Dockerfile: remove dead PATH-clobber from GOPATH-fix; final clean PATH at end is single source of truth
This commit is contained in:
parent
3273d66003
commit
d3babae46d
1 changed files with 14 additions and 9 deletions
23
Dockerfile
23
Dockerfile
|
|
@ -244,12 +244,15 @@ RUN python3 -m pip install --user --break-system-packages --no-cache-dir pipx \
|
|||
&& python3 -m pipx inject mypy types-requests types-PyYAML types-setuptools
|
||||
|
||||
# ============================================================
|
||||
# Reset GOPATH to crafter-owned path BEFORE the go install runs as crafter.
|
||||
# (The /root/go default set in the root-user ENV block fails permission-wise here.)
|
||||
ENV PATH=/home/crafter/go/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/root/.bun/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/root/go/bin \
|
||||
GOPATH=/home/crafter/go
|
||||
|
||||
# 17. Go user tooling: govulncheck + staticcheck
|
||||
# 17. Go user tooling — govulncheck + staticcheck
|
||||
#
|
||||
# Override GOPATH from the root default (/root/go set at line 79) to a
|
||||
# crafter-writable path before running `go install` as USER crafter.
|
||||
# Don't redeclare PATH here — the final clean PATH at the bottom of
|
||||
# this Dockerfile is the single source of truth and includes
|
||||
# /home/crafter/go/bin.
|
||||
# ============================================================
|
||||
ENV GOPATH=/home/crafter/go
|
||||
# ============================================================
|
||||
RUN for i in 1 2 3 4 5; do \
|
||||
go install golang.org/x/vuln/cmd/govulncheck@latest \
|
||||
|
|
@ -258,9 +261,11 @@ RUN for i in 1 2 3 4 5; do \
|
|||
done; \
|
||||
command -v govulncheck && command -v staticcheck || { echo "go install failed after 5 attempts"; exit 1; }
|
||||
|
||||
# Make GOPATH bin discoverable for the crafter user
|
||||
ENV PATH=/home/crafter/go/bin:$PATH \
|
||||
GOPATH=/home/crafter/go
|
||||
# GOPATH already set above; PATH handled by the final clean ENV at the
|
||||
# bottom (which includes /home/crafter/go/bin). No per-layer PATH ENV
|
||||
# needed here — the layered approach drifted from accumulator-style PATH
|
||||
# into hand-rolled lists earlier and broke (see git blame for the
|
||||
# resulting band-aid commits).
|
||||
|
||||
# ============================================================
|
||||
# 18. Ruby user tooling: bundler-audit, rubocop
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue