Add --user mapping when running the az cli container

[cadwal]

Base issue:

Whenever this task runs a container on our self-hosted agents and the task creates files in the working directory, for example if an extension is installed, the files ends up being owned by root which causes issues whenever az cli is used outside of a container together with something else...

Fix:

Map to the current executing user when running the az cli container so that any files created in the mapped volumes will be owned by the correct user

Disclaimer:

Will this work? Well CoPilot claims this is the fix, documentation agrees (since the container is not rootless), but I have not tested this since I don't know how to in this case...

[MoChilia]

Hi @cadwal, thank you for your contribution! I agree with your observation. Currently, changes made by azure/cli inside the container will affect the host because the Azure config folder is mounted directly rather than copied. Mounting this folder requires root permissions, and it contains your signed-in account information from the previous Azure/login step. I'm considering using docker cp instead of a volume mount, but I need to investigate further to ensure this approach won't disrupt existing customer workflows.