From 2b899d3e6cd4407c0b9862b2b93c6d55db873728 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:12:31 +0000 Subject: [PATCH 1/4] Initial plan From 6d9cff525e284143b2d70783e31f231f33a0a4c1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:19:47 +0000 Subject: [PATCH 2/4] Fix: remove -l login shell flag from CMD to prevent premature VS Code Server init The CMD used `bash -lc "$BASE_CMD"`. The -l flag starts a login shell that sources /etc/profile and user profile scripts. The DevPanel base image profile scripts initialise VS Code Server, which is configured to use $APP_ROOT/.vscode as its user data directory. APP_ROOT is injected at runtime by DevPanel and is not available during a login-shell execution at build/start time, so VS Code Server falls back to its default home path (/home/www/.vscode-server). Fix: use `bash -c` (no -l). $BASE_CMD is an ENV variable available in any shell context; a login shell is not required for variable expansion. Add two assertions to docker-build-test.sh: - Static check: /home/www/.vscode-server absent from image layers - Runtime check: /home/www/.vscode-server absent in running container Co-authored-by: darrenoh <2293701+darrenoh@users.noreply.github.com> Agent-Logs-Url: https://github.com/drupalforge/deployment/sessions/229084c7-0f9a-49da-9f39-8afeee42f848 --- Dockerfile | 16 +++++++++++++--- tests/docker-build-test.sh | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 581ad32..a142f45 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,14 +65,24 @@ ENV BASE_CMD="${BASE_CMD}" ENTRYPOINT ["/usr/local/bin/deployment-entrypoint"] # Set CMD from base image (passed as build arg) -# Use bash -lc so BASE_CMD is expanded at runtime and forwarded as a proper -# argv command for deployment-entrypoint's final `exec "$@"`. +# Use bash -c so BASE_CMD (an ENV variable) is expanded at runtime and forwarded +# as a proper argv command for deployment-entrypoint's final `exec "$@"`. +# Do NOT use -l (login shell) here: a login shell sources /etc/profile and user +# profile scripts, which in the DevPanel base image initialise VS Code Server. +# The base image exclusively uses $APP_ROOT/.vscode as the VS Code user data +# directory. APP_ROOT is injected at runtime by DevPanel, so it is not available +# during the login-shell initialisation triggered by docker build or the first +# container start. Without APP_ROOT, VS Code Server falls back to its default +# home-directory path (/home/www/.vscode-server), creating that directory and +# baking it into the container. Removing -l prevents profile scripts from running, +# which prevents VS Code Server from initialising prematurely and creating the +# unwanted /home/www/.vscode-server directory. # This covers: # 1) normal startup using the base-image Apache command, # 2) command strings that depend on env expansion, # 3) predictable behavior with exec-form ENTRYPOINT while still allowing # runtime CMD overrides (e.g. `docker run ... `). -CMD ["/bin/bash", "-lc", "$BASE_CMD"] +CMD ["/bin/bash", "-c", "$BASE_CMD"] LABEL org.opencontainers.image.source="https://github.com/drupalforge/deployment" \ org.opencontainers.image.description="Drupal Forge deployment image with S3 database import and conditional file proxy support" diff --git a/tests/docker-build-test.sh b/tests/docker-build-test.sh index 7a38664..3877d12 100755 --- a/tests/docker-build-test.sh +++ b/tests/docker-build-test.sh @@ -90,6 +90,23 @@ test_version() { failed=1 fi + # Verify .vscode-server directory is not baked into the image. + # The CMD must not use a login shell (-l). Login shells source /etc/profile + # and user profile scripts which initialise VS Code Server in the DevPanel + # base image. The base image exclusively uses $APP_ROOT/.vscode as the VS + # Code user data directory. APP_ROOT is injected at runtime by DevPanel and + # is not available during a premature login-shell initialisation, so VS Code + # Server falls back to its default home-directory path (/home/www/.vscode-server). + # This check catches cases where the directory is written during docker build + # (e.g. via ONBUILD or a login-shell RUN instruction). + echo -e "${YELLOW} Verifying .vscode-server is absent from image layers...${NC}" + if docker run --rm --entrypoint sh "$tag" -c 'test ! -d /home/www/.vscode-server'; then + echo -e "${GREEN} ✓ /home/www/.vscode-server is absent from image (correct)${NC}" + else + echo -e "${RED} ✗ /home/www/.vscode-server found in image layers (login shell must not be used during build)${NC}" + failed=1 + fi + # Test CMD execution: container runs with default CMD echo -e "${YELLOW} Testing CMD execution...