Use check permissions script and consolidation (#1055)

* use check permissions script and consolidation

* adapted changelog

* Update spark-k8s/Dockerfile

Co-authored-by: Siegfried Weber <[email protected]>

---------

Co-authored-by: Siegfried Weber <[email protected]>

Author: maltesander

CHANGELOG.md

@@ -23,6 +23,8 @@ All notable changes to this project will be documented in this file.
   `check-permissions-ownership.sh` provided in stackable-base image ([#1027]).
 - opa: check for correct permissions and ownerships in /stackable folder via
   `check-permissions-ownership.sh` provided in stackable-base image ([#1038]).
+- spark-k8s: check for correct permissions and ownerships in /stackable folder via
+  `check-permissions-ownership.sh` provided in stackable-base image ([#1055]).
 - superset: check for correct permissions and ownerships in /stackable folder via
   `check-permissions-ownership.sh` provided in stackable-base image ([#1053]).
 - trino: check for correct permissions and ownerships in /stackable folder via
@@ -64,6 +66,7 @@ All notable changes to this project will be documented in this file.
 [#1050]: https://github.com/stackabletech/docker-images/pull/1050
 [#1053]: https://github.com/stackabletech/docker-images/pull/1053
 [#1054]: https://github.com/stackabletech/docker-images/pull/1054
+[#1055]: https://github.com/stackabletech/docker-images/pull/1055
 
 ## [25.3.0] - 2025-03-21
 

spark-k8s/Dockerfile

@@ -333,17 +333,31 @@ ln -s /usr/bin/pip-${PYTHON} /usr/bin/pip
 # Symlink example jar, so that we can easily use it in tests
 ln -s /stackable/spark/examples/jars/spark-examples_*.jar /stackable/spark/examples/jars/spark-examples.jar
 chown -h ${STACKABLE_USER_UID}:0 /stackable/spark/examples/jars/spark-examples.jar
+
+# fix permissions
+chmod g=u /stackable/spark
+chmod g=u /stackable/jmx
+chmod g=u /stackable/run-spark.sh
 EOF
 
+# ----------------------------------------
+# Checks
+# This section is to run final checks to ensure the created final images
+# adhere to several minimal requirements like:
+# - check file permissions and ownerships
+# ----------------------------------------
+
+# Check that permissions and ownership in /stackable are set correctly
+# This will fail and stop the build if any mismatches are found.
+RUN <<EOF
+/bin/check-permissions-ownership.sh /stackable ${STACKABLE_USER_UID} 0
+EOF
 
 # ----------------------------------------
-# Attention:
-# If you do any file based actions (copying / creating etc.) below this comment you
-# absolutely need to make sure that the correct permissions are applied!
-# chown ${STACKABLE_USER_UID}:0
+# Attention: Do not perform any file based actions (copying/creating etc.) below this comment because the permissions would not be checked.
 # ----------------------------------------
 
 USER ${STACKABLE_USER_UID}
 
-WORKDIR /stackable/spark
+WORKDIR ${SPARK_HOME}
 ENTRYPOINT [ "/stackable/run-spark.sh" ]