When a RUN instruction uses a pipe operator |, the shell only evaluates the exit code of the last command in the pipe. This means that if an earlier command in the pipe fails, the build will still succeed, silently ignoring the error.
To fix this, either add set -o pipefail at the beginning of the RUN instruction, or switch to a shell that supports it via SHELL ["/bin/bash", "-o", "pipefail", "-c"].
The check is skipped when:
- SHELL is set to a non-POSIX shell (e.g. pwsh, cmd.exe)
- SHELL is set to a POSIX shell with -o pipefail (e.g. /bin/bash -o pipefail -c)
- The RUN instruction itself contains set -o pipefail
Ref: https://docs.docker.com/build/building/best-practices/#using-pipes
Discussed in #8282
When a
RUNinstruction uses a pipe operator|, the shell only evaluates the exit code of the last command in the pipe. This means that if an earlier command in the pipe fails, the build will still succeed, silently ignoring the error.To fix this, either add
set -o pipefailat the beginning of theRUNinstruction, or switch to a shell that supports it viaSHELL["/bin/bash", "-o", "pipefail", "-c"].The check is skipped when:
Ref: https://docs.docker.com/build/building/best-practices/#using-pipes
Discussed in #8282