Fix ownership on artifact copies

Summary:
The implementation of D984 did not include enforcing ownership for
`build.CopyFrom` instruction and so artifacts copied from one image to
another via `copies:` were problematically owned as root.

In order to fix this behavior:
 1. `config.ArtifactConfig` `build.CopyFrom` instructions are now
    injected duration `build.PhaseInstall`
 2. `config.VariantConfig` calls `build.ApplyUser` for these artifact
    instructions as well using the `runs.as` user
 3. `build.CopyAs` was refactored to wrap any `build.Instruction` which
    should only really be used with `build.Copy` or `build.CopyFrom`.

Test Plan:
Run `go test ./...`. Run `blubber` against configuration with a variant that
uses `copies` and verify that the `COPY --from` instructions also include a
`--chown` flag.

Reviewers: thcipriani, mmodell, hashar, #release-engineering-team, demon

Reviewed By: thcipriani, #release-engineering-team

Tags: #release-engineering-team

Differential Revision: https://phabricator.wikimedia.org/D1002

1 files changed, 2 insertions, 2 deletions

diff --git a/config/artifacts.go b/config/artifacts.go
index 74efcab..9f23e42 100644
--- a/config/artifacts.go
+++ b/config/artifacts.go
@@ -23,14 +23,14 @@ type ArtifactsConfig struct {
 // InstructionsForPhase injects instructions into the given build phase that
 // copy configured artifacts.
 //
-// PhasePostInstall
+// PhaseInstall
 //
 // Injects build.CopyFrom instructions for the configured source and
 // destination paths.
 //
 func (ac ArtifactsConfig) InstructionsForPhase(phase build.Phase) []build.Instruction {
 	switch phase {
-	case build.PhasePostInstall:
+	case build.PhaseInstall:
 		return []build.Instruction{
 			build.CopyFrom{ac.From, build.Copy{[]string{ac.Source}, ac.Destination}},
 		}