From 510915d3ecf18d9bd623595f00014c01c8739b4b Mon Sep 17 00:00:00 2001 From: Kayos Date: Wed, 29 Apr 2026 14:09:32 -0700 Subject: [PATCH] Dockerfile: clean final PATH at end (single source of truth) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The agent-generated Dockerfile accumulated PATH via 6+ layered ENV PATH= statements, and my own GOPATH-fix edit (commit 6cd5990) wrote a literal-expanded PATH that clobbered the swift/kotlin/gradle/bun/ cargo entries. Result: cargo unreachable from crafter user (caught by the 14-SDK queue dogfood — exit 127 'Permission denied' on cargo build). Fix: a final ENV PATH= line right before the CMD that sets PATH to a clean, comprehensive list of every toolchain bin. Overrides any drift above. Includes: - /home/crafter/.local/bin (pipx tools: ruff, mypy, pytest, pip-audit, uv, semgrep) - /home/crafter/.composer/vendor/bin (phpstan, phpunit) - /home/crafter/.local/share/gem/ruby/3.1.0/bin (bundler-audit, rubocop) - /home/crafter/.bun/bin (bun) - /home/crafter/go/bin (govulncheck, staticcheck) - /home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin (cargo, rustc, clippy, rustfmt) - /caches/cargo/bin (cargo install artifacts; volume-mounted) - /opt/swift/usr/bin (swift) - /opt/kotlin/bin (kotlinc) - /opt/gradle/bin (gradle) - /usr/local/go/bin (go) - system bins Once this rebuild lands, the rust recipes can drop the per-recipe PATH= prefix the workaround used. --- Dockerfile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Dockerfile b/Dockerfile index 2756526..b69b90e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -282,6 +282,14 @@ RUN chown -R crafter:crafter /app # ============================================================ USER crafter WORKDIR /workspace + +# Final clean PATH — single source of truth that overrides any earlier +# accumulator drift in the layered ENV PATH= statements above. Lists +# every toolchain bin so cargo/rustc, swift, kotlinc, gradle, bun, go + +# govulncheck/staticcheck, ruff/mypy/pytest/uv, phpstan, bundler-audit +# are all reachable from the crafter user shell with no per-recipe prefix. +ENV PATH=/home/crafter/.local/bin:/home/crafter/.composer/vendor/bin:/home/crafter/.local/share/gem/ruby/3.1.0/bin:/home/crafter/.bun/bin:/home/crafter/go/bin:/home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin:/caches/cargo/bin:/opt/swift/usr/bin:/opt/kotlin/bin:/opt/gradle/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + ENV PYTHONPATH=/app \ PYTHONUNBUFFERED=1 CMD ["uvicorn", "crafting_table.server:app", "--host", "0.0.0.0", "--port", "8810"]