Show HN: #!/usr/bin/env docker run

For an actually intentional, non-cursed version of this, see the nix-shell shebang [0]:<p>&gt; #! &#x2F;usr&#x2F;bin&#x2F;env nix-shell &gt; #! nix-shell -i python3 -p python3Packages.pillow python3Packages.ansicolor &gt; &gt; # scale image by 50% &gt; import sys, PIL.Image, ansicolor &gt; path = sys.argv[1] &gt; image = PIL.Image.open(path) &gt; factor = 0.5 &gt; image = image.resize((round(image.width * factor), round(image.height * factor))) &gt; path = path + &quot;.s50.jpg&quot; &gt; image.save(path) &gt; print(ansicolor.green(f&quot;done {path}&quot;))<p>Just `chmod +x` and you have an executable with all dependencies you specify!<p>[0] <a href="https:&#x2F;&#x2F;nixos.wiki&#x2F;wiki&#x2F;Nix-shell_shebang" rel="nofollow">https:&#x2F;&#x2F;nixos.wiki&#x2F;wiki&#x2F;Nix-shell_shebang</a>

The readme compares it to the cross-architecture Cosmopolitan libc, but Docker is anything but cross-platform. On any other platform besides Linux it requires a Linux VM.<p>Linux containers are great (and I run Linux as my desktop OS), just pointing out the not-so-efficient nature of considering this cross-platform.

The -S &#x2F; --split-string option[1] of &#x2F;usr&#x2F;bin&#x2F;env is a relatively recent addition to GNU Coreutils. It&#x27;s available starting from GNU Coreutils 8.30[2], released on 2018-07-01.<p>Beware of portability: it relies on a non-standard behavior from some operating systems. It only works on OSs that treat all the text after the first space as argument(s) to the shebanged executable; rather than just treating the whole string as an executable path (that can happen to contain spaces).<p>Fortunately this non-standard behavior is more the norm than the exception: it works at least on modern GNU&#x2F;Linux, BSDs, and macOS.<p>[1] <a href="https:&#x2F;&#x2F;www.gnu.org&#x2F;software&#x2F;coreutils&#x2F;manual&#x2F;html_node&#x2F;env-invocation.html#g_t_002dS_002f_002d_002dsplit_002dstring-usage-in-scripts" rel="nofollow">https:&#x2F;&#x2F;www.gnu.org&#x2F;software&#x2F;coreutils&#x2F;manual&#x2F;html_node&#x2F;env-...</a><p>[2] <a href="https:&#x2F;&#x2F;github.com&#x2F;coreutils&#x2F;coreutils&#x2F;blob&#x2F;b09dc6306e7affaf002f67350b9787c550ddb5c2&#x2F;NEWS#L953-L955">https:&#x2F;&#x2F;github.com&#x2F;coreutils&#x2F;coreutils&#x2F;blob&#x2F;b09dc6306e7affaf...</a>

This is genius and I love how this is a whole app meta-seed in a single file! I think I have docker trauma, why did we reach a point where we need computers inside our computers just for normal stuff to work?<p>Container packing is cool, but is it just a security thing preventing us from using our normal hardware? Or versioning (NixOS)? Is wasm capable of doing this and is wasm still alive? I just feel like needing to run tests inception style inside and outside docker gets complicated and annoying and always try to just use Linux directly these days.

Cute trick, but it&#x27;s not actually what the title claims.<p>Since this is actually <i>env</i> calling <i>bash</i> first, not docker, this should just be a Bash script. You can still feed the Dockerfile to <i>docker build</i> via STDIN. But you&#x27;d gain the ability to shellcheck the Bash, the code would be easier to read, write, maintain, add comments to, etc. You could keep the filename the same, run it the same way, etc. The way they&#x27;ve done it here is just unnecessarily difficult.

Something like this should definitely exist, just not with Docker!<p>Podman is better but it&#x27;s also a bit coupled to a distro - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38981844">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38981844</a><p>The problem is the Linux kernel container primitives are a bit of a mess<p>bubblewrap is a lot closer, although last I heard it&#x27;s not in some distros for security reasons - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30823164">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=30823164</a>

This is cool hacking but I really don&#x27;t get this obsession with &quot;single file&quot;. Directories exist and can contain self-contained applications without the need to pack everything into some ugly script. They are into the slightest bit more difficult to ship around to different machines.

