From b86a9a2204d988fbd2b187f220d64b5a102c1ca3 Mon Sep 17 00:00:00 2001
From: Scott <sbws@google.com>
Date: Tue, 13 Apr 2021 14:31:15 +0000
Subject: [PATCH] Disable the default workingDir and HOME overrides

Prior to this commit Steps were given a default HOME
env var and a default workingDir. These defaults collide
with any value set by the Step's image Dockerfile.

This commit removes the default home and workingDir
overrides (except in those few cases where they're
still expected, like PipelineResources).

See https://groups.google.com/g/tekton-dev/c/C-PL8VYN51E/m/el5Fca_PDAAJ
for our tekton-dev announcement of this change.

See https://github.com/tektoncd/pipeline/issues/1836 for the
original problem description and workingDir tracking issue.

See https://github.com/tektoncd/pipeline/issues/2013 for the
HOME change tracking issue.

See https://github.com/tektoncd/pipeline/blob/main/docs/deprecations.md
for our documented dates for these deprecations.

See
https://github.com/tektoncd/pipeline/blob/main/api_compatibility_policy.md#alpha-beta-and-ga
for our beta deprecation policy.
,
---
 config/config-feature-flags.yaml              |  18 +--
 docs/deprecations.md                          |   7 +-
 docs/install.md                               |  16 +--
 examples/v1alpha1/taskruns/dind-sidecar.yaml  |   1 +
 examples/v1alpha1/taskruns/gcs-resource.yaml  |   1 +
 examples/v1alpha1/taskruns/git-resource.yaml  |   5 +
 examples/v1alpha1/taskruns/home-is-set.yaml   |   3 +
 examples/v1alpha1/taskruns/step-script.yaml   |   1 +
 examples/v1alpha1/taskruns/workingdir.yaml    |   1 +
 .../alpha/authenticating-git-commands.yaml    |   2 +-
 .../taskruns/authenticating-git-commands.yaml |   2 +-
 examples/v1beta1/taskruns/dind-sidecar.yaml   |   1 +
 examples/v1beta1/taskruns/gcs-resource.yaml   |   1 +
 examples/v1beta1/taskruns/git-resource.yaml   |   3 +
 examples/v1beta1/taskruns/home-is-set.yaml    |   3 +
 examples/v1beta1/taskruns/step-script.yaml    |   1 +
 examples/v1beta1/taskruns/workingdir.yaml     |   1 +
 pkg/apis/config/feature_flags.go              |   4 +-
 pkg/apis/config/feature_flags_test.go         |  14 +-
 pkg/pod/pod.go                                |   8 +-
 pkg/pod/pod_test.go                           | 120 ++++++++++--------
 pkg/reconciler/taskrun/taskrun_test.go        |  45 +------
 test/entrypoint_test.go                       |  14 +-
 test/v1alpha1/entrypoint_test.go              |  14 +-
 24 files changed, 148 insertions(+), 138 deletions(-)

