From 72dcd08578df279de462f3e8907a9e75602fcc6f Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 11:38:44 +0000 Subject: [PATCH 1/8] Remove hardcoded LLVM_CONFIG path from PostgreSQL build Allow PostgreSQL's configure script to auto-detect llvm-config instead of hardcoding the path to /usr/bin/llvm-config-64. This improves portability across different systems and LLVM installations, as the hardcoded path may not exist on all distributions. The --with-llvm flag is sufficient for configure to find the appropriate llvm-config binary automatically. Based on commit e41e201 from dockerfile-stable-llvm-fix branch. --- tests/docker/Dockerfile-step-1.el9 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/docker/Dockerfile-step-1.el9 b/tests/docker/Dockerfile-step-1.el9 index 0df56fe3..5a9b4bc5 100644 --- a/tests/docker/Dockerfile-step-1.el9 +++ b/tests/docker/Dockerfile-step-1.el9 @@ -33,7 +33,7 @@ RUN for patchfile in /home/pgedge/spock/patches/${PGVER}/*; do \ done RUN echo "==========Compiling Modified PostgreSQL==========" -RUN options="'--prefix=/home/pgedge/pgedge/pg$PGVER' '--disable-rpath' '--with-zstd' '--with-lz4' '--with-icu' '--with-libxslt' '--with-libxml' '--with-uuid=ossp' '--with-gssapi' '--with-ldap' '--with-pam' '--enable-debug' '--enable-dtrace' '--with-llvm' 'LLVM_CONFIG=/usr/bin/llvm-config-64' '--with-openssl' '--with-systemd' '--enable-tap-tests' '--with-python' '--enable-cassert' 'PYTHON=/usr/bin/python3.9' 'BITCODE_CFLAGS=-gdwarf-5 -O0 -fforce-dwarf-frame' 'CFLAGS=-g -O0'" && eval ./configure $options && make -j4 && make -C contrib -j4 && make install && make -C contrib install +RUN options="'--prefix=/home/pgedge/pgedge/pg$PGVER' '--disable-rpath' '--with-zstd' '--with-lz4' '--with-icu' '--with-libxslt' '--with-libxml' '--with-uuid=ossp' '--with-gssapi' '--with-ldap' '--with-pam' '--enable-debug' '--enable-dtrace' '--with-llvm' '--with-openssl' '--with-systemd' '--enable-tap-tests' '--with-python' '--enable-cassert' 'PYTHON=/usr/bin/python3.9' 'BITCODE_CFLAGS=-gdwarf-5 -O0 -fforce-dwarf-frame' 'CFLAGS=-g -O0'" && eval ./configure $options && make -j4 && make -C contrib -j4 && make install && make -C contrib install WORKDIR /home/pgedge From 8886f88cf9b65335ecd29e2ad16e4b9067de9367 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 11:46:26 +0000 Subject: [PATCH 2/8] Use ENV directives instead of .bashrc for environment variables Replace the anti-pattern of setting environment variables via .bashrc with proper Docker ENV directives. This ensures: - Environment variables are available in all RUN commands - No need to source .bashrc in build steps - More reliable and Docker-native approach - Cleaner and more maintainable Dockerfile Variables moved to ENV: - PATH: Includes PostgreSQL bin directory - LD_LIBRARY_PATH: Includes PostgreSQL lib directory - PG_CONFIG: Points to pg_config binary This simplifies the Spock build step significantly. --- tests/docker/Dockerfile-step-1.el9 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/docker/Dockerfile-step-1.el9 b/tests/docker/Dockerfile-step-1.el9 index 5a9b4bc5..53f309c1 100644 --- a/tests/docker/Dockerfile-step-1.el9 +++ b/tests/docker/Dockerfile-step-1.el9 @@ -3,6 +3,9 @@ FROM ghcr.io/pgedge/base-test-image:latest ARG PGVER ENV PGVER=$PGVER +ENV PATH="/home/pgedge/pgedge/pg${PGVER}/bin:${PATH}" +ENV LD_LIBRARY_PATH="/home/pgedge/pgedge/pg${PGVER}/lib:${LD_LIBRARY_PATH}" +ENV PG_CONFIG="/home/pgedge/pgedge/pg${PGVER}/bin/pg_config" COPY . /home/pgedge/spock