stage_executor,heredoc: honor interpreter in heredoc

If there are any shebang in heredoc file then buildah must honor that. Consider a case of ```Dockerfile FROM python:3.11-slim-bullseye RUN <<EOF print('hello world') EOF ``` Closes: #5251 Signed-off-by: flouthoc <flouthoc.git@gmail.com>
containers · Jan 12, 2024 · 4cc811f · 4cc811f
1 parent e676f85
commit 4cc811f
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 2 deletions.
diff --git a/imagebuildah/stage_executor.go b/imagebuildah/stage_executor.go
@@ -683,6 +683,15 @@ func (s *StageExecutor) createNeededHeredocMountsForRun(files []imagebuilder.Fil
 	return mountResult, nil
 }
 
+func parseSheBang(data string) string {
+	lines := strings.Split(data, "\n")
+	if len(lines) > 2 && strings.HasPrefix(lines[1], "#!") {
+		shebang := strings.TrimLeft(lines[1], "#!")
+		return shebang
+	}
+	return ""
+}
+
 // Run executes a RUN instruction using the stage's current working container
 // as a root directory.
 func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error {
@@ -693,12 +702,17 @@ func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error {
 		if heredoc := buildkitparser.MustParseHeredoc(args[0]); heredoc != nil {
 			if strings.HasPrefix(run.Files[0].Data, "#!") || strings.HasPrefix(run.Files[0].Data, "\n#!") {
 				// This is a single heredoc with a shebang, so create a file
-				// and run it.
+				// and run it with program specified in shebang.
 				heredocMount, err := s.createNeededHeredocMountsForRun(run.Files)
 				if err != nil {
 					return err
 				}
-				args = []string{heredocMount[0].Destination}
+				shebangArgs := parseSheBang(run.Files[0].Data)
+				if shebangArgs != "" {
+					args = []string{shebangArgs + " " + heredocMount[0].Destination}
+				} else {
+					args = []string{heredocMount[0].Destination}
+				}
 				heredocMounts = append(heredocMounts, heredocMount...)
 			} else {
 				args = []string{run.Files[0].Data}

diff --git a/tests/bud.bats b/tests/bud.bats
@@ -354,6 +354,14 @@ _EOF
   expect_output --substring "this is the output of test10"
 }
 
+@test "bud build with heredoc content with inline interpreter" {
+  skip_if_in_container
+  _prefetch busybox
+  run_buildah build -t heredoc $WITH_POLICY_JSON -f $BUDFILES/heredoc/Containerfile.she_bang .
+  expect_output --substring "this is the output of test11"
+  expect_output --substring "this is the output of test12"
+}
+
 @test "bud build with heredoc verify mount leak" {
   skip_if_in_container
   _prefetch alpine

diff --git a/tests/bud/heredoc/Containerfile.she_bang b/tests/bud/heredoc/Containerfile.she_bang
@@ -0,0 +1,6 @@
+FROM python:3.11-slim-bullseye
+RUN <<EOF
+#!/usr/bin/env python
+print('this is the output of test11')
+print('this is the output of test12')
+EOF