${NC}" docker rm -f "$run_container_name" >/dev/null 2>&1 || true @@ -112,6 +129,22 @@ test_version() { if [ "$apache_running" -eq 1 ]; then echo -e "${GREEN} ✓ Apache is running${NC}" + + # Verify that the CMD did not use a login shell (-l) to start. + # Login shells source /etc/profile and user profile scripts in + # the DevPanel base image, which initialise VS Code Server. + # The base image exclusively uses $APP_ROOT/.vscode as the VS + # Code user data directory. APP_ROOT is injected at runtime by + # DevPanel and is not available during a premature login-shell + # initialisation, so VS Code Server falls back to its default + # home-directory path and creates /home/www/.vscode-server. + echo -e "${YELLOW} Verifying .vscode-server absent at runtime...${NC}" + if docker exec "$run_container_name" sh -c 'test ! -d /home/www/.vscode-server'; then + echo -e "${GREEN} ✓ /home/www/.vscode-server absent at runtime (CMD does not use login shell)${NC}" + else + echo -e "${RED} ✗ /home/www/.vscode-server created at runtime (CMD must not use -l login shell flag)${NC}" + failed=1 + fi else logs=$(docker logs "$run_container_name" 2>&1) echo -e "${RED} ✗ Apache is not running${NC}" From f2191c7c37b6a83b0e988302cff2149a8463e845 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:31:10 +0000 Subject: [PATCH 3/4] Fix comment wording: directory created in writable layer at startup, not during build - Dockerfile: replace "triggered by docker build or the first container start" / "baking it into the container" with accurate language: the directory is created in the container's writable layer when a login shell runs before APP_ROOT is set (i.e. at initial container startup) - docker-build-test.sh: change "image layers" / "baked into the image" to "final image" per review feedback Co-authored-by: darrenoh <2293701+darrenoh@users.noreply.github.com> Agent-Logs-Url: https://github.com/drupalforge/deployment/sessions/3c4d7459-cd62-4db5-b12d-f3613affd28c --- Dockerfile | 8 ++++---- tests/docker-build-test.sh | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index a142f45..df60e75 100644 --- a/Dockerfile +++ b/Dockerfile @@ -71,10 +71,10 @@ ENTRYPOINT ["/usr/local/bin/deployment-entrypoint"] # profile scripts, which in the DevPanel base image initialise VS Code Server. # The base image exclusively uses $APP_ROOT/.vscode as the VS Code user data # directory. APP_ROOT is injected at runtime by DevPanel, so it is not available -# during the login-shell initialisation triggered by docker build or the first -# container start. Without APP_ROOT, VS Code Server falls back to its default -# home-directory path (/home/www/.vscode-server), creating that directory and -# baking it into the container. Removing -l prevents profile scripts from running, +# when a login shell runs before APP_ROOT has been set (for example, at initial +# container startup). Without APP_ROOT, VS Code Server falls back to its default +# home-directory path (/home/www/.vscode-server), creating that directory in the +# container's writable layer. Removing -l prevents profile scripts from running, # which prevents VS Code Server from initialising prematurely and creating the # unwanted /home/www/.vscode-server directory. # This covers: diff --git a/tests/docker-build-test.sh b/tests/docker-build-test.sh index 3877d12..378060f 100755 --- a/tests/docker-build-test.sh +++ b/tests/docker-build-test.sh @@ -90,20 +90,20 @@ test_version() { failed=1 fi - # Verify .vscode-server directory is not baked into the image. + # Verify .vscode-server directory is not present in the final image. # The CMD must not use a login shell (-l). Login shells source /etc/profile # and user profile scripts which initialise VS Code Server in the DevPanel # base image. The base image exclusively uses $APP_ROOT/.vscode as the VS # Code user data directory. APP_ROOT is injected at runtime by DevPanel and # is not available during a premature login-shell initialisation, so VS Code # Server falls back to its default home-directory path (/home/www/.vscode-server). - # This check catches cases where the directory is written during docker build + # This check catches cases where the directory is written into the final image # (e.g. via ONBUILD or a login-shell RUN instruction). - echo -e "${YELLOW} Verifying .vscode-server is absent from image layers...