diff --git a/config/config-feature-flags.yaml b/config/config-feature-flags.yaml
index 595c380e7b0..9ab11ef6e4b 100644
--- a/config/config-feature-flags.yaml
+++ b/config/config-feature-flags.yaml
@@ -30,26 +30,18 @@ data:
   # https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline
   # or https://github.com/tektoncd/pipeline/pull/2630 for more info.
   disable-affinity-assistant: "false"
-  # Setting this flag to "true" will prevent Tekton overriding your
+  # Setting this flag to "false" will allow Tekton to override your
   # Task container's $HOME environment variable.
   #
-  # The default behaviour currently is for Tekton to override the
-  # $HOME environment variable but this will change in an upcoming
-  # release.
-  #
   # See https://github.com/tektoncd/pipeline/issues/2013 for more
   # info.
-  disable-home-env-overwrite: "false"
-  # Setting this flag to "true" will prevent Tekton overriding your
+  disable-home-env-overwrite: "true"
+  # Setting this flag to "false" will allow Tekton to override your
   # Task container's working directory.
   #
-  # The default behaviour currently is for Tekton to override the
-  # working directory if not set by the user but this will change
-  # in an upcoming release.
-  #
   # See https://github.com/tektoncd/pipeline/issues/1836 for more
   # info.
-  disable-working-directory-overwrite: "false"
+  disable-working-directory-overwrite: "true"
   # Setting this flag to "true" will prevent Tekton scanning attached
   # service accounts and injecting any credentials it finds into your
   # Steps.
@@ -61,7 +53,7 @@ data:
   # Note: setting this to "true" will prevent PipelineResources from
   # working.
   #
-  # See https://github.com/tektoncd/pipeline/issues/1836 for more
+  # See https://github.com/tektoncd/pipeline/issues/2791 for more
   # info.
   disable-creds-init: "false"
   # This option should be set to false when Pipelines is running in a
diff --git a/docs/deprecations.md b/docs/deprecations.md
index 7a943a0abb5..b33fb56c680 100644
--- a/docs/deprecations.md
+++ b/docs/deprecations.md
@@ -1,4 +1,3 @@
-
 <!--
 ---
 linkTitle: "Deprecations"
@@ -21,9 +20,9 @@ being deprecated.
 | Feature Being Deprecated                                                                                                                      | Deprecation Announcement                                                     | [API Compatibility Policy](https://github.com/tektoncd/pipeline/tree/main/api_compatibility_policy.md) | Earliest Date or Release of Removal |
 | ------------------------                                                                                                                      | ------------------------                                                     | -------------------------------------------------------------------------------------------------------- | ------------------------            |
 | [`tekton.dev/task` label on ClusterTasks](https://github.com/tektoncd/pipeline/issues/2533)                                                   | [v0.12.0](https://github.com/tektoncd/pipeline/releases/tag/v0.12.0)         | Beta                                                                                                     | January 30 2021                     |
-| [Step `$HOME` env var defaults to `/tekton/home`](https://github.com/tektoncd/pipeline/issues/2013)                                           | [v0.11.0-rc1](https://github.com/tektoncd/pipeline/releases/tag/v0.11.0-rc1) | Beta                                                                                                     | December 4 2020                     |
-| [Step `workingDir` defaults to `/workspace`](https://github.com/tektoncd/pipeline/issues/1836)                                                | [v0.11.0-rc1](https://github.com/tektoncd/pipeline/releases/tag/v0.11.0-rc1) | Beta                                                                                                     | December 4 2020                     |
 | [The `TaskRun.Status.ResourceResults.ResourceRef` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2694) | [v0.14.0](https://github.com/tektoncd/pipeline/releases/tag/v0.14.0)         | Beta                                                                                                     | April 30 2021                       |
 | [The `PipelineRun.Spec.ServiceAccountNames` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2614)       | [v0.15.0](https://github.com/tektoncd/pipeline/releases/tag/v0.15.0)         | Beta                                                                                                     | May 15 2021                         |
 | [`Conditions` CRD is deprecated and will be removed. Use `WhenExpressions` instead.](https://github.com/tektoncd/community/blob/main/teps/0007-conditions-beta.md)       | [v0.16.0](https://github.com/tektoncd/pipeline/releases/tag/v0.16.0)         | Alpha                                                                                                     | Nov 02 2020                         |
-| [The PascalCase fields in WhenExpressions is deprecated and will be removed](https://github.com/tektoncd/pipeline/pull/3389)                  | [v0.17.2](https://github.com/tektoncd/pipeline/releases/tag/v0.17.2)         | Alpha                                                                                                    | Jan 07 2021                         |
\ No newline at end of file
+| [The PascalCase fields in WhenExpressions is deprecated and will be removed](https://github.com/tektoncd/pipeline/pull/3389)                  | [v0.17.2](https://github.com/tektoncd/pipeline/releases/tag/v0.17.2)         | Alpha                                                                                                    | Jan 07 2021                         |
+| [The `disable-home-env-overwrite` flag will be removed](https://github.com/tektoncd/pipeline/issues/2013)                                     | [v0.24.0](https://github.com/tektoncd/pipeline/releases/tag/v0.24.0)         | Beta                                                                                                     | February 10 2022                    |
+| [The `disable-working-dir-overwrite` flag will be removed](https://github.com/tektoncd/pipeline/issues/1836)                                  | [v0.24.0](https://github.com/tektoncd/pipeline/releases/tag/v0.24.0)         | Beta                                                                                                     | February 10 2022                    |
diff --git a/docs/install.md b/docs/install.md
index fc401fbc023..5d8d4d5ea95 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -320,15 +320,13 @@ To customize the behavior of the Pipelines Controller, modify the ConfigMap `fea
   node in the cluster must have an appropriate label matching `topologyKey`. If some or all nodes
   are missing the specified `topologyKey` label, it can lead to unintended behavior.
 
-- `disable-home-env-overwrite` - set this flag to `true` to prevent Tekton
-from overriding the `$HOME` environment variable for the containers executing your `Steps`.
-The default is `false`. For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/2013).
-
-- `disable-working-directory-overwrite` - set this flag to `true` to prevent Tekton
-from overriding the working directory for the containers executing your `Steps`.
-The default value is `false`, which causes Tekton to override the working directory
-for each `Step` that does not have its working directory explicitly set with `/workspace`.
-For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/1836).
+- `disable-home-env-overwrite` - set this flag to `false` to allow Tekton
+to override the `$HOME` environment variable for the containers executing your `Steps`.
+The default is `true`. For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/2013).
+
+- `disable-working-directory-overwrite` - set this flag to `false` to allow Tekton
+to override the working directory for the containers executing your `Steps`.
+The default value is `true`. For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/1836).
 
