Document macOS node Jenkins agent PATH env setup to avoid SIP protection issues

[andrew-m-leonard]

To avoid Apple MacOS SIP protection causing bash environment permission protection, we must find bash from /usr/local/bin and not /usr/bin, /usr/local/bin does not get the SIP permission applied to it.

The Jenkins Agent environment setup for PATH must have /usr/local/bin prefixed to achieve this, eg:

[aahlenst]

Uh. Why can't we just alter the default shell?

[sxa]

Uh. Why can't we just alter the default shell?

Do you mean the default shell for the user? I wouldn't want to set the default for everyone on the system to something that was in /usr/local It may depend which shell jenkins uses when it spawns off another shell, or if it runs specifically bash thescript.sh (which would likely use whatever was in the PATH)

[aahlenst]

Do you mean the default shell for the user?

Yes. chsh -s /usr/local/bin/bash, but obviously via Ansible.