Sulkta-Coop/crafting-table
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Dockerfile: clean final PATH at end (single source of truth)

Browse source 
The agent-generated Dockerfile accumulated PATH via 6+ layered ENV
PATH= statements, and my own GOPATH-fix edit (commit 6cd5990) wrote
a literal-expanded PATH that clobbered the swift/kotlin/gradle/bun/
cargo entries. Result: cargo unreachable from crafter user (caught
by the 14-SDK queue dogfood — exit 127 'Permission denied' on cargo
build).

Fix: a final ENV PATH= line right before the CMD that sets PATH to
a clean, comprehensive list of every toolchain bin. Overrides any
drift above. Includes:
- /home/crafter/.local/bin (pipx tools: ruff, mypy, pytest, pip-audit, uv, semgrep)
- /home/crafter/.composer/vendor/bin (phpstan, phpunit)
- /home/crafter/.local/share/gem/ruby/3.1.0/bin (bundler-audit, rubocop)
- /home/crafter/.bun/bin (bun)
- /home/crafter/go/bin (govulncheck, staticcheck)
- /home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin (cargo, rustc, clippy, rustfmt)
- /caches/cargo/bin (cargo install artifacts; volume-mounted)
- /opt/swift/usr/bin (swift)
- /opt/kotlin/bin (kotlinc)
- /opt/gradle/bin (gradle)
- /usr/local/go/bin (go)
- system bins

Once this rebuild lands, the rust recipes can drop the per-recipe
PATH= prefix the workaround used.
This commit is contained in:
Kayos 2026-04-29 14:09:32 -07:00
parent 3578c9321b
commit 510915d3ec
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Dockerfile
View file

@ -282,6 +282,14 @@ RUN chown -R crafter:crafter /app
# ============================================================
USER crafter
WORKDIR /workspace
# Final clean PATH — single source of truth that overrides any earlier
# accumulator drift in the layered ENV PATH= statements above. Lists
# every toolchain bin so cargo/rustc, swift, kotlinc, gradle, bun, go +
# govulncheck/staticcheck, ruff/mypy/pytest/uv, phpstan, bundler-audit
# are all reachable from the crafter user shell with no per-recipe prefix.
ENV PATH=/home/crafter/.local/bin:/home/crafter/.composer/vendor/bin:/home/crafter/.local/share/gem/ruby/3.1.0/bin:/home/crafter/.bun/bin:/home/crafter/go/bin:/home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin:/caches/cargo/bin:/opt/swift/usr/bin:/opt/kotlin/bin:/opt/gradle/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV PYTHONPATH=/app \
PYTHONUNBUFFERED=1
CMD ["uvicorn", "crafting_table.server:app", "--host", "0.0.0.0", "--port", "8810"]