Remove --chown in Dockerfile

Allows Dockerfile builds to be compatible with buildah/imagebuilder. DEVEXP-124
2026-02-05 12:44:54 +01:00 · 2018-08-16 15:42:08 -04:00
parent b0889726d3
commit 70703fcc16
2 changed files with 129 additions and 81 deletions
--- a/pkg/build/strategies/dockerfile/dockerfile.go
+++ b/pkg/build/strategies/dockerfile/dockerfile.go
@@ -148,7 +148,8 @@ func (builder *Dockerfile) CreateDockerfile(config *api.Config) error {
 			buffer.WriteString("# Copying in override save-artifacts script\n")
 			artifactsScript = sanitize(filepath.ToSlash(filepath.Join(scriptsDestDir, "save-artifacts")))
 			uploadScript := sanitize(filepath.ToSlash(filepath.Join(builder.uploadScriptsDir, "save-artifacts")))
-			buffer.WriteString(fmt.Sprintf("COPY --chown=%s:0 %s %s\n", sanitize(imageUser), uploadScript, artifactsScript))
+			buffer.WriteString(fmt.Sprintf("COPY %s %s\n", uploadScript, artifactsScript))
+			buffer.WriteString(fmt.Sprintf("RUN chown %s:0 %s\n", sanitize(imageUser), artifactsScript))
 		} else {
 			buffer.WriteString(fmt.Sprintf("# Save-artifacts script sourced from builder image based on user input or image metadata.\n"))
 			artifactsScript = sanitize(filepath.ToSlash(filepath.Join(imageScriptsDir, "save-artifacts")))
@@ -163,8 +164,9 @@ func (builder *Dockerfile) CreateDockerfile(config *api.Config) error {
 	}

 	if config.Incremental {
-		buffer.WriteString(fmt.Sprintf("COPY --from=cached --chown=%[1]s:0 %[2]s %[2]s\n", sanitize(imageUser), artifactsTar))
-		buffer.WriteString(fmt.Sprintf("RUN if [ -s %[1]s ]; then mkdir -p %[2]s; tar -xf %[1]s -C %[2]s; fi && \\\n", artifactsTar, sanitize(filepath.ToSlash(artifactsDestDir))))
+		buffer.WriteString(fmt.Sprintf("COPY --from=cached %[1]s %[1]s\n", artifactsTar))
+		buffer.WriteString(fmt.Sprintf("RUN chown %s:0 %s && \\\n", sanitize(imageUser), artifactsTar))
+		buffer.WriteString(fmt.Sprintf("    if [ -s %[1]s ]; then mkdir -p %[2]s; tar -xf %[1]s -C %[2]s; fi && \\\n", artifactsTar, sanitize(filepath.ToSlash(artifactsDestDir))))
 		buffer.WriteString(fmt.Sprintf("    rm %s\n", artifactsTar))
 	}

@@ -193,17 +195,23 @@ func (builder *Dockerfile) CreateDockerfile(config *api.Config) error {
 	env := createBuildEnvironment(config.WorkingDir, config.Environment)
 	buffer.WriteString(fmt.Sprintf("%s", env))

+	chownList := make([]string, 0)
+
 	if len(providedScripts) > 0 {
 		// Only COPY scripts dir if required scripts are present and needed.
 		// Even if the "scripts" dir exists, the COPY would fail if it was empty.
 		glog.V(2).Infof("Override scripts are included in directory %q", builder.uploadScriptsDir)
+		scriptsDest := sanitize(filepath.ToSlash(scriptsDestDir))
 		buffer.WriteString("# Copying in override assemble/run scripts\n")
-		buffer.WriteString(fmt.Sprintf("COPY --chown=%s:0 %s %s\n", sanitize(imageUser), sanitize(filepath.ToSlash(builder.uploadScriptsDir)), sanitize(filepath.ToSlash(scriptsDestDir))))
+		buffer.WriteString(fmt.Sprintf("COPY %s %s\n", sanitize(filepath.ToSlash(builder.uploadScriptsDir)), scriptsDest))
+		chownList = append(chownList, scriptsDest)
 	}

