From 58a125cf875e7c71419a1974e7385af126de023a Mon Sep 17 00:00:00 2001
From: Cian Johnston <public@cianjohnston.ie>
Date: Mon, 15 Jul 2024 23:09:37 +0100
Subject: [PATCH] fix(dogfood/Dockerfile): create /etc/suoders.d/nopasswd
 instead of COPY

---
 dogfood/Dockerfile                   | 6 ++++++
 dogfood/files/etc/sudoers.d/nopasswd | 2 --
 2 files changed, 6 insertions(+), 2 deletions(-)
 delete mode 100644 dogfood/files/etc/sudoers.d/nopasswd

diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
index 82a8a12ee70e0..750273d7998bd 100644
--- a/dogfood/Dockerfile
+++ b/dogfood/Dockerfile
@@ -91,6 +91,12 @@ SHELL ["/bin/bash", "-c"]
 RUN apt-get update && apt-get install --yes ca-certificates
 
 COPY files /
+# We used to copy /etc/sudoers.d/* in from files/ but this causes issues with
+# permissions and layer caching. Instead, create the file directly.
+RUN mkdir -p /etc/sudoers.d && \
+    echo 'coder ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/nopasswd && \
+	chmod 750 /etc/sudoers.d/ && \
+	chmod 640 /etc/sudoers.d/nopasswd
 
 # Install packages from apt repositories
 ARG DEBIAN_FRONTEND="noninteractive"
diff --git a/dogfood/files/etc/sudoers.d/nopasswd b/dogfood/files/etc/sudoers.d/nopasswd
deleted file mode 100644
index 416d0811fcf40..0000000000000
--- a/dogfood/files/etc/sudoers.d/nopasswd
+++ /dev/null
@@ -1,2 +0,0 @@
-# Allow the Coder user to execute sudo without a password
-coder ALL=(ALL) NOPASSWD:ALL