${NC}" + echo -e "${YELLOW} Verifying .vscode-server is absent from the final image...${NC}" if docker run --rm --entrypoint sh "$tag" -c 'test ! -d /home/www/.vscode-server'; then echo -e "${GREEN} ✓ /home/www/.vscode-server is absent from image (correct)${NC}" else - echo -e "${RED} ✗ /home/www/.vscode-server found in image layers (login shell must not be used during build)${NC}" + echo -e "${RED} ✗ /home/www/.vscode-server found in the final image (login shell must not be used during build)${NC}" failed=1 fi From a90ca3d2d06796771248d047da5bd79822493bbe Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:38:17 +0000 Subject: [PATCH 4/4] =?UTF-8?q?Fix=20spelling:=20initialise/initialisation?= =?UTF-8?q?=20=E2=86=92=20initialize/initialization=20(US=20spelling)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Consistent with the rest of the repo (US English). Fixes all occurrences in Dockerfile and tests/docker-build-test.sh. Co-authored-by: darrenoh <2293701+darrenoh@users.noreply.github.com> Agent-Logs-Url: https://github.com/drupalforge/deployment/sessions/9461a099-f6d0-43fd-a33c-2d9887eb5ab2 --- Dockerfile | 4 ++-- tests/docker-build-test.sh | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index df60e75..a63220c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -68,14 +68,14 @@ ENTRYPOINT ["/usr/local/bin/deployment-entrypoint"] # Use bash -c so BASE_CMD (an ENV variable) is expanded at runtime and forwarded # as a proper argv command for deployment-entrypoint's final `exec "$@"`. # Do NOT use -l (login shell) here: a login shell sources /etc/profile and user -# profile scripts, which in the DevPanel base image initialise VS Code Server. +# profile scripts, which in the DevPanel base image initialize VS Code Server. # The base image exclusively uses $APP_ROOT/.vscode as the VS Code user data # directory. APP_ROOT is injected at runtime by DevPanel, so it is not available # when a login shell runs before APP_ROOT has been set (for example, at initial # container startup). Without APP_ROOT, VS Code Server falls back to its default # home-directory path (/home/www/.vscode-server), creating that directory in the # container's writable layer. Removing -l prevents profile scripts from running, -# which prevents VS Code Server from initialising prematurely and creating the +# which prevents VS Code Server from initializing prematurely and creating the # unwanted /home/www/.vscode-server directory. # This covers: # 1) normal startup using the base-image Apache command, diff --git a/tests/docker-build-test.sh b/tests/docker-build-test.sh index 378060f..6e0bf3e 100755 --- a/tests/docker-build-test.sh +++ b/tests/docker-build-test.sh @@ -92,10 +92,10 @@ test_version() { # Verify .vscode-server directory is not present in the final image. # The CMD must not use a login shell (-l). Login shells source /etc/profile - # and user profile scripts which initialise VS Code Server in the DevPanel + # and user profile scripts which initialize VS Code Server in the DevPanel # base image. The base image exclusively uses $APP_ROOT/.vscode as the VS # Code user data directory. APP_ROOT is injected at runtime by DevPanel and - # is not available during a premature login-shell initialisation, so VS Code + # is not available during a premature login-shell initialization, so VS Code # Server falls back to its default home-directory path (/home/www/.vscode-server). # This check catches cases where the directory is written into the final image # (e.g. via ONBUILD or a login-shell RUN instruction). @@ -132,11 +132,11 @@ test_version() { # Verify that the CMD did not use a login shell (-l) to start. # Login shells source /etc/profile and user profile scripts in - # the DevPanel base image, which initialise VS Code Server. + # the DevPanel base image, which initialize VS Code Server. # The base image exclusively uses $APP_ROOT/.vscode as the VS # Code user data directory. APP_ROOT is injected at runtime by # DevPanel and is not available during a premature login-shell - # initialisation, so VS Code Server falls back to its default + # initialization, so VS Code Server falls back to its default # home-directory path and creates /home/www/.vscode-server. echo -e "${YELLOW} Verifying .vscode-server absent at runtime...${NC}" if docker exec "$run_container_name" sh -c 'test ! -d /home/www/.vscode-server'; then