docker entrypoints: use bash everywhere

[valentijnscholten]

Some entrypoint scripts where using sh which doesn't recognize if [[... used in places like wait_for_database_to_be_reachable

Fixes these errors on startup:

/entrypoint-uwsgi.sh: 21: [[: not found

Credits to @9alexx3 on Slack for suggesting this fix.

[dryrunsecurity]

DryRun Security Summary

The PR modifies Docker entrypoint scripts by switching from sh to bash and introduces potential security vulnerabilities related to file copying, sensitive script references, and exposed network endpoints.

Expand for full summary

The PR updates Docker entrypoint scripts by changing the shell interpreter from sh to bash across multiple files, with minor script modifications.

Security findings:

1. In entrypoint-uwsgi.sh: Potential security risk in file copying mechanism from /app/docker/extra_settings/ directory, which could be exploited if an attacker can manipulate files in this location.
2. Multiple scripts reference /secret-file-loader.sh and /reach_database.sh, which may contain sensitive configuration or credentials.
3. Exposed HTTP endpoint on 0.0.0.0:8081 in entrypoint-uwsgi.sh for Kubernetes liveness checks, which requires careful network configuration.

Code Analysis

We ran 7 analyzers against 4 files and 0 analyzers had findings. 7 analyzers had no findings.

View PR in the DryRun Dashboard.

[kiblik]

I would like to know how it is possible that the tests passed (like before this fix).

[valentijnscholten]

I don't know all the intricate details of how sh and bash handle errors with or without set -e and within or outside of subshells and within or outside of functions.

Looking at this post: https://stackoverflow.com/questions/4072984/how-do-i-get-the-effect-and-usefulness-of-set-e-inside-a-shell-function I don't think I want to know :-)

[mtesauro]

Approved