From e22253a71bfeae6c14d4de590142833ecd186bb6 Mon Sep 17 00:00:00 2001 From: Nat Budin Date: Mon, 8 Jun 2026 21:40:55 -0700 Subject: [PATCH] Fix chamber exec failing on --trace flag Two fixes for the deployment/release-command flow: 1. Remove --trace from the release_command in fly.toml. Chamber uses cobra for CLI parsing, and cobra consumes --trace even after the -- separator, causing "Error: unknown flag: --trace" on every release. 2. Replace the su --preserve-environment approach in drop_to_www() with gosu. gosu exec's directly without an intermediate shell layer, which is cleaner and avoids any argument-mangling when passing commands through the privilege drop. Install gosu via apt in the Dockerfile. Co-Authored-By: Claude Sonnet 4.6 --- Dockerfile | 2 +- bin/entrypoint.sh | 5 +---- fly.toml | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 68d856fd0c..9f5bf2f3df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -72,7 +72,7 @@ USER root # shared-mime-info: Rails dependency # libpq5: pg gem dependency # mariadb-client: dependency for Intercode 1 import -RUN apt-get update && apt-get install -y --no-install-recommends openssh-server iproute2 curl python3 libvips42 poppler-utils xz-utils libjemalloc2 shared-mime-info libpq5 mariadb-client && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends openssh-server iproute2 curl python3 libvips42 poppler-utils xz-utils libjemalloc2 shared-mime-info libpq5 mariadb-client gosu && rm -rf /var/lib/apt/lists/* RUN useradd -ms $(which bash) www RUN mkdir /opt/node && \ cd /opt/node && \ diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh index d6eaae8a76..40d9d2ca33 100755 --- a/bin/entrypoint.sh +++ b/bin/entrypoint.sh @@ -1,12 +1,9 @@ #!/bin/bash set -e -# Drop to the www user while preserving the current environment (needed so -# AWS_ROLE_ARN / AWS_WEB_IDENTITY_TOKEN_FILE are visible to the app process). -# If already running as www (e.g. in tests), just exec directly. drop_to_www() { if [ "$(id -u)" -eq 0 ]; then - exec su -s /bin/bash --preserve-environment -c 'exec "$0" "$@"' www "$@" + exec gosu www "$@" else exec "$@" fi diff --git a/fly.toml b/fly.toml index 1999bfc54e..ff1df5974b 100644 --- a/fly.toml +++ b/fly.toml @@ -12,7 +12,7 @@ console_command = "/usr/src/intercode/bin/entrypoint.sh /bin/bash" image = "ghcr.io/neinteractiveliterature/intercode:latest" [deploy] -release_command = "bundle exec rails release:perform --trace" +release_command = "bundle exec rails release:perform" strategy = "bluegreen" [env]