From 6c66d06af714bb9861094826b8112f44babff840 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Sep 2024 11:49:22 +0100
Subject: [PATCH 1/2] chore(deps): bump github.com/coder/serpent from 0.7.0 to
 0.8.0 (#49)

Bumps [github.com/coder/serpent](https://github.com/coder/serpent) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/coder/serpent/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: github.com/coder/serpent
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6d869ee..24c3ee5 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240702054557-aa55
 require (
 	github.com/GoogleContainerTools/kaniko v1.9.2
 	github.com/coder/envbuilder v1.0.0-rc.0.0.20240910082823-b7781d802f88
-	github.com/coder/serpent v0.7.0
+	github.com/coder/serpent v0.8.0
 	github.com/docker/docker v26.1.5+incompatible
 	github.com/gliderlabs/ssh v0.3.7
 	github.com/go-git/go-billy/v5 v5.5.0
diff --git a/go.sum b/go.sum
index 744e4f0..a58cf0c 100644
--- a/go.sum
+++ b/go.sum
@@ -196,8 +196,8 @@ github.com/coder/quartz v0.1.0 h1:cLL+0g5l7xTf6ordRnUMMiZtRE8Sq5LxpghS63vEXrQ=
 github.com/coder/quartz v0.1.0/go.mod h1:vsiCc+AHViMKH2CQpGIpFgdHIEQsxwm8yCscqKmzbRA=
 github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc=
 github.com/coder/retry v1.5.1/go.mod h1:blHMk9vs6LkoRT9ZHyuZo360cufXEhrxqvEzeMtRGoY=
-github.com/coder/serpent v0.7.0 h1:zGpD2GlF3lKIVkMjNGKbkip88qzd5r/TRcc30X/SrT0=
-github.com/coder/serpent v0.7.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA=
+github.com/coder/serpent v0.8.0 h1:6OR+k6fekhSeEDmwwzBgnSjaa7FfGGrMlc3GoAEH9dg=
+github.com/coder/serpent v0.8.0/go.mod h1:cZFW6/fP+kE9nd/oRkEHJpG6sXCtQ+AX7WMMEHv0Y3Q=
 github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374 h1:a5Eg7D5e2oAc0tN56ee4yxtiTo76ztpRlk6geljaZp8=
 github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374/go.mod h1:rp6BIJxCp127/hvvDWNkHC9MxAlKvQfoOtBr8s5sCqo=
 github.com/coder/terraform-provider-coder v0.23.0 h1:DuNLWxhnGlXyG0g+OCAZRI6xd8+bJjIEnE4F3hYgA4E=
@@ -632,6 +632,8 @@ github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKt
 github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
 github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/natefinch/atomic v1.0.1 h1:ZPYKxkqQOx3KZ+RsbnP/YsgvxWQPGxjC0oBt2AhwV0A=
+github.com/natefinch/atomic v1.0.1/go.mod h1:N/D/ELrljoqDyT3rZrsUmtsuzvHkeB/wWjHV22AZRbM=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=

From e565d7d145fcbed8bb83470522cefa351cd2d1b9 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Wed, 25 Sep 2024 13:48:48 +0100
Subject: [PATCH 2/2] fix: update envbuilder to include kaniko cache fix (#50)

* chore: add test for copy perms

* update kaniko and envbuilder to include fix

* add multi-stage version of copy perms test

* remove unnecessary chowns, collapse to single test

* update envbuilder and kaniko
---
 go.mod                                        |  4 +-
 go.sum                                        | 12 ++++--
 .../provider/cached_image_resource_test.go    | 38 +++++++++++++++++++
 3 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 24c3ee5..e6bc076 100644
--- a/go.mod
+++ b/go.mod
@@ -3,14 +3,14 @@ module github.com/coder/terraform-provider-envbuilder
 go 1.22.4
 
 // We use our own Kaniko fork.
-replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240830141327-f307586e3dca
+replace github.com/GoogleContainerTools/kaniko => github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374
 
 // Required to import codersdk due to gvisor dependency.
 replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240702054557-aa558fbe5374
 