WORKDIR /home/pgedge @@ -37,12 +40,9 @@ RUN options="'--prefix=/home/pgedge/pgedge/pg$PGVER' '--disable-rpath' '--with-z WORKDIR /home/pgedge -RUN echo "export LD_LIBRARY_PATH=/home/pgedge/pgedge/pg$PGVER/lib/:$LD_LIBRARY_PATH" >> /home/pgedge/.bashrc -RUN echo "export PATH=/home/pgedge/pgedge/pg$PGVER/bin:$PATH" >> /home/pgedge/.bashrc - RUN echo "==========Recompiling Spock==========" WORKDIR /home/pgedge/spock -RUN . /home/pgedge/.bashrc && export PG_CONFIG=/home/pgedge/pgedge/pg$PGVER/bin/pg_config && export PATH=/home/pgedge/pgedge/pg$PGVER/bin:$PATH && make clean && make -j16 && make install +RUN make clean && make -j16 && make install RUN echo "==========Built Spock==========" From 82c5b13d2a1fefaf6b9206f3a24f45d2f4946e8e Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 11:46:59 +0000 Subject: [PATCH 3/8] Improve PostgreSQL configure command readability Reformat the configure command from a single unreadable line with eval and quoted options to a clean multi-line format. Changes: - Remove unnecessary eval (potential security concern) - Remove shell variable with quoted options pattern - Use direct ./configure with multi-line arguments - Each option on its own line for easy review - Improved maintainability for future option changes This makes it much easier to: - Review which features are enabled - Add or remove configure options - Understand the build configuration at a glance --- tests/docker/Dockerfile-step-1.el9 | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/tests/docker/Dockerfile-step-1.el9 b/tests/docker/Dockerfile-step-1.el9 index 53f309c1..48a2068f 100644 --- a/tests/docker/Dockerfile-step-1.el9 +++ b/tests/docker/Dockerfile-step-1.el9 @@ -36,7 +36,33 @@ RUN for patchfile in /home/pgedge/spock/patches/${PGVER}/*; do \ done RUN echo "==========Compiling Modified PostgreSQL==========" -RUN options="'--prefix=/home/pgedge/pgedge/pg$PGVER' '--disable-rpath' '--with-zstd' '--with-lz4' '--with-icu' '--with-libxslt' '--with-libxml' '--with-uuid=ossp' '--with-gssapi' '--with-ldap' '--with-pam' '--enable-debug' '--enable-dtrace' '--with-llvm' '--with-openssl' '--with-systemd' '--enable-tap-tests' '--with-python' '--enable-cassert' 'PYTHON=/usr/bin/python3.9' 'BITCODE_CFLAGS=-gdwarf-5 -O0 -fforce-dwarf-frame' 'CFLAGS=-g -O0'" && eval ./configure $options && make -j4 && make -C contrib -j4 && make install && make -C contrib install +RUN ./configure \ + --prefix="/home/pgedge/pgedge/pg${PGVER}" \ + --disable-rpath \ + --with-zstd \ + --with-lz4 \ + --with-icu \ + --with-libxslt \ + --with-libxml \ + --with-uuid=ossp \ + --with-gssapi \ + --with-ldap \ + --with-pam \ + --enable-debug \ + --enable-dtrace \ + --with-llvm \ + --with-openssl \ + --with-systemd \ + --enable-tap-tests \ + --with-python \ + --enable-cassert \ + PYTHON=/usr/bin/python3.9 \ + BITCODE_CFLAGS="-gdwarf-5 -O0 -fforce-dwarf-frame" \ + CFLAGS="-g -O0" && \ + make -j4 && \ + make -C contrib -j4 && \ + make install && \ + make -C contrib install WORKDIR /home/pgedge From 883b74599f1cf13483573c4a316050cf7191cd86 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 11:48:10 +0000 Subject: [PATCH 4/8] Combine RUN layers to reduce image size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Merge multiple RUN commands into single layers to reduce the number of layers in the final Docker image. This optimization: - Reduces image size by combining related operations - Improves build efficiency - Better utilizes Docker layer caching - Follows Dockerfile best practices Changes: - PostgreSQL clone + chmod: 2 RUN → 1 RUN - pgedge setup: 3 RUN → 1 RUN - PostgreSQL compile: 2 RUN → 1 RUN - Spock compile: 3 RUN → 1 RUN - Added descriptive comments for each build stage - Removed duplicate WORKDIR directive Total reduction: ~6 fewer layers --- tests/docker/Dockerfile-step-1.el9 | 35 +++++++++++++++--------------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/tests/docker/Dockerfile-step-1.el9 b/tests/docker/Dockerfile-step-1.el9 index 48a2068f..690100f6 100644 --- a/tests/docker/Dockerfile-step-1.el9 +++ b/tests/docker/Dockerfile-step-1.el9 @@ -10,7 +10,7 @@ ENV PG_CONFIG="/home/pgedge/pgedge/pg${PGVER}/bin/pg_config" COPY . /home/pgedge/spock WORKDIR /home/pgedge -RUN echo "Determine PostgreSQL tag" +# Determine PostgreSQL version and clone repository RUN LATEST_TAG=$(git ls-remote --tags https://github.com/postgres/postgres.git | \ grep "refs/tags/REL_${PGVER}_" | \ sed 's|.*refs/tags/||' | \ @@ -18,16 +18,14 @@ RUN LATEST_TAG=$(git ls-remote --tags https://github.com/postgres/postgres.git | sort -V | \ tail -n 1 | \ tr '.' '_') && \ - echo "Using tag $LATEST_TAG" && \ - git clone --branch $LATEST_TAG --depth 1 https://github.com/postgres/postgres /home/pgedge/postgres + echo "Using PostgreSQL tag: $LATEST_TAG" && \ + git clone --branch $LATEST_TAG --depth 1 https://github.com/postgres/postgres /home/pgedge/postgres && \ + chmod -R a+w /home/pgedge/postgres - -RUN sudo chmod -R a+w ~/postgres - -RUN echo "Setting up pgedge..." -WORKDIR /home/pgedge -RUN curl -fsSL https://pgedge-download.s3.amazonaws.com/REPO/install.py > /home/pgedge/install.py -RUN sudo -u pgedge python3 /home/pgedge/install.py +# Install pgedge +RUN echo "Setting up pgedge..." && \ + curl -fsSL https://pgedge-download.s3.amazonaws.com/REPO/install.py -o /home/pgedge/install.py && \ + sudo -u pgedge python3 /home/pgedge/install.py WORKDIR /home/pgedge/postgres @@ -35,8 +33,9 @@ RUN for patchfile in /home/pgedge/spock/patches/${PGVER}/*; do \ patch -p1 --verbose < $patchfile; \ done -RUN echo "==========Compiling Modified PostgreSQL==========" -RUN ./configure \ +# Compile PostgreSQL +RUN echo "==========Compiling Modified PostgreSQL==========" && \ + ./configure \ --prefix="/home/pgedge/pgedge/pg${PGVER}" \ --disable-rpath \ --with-zstd \ @@ -64,13 +63,13 @@ RUN ./configure \ make install && \ make -C contrib install -WORKDIR /home/pgedge - -RUN echo "==========Recompiling Spock==========" +# Compile Spock WORKDIR /home/pgedge/spock -RUN make clean && make -j16 && make install - -RUN echo "==========Built Spock==========" +RUN echo "==========Compiling Spock==========" && \ + make clean && \ + make -j16 && \ + make install && \ + echo "==========Spock build complete==========" #----------------------------------------- COPY tests/docker/*.sh /home/pgedge/ From 129e3ef54dbbc2bb1c9a08f73db98e51772e3416 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 11:48:47 +0000 Subject: [PATCH 5/8] Add configurable build parallelism with MAKE_JOBS Introduce a build argument to control the number of parallel make jobs instead of using hardcoded values that differed between PostgreSQL and Spock builds. Changes: - Add ARG MAKE_JOBS=4 (default value) - Replace hardcoded -j4 (PostgreSQL) with -j${MAKE_JOBS} - Replace hardcoded -j16 (Spock) with -j${MAKE_JOBS} - Ensures consistent parallelism across all builds Benefits: - Can override at build time: --build-arg MAKE_JOBS=16 - Consistent behavior