fix go-install verification in Dockerfile
Latent bug: the post-loop check used `command -v` to verify govulncheck and staticcheck installed. `command -v` only walks PATH, but at this layer PATH does NOT include $GOPATH/bin (/home/crafter/go/bin) — that's only added in the canonical final PATH at the bottom of the Dockerfile (line 314). At runtime the binaries work fine via the bottom PATH; only the build-time verify was broken. The bug was masked by stale Docker layer caching from earlier Dockerfile shapes. Adding the new Nix layer above this step invalidated the cache and surfaced it. Switch to direct binary path checks (test -x \"\$GOPATH/bin/...\") which work regardless of PATH state at the layer.
This commit is contained in:
parent
b0490a8c02
commit
1ef50307ac
1 changed files with 1 additions and 1 deletions
|
|
@ -259,7 +259,7 @@ RUN for i in 1 2 3 4 5; do \
|
|||
&& go install honnef.co/go/tools/cmd/staticcheck@latest \
|
||||
&& break || { echo "go install attempt $i failed, sleeping $((i*10))s"; sleep $((i*10)); }; \
|
||||
done; \
|
||||
command -v govulncheck && command -v staticcheck || { echo "go install failed after 5 attempts"; exit 1; }
|
||||
test -x "$GOPATH/bin/govulncheck" && test -x "$GOPATH/bin/staticcheck" || { echo "go install failed after 5 attempts"; exit 1; }
|
||||
|
||||
# GOPATH already set above; PATH handled by the final clean ENV at the
|
||||
# bottom (which includes /home/crafter/go/bin). No per-layer PATH ENV
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue