From ea366e9e89432fe80260816bfe87656247264821 Mon Sep 17 00:00:00 2001
From: pat-s <patrick.schratz@gmail.com>
Date: Wed, 2 Oct 2024 17:15:39 +0200
Subject: [PATCH] always define fsGroup

---
 pipeline/backend/kubernetes/pod.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pipeline/backend/kubernetes/pod.go b/pipeline/backend/kubernetes/pod.go
index 1758a0d5d..4f6fec8bb 100644
--- a/pipeline/backend/kubernetes/pod.go
+++ b/pipeline/backend/kubernetes/pod.go
@@ -412,15 +412,15 @@ func podSecurityContext(sc *SecurityContext, secCtxConf SecurityContextConfig, s
 			nonRoot = sc.RunAsNonRoot
 		}
 
-		// if unset, set fsGroup to 1000 by default to support non-root images
-		if sc.FSGroup == nil {
-			fsGroup = newInt64(defaultFSGroup)
-		}
-
 		seccomp = seccompProfile(sc.SeccompProfile)
 		apparmor = apparmorProfile(sc.ApparmorProfile)
 	}
 
+	// if unset, set fsGroup to 1000 by default to support non-root images
+	if sc.FSGroup == nil {
+		fsGroup = newInt64(defaultFSGroup)
+	}
+
 	if nonRoot == nil && user == nil && group == nil && fsGroup == nil && seccomp == nil {
 		return nil
 	}