 - `running-in-environment-with-injected-sidecars`: set this flag to `"true"` to allow the
 Tekton controller to set the `tekton.dev/ready` annotation at pod creation time for
diff --git a/examples/v1alpha1/taskruns/dind-sidecar.yaml b/examples/v1alpha1/taskruns/dind-sidecar.yaml
index 95b04e07138..3cc1f3a220b 100644
--- a/examples/v1alpha1/taskruns/dind-sidecar.yaml
+++ b/examples/v1alpha1/taskruns/dind-sidecar.yaml
@@ -17,6 +17,7 @@ spec:
       # Use the certs generated by the sidecar daemon.
       - name: DOCKER_CERT_PATH
         value: /certs/client
+      workingDir: /workspace
       script: |
           #!/usr/bin/env sh
           set -e
diff --git a/examples/v1alpha1/taskruns/gcs-resource.yaml b/examples/v1alpha1/taskruns/gcs-resource.yaml
index 1cd5dc5bdfb..0c8d8f85bb3 100644
--- a/examples/v1alpha1/taskruns/gcs-resource.yaml
+++ b/examples/v1alpha1/taskruns/gcs-resource.yaml
@@ -10,6 +10,7 @@ spec:
         type: storage
     steps:
     - image: alpine
+      workingDir: /workspace
       script: unzip source/archive.zip && cat file.txt
   inputs:
     resources:
diff --git a/examples/v1alpha1/taskruns/git-resource.yaml b/examples/v1alpha1/taskruns/git-resource.yaml
index d3440a75b6d..4d1c402ddd5 100644
--- a/examples/v1alpha1/taskruns/git-resource.yaml
+++ b/examples/v1alpha1/taskruns/git-resource.yaml
@@ -10,6 +10,7 @@ spec:
         type: git
     steps:
     - image: ubuntu
+      workingDir: /workspace
       script: cat skaffold/README.md
   inputs:
     resources:
@@ -34,6 +35,7 @@ spec:
         type: git
     steps:
     - image: ubuntu
+      workingDir: /workspace
       script: cat skaffold/README.md
   inputs:
     resources:
@@ -58,6 +60,7 @@ spec:
         type: git
     steps:
     - image: ubuntu
+      workingDir: /workspace
       script: cat skaffold/README.md
   inputs:
     resources:
@@ -83,6 +86,7 @@ spec:
           type: git
     steps:
       - image: ubuntu
+        workingDir: /workspace
         script: cat skaffold/README.md
   inputs:
     resources:
@@ -110,6 +114,7 @@ spec:
           type: git
     steps:
       - image: ubuntu
+        workingDir: /workspace
         script: cat skaffold/README.md
   inputs:
     resources:
diff --git a/examples/v1alpha1/taskruns/home-is-set.yaml b/examples/v1alpha1/taskruns/home-is-set.yaml
index f70c5d2eed7..0cf478eaf77 100644
--- a/examples/v1alpha1/taskruns/home-is-set.yaml
+++ b/examples/v1alpha1/taskruns/home-is-set.yaml
@@ -6,6 +6,9 @@ spec:
   taskSpec:
     steps:
     - image: ubuntu
+      env:
+      - name: HOME
+        value: /tekton/home
       script: |
         #!/usr/bin/env bash
         [[ $HOME == /tekton/home ]]
diff --git a/examples/v1alpha1/taskruns/step-script.yaml b/examples/v1alpha1/taskruns/step-script.yaml
index b95e707313f..b3d0af26ccd 100644
--- a/examples/v1alpha1/taskruns/step-script.yaml
+++ b/examples/v1alpha1/taskruns/step-script.yaml
@@ -51,6 +51,7 @@ spec:
       image: ubuntu
       securityContext:
         runAsUser: 16000
+      workingDir: /workspace
       script: |
         #!/usr/bin/env bash
         cat > file << EOF
diff --git a/examples/v1alpha1/taskruns/workingdir.yaml b/examples/v1alpha1/taskruns/workingdir.yaml
index 03d800f90f2..d281d46d750 100644
--- a/examples/v1alpha1/taskruns/workingdir.yaml
+++ b/examples/v1alpha1/taskruns/workingdir.yaml
@@ -7,6 +7,7 @@ spec:
     steps:
     - name: default
       image: ubuntu
+      workingDir: /workspace
       script: |
         #!/usr/bin/env bash
         [[ $PWD == /workspace ]]
diff --git a/examples/v1beta1/taskruns/alpha/authenticating-git-commands.yaml b/examples/v1beta1/taskruns/alpha/authenticating-git-commands.yaml
index 86385ea5c7e..c0c97ccd5a8 100644
--- a/examples/v1beta1/taskruns/alpha/authenticating-git-commands.yaml
+++ b/examples/v1beta1/taskruns/alpha/authenticating-git-commands.yaml
@@ -193,7 +193,7 @@ spec:
           # When disable-home-env-overwrite is "true", creds-init credentials
           # will be copied to /home/nonroot/.ssh by the entrypoint. We just need to
           # overwrite the known_hosts file with that of our test git server.
-          cp /messages/known_hosts /home/nonroot/ssh/known_hosts
+          cp /messages/known_hosts /home/nonroot/.ssh/known_hosts
         fi
 
         git clone root@localhost:/root/repo ./repo
diff --git a/examples/v1beta1/taskruns/authenticating-git-commands.yaml b/examples/v1beta1/taskruns/authenticating-git-commands.yaml
index 6e05ea87b95..642cf1d3578 100644
--- a/examples/v1beta1/taskruns/authenticating-git-commands.yaml
+++ b/examples/v1beta1/taskruns/authenticating-git-commands.yaml
@@ -201,7 +201,7 @@ spec:
           # When disable-home-env-overwrite is "true", creds-init credentials
           # will be copied to /home/nonroot/.ssh by the entrypoint. We just need to
           # overwrite the known_hosts file with that of our test git server.
-          cp /messages/known_hosts /home/nonroot/ssh/known_hosts
+          cp /messages/known_hosts /home/nonroot/.ssh/known_hosts
         fi
 
