Use of working directory configuration in apko yaml has unexpectedly particular path composition requirements

[jr-chainguard]

An example:

With these two specifications, the .sh is found and executed without issue:

work-dir: /app
entrypoint:
  command: ./entrypoint.sh

work-dir: /app/
entrypoint:
  command: ./entrypoint.sh

With these two specifications, the .sh file is not found at container runtime:

work-dir: /app
entrypoint:
  command: entrypoint.sh

work-dir: /app/
entrypoint:
  command: entrypoint.sh

docker run :

docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "entrypoint.sh": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled

[jr-chainguard]

Tagging @imjasonh

[kaniini]

I suspect it is because we need to add /app to the PATH variable. What happens when you do:

environment:
  PATH: "/bin:/usr/bin:/sbin:/usr/sbin:/app"

[imjasonh]

Is an image's entrypoint supposed to be executed in terms of its workingDir? I guess not:

$ cat Dockerfile
FROM alpine

WORKDIR /app
RUN echo "echo hi" > entrypoint.sh && chmod +x entrypoint.sh

ENTRYPOINT ["entrypoint.sh"]
$ docker build -t test . && docker run --rm test
...
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "entrypoint.sh": executable file not found in $PATH: unknown.

Changing that to ENTRYPOINT ["/app/entrypoint.sh"] seems to fix it. Or adding /app to PATH.

[imjasonh]

Sorry for misleading you @jr-chainguard, I think this is expected behavior. Or at least it's consistent behavior, even if it's unexpected.

Fully specifying the entrypoint path or adding it to PATH should fix it.