From 7f2cf27371de2c88e4ffa2a30961e0654ad90359 Mon Sep 17 00:00:00 2001
From: Gary Pennington <gary@apollographql.com>
Date: Wed, 3 Apr 2024 14:25:04 +0100
Subject: [PATCH 1/2] Make router user the owner of the docker image's
 /dist/data directory

Since we made our images more secure, we run our router process as
user 'router'. If we are running under 'heaptrack', e.g.: in a debug
image, then we cannot write to /dist/data because it is owned by 'root'.

This changes the ownership of /dist/data from 'root' to 'router' to allow
writes to succeed.
---
 dockerfiles/Dockerfile.router               | 3 ++-
 dockerfiles/diy/dockerfiles/Dockerfile.repo | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/dockerfiles/Dockerfile.router b/dockerfiles/Dockerfile.router
index 44aa2ce850..d18c20ebe3 100644
--- a/dockerfiles/Dockerfile.router
+++ b/dockerfiles/Dockerfile.router
@@ -39,7 +39,8 @@ RUN \
 RUN \
   if [ "${DEBUG_IMAGE}" = "true" ]; then \
     apt-get install -y heaptrack && \
-    mkdir data; \
+    mkdir data && \
+    chown router data; \
   fi
 
 # Clean up apt lists
diff --git a/dockerfiles/diy/dockerfiles/Dockerfile.repo b/dockerfiles/diy/dockerfiles/Dockerfile.repo
index aba5d26567..210d165e07 100644
--- a/dockerfiles/diy/dockerfiles/Dockerfile.repo
+++ b/dockerfiles/diy/dockerfiles/Dockerfile.repo
@@ -58,7 +58,8 @@ RUN \
     heaptrack-gui \
     x11-apps \
     iputils-ping && \
-    mkdir data; \
+    mkdir data && \
+    chown router data; \
   fi
 
 # Clean up apt lists

From 78e190af5205c74bcf7e148e87523313ae05e326 Mon Sep 17 00:00:00 2001
From: Gary Pennington <gary@apollographql.com>
Date: Wed, 3 Apr 2024 14:33:53 +0100
Subject: [PATCH 2/2] add a changeset

---
 .changesets/fix_garypen_revive_docker_heaptrack.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .changesets/fix_garypen_revive_docker_heaptrack.md

diff --git a/.changesets/fix_garypen_revive_docker_heaptrack.md b/.changesets/fix_garypen_revive_docker_heaptrack.md
new file mode 100644
index 0000000000..53e897278a
--- /dev/null
+++ b/.changesets/fix_garypen_revive_docker_heaptrack.md
@@ -0,0 +1,7 @@
+### Make 'router' user the owner of the docker image's /dist/data directory ([PR #4898](https://github.com/apollographql/router/pull/4898))
+
+Since we made our images more secure, we run our router process as user 'router'. If we are running under 'heaptrack', e.g.: in a debug image, then we cannot write to /dist/data because it is owned by 'root'.
+
+This changes the ownership of /dist/data from 'root' to 'router' to allow writes to succeed.
+
+By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/4898
\ No newline at end of file