         git clone root@localhost:/root/repo ./repo
diff --git a/examples/v1beta1/taskruns/dind-sidecar.yaml b/examples/v1beta1/taskruns/dind-sidecar.yaml
index 39b0a5441dd..f02b202686c 100644
--- a/examples/v1beta1/taskruns/dind-sidecar.yaml
+++ b/examples/v1beta1/taskruns/dind-sidecar.yaml
@@ -17,6 +17,7 @@ spec:
       # Use the certs generated by the sidecar daemon.
       - name: DOCKER_CERT_PATH
         value: /certs/client
+      workingDir: /workspace
       script: |
           #!/usr/bin/env sh
           set -e
diff --git a/examples/v1beta1/taskruns/gcs-resource.yaml b/examples/v1beta1/taskruns/gcs-resource.yaml
index 401ebfb753c..5295f78fd71 100644
--- a/examples/v1beta1/taskruns/gcs-resource.yaml
+++ b/examples/v1beta1/taskruns/gcs-resource.yaml
@@ -10,6 +10,7 @@ spec:
         type: storage
     steps:
     - image: alpine
+      workingDir: /workspace
       script: unzip source/archive.zip && cat file.txt
   resources:
     inputs:
diff --git a/examples/v1beta1/taskruns/git-resource.yaml b/examples/v1beta1/taskruns/git-resource.yaml
index 40602dddf44..640623ab5f5 100644
--- a/examples/v1beta1/taskruns/git-resource.yaml
+++ b/examples/v1beta1/taskruns/git-resource.yaml
@@ -10,6 +10,7 @@ spec:
         type: git
     steps:
     - image: ubuntu
+      workingDir: /workspace
       script: cat skaffold/README.md
   resources:
     inputs:
@@ -34,6 +35,7 @@ spec:
         type: git
     steps:
     - image: ubuntu
+      workingDir: /workspace
       script: cat skaffold/README.md
   resources:
     inputs:
@@ -58,6 +60,7 @@ spec:
         type: git
     steps:
     - image: ubuntu
+      workingDir: /workspace
       script: cat skaffold/README.md
   resources:
     inputs:
diff --git a/examples/v1beta1/taskruns/home-is-set.yaml b/examples/v1beta1/taskruns/home-is-set.yaml
index 7a6c94d8cbe..f254de501cf 100644
--- a/examples/v1beta1/taskruns/home-is-set.yaml
+++ b/examples/v1beta1/taskruns/home-is-set.yaml
@@ -6,6 +6,9 @@ spec:
   taskSpec:
     steps:
     - image: ubuntu
+      env:
+      - name: HOME
+        value: /tekton/home
       script: |
         #!/usr/bin/env bash
         [[ $HOME == /tekton/home ]]
diff --git a/examples/v1beta1/taskruns/step-script.yaml b/examples/v1beta1/taskruns/step-script.yaml
index 087ddf572c8..5e2423483aa 100644
--- a/examples/v1beta1/taskruns/step-script.yaml
+++ b/examples/v1beta1/taskruns/step-script.yaml
@@ -50,6 +50,7 @@ spec:
       image: ubuntu
       securityContext:
         runAsUser: 16000
+      workingDir: /workspace
       script: |
         #!/usr/bin/env bash
         cat > file << EOF
diff --git a/examples/v1beta1/taskruns/workingdir.yaml b/examples/v1beta1/taskruns/workingdir.yaml
index c60618b1509..3f557224bbf 100644
--- a/examples/v1beta1/taskruns/workingdir.yaml
+++ b/examples/v1beta1/taskruns/workingdir.yaml
@@ -7,6 +7,7 @@ spec:
     steps:
     - name: default
       image: ubuntu
+      workingDir: /workspace
       script: |
         #!/usr/bin/env bash
         [[ $PWD == /workspace ]]
diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go
index a60a2f0d623..5073ea5d169 100644
--- a/pkg/apis/config/feature_flags.go
+++ b/pkg/apis/config/feature_flags.go
@@ -37,8 +37,8 @@ const (
 	enableTektonOCIBundles                  = "enable-tekton-oci-bundles"
 	enableCustomTasks                       = "enable-custom-tasks"
 	enableAPIFields                         = "enable-api-fields"
-	DefaultDisableHomeEnvOverwrite          = false
-	DefaultDisableWorkingDirOverwrite       = false
+	DefaultDisableHomeEnvOverwrite          = true
+	DefaultDisableWorkingDirOverwrite       = true
 	DefaultDisableAffinityAssistant         = false
 	DefaultDisableCredsInit                 = false
 	DefaultRunningInEnvWithInjectedSidecars = true
diff --git a/pkg/apis/config/feature_flags_test.go b/pkg/apis/config/feature_flags_test.go
index f2b288a0ff0..752069c6436 100644
--- a/pkg/apis/config/feature_flags_test.go
+++ b/pkg/apis/config/feature_flags_test.go
@@ -35,6 +35,8 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) {
 	testCases := []testCase{
 		{
 			expectedConfig: &config.FeatureFlags{
+				DisableHomeEnvOverwrite:          false,
+				DisableWorkingDirOverwrite:       false,
 				RunningInEnvWithInjectedSidecars: config.DefaultRunningInEnvWithInjectedSidecars,
 				EnableAPIFields:                  "stable",
 			},
@@ -61,6 +63,8 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) {
 				EnableTektonOCIBundles: true,
 				EnableCustomTasks:      true,
 
+				DisableHomeEnvOverwrite:          true,
+				DisableWorkingDirOverwrite:       true,
 				RunningInEnvWithInjectedSidecars: config.DefaultRunningInEnvWithInjectedSidecars,
 			},
 			fileName: "feature-flags-enable-api-fields-overrides-bundles-and-custom-tasks",
@@ -71,6 +75,8 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) {
 				EnableTektonOCIBundles: true,
 				EnableCustomTasks:      true,
 