between PostgreSQL and Spock - Easy to tune for different build environments - Default of 4 is conservative and works on most systems The previous inconsistency (j4 vs j16) is now eliminated. --- tests/docker/Dockerfile-step-1.el9 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/docker/Dockerfile-step-1.el9 b/tests/docker/Dockerfile-step-1.el9 index 690100f6..b03ad9b1 100644 --- a/tests/docker/Dockerfile-step-1.el9 +++ b/tests/docker/Dockerfile-step-1.el9 @@ -1,6 +1,7 @@ FROM ghcr.io/pgedge/base-test-image:latest ARG PGVER +ARG MAKE_JOBS=4 ENV PGVER=$PGVER ENV PATH="/home/pgedge/pgedge/pg${PGVER}/bin:${PATH}" @@ -58,8 +59,8 @@ RUN echo "==========Compiling Modified PostgreSQL==========" && \ PYTHON=/usr/bin/python3.9 \ BITCODE_CFLAGS="-gdwarf-5 -O0 -fforce-dwarf-frame" \ CFLAGS="-g -O0" && \ - make -j4 && \ - make -C contrib -j4 && \ + make -j${MAKE_JOBS} && \ + make -C contrib -j${MAKE_JOBS} && \ make install && \ make -C contrib install @@ -67,7 +68,7 @@ RUN echo "==========Compiling Modified PostgreSQL==========" && \ WORKDIR /home/pgedge/spock RUN echo "==========Compiling Spock==========" && \ make clean && \ - make -j16 && \ + make -j${MAKE_JOBS} && \ make install && \ echo "==========Spock build complete==========" From 2e7994940487a3e1c9889d92e31ef7948a0d533c Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 11:49:12 +0000 Subject: [PATCH 6/8] Use COPY --chmod instead of separate chmod layer Replace the two-step pattern of COPY + RUN chmod with the modern COPY --chmod directive available in BuildKit. Changes: - COPY --chmod=755 instead of COPY + RUN sudo chmod +x - Eliminates one RUN layer - Removes unnecessary sudo usage Benefits: - One fewer layer in the final image - Cleaner and more concise Dockerfile - Uses modern Docker/BuildKit features - Atomic operation (no window where files lack execute permission) This is the recommended approach in modern Dockerfiles. --- tests/docker/Dockerfile-step-1.el9 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/docker/Dockerfile-step-1.el9 b/tests/docker/Dockerfile-step-1.el9 index b03ad9b1..8511747c 100644 --- a/tests/docker/Dockerfile-step-1.el9 +++ b/tests/docker/Dockerfile-step-1.el9 @@ -73,8 +73,7 @@ RUN echo "==========Compiling Spock==========" && \ echo "==========Spock build complete==========" #----------------------------------------- -COPY tests/docker/*.sh /home/pgedge/ -RUN sudo chmod +x /home/pgedge/*.sh +COPY --chmod=755 tests/docker/*.sh /home/pgedge/ WORKDIR /home/pgedge/ USER pgedge From bc59d61903f197b5f2e0ffd4618cb11d536eec28 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 12:02:57 +0000 Subject: [PATCH 7/8] Fix Dockerfile-base.el9 architectural issues Major improvements to the base image to fix several critical issues: 1. **Inline package list** - Removed dependency on lib-list.txt file - Eliminates need for build context with external files - Base image can now be built independently - All dependencies explicitly listed in Dockerfile 2. **Fix SSH key location** - SSH keys now created for pgedge user - Previously created in /root/.ssh (broken!) - Now correctly created in /home/pgedge/.ssh - Proper permissions (700 for .ssh, 600 for files) - Actually usable for SSH-based testing 3. **Set WORKDIR** - Added WORKDIR /home/pgedge - Child images no longer need to set it immediately - More sensible default than / 4. **Remove unused directory creation** - Removed mkdir /home/pgedge/spock - Child images create this when COPYing anyway - Eliminates