Story (Required)

Enable `ReadOnlyRootFilesystem` for better security practice.

Background (Required)

After introducing volumes to to the build containers we can now enable `ReadOnlyRootFilesystem` configuration.

Out of scope

<Defines what is not included in this story>

Approach (Required)

_1. Add `ReadOnlyRootFilesystem` for the source and image-processing steps.
2. Configure the `waiter.lock` file location for the waiter._

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

Acceptance Criteria (Mandatory)

source and image-processing steps are configured with `ReadOnlyRootFilesystem`

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met