+				DisableHomeEnvOverwrite:          true,
+				DisableWorkingDirOverwrite:       true,
 				RunningInEnvWithInjectedSidecars: config.DefaultRunningInEnvWithInjectedSidecars,
 			},
 			fileName: "feature-flags-bundles-and-custom-tasks",
@@ -78,13 +84,19 @@ func TestNewFeatureFlagsFromConfigMap(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
-		verifyConfigFileWithExpectedFeatureFlagsConfig(t, tc.fileName, tc.expectedConfig)
+		fileName := tc.fileName
+		expectedConfig := tc.expectedConfig
+		t.Run(fileName, func(t *testing.T) {
+			verifyConfigFileWithExpectedFeatureFlagsConfig(t, fileName, expectedConfig)
+		})
 	}
 }
 
 func TestNewFeatureFlagsFromEmptyConfigMap(t *testing.T) {
 	FeatureFlagsConfigEmptyName := "feature-flags-empty"
 	expectedConfig := &config.FeatureFlags{
+		DisableHomeEnvOverwrite:          true,
+		DisableWorkingDirOverwrite:       true,
 		RunningInEnvWithInjectedSidecars: true,
 		EnableAPIFields:                  "stable",
 	}
diff --git a/pkg/pod/pod.go b/pkg/pod/pod.go
index 1ef3efc5df3..f849c6a4ffa 100644
--- a/pkg/pod/pod.go
+++ b/pkg/pod/pod.go
@@ -161,9 +161,11 @@ func (b *Builder) Build(ctx context.Context, taskRun *v1beta1.TaskRun, taskSpec
 	// Add implicit env vars.
 	// They're prepended to the list, so that if the user specified any
 	// themselves their value takes precedence.
-	for i, s := range stepContainers {
-		env := append(implicitEnvVars, s.Env...)
-		stepContainers[i].Env = env
+	if len(implicitEnvVars) > 0 {
+		for i, s := range stepContainers {
+			env := append(implicitEnvVars, s.Env...)
+			stepContainers[i].Env = env
+		}
 	}
 
 	// Add implicit volume mounts to each step, unless the step specifies
diff --git a/pkg/pod/pod_test.go b/pkg/pod/pod_test.go
index cc3e7ad2e65..570dced0cd8 100644
--- a/pkg/pod/pod_test.go
+++ b/pkg/pod/pod_test.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -59,10 +60,6 @@ var (
 )
 