 require (
 	github.com/GoogleContainerTools/kaniko v1.9.2
-	github.com/coder/envbuilder v1.0.0-rc.0.0.20240910082823-b7781d802f88
+	github.com/coder/envbuilder v1.0.0-rc.0.0.20240925123650-9c315aabfaef
 	github.com/coder/serpent v0.8.0
 	github.com/docker/docker v26.1.5+incompatible
 	github.com/gliderlabs/ssh v0.3.7
diff --git a/go.sum b/go.sum
index a58cf0c..32f07ed 100644
--- a/go.sum
+++ b/go.sum
@@ -186,10 +186,14 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352 h1:L/EjCuZxs5tOcqqCaASj/nu65TRYEFcTt8qRQfHZXX0=
 github.com/coder/coder/v2 v2.10.1-0.20240704130443-c2d44d16a352/go.mod h1:P1KoQSgnKEAG6Mnd3YlGzAophty+yKA9VV48LpfNRvo=
-github.com/coder/envbuilder v1.0.0-rc.0.0.20240910082823-b7781d802f88 h1:eXOILD2tWepnV1r7XZalBX0yC4NJMnpf6OP1nF8O2Ak=
-github.com/coder/envbuilder v1.0.0-rc.0.0.20240910082823-b7781d802f88/go.mod h1:krXpDmUsORgNNdvBe6tnwWCGGDLhabom1UUqAZq9+v0=
-github.com/coder/kaniko v0.0.0-20240830141327-f307586e3dca h1:PrcSWrllqipTrtet50a3VyAJEQmjziIZyhpy0bsC6o0=
-github.com/coder/kaniko v0.0.0-20240830141327-f307586e3dca/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA=
+github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f h1:1KdB2Jbo+zLuG+R08/By1BIeHBcKXiOqv95wZ5+Ewks=
+github.com/coder/envbuilder v1.0.0-rc.0.0.20240924170424-29636303d05f/go.mod h1:ju1iDjfVSUQS3tlaIItlRo8UwYbGN5KvOdnbOzlD/6I=
+github.com/coder/envbuilder v1.0.0-rc.0.0.20240925123650-9c315aabfaef h1:l9mQMoHNl7P2tiahwM2zkUCdWsjSoLsUDn30Ndgsx0Y=
+github.com/coder/envbuilder v1.0.0-rc.0.0.20240925123650-9c315aabfaef/go.mod h1:1Qn60Fx3oGZlwmRfTNkrGxrQJsEZ7XIUUPgzil2lte8=
+github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6 h1:vLlV6P0abwoOeaBwkqQxB31ZzMv483UQLhQuPvXbvRM=
+github.com/coder/kaniko v0.0.0-20240924160037-1e6bd4e19fc6/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA=
+github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374 h1:/cyXf0vTSwFh7evQqeWHXXl14aRfC4CsNIYxOenJytQ=
+github.com/coder/kaniko v0.0.0-20240925122543-caa18967f374/go.mod h1:XoTDIhNF0Ll4tLmRYdOn31udU9w5zFrY2PME/crSRCA=
 github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs=
 github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
 github.com/coder/quartz v0.1.0 h1:cLL+0g5l7xTf6ordRnUMMiZtRE8Sq5LxpghS63vEXrQ=
diff --git a/internal/provider/cached_image_resource_test.go b/internal/provider/cached_image_resource_test.go
index 6b6c832..86dd581 100644
--- a/internal/provider/cached_image_resource_test.go
+++ b/internal/provider/cached_image_resource_test.go
@@ -161,6 +161,44 @@ RUN date > /date.txt`,
 				)
 			},
 		},
+		{
+			// This tests correct handling of the difference in permissions between
+			// the provider and the image when running a COPY instruction.
+			// Added to verify fix for coder/terraform-provider-envbuilder#43
+			name: "copy_perms",
+			files: map[string]string{
+				"Dockerfile": `
+		FROM localhost:5000/test-ubuntu:latest AS a
+		COPY date.txt /date.txt
+		FROM localhost:5000/test-ubuntu:latest
+		COPY --from=a /date.txt /date.txt`,
+				"date.txt": fmt.Sprintf("%d", time.Now().Unix()),
+			},
+			extraEnv: map[string]string{
+				"CODER_AGENT_TOKEN":          "some-token",
+				"CODER_AGENT_URL":            "https://coder.example.com",
+				"FOO":                        testEnvValue,
+				"ENVBUILDER_GIT_URL":         "https://not.the.real.git/url",
+				"ENVBUILDER_CACHE_REPO":      "not-the-real-cache-repo",
+				"ENVBUILDER_DOCKERFILE_PATH": "Dockerfile",
+			},
+			assertEnv: func(t *testing.T, deps testDependencies) resource.TestCheckFunc {
+				return resource.ComposeAggregateTestCheckFunc(
+					assertEnv(t,
+						"CODER_AGENT_TOKEN", "some-token",
+						"CODER_AGENT_URL", "https://coder.example.com",
+						"ENVBUILDER_CACHE_REPO", deps.CacheRepo,
+						"ENVBUILDER_DOCKERFILE_PATH", "Dockerfile",
+						"ENVBUILDER_DOCKER_CONFIG_BASE64", deps.DockerConfigBase64,
+						"ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH", deps.Repo.Key,
+						"ENVBUILDER_GIT_URL", deps.Repo.URL,
+						"ENVBUILDER_REMOTE_REPO_BUILD_MODE", "true",
+						"ENVBUILDER_VERBOSE", "true",
+						"FOO", "bar\nbaz",
+					),
+				)
+			},
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			//nolint: paralleltest