diff --git a/Dockerfile b/Dockerfile index 581ad32..a63220c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,14 +65,24 @@ ENV BASE_CMD="${BASE_CMD}" ENTRYPOINT ["/usr/local/bin/deployment-entrypoint"] # Set CMD from base image (passed as build arg) -# Use bash -lc so BASE_CMD is expanded at runtime and forwarded as a proper -# argv command for deployment-entrypoint's final `exec "$@"`. +# Use bash -c so BASE_CMD (an ENV variable) is expanded at runtime and forwarded +# as a proper argv command for deployment-entrypoint's final `exec "$@"`. +# Do NOT use -l (login shell) here: a login shell sources /etc/profile and user +# profile scripts, which in the DevPanel base image initialize VS Code Server. +# The base image exclusively uses $APP_ROOT/.vscode as the VS Code user data +# directory. APP_ROOT is injected at runtime by DevPanel, so it is not available +# when a login shell runs before APP_ROOT has been set (for example, at initial +# container startup). Without APP_ROOT, VS Code Server falls back to its default +# home-directory path (/home/www/.vscode-server), creating that directory in the +# container's writable layer. Removing -l prevents profile scripts from running, +# which prevents VS Code Server from initializing prematurely and creating the +# unwanted /home/www/.vscode-server directory. # This covers: # 1) normal startup using the base-image Apache command, # 2) command strings that depend on env expansion, # 3) predictable behavior with exec-form ENTRYPOINT while still allowing # runtime CMD overrides (e.g. `docker run ... `). -CMD ["/bin/bash", "-lc", "$BASE_CMD"] +CMD ["/bin/bash", "-c", "$BASE_CMD"] LABEL org.opencontainers.image.source="https://github.com/drupalforge/deployment" \ org.opencontainers.image.description="Drupal Forge deployment image with S3 database import and conditional file proxy support" diff --git a/tests/docker-build-test.sh b/tests/docker-build-test.sh index 7a38664..6e0bf3e 100755 --- a/tests/docker-build-test.sh +++ b/tests/docker-build-test.sh @@ -90,6 +90,23 @@ test_version() { failed=1 fi + # Verify .vscode-server directory is not present in the final image. + # The CMD must not use a login shell (-l). Login shells source /etc/profile + # and user profile scripts which initialize VS Code Server in the DevPanel + # base image. The base image exclusively uses $APP_ROOT/.vscode as the VS + # Code user data directory. APP_ROOT is injected at runtime by DevPanel and + # is not available during a premature login-shell initialization, so VS Code + # Server falls back to its default home-directory path (/home/www/.vscode-server). + # This check catches cases where the directory is written into the final image + # (e.g. via ONBUILD or a login-shell RUN instruction). + echo -e "${YELLOW} Verifying .vscode-server is absent from the final image...${NC}" + if docker run --rm --entrypoint sh "$tag" -c 'test ! -d /home/www/.vscode-server'; then + echo -e "${GREEN} ✓ /home/www/.vscode-server is absent from image (correct)${NC}" + else + echo -e "${RED} ✗ /home/www/.vscode-server found in the final image (login shell must not be used during build)${NC}" + failed=1 + fi + # Test CMD execution: container runs with default CMD echo -e "${YELLOW} Testing CMD execution...${NC}" docker rm -f "$run_container_name" >/dev/null 2>&1 || true @@ -112,6 +129,22 @@ test_version() { if [ "$apache_running" -eq 1 ]; then echo -e "${GREEN} ✓ Apache is running${NC}" + + # Verify that the CMD did not use a login shell (-l) to start. + # Login shells source /etc/profile and user profile scripts in + # the DevPanel base image, which initialize VS Code Server. + # The base image exclusively uses $APP_ROOT/.vscode as the VS + # Code user data directory. APP_ROOT is injected at runtime by + # DevPanel and is not available during a premature login-shell + # initialization, so VS Code Server falls back to its default + # home-directory path and creates /home/www/.vscode-server. + echo -e "${YELLOW} Verifying .vscode-server absent at runtime...${NC}" + if docker exec "$run_container_name" sh -c 'test ! -d /home/www/.vscode-server'; then + echo -e "${GREEN} ✓ /home/www/.vscode-server absent at runtime (CMD does not use login shell)${NC}" + else + echo -e "${RED} ✗ /home/www/.vscode-server created at runtime (CMD must not use -l login shell flag)${NC}" + failed=1 + fi else logs=$(docker logs "$run_container_name" 2>&1) echo -e "${RED} ✗ Apache is not running${NC}"