-images!50 - merged)
- My initial comments in the MR about this
(internal only) zd ref

Edited Oct 10, 2024 by Andrew Winata