From d6a1af1efd0bcb2195b1158235e93cb9a68dab28 Mon Sep 17 00:00:00 2001 From: Steve Breker Date: Thu, 25 Apr 2024 15:10:52 -0700 Subject: [PATCH] Set secure SHELL options before RUN Docker only evaluates the exit code of the last operation after the pipe in a RUN statement to determine success. Specifying 'pipefail' will cause the build to fail due to an error at any stage of a RUN command with pipes. Setting the -e option instructs bash to immediately exit if any command in a RUN statement has a non-zero exit status. Setting the -u option triggers an error if a variable is referenced that has not been previously defined. Setting runDeps using a list passed to 'apk info --installed' returns a non zero exit status if one of the packages listed is not installed. Added '|| true' to force an exit status of 0. --- 1.1.21.2/Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/1.1.21.2/Dockerfile b/1.1.21.2/Dockerfile index 95b05b1..9d7d04c 100644 --- a/1.1.21.2/Dockerfile +++ b/1.1.21.2/Dockerfile @@ -3,10 +3,11 @@ FROM alpine:3.19.1 ENV GEARMAND_VERSION 1.1.21 ENV GEARMAND_SHA1 472d2a0019e69edefcd0c1ff57e9352982e6d3f5 +SHELL ["/bin/sh", "-euxo", "pipefail", "-c"] + RUN addgroup -S gearman && adduser -G gearman -S -D -H -s /bin/false -g "Gearman Server" gearman -RUN set -x \ - && apk add --no-cache --virtual .build-deps \ +RUN apk add --no-cache --virtual .build-deps \ wget \ tar \ ca-certificates \ @@ -44,7 +45,7 @@ RUN set -x \ scanelf --needed --nobanner --recursive /usr/local \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ - | xargs -r apk info --installed \ + | xargs -r apk info --installed || true \ | sort -u \ )" \ && apk add --virtual .gearmand-rundeps $runDeps \