 	// copy in the user's source code.
 	buffer.WriteString("# Copying in source code\n")
-	buffer.WriteString(fmt.Sprintf("COPY --chown=%s:0 %s %s\n", sanitize(imageUser), sanitize(filepath.ToSlash(builder.uploadSrcDir)), sanitize(filepath.ToSlash(sourceDestDir))))
+	sourceDest := sanitize(filepath.ToSlash(sourceDestDir))
+	buffer.WriteString(fmt.Sprintf("COPY %s %s\n", sanitize(filepath.ToSlash(builder.uploadSrcDir)), sourceDest))
+	chownList = append(chownList, sourceDest)

 	glog.V(4).Infof("Processing injected inputs: %#v", config.Injections)
 	config.Injections = util.FixInjectionsWithRelativePath(config.ImageWorkDir, config.Injections)
@@ -213,8 +221,20 @@ func (builder *Dockerfile) CreateDockerfile(config *api.Config) error {
 		buffer.WriteString("# Copying in injected content\n")
 	}
 	for _, injection := range config.Injections {
-		src := filepath.Join(constants.Injections, injection.Source)
-		buffer.WriteString(fmt.Sprintf("COPY --chown=%s:0 %s %s\n", sanitize(imageUser), sanitize(filepath.ToSlash(src)), sanitize(filepath.ToSlash(injection.Destination))))
+		src := sanitize(filepath.ToSlash(filepath.Join(constants.Injections, injection.Source)))
+		dest := sanitize(filepath.ToSlash(injection.Destination))
+		buffer.WriteString(fmt.Sprintf("COPY %s %s\n", src, dest))
+		chownList = append(chownList, dest)
+	}
+
+	// chown directories COPYed to image
+	if len(chownList) > 0 {
+		buffer.WriteString("# Change file ownership to the assemble user. Builder image must support chown command.\n")
+		buffer.WriteString(fmt.Sprintf("RUN chown -R %s:0", sanitize(imageUser)))
+		for _, dir := range chownList {
+			buffer.WriteString(fmt.Sprintf(" %s", dir))
+		}
+		buffer.WriteString("\n")
 	}

 	if _, provided := providedScripts[constants.Assemble]; provided {
@@ -232,7 +252,7 @@ func (builder *Dockerfile) CreateDockerfile(config *api.Config) error {
 	if len(filesToDelete) > 0 {
 		wroteRun := false
 		buffer.WriteString("# Cleaning up injected secret content\n")
-		for _, file := range(filesToDelete) {
+		for _, file := range filesToDelete {
 			if !wroteRun {
 				buffer.WriteString(fmt.Sprintf("RUN rm %s", file))
 				wroteRun = true
--- a/test/integration/integration_test.go
+++ b/test/integration/integration_test.go
@@ -13,6 +13,7 @@ import (
 	"net/http/httptest"
 	"os"
 	"path/filepath"
+	"regexp"
 	"runtime"
 	"strings"
 	"testing"
@@ -606,7 +607,7 @@ func TestDockerfileBuild(t *testing.T) {
 		AsDockerfile: tempdir + string(os.PathSeparator) + "MyDockerfile",
 	}
 	expected := []string{
-		"FROM docker.io/centos/nodejs-8-centos7",
+		"(?m)^FROM docker.io/centos/nodejs-8-centos7",
 		"\"io.openshift.s2i.build.commit.date\"",
 		"\"io.openshift.s2i.build.commit.id\"",
 		"\"io.openshift.s2i.build.commit.ref\"",
@@ -614,9 +615,10 @@ func TestDockerfileBuild(t *testing.T) {
 		"\"io.openshift.s2i.build.source-location\"",
 		"\"io.openshift.s2i.build.image\"=\"docker.io/centos/nodejs-8-centos7\"",
 		"\"io.openshift.s2i.build.commit.author\"",
-		"COPY --chown=1001:0 upload/src /tmp/src",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^COPY upload/src /tmp/src",
+		"(?m)^RUN chown -R 1001:0.* /tmp/src",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/src/server.js"),
@@ -647,7 +649,7 @@ func TestDockerfileBuildDefaultDockerfile(t *testing.T) {
 		AsDockerfile: tempdir + string(os.PathSeparator),
 	}
 	expected := []string{
-		"FROM docker.io/centos/nodejs-8-centos7",
+		"(?m)^FROM docker.io/centos/nodejs-8-centos7",
 		"\"io.openshift.s2i.build.commit.date\"",
 		"\"io.openshift.s2i.build.commit.id\"",
 		"\"io.openshift.s2i.build.commit.ref\"",
@@ -655,9 +657,10 @@ func TestDockerfileBuildDefaultDockerfile(t *testing.T) {
 		"\"io.openshift.s2i.build.source-location\"",
 		"\"io.openshift.s2i.build.image\"=\"docker.io/centos/nodejs-8-centos7\"",
 		"\"io.openshift.s2i.build.commit.author\"",
-		"COPY --chown=1001:0 upload/src /tmp/src",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^COPY upload/src /tmp/src",
+		"(?m)^RUN chown -R 1001:0.* /tmp/src",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/src/server.js"),
@@ -801,9 +804,11 @@ func TestDockerfileBuildInjections(t *testing.T) {
 	trimmedInjection2 := filepath.ToSlash(strings.TrimPrefix(injection2, filepath.VolumeName(injection2)))