wasted layer 5. **Better documentation** - Enhanced header comments - Inline comments for each section - Additional LABEL for description - Clarifies image purpose and contents 6. **Cleanup dnf cache** - Added dnf clean all - Reduces final image size This makes the base image self-contained and actually usable as a standalone build artifact. --- tests/docker/Dockerfile-base.el9 | 89 ++++++++++++++++++++++++++------ 1 file changed, 73 insertions(+), 16 deletions(-) diff --git a/tests/docker/Dockerfile-base.el9 b/tests/docker/Dockerfile-base.el9 index 7c3ec0fa..b9068f9b 100644 --- a/tests/docker/Dockerfile-base.el9 +++ b/tests/docker/Dockerfile-base.el9 @@ -1,37 +1,94 @@ # ############################################################################## # -# Transient docker image to avoid unnecessary actions. +# Base test image for pgEdge Spock development and testing. # -# Includes fresh updates of the base OS plus all extra packages needed to -# Postgres, Spock and testing facilities. +# This image includes: +# - Rocky Linux 9 base with development tools +# - PostgreSQL build dependencies (LLVM, ICU, SSL, etc.) +# - Testing tools (Perl Test::More, SSH) +# - pgedge user with sudo access +# +# Built and published to: ghcr.io/pgedge/base-test-image:latest # # ############################################################################## FROM rockylinux:9 -RUN dnf -y update && dnf -y upgrade && dnf -y install sudo && dnf -y groupinstall "Development Tools" +# Update system and install base development tools +RUN dnf -y update && \ + dnf -y upgrade && \ + dnf -y install sudo && \ + dnf -y groupinstall "Development Tools" +# Create pgedge user with sudo privileges RUN useradd -m pgedge -s /bin/bash && \ echo pgedge:asdf | chpasswd && \ echo "pgedge ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/pgedge && \ chmod 0440 /etc/sudoers.d/pgedge && \ chown -R pgedge:pgedge /home/pgedge -COPY tests/docker/lib-list.txt /home/pgedge/ - -RUN dnf install --allowerasing --enablerepo=crb -y $(cat /home/pgedge/lib-list.txt) +# Install PostgreSQL build dependencies and testing tools +# Note: List inlined to avoid requiring build context with external files +RUN dnf install --allowerasing --enablerepo=crb -y \ + bison \ + clang \ + curl \ + cyrus-sasl-gssapi \ + dnsutils \ + flex \ + jansson-devel \ + krb5-devel \ + libicu-devel \ + libpq \ + libpq-devel \ + libuuid \ + libuuid-devel \ + libxslt \ + libxslt-devel \ + llvm \ + llvm-devel \ + lz4 \ + lz4-devel \ + nc \ + openldap \ + openldap-devel \ + openssh-clients \ + openssh-server \ + openssl-devel \ + pam-devel \ + perl \ + perl-App-cpanminus \ + perl-devel \ + perl-IPC-Run \ + pkgconfig \ + procps \ + python3 \ + python3-devel \ + sudo \ + systemd-devel \ + unzip \ + uuid \ + uuid-devel \ + vim \ + zlib \ + zlib-devel && \ + dnf clean all -# Install perl dependencies for running tap tests +# Install Perl testing dependencies RUN cpanm Test::More -RUN ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_ed25519 && \ - cat ~/.ssh/*.pub >> ~/.ssh/authorized_keys - - -RUN mkdir -p /home/pgedge/spock -RUN chown -R pgedge:pgedge /home/pgedge/spock -#----------------------------------------- +# Setup SSH for pgedge user (not root!) +# This allows SSH-based testing as the pgedge user USER pgedge +RUN mkdir -p ~/.ssh && \ + ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_ed25519 && \ + cat ~/.ssh/*.pub >> ~/.ssh/authorized_keys && \ + chmod 700 ~/.ssh && \ + chmod 600 ~/.ssh/authorized_keys + +# Set default working directory +WORKDIR /home/pgedge -# Just to ensure that community members could find the person they should complain to. +# Metadata LABEL maintainer="andrei.lepikhov@pgedge.com" +LABEL description="Base image for pgEdge Spock PostgreSQL extension development and testing" From fa3200efbf5d4f257fb6220098f873f0eae5a93f Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 26 Dec 2025 12:03:23 +0000 Subject: [PATCH 8/8] Fix Dockerfile-step-1.el9 USER context and permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Clarify and fix the user context throughout the build process to eliminate confusion and properly handle permissions. Changes: 1. **Explicit USER root at start** - Base image ends as USER pgedge - Step-1 needs root for installations - Now explicitly documented with comment 2. **Proper ownership after COPY** - Added chown after copying spock source - Ensures pgedge user can access files - Prevents permission issues during build 3. **Remove sudo, use su instead** - Changed: sudo -u pgedge → su - pgedge -c - More explicit about running as different user - Added chown before running install script 4. **Better comments on USER switching** - Documented why we switch to root - Documented why we switch back to pgedge - Makes build process clear Why this matters: - Eliminates confusion about current user context - Proper permissions throughout build - Better suited for CI/CD (GitHub Actions) - More maintainable and debuggable The image now has clear user context at each stage: - Start: root (for installations) - Runtime: pgedge (for testing) --- tests/docker/Dockerfile-step-1.el9 | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/docker/Dockerfile-step-1.el9 b/tests/docker/Dockerfile-step-1.el9 index 8511747c..060ef0ad 100644 --- a/tests/docker/Dockerfile-step-1.el9 +++ b/tests/docker/Dockerfile-step-1.el9 @@ -1,5 +1,8 @@ FROM ghcr.io/pgedge/base-test-image:latest +# Base image ends as USER pgedge, but we need root for installation +USER root + ARG PGVER ARG MAKE_JOBS=4 @@ -8,7 +11,10 @@ ENV PATH="/home/pgedge/pgedge/pg${PGVER}/bin:${PATH}" ENV LD_LIBRARY_PATH="/home/pgedge/pgedge/pg${PGVER}/lib:${LD_LIBRARY_PATH}" ENV PG_CONFIG="/home/pgedge/pgedge/pg${PGVER}/bin/pg_config" +# Copy spock source code and set proper ownership COPY . /home/pgedge/spock +RUN chown -R pgedge:pgedge /home/pgedge/spock + WORKDIR /home/pgedge # Determine PostgreSQL version and clone repository @@ -23,10 +29,11 @@ RUN LATEST_TAG=$(git ls-remote --tags https://github.com/postgres/postgres.git | git clone --branch $LATEST_TAG --depth 1 https://github.com/postgres/postgres /home/pgedge/postgres && \ chmod -R a+w /home/pgedge/postgres -# Install pgedge +# Install pgedge (run as pgedge user, not root) RUN echo "Setting up pgedge..." && \ curl -fsSL https://pgedge-download.s3.amazonaws.com/REPO/install.py -o /home/pgedge/install.py && \ - sudo -u pgedge python3 /home/pgedge/install.py + chown pgedge:pgedge /home/pgedge/install.py && \ + su - pgedge -c "python3 /home/pgedge/install.py" WORKDIR /home/pgedge/postgres @@ -73,9 +80,11 @@ RUN echo "==========Compiling Spock==========" && \ echo "==========Spock build complete==========" #----------------------------------------- +# Copy test scripts and switch to pgedge user for runtime COPY --chmod=755 tests/docker/*.sh /home/pgedge/ WORKDIR /home/pgedge/ +# Switch back to pgedge user for container runtime (testing, etc.) USER pgedge CMD ["/home/pgedge/entrypoint.sh"]