Conversation
quan0715
commented
Feb 6, 2026
quan0715
commented
- feat: Add workspace export functionality
- build: Add development toolchains to base image
- Add Rust 1.74 toolchain to base image
There was a problem hiding this comment.
Pull request overview
Updates the devops base image to include a Rust toolchain, likely to support building/installing Rust-backed dependencies within the container build/runtime environment.
Changes:
- Add Rust-related environment variables (RUSTUP_HOME, CARGO_HOME, PATH) to the base image.
- Install Rust 1.74.1 via rustup during the apt install layer and verify
rustc/cargoavailability.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Rust toolchain (1.7x) | ||
| ENV RUSTUP_HOME=/usr/local/rustup \ | ||
| CARGO_HOME=/usr/local/cargo \ | ||
| PATH=/usr/local/cargo/bin:$PATH |
There was a problem hiding this comment.
The PR title/description references GCE git branches and workspace export, but this diff only adds a Rust toolchain to the base image. Please align the PR metadata with the actual change (or include the missing commits) so reviewers can accurately assess scope and impact.
| # Rust toolchain (1.7x) | ||
| ENV RUSTUP_HOME=/usr/local/rustup \ | ||
| CARGO_HOME=/usr/local/cargo \ | ||
| PATH=/usr/local/cargo/bin:$PATH |
There was a problem hiding this comment.
In ENV PATH=/usr/local/cargo/bin:$PATH, consider using ${PATH} (and quoting if your style requires) to avoid any ambiguity around variable expansion and to match common Dockerfile patterns for PATH appends.
| PATH=/usr/local/cargo/bin:$PATH | |
| PATH=/usr/local/cargo/bin:${PATH} |
| postgresql-client \ | ||
| nodejs \ | ||
| npm \ | ||
| && curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain 1.74.1 \ |
There was a problem hiding this comment.
rustup will try to modify shell profile files by default; in container images this can leave unnecessary dotfiles in the image and is not used by the non-interactive runtime. Consider adding the installer option to prevent PATH/profile modification since PATH is already being set via ENV.
| && curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain 1.74.1 \ | |
| && curl -fsSL https://sh.rustup.rs | sh -s -- -y --no-modify-path --profile minimal --default-toolchain 1.74.1 \ |
| postgresql-client \ | ||
| nodejs \ | ||
| npm \ | ||
| && curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain 1.74.1 \ |
There was a problem hiding this comment.
The command curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain 1.74.1 downloads and executes a remote script as root without any integrity or authenticity verification. If the rustup distribution endpoint, DNS, or TLS channel is compromised, an attacker can inject arbitrary commands into your build, resulting in a backdoored base image. Consider installing Rust from a pinned, signed package or downloading a specific rustup-init artifact and verifying its checksum/signature before execution instead of using a curl | sh pipeline.