 	expected := []string{
-		"COPY --chown=1001:0 upload/injections" + trimmedInjection1 + " /workdir/injection1",
-		"COPY --chown=1001:0 upload/injections" + trimmedInjection2 + " /destination/injection2",
-		"RUN rm /workdir/injection1/injectfile-",
+		"(?m)^COPY upload/injections" + trimmedInjection1 + " /workdir/injection1",
+		"(?m)^RUN chown -R 1001:0.* /workdir/injection1",
+		"(?m)^COPY upload/injections" + trimmedInjection2 + " /destination/injection2",
+		"(?m)^RUN chown -R 1001:0.* /destination/injection2",
+		"(?m)^RUN rm /workdir/injection1/injectfile-",
 		"    rm /workdir/injection1/injectfile-",
 	}
 	notExpected := []string{
@@ -845,9 +850,10 @@ func TestDockerfileBuildScriptsURLAssemble(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /destination/scripts/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /destination/scripts/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/src/server.js"),
@@ -884,9 +890,10 @@ func TestDockerfileBuildScriptsURLRun(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /destination/scripts/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /destination/scripts/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/src/server.js"),
@@ -931,9 +938,10 @@ func TestDockerfileBuildSourceScriptsAssemble(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /destination/scripts/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /destination/scripts/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/scripts/assemble"),
@@ -977,9 +985,10 @@ func TestDockerfileBuildSourceScriptsRun(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /destination/scripts/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /destination/scripts/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/scripts/run"),
@@ -1027,12 +1036,13 @@ func TestDockerfileBuildScriptsURLImage(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"RUN /usr/custom/s2i/assemble",
-		"CMD /usr/custom/s2i/run",
+		"(?m)^RUN /usr/custom/s2i/assemble",
+		"(?m)^CMD /usr/custom/s2i/run",
 	}
 	notExpected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /destination/scripts/assemble",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /destination/scripts/assemble",
 	}
 	runDockerfileTest(t, config, expected, notExpected, nil)
 }
@@ -1065,9 +1075,10 @@ func TestDockerfileBuildImageScriptsURLAssemble(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /destination/scripts/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /destination/scripts/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/src/server.js"),
@@ -1104,9 +1115,10 @@ func TestDockerfileBuildImageScriptsURLRun(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /destination/scripts/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /destination/scripts/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/src/server.js"),
@@ -1151,9 +1163,10 @@ func TestDockerfileBuildImageScriptsURLImage(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /destination/scripts/assemble",
-		"CMD /usr/custom/s2i/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /destination/scripts/assemble",
+		"(?m)^CMD /usr/custom/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/scripts/assemble"),
@@ -1190,9 +1203,10 @@ func TestDockerfileBuildScriptsAndImageURL(t *testing.T) {
 		AsDockerfile: filepath.Join(tempdir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /destination/scripts/assemble",
-		"CMD /usr/some/dir/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /destination/scripts/assemble",
+		"(?m)^CMD /usr/some/dir/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/src/server.js"),
@@ -1252,9 +1266,10 @@ func TestDockerfileBuildScriptsAndImageURLConflicts(t *testing.T) {
 		AsDockerfile: filepath.Join(outputDir, "Dockerfile"),
 	}
 	expected := []string{
-		"COPY --chown=1001:0 upload/scripts /destination/scripts",
-		"RUN /destination/scripts/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^COPY upload/scripts /destination/scripts",
+		"(?m)^RUN chown -R 1001:0.* /destination/scripts",
+		"(?m)^RUN /destination/scripts/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(outputDir, "upload/src/server.js"),
@@ -1295,15 +1310,17 @@ func TestDockerfileIncrementalBuild(t *testing.T) {
 	}