 func TestPodBuild(t *testing.T) {
-	implicitEnvVars := []corev1.EnvVar{{
-		Name:  "HOME",
-		Value: homeDir,
-	}}
 	secretsVolume := corev1.Volume{
 		Name:         "tekton-internal-secret-volume-multi-creds-9l9zj",
 		VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: "multi-creds"}},
@@ -85,6 +82,7 @@ func TestPodBuild(t *testing.T) {
 		trAnnotation    map[string]string
 		ts              v1beta1.TaskSpec
 		featureFlags    map[string]string
+		overrideHomeEnv *bool
 		want            *corev1.PodSpec
 		wantAnnotations map[string]string
 	}{{
@@ -115,12 +113,10 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -160,12 +156,10 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -177,6 +171,55 @@ func TestPodBuild(t *testing.T) {
 		wantAnnotations: map[string]string{
 			readyAnnotation: readyAnnotationValue,
 		},
+	}, {
+		desc: "simple-with-home-overwrite-flag",
+		ts: v1beta1.TaskSpec{
+			Steps: []v1beta1.Step{{Container: corev1.Container{
+				Name:    "name",
+				Image:   "image",
+				Command: []string{"cmd"}, // avoid entrypoint lookup.
+			}}},
+		},
+		featureFlags: map[string]string{
+			// Providing this flag will make the test set the pod builder's
+			// OverrideHomeEnv setting.
+			"disable-home-env-overwrite": "true",
+		},
+		want: &corev1.PodSpec{
+			RestartPolicy:  corev1.RestartPolicyNever,
+			InitContainers: []corev1.Container{placeToolsInit},
+			Containers: []corev1.Container{{
+				Name:    "step-name",
+				Image:   "image",
+				Command: []string{"/tekton/tools/entrypoint"},
+				Args: []string{
+					"-wait_file",
+					"/tekton/downward/ready",
+					"-wait_file_content",
+					"-post_file",
+					"/tekton/tools/0",
+					"-termination_path",
+					"/tekton/termination",
+					"-entrypoint",
+					"cmd",
+					"--",
+				},
+				Env: []corev1.EnvVar{{
+					Name:  "HOME",
+					Value: "/tekton/home",
+				}},
+				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
+					Name:      "tekton-creds-init-home-0",
+					MountPath: "/tekton/creds",
+				}}, implicitVolumeMounts...),
+				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
+				TerminationMessagePath: "/tekton/termination",
+			}},
+			Volumes: append(implicitVolumes, toolsVolume, downwardVolume, corev1.Volume{
+				Name:         "tekton-creds-init-home-0",
+				VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}},
+			}),
+		},
 	}, {
 		desc: "with service account",
 		ts: v1beta1.TaskSpec{
@@ -213,7 +256,6 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
@@ -221,7 +263,6 @@ func TestPodBuild(t *testing.T) {
 					Name:      "tekton-internal-secret-volume-multi-creds-9l9zj",
 					MountPath: "/tekton/creds-secrets/multi-creds",
 				})...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -276,13 +317,11 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{
 					toolsMount,
 					downwardMount,
 					{Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds"},
 				}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -333,12 +372,10 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -375,12 +412,10 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -428,7 +463,6 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
@@ -477,12 +511,10 @@ func TestPodBuild(t *testing.T) {
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}, {
@@ -548,12 +580,10 @@ sidecar-script-heredoc-randomly-generated-mz4c7
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}, {
@@ -608,12 +638,10 @@ sidecar-script-heredoc-randomly-generated-mz4c7
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}, {
@@ -670,12 +698,10 @@ sidecar-script-heredoc-randomly-generated-mz4c7
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir: pipeline.WorkspaceDir,
 				Resources: corev1.ResourceRequirements{
 					Requests: corev1.ResourceList{
 						corev1.ResourceCPU:              resource.MustParse("8"),
@@ -699,12 +725,10 @@ sidecar-script-heredoc-randomly-generated-mz4c7
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, {
 					Name:      "tekton-creds-init-home-1",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir: pipeline.WorkspaceDir,
 				Resources: corev1.ResourceRequirements{
 					Requests: corev1.ResourceList{
 						corev1.ResourceCPU:              zeroQty,
@@ -797,12 +821,11 @@ script-heredoc-randomly-generated-78c5n
 					"template",
 					"args",
 				},
-				Env: append(implicitEnvVars, corev1.EnvVar{Name: "FOO", Value: "bar"}),
+				Env: []corev1.EnvVar{{Name: "FOO", Value: "bar"}},
 				VolumeMounts: append([]corev1.VolumeMount{scriptsVolumeMount, toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}, {
@@ -822,12 +845,11 @@ script-heredoc-randomly-generated-78c5n
 					"template",
 					"args",
 				},
-				Env: append(implicitEnvVars, corev1.EnvVar{Name: "FOO", Value: "bar"}),
+				Env: []corev1.EnvVar{{Name: "FOO", Value: "bar"}},
 				VolumeMounts: append([]corev1.VolumeMount{{Name: "i-have-a-volume-mount"}, scriptsVolumeMount, toolsMount, {
 					Name:      "tekton-creds-init-home-1",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}, {
@@ -848,12 +870,11 @@ script-heredoc-randomly-generated-78c5n
 					"template",
 					"args",
 				},
-				Env: append(implicitEnvVars, corev1.EnvVar{Name: "FOO", Value: "bar"}),
+				Env: []corev1.EnvVar{{Name: "FOO", Value: "bar"}},
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, {
 					Name:      "tekton-creds-init-home-2",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -917,12 +938,10 @@ script-heredoc-randomly-generated-mz4c7
 					"/tekton/scripts/script-0-9l9zj",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{scriptsVolumeMount, toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -973,12 +992,10 @@ script-heredoc-randomly-generated-mz4c7
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -1024,12 +1041,10 @@ script-heredoc-randomly-generated-mz4c7
 					"cmd",
 					"--",
 				},
-				Env: implicitEnvVars,
 				VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 					Name:      "tekton-creds-init-home-0",
 					MountPath: "/tekton/creds",
 				}}, implicitVolumeMounts...),
-				WorkingDir:             pipeline.WorkspaceDir,
 				Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 				TerminationMessagePath: "/tekton/termination",
 			}},
@@ -1077,12 +1092,10 @@ script-heredoc-randomly-generated-mz4c7
 						"cmd",
 						"--",
 					},
-					Env: implicitEnvVars,
 					VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 						Name:      "tekton-creds-init-home-0",
 						MountPath: "/tekton/creds",
 					}}, implicitVolumeMounts...),
-					WorkingDir:             pipeline.WorkspaceDir,
 					Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 					TerminationMessagePath: "/tekton/termination",
 				}},
@@ -1129,12 +1142,10 @@ script-heredoc-randomly-generated-mz4c7
 						"cmd",
 						"--",
 					},
-					Env: implicitEnvVars,
 					VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 						Name:      "tekton-creds-init-home-0",
 						MountPath: "/tekton/creds",
 					}}, implicitVolumeMounts...),
-					WorkingDir:             pipeline.WorkspaceDir,
 					Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 					TerminationMessagePath: "/tekton/termination",
 				}},
@@ -1195,12 +1206,10 @@ script-heredoc-randomly-generated-mz4c7
 						"cmd",
 						"--",
 					},
-					Env: implicitEnvVars,
 					VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 						Name:      "tekton-creds-init-home-0",
 						MountPath: "/tekton/creds",
 					}}, implicitVolumeMounts...),
-					WorkingDir:             pipeline.WorkspaceDir,
 					Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 					TerminationMessagePath: "/tekton/termination",
 				}},
@@ -1237,12 +1246,10 @@ script-heredoc-randomly-generated-mz4c7
 						"cmd",
 						"--",
 					},
-					Env: implicitEnvVars,
 					VolumeMounts: append([]corev1.VolumeMount{toolsMount, downwardMount, {
 						Name:      "tekton-creds-init-home-0",
 						MountPath: "/tekton/creds",
 					}}, implicitVolumeMounts...),
-					WorkingDir:             pipeline.WorkspaceDir,
 					Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 					TerminationMessagePath: "/tekton/termination",
 				}},
@@ -1282,9 +1289,7 @@ script-heredoc-randomly-generated-mz4c7
 						"cmd",
 						"--",
 					},
-					Env:                    implicitEnvVars,
 					VolumeMounts:           append([]corev1.VolumeMount{toolsMount, downwardMount}, implicitVolumeMounts...),
-					WorkingDir:             pipeline.WorkspaceDir,
 					Resources:              corev1.ResourceRequirements{Requests: allZeroQty()},
 					TerminationMessagePath: "/tekton/termination",
 				}},
@@ -1345,11 +1350,18 @@ script-heredoc-randomly-generated-mz4c7
 			// No entrypoints should be looked up.
 			entrypointCache := fakeCache{}
 
