From d3babae46d5cc25224344b49ef262011843bd8fd Mon Sep 17 00:00:00 2001
From: Kayos <kayos@sulkta.com>
Date: Wed, 29 Apr 2026 16:07:40 -0700
Subject: [PATCH] Dockerfile: remove dead PATH-clobber from GOPATH-fix; final
 clean PATH at end is single source of truth

---
 Dockerfile | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 00546bc..a4edb72 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -244,12 +244,15 @@ RUN python3 -m pip install --user --break-system-packages --no-cache-dir pipx \
     && python3 -m pipx inject mypy types-requests types-PyYAML types-setuptools
 
 # ============================================================
-# Reset GOPATH to crafter-owned path BEFORE the go install runs as crafter.
-# (The /root/go default set in the root-user ENV block fails permission-wise here.)
-ENV PATH=/home/crafter/go/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/root/.bun/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/root/go/bin \
-    GOPATH=/home/crafter/go
-
-# 17. Go user tooling: govulncheck + staticcheck
+# 17. Go user tooling — govulncheck + staticcheck
+#
+# Override GOPATH from the root default (/root/go set at line 79) to a
+# crafter-writable path before running `go install` as USER crafter.
+# Don't redeclare PATH here — the final clean PATH at the bottom of
+# this Dockerfile is the single source of truth and includes
+# /home/crafter/go/bin.
+# ============================================================
+ENV GOPATH=/home/crafter/go
 # ============================================================
 RUN for i in 1 2 3 4 5; do \
       go install golang.org/x/vuln/cmd/govulncheck@latest \
@@ -258,9 +261,11 @@ RUN for i in 1 2 3 4 5; do \
     done; \
     command -v govulncheck && command -v staticcheck || { echo "go install failed after 5 attempts"; exit 1; }
 
-# Make GOPATH bin discoverable for the crafter user
-ENV PATH=/home/crafter/go/bin:$PATH \
-    GOPATH=/home/crafter/go
+# GOPATH already set above; PATH handled by the final clean ENV at the
+# bottom (which includes /home/crafter/go/bin). No per-layer PATH ENV
+# needed here — the layered approach drifted from accumulator-style PATH
+# into hand-rolled lists earlier and broke (see git blame for the
+# resulting band-aid commits).
 
 # ============================================================
 # 18. Ruby user tooling: bundler-audit, rubocop