You can create this type of thing (a self-contained single-file project) for any language or infrastructure, with or without a clever shebang. All you need are heredocs.<p>For example, here&#x27;s the same app but packaged as a regular bash script:<p><a href="https:&#x2F;&#x2F;gist.github.com&#x2F;lwneal&#x2F;a24ba363d9cc9f7a02282c3621afa43d" rel="nofollow">https:&#x2F;&#x2F;gist.github.com&#x2F;lwneal&#x2F;a24ba363d9cc9f7a02282c3621afa...</a>

Reminds me of the &quot;self consuming script pattern&quot;. Seen in this super user answer.<p><a href="https:&#x2F;&#x2F;superuser.com&#x2F;a&#x2F;440059" rel="nofollow">https:&#x2F;&#x2F;superuser.com&#x2F;a&#x2F;440059</a><p>It embeds an awk (or any interpreter) script, and uses sed to cut out the script between tags in $0.<p>I agree with other comments that this kind of thing can get messy, but sometimes it makes a lot of sense and let&#x27;s you share a single file.

Can someone explain what this is and what it does? I have no idea. I use Windows and have never needed to use Docker for anything.

There&#x27;s also `guix shell` which can be used in shebang position. Example from the Guix manual:<p><pre><code> #!&#x2F;usr&#x2F;bin&#x2F;env -S guix shell python python-numpy -- python3 import numpy print(&quot;This is numpy&quot;, numpy.version.version) </code></pre> It also works with manifest files specifying more complex environments.

This isn&#x27;t POSIX compliant is it? I feel like I tried to do something different but trying to put arguments in a shebang and ran into trouble there a year or two ago.

As a rule, if you can write your code in a file, and run it as a script, it is better than writing scrolls between<p><pre><code> &lt;&lt;EOF … EOF </code></pre> The why is obvious.

I did this in Nov 2021 - <a href="https:&#x2F;&#x2F;www.grepular.com&#x2F;Self_Building_and_Executing_Dockerfiles" rel="nofollow">https:&#x2F;&#x2F;www.grepular.com&#x2F;Self_Building_and_Executing_Dockerf...</a><p><pre><code> #!&#x2F;usr&#x2F;bin&#x2F;env -S bash -c &quot;podman run --rm -w &#x2F;x -v &quot;\$PWD:&#x2F;x&quot; \$(podman build -q - &lt; \$0) \${@:1}&quot;</code></pre>

Can we figure out a way to throw an exec into the shebang so the Docker process replaces the bash One?

Simple file based solution. That&#x27;s not abuse that&#x27;s unix.<p>Well; thats Unix before Pottering and Microsoft.

I feel comfortable with fenced code blocks. Using heredocs all the time, not so much.<p><pre><code> ```js title=&quot;&#x2F;root&#x2F;server.js&quot; console.log(&#x27;test&#x27;) ``` </code></pre> or<p><pre><code> `&#x2F;root&#x2F;server.js` ```js console.log(&#x27;test&#x27;) ``` </code></pre> vs<p><pre><code> RUN &lt;&lt;EOF cat &gt;&#x2F;root&#x2F;server.js console.log(&#x27;test&#x27;) EOF </code></pre> However the Markdown one is better if the syntax highlighting theme makes the code fence a color that doesn&#x27;t stick out - either monochrome or closer to the background color.

That’s cute - though typically the docker images I build need supporting infra around them anyhow - I’d have to forward to the build script.

Using spaces in a shebang is not a standard thing and doesn’t work in most shells.

Is this webscale?

Can someone explain what this is about?

what is the practical use of it?

I had no idea a shebang could be used like this! After all of these years…<p>Nice hack. Love it.

For added excitement, you could go the whole hog, and generate, build and run via docker compose. Apart from anything else, you wouldn&#x27;t need the 2-step build&amp;run.<p>I mean, you could. Whether you should, well ...

why not use docker build -q instead of that silly sha parsing?

I like how the last code line reads<p><pre><code> ctx.stroke()</code></pre>

Haha very clever. I like it. L