+			overrideHomeEnv := false
+			if s, ok := c.featureFlags[featureFlagDisableHomeEnvKey]; ok {
+				var err error = nil
+				if overrideHomeEnv, err = strconv.ParseBool(s); err != nil {
+					t.Fatalf("error parsing bool from %s feature flag: %v", featureFlagDisableHomeEnvKey, err)
+				}
+			}
 			builder := Builder{
 				Images:          images,
 				KubeClient:      kubeclient,
 				EntrypointCache: entrypointCache,
-				OverrideHomeEnv: true,
+				OverrideHomeEnv: overrideHomeEnv,
 			}
 			got, err := builder.Build(store.ToContext(context.Background()), tr, c.ts)
 			if err != nil {
@@ -1400,12 +1412,12 @@ func TestShouldOverrideHomeEnv(t *testing.T) {
 		configMap   *corev1.ConfigMap
 		expected    bool
 	}{{
-		description: "Default behaviour: A missing disable-home-env-overwrite flag should result in true",
+		description: "Default behaviour: A missing disable-home-env-overwrite flag should result in false",
 		configMap: &corev1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{Name: config.GetFeatureFlagsConfigName(), Namespace: system.Namespace()},
 			Data:       map[string]string{},
 		},
-		expected: true,
+		expected: false,
 	}, {
 		description: "Setting disable-home-env-overwrite to false should result in true",
 		configMap: &corev1.ConfigMap{
@@ -1441,12 +1453,12 @@ func TestShouldOverrideWorkingDir(t *testing.T) {
 		configMap   *corev1.ConfigMap
 		expected    bool
 	}{{
-		description: "Default behaviour: A missing disable-working-directory-overwrite flag should result in true",
+		description: "Default behaviour: A missing disable-working-directory-overwrite flag should result in false",
 		configMap: &corev1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{Name: config.GetFeatureFlagsConfigName(), Namespace: system.Namespace()},
 			Data:       map[string]string{},
 		},
-		expected: true,
+		expected: false,
 	}, {
 		description: "Setting disable-working-directory-overwrite to false should result in true",
 		configMap: &corev1.ConfigMap{
diff --git a/pkg/reconciler/taskrun/taskrun_test.go b/pkg/reconciler/taskrun/taskrun_test.go
index aca8006c4bb..de64b84cd8d 100644
--- a/pkg/reconciler/taskrun/taskrun_test.go
+++ b/pkg/reconciler/taskrun/taskrun_test.go
@@ -461,8 +461,6 @@ func TestReconcile_ExplicitDefaultSA(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -505,8 +503,6 @@ func TestReconcile_ExplicitDefaultSA(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -637,7 +633,6 @@ func TestReconcile_FeatureFlags(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.WorkingDir(workspaceDir),
 					tb.EnvVar("foo", "bar"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
@@ -682,7 +677,6 @@ func TestReconcile_FeatureFlags(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1027,8 +1021,6 @@ func TestReconcile(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1075,8 +1067,6 @@ func TestReconcile(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1152,8 +1142,6 @@ func TestReconcile(t *testing.T) {
 						"--",
 						"-p",
 						"/workspace/output/myimage"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1167,10 +1155,9 @@ func TestReconcile(t *testing.T) {
 					tb.Args("-wait_file", "/tekton/tools/0", "-post_file", "/tekton/tools/1", "-termination_path",
 						"/tekton/termination", "-entrypoint", "/ko-app/git-init", "--", "-url", "https://foo.git",
 						"-path", "/workspace/workspace"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.EnvVar("TEKTON_RESOURCE_NAME", "workspace"),
 					tb.EnvVar("HOME", "/tekton/home"),
+					tb.WorkingDir(workspaceDir),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-creds-init-home-1", "/tekton/creds"),
 					tb.VolumeMount("tekton-internal-workspace", workspaceDir),
@@ -1184,8 +1171,6 @@ func TestReconcile(t *testing.T) {
 						"/tekton/termination", "-entrypoint", "/mycmd", "--", "--my-arg=foo", "--my-arg-with-default=bar",
 						"--my-arg-with-default2=thedefault", "--my-additional-arg=gcr.io/kristoff/sven", "--my-taskname-arg=test-task-with-substitution",
 						"--my-taskrun-arg=test-taskrun-substitution"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-creds-init-home-2", "/tekton/creds"),
 					tb.VolumeMount("tekton-internal-workspace", workspaceDir),
@@ -1197,8 +1182,6 @@ func TestReconcile(t *testing.T) {
 					tb.Command(entrypointLocation),
 					tb.Args("-wait_file", "/tekton/tools/2", "-post_file", "/tekton/tools/3", "-termination_path",
 						"/tekton/termination", "-entrypoint", "/mycmd", "--", "--my-other-arg=https://foo.git"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-creds-init-home-3", "/tekton/creds"),
 					tb.VolumeMount("tekton-internal-workspace", workspaceDir),
@@ -1211,8 +1194,6 @@ func TestReconcile(t *testing.T) {
 					tb.Args("-wait_file", "/tekton/tools/3", "-post_file", "/tekton/tools/4", "-termination_path",
 						"/tekton/termination", "-entrypoint", "/ko-app/imagedigestexporter", "--",
