Skip to content

Escaping variables in heredocs does not work #6048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chris-reeves opened this issue Mar 10, 2025 · 2 comments
Open

Escaping variables in heredocs does not work #6048

chris-reeves opened this issue Mar 10, 2025 · 2 comments
Labels
stale-issue

Comments

@chris-reeves
Copy link

Docker supports escaping variable names for both ENV and VAR variables:

You can escape whole variable names by adding a \ before the variable: \$foo or \${foo}, for example, will translate to $foo and ${foo} literals respectively.

It appears that buildah (or rather imagebuilder?) doesn't support this syntax within heredocs, whereas Docker does. This can cause problems when the heredoc contains a shell script which makes use of variables (as most would). There is a workaround, which is to define an ARG containing the string $ and using that where a dollar sign is required. Escaping variables appears to work correctly elsewhere in the Dockerfile for both Docker and buildah.

The following Dockerfile illustrates the issue:

FROM alpine:latest

ARG ArgVar=ArgValue
ARG Dollar=$

RUN mkdir /testdir
RUN touch /testdir/escaped____\${ArgVar}
RUN touch /testdir/unescaped__${ArgVar}
RUN touch /testdir/workaround_${Dollar}{ArgVar}

COPY --chmod=755 <<EOF /testfile
#!/bin/sh

# Should print the following:
# escaped____${ArgVar}
# unescaped__ArgValue
# workaround_${ArgVar}
echo
ls /testdir
echo

# Should print the following:
# ArgVar      (escaped):
# ArgVar    (unescaped): ArgValue
# ArgVar   (workaround):
# ShellVar    (escaped): ShellValue
# ShellVar  (unescaped):
# ShellVar (workaround): ShellValue
ShellVar=ShellValue
echo "ArgVar      (escaped):" \${ArgVar}
echo "ArgVar    (unescaped):" ${ArgVar}
echo "ArgVar   (workaround):" ${Dollar}{ArgVar}
echo "ShellVar    (escaped):" \${ShellVar}
echo "ShellVar  (unescaped):" ${ShellVar}
echo "ShellVar (workaround):" ${Dollar}{ShellVar}
echo

EOF

ENTRYPOINT [ /testfile ]

When the image is built using Docker, the container gives the following output:

escaped____${ArgVar}
unescaped__ArgValue
workaround_${ArgVar}

ArgVar      (escaped):
ArgVar    (unescaped): ArgValue
ArgVar   (workaround):
ShellVar    (escaped): ShellValue
ShellVar  (unescaped):
ShellVar (workaround): ShellValue

When the image is built using buildah, the container gives the following output:

escaped____${ArgVar}
unescaped__ArgValue
workaround_${ArgVar}

ArgVar      (escaped): ${ArgVar}
ArgVar    (unescaped): ArgValue
ArgVar   (workaround):
ShellVar    (escaped): ${ShellVar}
ShellVar  (unescaped):
ShellVar (workaround): ShellValue

Note the differences in output for the escaped versions of ArgVar and ShellVar.
@chris-reeves
Copy link
Author

I did consider investigating further and potentially raising a PR with a fix, but given that my last PR (#5590) is still not merged after 9 months it didn't seem like a particularly good use of my time.

@github-actions GitHub Actions
Copy link

A friendly reminder that this issue had no activity for 30 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chris-reeves