CMD doesn't run after ENTRYPOINT in Dockerfile

So I have a docker file which does this:

ENV ENV ${ENV}
ENV SERVICE_NAME ${SERVICE_NAME}
USER app
ENV HOME=/home/app
COPY target /home/app/target
COPY entrypoint.sh /home/app
WORKDIR /home/app
ENTRYPOINT /usr/bin/chamber exec ${ENV}_${SERVICE_NAME} -r 1 -- ./entrypoint.sh
CMD java -jar -Dspring.profiles.active=docker target/my.jar

So the ENTRYPOINT runs and pulls down some secrets from AWS Parameter store and populates them in the entrypoint.sh shell as environment variables. The entrypoint.sh then performs some actions with them, creates some files etc and in its last line does "exec $@".

I was then expecting the CMD to run but all it can see is the systemd service file running "ExecStop=/usr/bin/docker stop app".

The systemd service file does this to start the container:

ExecStart=/usr/bin/docker run --name app --memory-reservation=128m --memory=512m -e ENV=dev -e SERVICE_NAME=app 1234567890.dkr.ecr.eu-west-2.amazonaws.com/app:latest

What happened to CMD?


As documented in https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact, if you combine the "shell form" of CMD and ENTRYPOINT, the CMD specification is omitted:

Exerpt from docs.docker.com

So you should rather use the "exec form" and write something like this:

…
ENTRYPOINT ["/usr/bin/chamber", "exec", "${ENV}_${SERVICE_NAME}", "-r", "1", "--", "./entrypoint.sh"]
CMD ["java -jar", "-Dspring.profiles.active=docker", "target/my.jar"]

However this won't work as is, because the ${ENV} and ${SERVICE_NAME} won't be expanded (as a shell would be required).

So the simplest, proper solution to apply here is to refactor your entrypoint.sh, or if ever you don't want to change it and still rely on environment variables with an "exec form" ENTRYPOINT, you could write instead:

…
RUN chmod a+x entrypoint1.sh
ENTRYPOINT ["./entrypoint1.sh"]
CMD ["java -jar", "-Dspring.profiles.active=docker", "target/my.jar"]

with a file

entrypoint1.sh

#!/bin/bash
exec /usr/bin/chamber exec ${ENV}_${SERVICE_NAME} -r 1 -- ./entrypoint.sh "$@"