fix(ecs): honor containerDefinition.entryPoint in docker run#734
Merged
vieiralucas merged 2 commits intomainfrom Apr 24, 2026
Merged
fix(ecs): honor containerDefinition.entryPoint in docker run#734vieiralucas merged 2 commits intomainfrom
vieiralucas merged 2 commits intomainfrom
Conversation
The ECS runtime was reading `command[]` but silently dropping `entryPoint[]` from the container definition. Tasks that relied on an explicit entryPoint (very common for `["/bin/sh","-c"]`-style wrappers) ended up running `docker run <image> <command...>` which exec'd the first command arg as the program — usually `-c`, which alpine et al. treat as a missing binary, exiting 0 with no stdout. This broke `ecr_push_then_ecs_run_task_pulls_image` on the very first run after the test landed: the task printed nothing, captured logs came back empty, and the assertion failed. The test was merged red in PR #726 and has been failing on every E2E run since. Read `entryPoint` alongside `command` and forward it to docker via `--entrypoint` (single executable) plus any remaining elements as positional args before `command[]`. That mirrors how docker composes ENTRYPOINT + CMD at exec time and covers both the single-executable and multi-element cases.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
`docker pull public.ecr.aws/docker/library/alpine:3.20` in `seed_image` fails intermittently with `toomanyrequests: Rate exceeded`. Public ECR caps anonymous pulls at ~1 req/sec per source IP, and CI runners share egress IPs with everything else in the same Azure region. Wrap the seed pull in a 6-attempt exponential-backoff retry that only triggers on the rate-limit signature (`toomanyrequests` / `Rate exceeded`). Hard failures (network unreachable, missing image) still fail fast on the first attempt so we don't waste 5 minutes backing off a real bug.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
command[]but silently droppedentryPoint[].docker run <image> <command...>exec'd the first arg (typically-c) as the program — empty stdout, exit 0.ecr_push_then_ecs_run_task_pulls_imagehas been red on every E2E run since PR feat(ecr-ecs-lambda): wire fakecloud ECR into ECS + Lambda image pull #726 because of this. The test setsentry_point("/bin/sh")andcommand("-c")/command("echo from-ecr ..."); without--entrypointthe container produces no logs and thefrom-ecrassertion fails.entryPointfrom the container definition and forward it via docker--entrypoint <first>plus any remaining elements as positional args beforecommand[]. Matches docker's ENTRYPOINT + CMD composition.Test plan
cargo check -p fakecloud-ecscargo clippy -p fakecloud-ecs --all-targetscargo fmt --check -p fakecloud-ecsecr_cross_service) goes greenSummary by cubic
Honor
containerDefinition.entryPointwhen running ECS tasks by passing the first element todocker runas--entrypointand inserting remaining elements beforecommand[]. Restores Docker ENTRYPOINT+CMD behavior (e.g.,/bin/sh -c ...), fixesecr_push_then_ecs_run_task_pulls_image, and adds exponential-backoff retries to the seeddocker pullto avoid public ECR rate limits.Written for commit 62f5bd4. Summary will update on new commits.