From aa93b256f5b1b2cb36541701ed91cd1b3d33f44b Mon Sep 17 00:00:00 2001
From: Lutz Reinhardt <lutz.reinhardt@elektrobit.com>
Date: Mon, 2 Feb 2026 10:08:42 +0000
Subject: [PATCH] Only set proxy environment variables in proxy environments

The approach using /etc/profile.d/ to unset empty variables does not
work, because it is never executed in the devcontainer.

The proposed solution should be more robust, because now the variables
are never present, if not needed and the build will fail, if it is
broken. Files in /etc/bash_completion.d/ will be executed whenever a new
bash instance is spawned and should work as a /etc/profile.d/
replacement.
---
 scripts/build.sh                              |  6 +++++
 scripts/functions.sh                          | 16 +++++++++++++
 scripts/test.sh                               |  3 +++
 .../.devcontainer/Dockerfile                  | 20 ----------------
 .../.devcontainer/Dockerfile-with-proxy-vars  | 24 +++++++++++++++++++
 .../.devcontainer/devcontainer.json           |  2 +-
 .../.devcontainer/unset-proxy.sh              |  1 +
 src/s-core-devcontainer/test-project/test.sh  | 11 ++++++++-
 8 files changed, 61 insertions(+), 22 deletions(-)
 create mode 100755 scripts/functions.sh
 create mode 100644 src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars
 mode change 100644 => 100755 src/s-core-devcontainer/.devcontainer/unset-proxy.sh

diff --git a/scripts/build.sh b/scripts/build.sh
index 71d4ac8..efa7af4 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
 set -euxo pipefail
 
+SCRIPT_PATH=$(readlink -f "$0")
+SCRIPT_DIR=$(dirname -- "${SCRIPT_PATH}")
+
 if [[ "$#" -lt 1 || "$1" != "--arm64" && "$1" != "--amd64" ]]; then
     echo "Error: First parameter must be --arm64 or --amd64."
     exit 1
@@ -32,6 +35,9 @@ for LABEL in "${LABELS[@]}"; do
     IMAGES+=("--image-name \"ghcr.io/eclipse-score/devcontainer:${LABEL}-${ARCH}\"")
 done
 
+. "${SCRIPT_DIR}/functions.sh"
+set_dockerfile_name
+
 # Prepare devcontainer build command
 DEVCONTAINER_CALL="devcontainer build --workspace-folder src/s-core-devcontainer --cache-from ghcr.io/eclipse-score/devcontainer"
 
diff --git a/scripts/functions.sh b/scripts/functions.sh
new file mode 100755
index 0000000..02741a4
--- /dev/null
+++ b/scripts/functions.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set_dockerfile_name() {
+    DEVCONTAINER_DOCKERFILE_NAME="Dockerfile"
+
+    # Check if proxies are configured in the environment
+    set +u
+    if [ -n "${HTTP_PROXY}${HTTPS_PROXY}${http_proxy}${https_proxy}${NO_PROXY}${no_proxy}" ]; then
+        DEVCONTAINER_DOCKERFILE_NAME="Dockerfile-with-proxy-vars"
+        echo "Proxy environment detected."
+    fi
+    set -u
+
+    export DEVCONTAINER_DOCKERFILE_NAME
+    echo "Using Dockerfile: ${DEVCONTAINER_DOCKERFILE_NAME}"
+}
diff --git a/scripts/test.sh b/scripts/test.sh
index bdbc32b..a3babc8 100755
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -10,6 +10,9 @@ SCRIPT_DIR=$(dirname -- "${SCRIPT_PATH}")
 PROJECT_DIR=$(dirname -- "${SCRIPT_DIR}")
 ID_LABEL="test-container=${IMAGE}"
 
+. "${SCRIPT_DIR}/functions.sh"
+set_dockerfile_name
+
 devcontainer up \
   --id-label "${ID_LABEL}" \
   --workspace-folder "${PROJECT_DIR}/src/${IMAGE}/" \
diff --git a/src/s-core-devcontainer/.devcontainer/Dockerfile b/src/s-core-devcontainer/.devcontainer/Dockerfile
index b838f86..692412c 100644
--- a/src/s-core-devcontainer/.devcontainer/Dockerfile
+++ b/src/s-core-devcontainer/.devcontainer/Dockerfile
@@ -1,25 +1,5 @@
 FROM buildpack-deps:noble-curl
 
