dockerdockerfiledocker-containerdocker-imagedocker-cmd

Docker container with entrypoint variable expansion and CMD parameters


I want to create a Docker Image that acts as an executable for which the user passes a token as an environment variable. The executable has sub commands that the user should pass via dockers CMD (think of git with authentication via Env). However, Docker does not append the CMD to the entrypoint. The relevant part of my Dockerfile looks like this:

ENTRYPOINT ["/bin/sh", "-c", "/usr/bin/mycmd --token=$MY_TOKEN"]
CMD ["pull", "stuff"]

So if this container is executed without any CMD overrides and secret as the MY_TOKEN variable, I would expect

mycmd --token=secret pull stuff

to be executed. If the user starts the container with an override, e.g.

docker run -it -e MY_TOKEN=secret myimage push junk

I would expect

mycmd --token=secret push junk

to be executed. As mentioned above, however, only mycmd --token=secret gets executed, the CMD is ignored - no matter if I override it during start or set it in the Dockerfile.


Solution

  • With /bin/sh -c "script" syntax, anything after the -c argument becomes an argument to your script. You can reach them with $0 and $@ as part of your /bin/sh script:

    ENTRYPOINT ["/bin/sh", "-c", "exec /usr/bin/mycmd --token=$MY_TOKEN $0 $@"]
    CMD ["pull", "stuff"]
    

    Note that you could also change your entrypoint to be a shell script added to your image that runs exec /usr/bin/mycmd --token=$MY_TOKEN "$@" and execute that shell script with docker's exec syntax:

    ENTRYPOINT ["/entrypoint.sh"]