From ffcf6ed40752597cfbb582c8b50cc874ecec933e Mon Sep 17 00:00:00 2001
From: Lutz Reinhardt <lutz.reinhardt@elektrobit.com>
Date: Mon, 2 Feb 2026 10:08:42 +0000
Subject: [PATCH] Only set proxy environment variables in proxy environments

The approach using /etc/profile.d/ to unset empty variables does not
work, because it is never executed in the devcontainer.

The proposed solution should be more robust, because now the variables
are never present, if not needed and the build will fail, if it is
broken. Files in /etc/bash_completion.d/ will be executed whenever a new
bash instance is spawned and should work as a /etc/profile.d/
replacement.
---
 scripts/build.sh                              |  6 ++++
 scripts/functions.sh                          | 29 +++++++++++++++++++
 scripts/test.sh                               |  3 ++
 .../.devcontainer/Dockerfile                  | 19 ------------
 .../.devcontainer/Dockerfile-with-proxy-vars  | 24 +++++++++++++++
 .../.devcontainer/devcontainer.json           |  2 +-
 .../.devcontainer/unset-proxy.sh              |  2 +-
 src/s-core-devcontainer/test-project/test.sh  | 14 ++++++++-
 8 files changed, 77 insertions(+), 22 deletions(-)
 create mode 100755 scripts/functions.sh
 create mode 100644 src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars

diff --git a/scripts/build.sh b/scripts/build.sh
index ae6e6f3..304102b 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -15,6 +15,9 @@
 
 set -euxo pipefail
 
+SCRIPT_PATH=$(readlink -f "$0")
+SCRIPT_DIR=$(dirname -- "${SCRIPT_PATH}")
+
 if [[ "$#" -lt 1 || "${1}" != "--arm64" && "${1}" != "--amd64" ]]; then
     echo "Error: First parameter must be --arm64 or --amd64."
     exit 1
@@ -46,6 +49,9 @@ for LABEL in "${LABELS[@]}"; do
     IMAGES+=("--image-name \"ghcr.io/eclipse-score/devcontainer:${LABEL}-${ARCH}\"")
 done
 
+. "${SCRIPT_DIR}/functions.sh"
+set_dockerfile_name
+
 # Prepare devcontainer build command
 DEVCONTAINER_CALL="devcontainer build --workspace-folder src/s-core-devcontainer --cache-from ghcr.io/eclipse-score/devcontainer"
 
diff --git a/scripts/functions.sh b/scripts/functions.sh
new file mode 100755
index 0000000..8d83da3
--- /dev/null
+++ b/scripts/functions.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+set_dockerfile_name() {
+    DEVCONTAINER_DOCKERFILE_NAME="Dockerfile"
+
+    # Check if proxies are configured in the environment
+    set +u
+    if [ -n "${HTTP_PROXY}${HTTPS_PROXY}${http_proxy}${https_proxy}${NO_PROXY}${no_proxy}" ]; then
+        DEVCONTAINER_DOCKERFILE_NAME="Dockerfile-with-proxy-vars"
+        echo "Proxy environment detected."
+    fi
+    set -u
+
+    export DEVCONTAINER_DOCKERFILE_NAME
+    echo "Using Dockerfile: ${DEVCONTAINER_DOCKERFILE_NAME}"
+}
diff --git a/scripts/test.sh b/scripts/test.sh
index c16563b..969d7f0 100755
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -24,6 +24,9 @@ SCRIPT_DIR=$(dirname -- "${SCRIPT_PATH}")
 PROJECT_DIR=$(dirname -- "${SCRIPT_DIR}")
 ID_LABEL="test-container=${IMAGE}"
 
+. "${SCRIPT_DIR}/functions.sh"
+set_dockerfile_name
+
 devcontainer up \
   --id-label "${ID_LABEL}" \
   --workspace-folder "${PROJECT_DIR}/src/${IMAGE}/" \
diff --git a/src/s-core-devcontainer/.devcontainer/Dockerfile b/src/s-core-devcontainer/.devcontainer/Dockerfile
index 6589b2f..692412c 100644
--- a/src/s-core-devcontainer/.devcontainer/Dockerfile
+++ b/src/s-core-devcontainer/.devcontainer/Dockerfile
@@ -1,24 +1,5 @@
 FROM buildpack-deps:noble-curl
 