-# Proxy arguments for build-time network access
-ARG HTTP_PROXY=""
-ARG HTTPS_PROXY=""
-ARG http_proxy=""
-ARG https_proxy=""
-ARG NO_PROXY=""
-ARG no_proxy=""
-
-# Set proxy environment variables for the build process
-ENV HTTP_PROXY=${HTTP_PROXY}
-ENV HTTPS_PROXY=${HTTPS_PROXY}
-ENV http_proxy=${http_proxy}
-ENV https_proxy=${https_proxy}
-ENV NO_PROXY=${NO_PROXY}
-ENV no_proxy=${no_proxy}
-
 LABEL dev.containers.features="common"
 
-# Unset proxy variables for all login shells
-COPY unset-proxy.sh /etc/profile.d/unset-proxy.sh
-RUN chmod +x /etc/profile.d/unset-proxy.sh
-
 RUN userdel -f -r ubuntu
diff --git a/src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars b/src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars
new file mode 100644
index 0000000..2e59f67
--- /dev/null
+++ b/src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars
@@ -0,0 +1,24 @@
+FROM buildpack-deps:noble-curl
+
+# Proxy arguments for build-time network access
+ARG HTTP_PROXY=""
+ARG HTTPS_PROXY=""
+ARG http_proxy=""
+ARG https_proxy=""
+ARG NO_PROXY=""
+ARG no_proxy=""
+
+# Set proxy environment variables for the build process
+ENV HTTP_PROXY=${HTTP_PROXY}
+ENV HTTPS_PROXY=${HTTPS_PROXY}
+ENV http_proxy=${http_proxy}
+ENV https_proxy=${https_proxy}
+ENV NO_PROXY=${NO_PROXY}
+ENV no_proxy=${no_proxy}
+
+LABEL dev.containers.features="common"
+
+# Unset proxy variables for all login shells
+COPY unset-proxy.sh /etc/bash_completion.d/unset-proxy.sh
+
+RUN userdel -f -r ubuntu
diff --git a/src/s-core-devcontainer/.devcontainer/devcontainer.json b/src/s-core-devcontainer/.devcontainer/devcontainer.json
index 183be4d..8d9438d 100644
--- a/src/s-core-devcontainer/.devcontainer/devcontainer.json
+++ b/src/s-core-devcontainer/.devcontainer/devcontainer.json
@@ -1,7 +1,7 @@
 {
     "build": {
         // Installs latest version from the Distribution
-        "dockerfile": "./Dockerfile",
+        "dockerfile": "./${localEnv:DEVCONTAINER_DOCKERFILE_NAME:Dockerfile}",
         "context": ".",
         "args": {
             "HTTP_PROXY": "${localEnv:HTTP_PROXY}",
diff --git a/src/s-core-devcontainer/.devcontainer/unset-proxy.sh b/src/s-core-devcontainer/.devcontainer/unset-proxy.sh
old mode 100644
new mode 100755
index 9fbb9d2..c3a76ce
--- a/src/s-core-devcontainer/.devcontainer/unset-proxy.sh
+++ b/src/s-core-devcontainer/.devcontainer/unset-proxy.sh
@@ -1,3 +1,4 @@
+#!/bin/bash
 # /etc/profile.d/unset-proxy.sh
 # Unset proxy variables for all login shells if they are empty
 for var in HTTP_PROXY HTTPS_PROXY http_proxy https_proxy NO_PROXY no_proxy; do
diff --git a/src/s-core-devcontainer/test-project/test.sh b/src/s-core-devcontainer/test-project/test.sh
index 46d3106..f3d46f4 100755
--- a/src/s-core-devcontainer/test-project/test.sh
+++ b/src/s-core-devcontainer/test-project/test.sh
@@ -4,7 +4,7 @@ set -euo pipefail
 SCRIPT_PATH=$(readlink -f "$0")
 SCRIPT_DIR=$(dirname -- "${SCRIPT_PATH}")
 
-source "test-utils.sh" vscode
+source "$SCRIPT_DIR/test-utils.sh" vscode
 
 # C++ tooling
 check "validate clangd is working and has the correct version" bash -c "clangd --version | grep '20.1.8'"
@@ -25,5 +25,14 @@ source /devcontainer/features/s-core-local/tests/test_default.sh
 # Tests from the local bazel feature
 source /devcontainer/features/bazel/tests/test_default.sh
 
+# Check that no environment variables are empty
+. /etc/bash_completion
+for var in $(compgen -e); do
+    if [[ "$var" == "LS_COLORS" ]]; then
+        continue
+    fi
+    check "validate environment variable $var is not empty" bash -c "[ -n \"\${$var}\" ]"
+done
+
 # Report result
 reportResults