 						"-images", "[{\"name\":\"myimage\",\"type\":\"image\",\"url\":\"gcr.io/kristoff/sven\",\"digest\":\"\",\"OutputImageDir\":\"/workspace/output/myimage\"}]"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-creds-init-home-4", "/tekton/creds"),
 					tb.VolumeMount("tekton-internal-workspace", workspaceDir),
@@ -1264,13 +1245,9 @@ func TestReconcile(t *testing.T) {
 						"-path",
 						"/workspace/workspace",
 					),
-					tb.WorkingDir(workspaceDir),
-					// Note: the duplication of HOME env var here is intentional: our pod builder
-					// adds it first and the git pipelineresource adds its own to ensure that HOME
-					// is set even when disable-home-env-overwrite feature flag is "true".
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.EnvVar("TEKTON_RESOURCE_NAME", "workspace"),
 					tb.EnvVar("HOME", "/tekton/home"),
+					tb.WorkingDir("/workspace"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1281,10 +1258,8 @@ func TestReconcile(t *testing.T) {
 				),
 				tb.PodContainer("step-mycontainer", "myimage",
 					tb.Command(entrypointLocation),
-					tb.WorkingDir(workspaceDir),
 					tb.Args("-wait_file", "/tekton/tools/0", "-post_file", "/tekton/tools/1", "-termination_path",
 						"/tekton/termination", "-entrypoint", "/mycmd", "--", "--my-arg=foo"),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-creds-init-home-1", "/tekton/creds"),
 					tb.VolumeMount("tekton-internal-workspace", workspaceDir),
@@ -1330,8 +1305,6 @@ func TestReconcile(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1385,13 +1358,9 @@ func TestReconcile(t *testing.T) {
 						"/workspace/workspace",
 						"-revision",
 						"rel-can"),
-					tb.WorkingDir(workspaceDir),
-					// Note: the duplication of HOME env var here is intentional: our pod builder
-					// adds it first and the git pipelineresource adds its own to ensure that HOME
-					// is set even when disable-home-env-overwrite feature flag is "true".
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.EnvVar("TEKTON_RESOURCE_NAME", "workspace"),
 					tb.EnvVar("HOME", "/tekton/home"),
+					tb.WorkingDir("/workspace"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1404,8 +1373,6 @@ func TestReconcile(t *testing.T) {
 					tb.Command(entrypointLocation),
 					tb.Args("-wait_file", "/tekton/tools/0", "-post_file", "/tekton/tools/1", "-termination_path",
 						"/tekton/termination", "-entrypoint", "/mycmd", "--"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-creds-init-home-1", "/tekton/creds"),
 					tb.VolumeMount("tekton-internal-workspace", workspaceDir),
@@ -1450,8 +1417,6 @@ func TestReconcile(t *testing.T) {
 						"-entrypoint",
 						"/mycmd",
 						"--"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1497,8 +1462,6 @@ func TestReconcile(t *testing.T) {
 						// Important bit here: /tekton/creds
 						"/mycmd /tekton/creds",
 						"--"),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
@@ -1545,8 +1508,6 @@ func TestReconcile(t *testing.T) {
 						"/mycmd",
 						"--",
 					),
-					tb.WorkingDir(workspaceDir),
-					tb.EnvVar("HOME", "/tekton/home"),
 					tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
 					tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
 					tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
diff --git a/test/entrypoint_test.go b/test/entrypoint_test.go
index 1eede3a846e..e96c2136140 100644
--- a/test/entrypoint_test.go
+++ b/test/entrypoint_test.go
@@ -50,11 +50,17 @@ func TestEntrypointRunningStepsInOrder(t *testing.T) {
 		Spec: v1beta1.TaskRunSpec{
 			TaskSpec: &v1beta1.TaskSpec{
 				Steps: []v1beta1.Step{{
-					Container: corev1.Container{Image: "busybox"},
-					Script:    "sleep 3 && touch foo",
+					Container: corev1.Container{
+						Image:      "busybox",
+						WorkingDir: "/workspace",
+					},
+					Script: "sleep 3 && touch foo",
 				}, {
-					Container: corev1.Container{Image: "ubuntu"},
-					Script:    "ls foo",
+					Container: corev1.Container{
+						Image:      "ubuntu",
+						WorkingDir: "/workspace",
+					},
+					Script: "ls foo",
 				}},
 			},
 		},
diff --git a/test/v1alpha1/entrypoint_test.go b/test/v1alpha1/entrypoint_test.go
index 5130d418a09..a5a1ccd39f2 100644
--- a/test/v1alpha1/entrypoint_test.go
+++ b/test/v1alpha1/entrypoint_test.go
@@ -51,11 +51,17 @@ func TestEntrypointRunningStepsInOrder(t *testing.T) {
 		Spec: v1alpha1.TaskRunSpec{
 			TaskSpec: &v1alpha1.TaskSpec{TaskSpec: v1beta1.TaskSpec{
 				Steps: []v1beta1.Step{{
-					Container: corev1.Container{Image: "busybox"},
-					Script:    "sleep 3 && touch foo",
+					Container: corev1.Container{
+						Image:      "busybox",
+						WorkingDir: "/workspace",
+					},
+					Script: "sleep 3 && touch foo",
 				}, {
-					Container: corev1.Container{Image: "ubuntu"},
-					Script:    "ls foo",
+					Container: corev1.Container{
+						Image:      "ubuntu",
+						WorkingDir: "/workspace",
+					},
+					Script: "ls foo",
 				}},
 			}},
 		},