-# Proxy arguments for build-time network access
-ARG HTTP_PROXY=""
-ARG HTTPS_PROXY=""
-ARG http_proxy=""
-ARG https_proxy=""
-ARG NO_PROXY=""
-ARG no_proxy=""
-
-# Set proxy environment variables for the build process
-ENV HTTP_PROXY=${HTTP_PROXY}
-ENV HTTPS_PROXY=${HTTPS_PROXY}
-ENV http_proxy=${http_proxy}
-ENV https_proxy=${https_proxy}
-ENV NO_PROXY=${NO_PROXY}
-ENV no_proxy=${no_proxy}
-
 LABEL dev.containers.features="common"
 
-# Unset proxy variables for all login shells
-COPY unset-proxy.sh /etc/profile.d/unset-proxy.sh
-
 RUN userdel -f -r ubuntu
diff --git a/src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars b/src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars
new file mode 100644
index 0000000..2e59f67
--- /dev/null
+++ b/src/s-core-devcontainer/.devcontainer/Dockerfile-with-proxy-vars
@@ -0,0 +1,24 @@
+FROM buildpack-deps:noble-curl
+
+# Proxy arguments for build-time network access
+ARG HTTP_PROXY=""
+ARG HTTPS_PROXY=""
+ARG http_proxy=""
+ARG https_proxy=""
+ARG NO_PROXY=""
+ARG no_proxy=""
+
+# Set proxy environment variables for the build process
+ENV HTTP_PROXY=${HTTP_PROXY}
+ENV HTTPS_PROXY=${HTTPS_PROXY}
+ENV http_proxy=${http_proxy}
+ENV https_proxy=${https_proxy}
+ENV NO_PROXY=${NO_PROXY}
+ENV no_proxy=${no_proxy}
+
+LABEL dev.containers.features="common"
+
+# Unset proxy variables for all login shells
+COPY unset-proxy.sh /etc/bash_completion.d/unset-proxy.sh
+
+RUN userdel -f -r ubuntu
diff --git a/src/s-core-devcontainer/.devcontainer/devcontainer.json b/src/s-core-devcontainer/.devcontainer/devcontainer.json
index 183be4d..8d9438d 100644
--- a/src/s-core-devcontainer/.devcontainer/devcontainer.json
+++ b/src/s-core-devcontainer/.devcontainer/devcontainer.json
@@ -1,7 +1,7 @@
 {
     "build": {
         // Installs latest version from the Distribution
-        "dockerfile": "./Dockerfile",
+        "dockerfile": "./${localEnv:DEVCONTAINER_DOCKERFILE_NAME:Dockerfile}",
         "context": ".",
         "args": {
             "HTTP_PROXY": "${localEnv:HTTP_PROXY}",
diff --git a/src/s-core-devcontainer/.devcontainer/unset-proxy.sh b/src/s-core-devcontainer/.devcontainer/unset-proxy.sh
index 2a9a0ea..fd7900a 100755
--- a/src/s-core-devcontainer/.devcontainer/unset-proxy.sh
+++ b/src/s-core-devcontainer/.devcontainer/unset-proxy.sh
@@ -13,7 +13,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # *******************************************************************************
 
-# /etc/profile.d/unset-proxy.sh
+# /etc/bash_completion.d/unset-proxy.sh
 # Unset proxy variables for all login shells if they are empty
 for var in HTTP_PROXY HTTPS_PROXY http_proxy https_proxy NO_PROXY no_proxy; do
     if [ -z "${!var}" ]; then
diff --git a/src/s-core-devcontainer/test-project/test.sh b/src/s-core-devcontainer/test-project/test.sh
index dadb958..83b7b44 100755
--- a/src/s-core-devcontainer/test-project/test.sh
+++ b/src/s-core-devcontainer/test-project/test.sh
@@ -15,7 +15,10 @@
 
 set -euo pipefail
 
-source "test-utils.sh" vscode
+SCRIPT_PATH=$(readlink -f "$0")
+SCRIPT_DIR=$(dirname -- "${SCRIPT_PATH}")
+
+source "${SCRIPT_DIR}/test-utils.sh" vscode
 
 # C++ tooling
 check "validate clangd is working and has the correct version" bash -c "clangd --version | grep '20.1.8'"
@@ -36,5 +39,14 @@ source /devcontainer/features/s-core-local/tests/test_default.sh
 # Tests from the local bazel feature
 source /devcontainer/features/bazel/tests/test_default.sh
 
+# Check that no environment variables are empty
+. /etc/bash_completion
+for var in $(compgen -e); do
+    if [[ "${var}" == "LS_COLORS" ]]; then
+        continue
+    fi
+    check "validate environment variable ${var} is not empty" bash -c "[ -n \"\${${var}}\" ]"
+done
+
 # Report result
 reportResults