 	expected := []string{
-		"FROM test:tag as cached",
-		"RUN if [ -s /usr/libexec/s2i/save-artifacts ]; then /usr/libexec/s2i/save-artifacts > /tmp/artifacts.tar; else touch /tmp/artifacts.tar; fi",
-		"FROM docker.io/centos/nodejs-8-centos7",
-		"COPY --from=cached --chown=1001:0 /tmp/artifacts.tar /tmp/artifacts.tar",
-		"RUN if [ -s /tmp/artifacts.tar ]; then mkdir -p /tmp/artifacts; tar -xf /tmp/artifacts.tar -C /tmp/artifacts; fi",
+		"(?m)^FROM test:tag as cached",
+		"(?m)^RUN if \\[ -s /usr/libexec/s2i/save-artifacts \\]; then /usr/libexec/s2i/save-artifacts > /tmp/artifacts.tar; else touch /tmp/artifacts.tar; fi",
+		"(?m)^FROM docker.io/centos/nodejs-8-centos7",
+		"(?m)^COPY --from=cached /tmp/artifacts.tar /tmp/artifacts.tar",
+		"(?m)^RUN chown 1001:0 /tmp/artifacts.tar",
+		"if \\[ -s /tmp/artifacts.tar \\]; then mkdir -p /tmp/artifacts; tar -xf /tmp/artifacts.tar -C /tmp/artifacts; fi",
 		"rm /tmp/artifacts.tar",
-		"COPY --chown=1001:0 upload/src /tmp/src",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^COPY upload/src /tmp/src",
+		"(?m)^RUN chown -R 1001:0.* /tmp/src",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}

 	runDockerfileTest(t, config, expected, nil, nil)
@@ -1347,14 +1364,15 @@ func TestDockerfileIncrementalSourceSave(t *testing.T) {
 	}

 	expected := []string{
-		"FROM test:tag as cached",
-		"COPY --chown=1001:0 upload/scripts/save-artifacts /destination/scripts/save-artifacts",
-		"RUN if [ -s /destination/scripts/save-artifacts ]; then /destination/scripts/save-artifacts > /tmp/artifacts.tar;",
-		"FROM docker.io/centos/nodejs-8-centos7",
+		"(?m)^FROM test:tag as cached",
+		"(?m)^COPY upload/scripts/save-artifacts /destination/scripts/save-artifacts",
+		"(?m)^RUN chown 1001:0 /destination/scripts/save-artifacts",
+		"(?m)^RUN if \\[ -s /destination/scripts/save-artifacts \\]; then /destination/scripts/save-artifacts > /tmp/artifacts.tar;",
+		"(?m)^FROM docker.io/centos/nodejs-8-centos7",
 		"mkdir -p /destination/artifacts",
 		"tar -xf /tmp/artifacts.tar -C /destination/artifacts",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/scripts/save-artifacts"),
@@ -1394,14 +1412,15 @@ func TestDockerfileIncrementalSaveURL(t *testing.T) {
 	}

 	expected := []string{
-		"FROM test:tag as cached",
-		"COPY --chown=1001:0 upload/scripts/save-artifacts /destination/scripts/save-artifacts",
-		"RUN if [ -s /destination/scripts/save-artifacts ]; then /destination/scripts/save-artifacts > /tmp/artifacts.tar;",
-		"FROM docker.io/centos/nodejs-8-centos7",
+		"(?m)^FROM test:tag as cached",
+		"(?m)^COPY upload/scripts/save-artifacts /destination/scripts/save-artifacts",
+		"(?m)^RUN chown 1001:0 /destination/scripts/save-artifacts",
+		"(?m)^RUN if \\[ -s /destination/scripts/save-artifacts \\]; then /destination/scripts/save-artifacts > /tmp/artifacts.tar;",
+		"(?m)^FROM docker.io/centos/nodejs-8-centos7",
 		"mkdir -p /destination/artifacts",
 		"tar -xf /tmp/artifacts.tar -C /destination/artifacts",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}
 	expectedFiles := []string{
 		filepath.Join(tempdir, "upload/scripts/save-artifacts"),
@@ -1433,14 +1452,14 @@ func TestDockerfileIncrementalTag(t *testing.T) {
 	}

 	expected := []string{
-		"FROM incremental:tag as cached",
+		"(?m)^FROM incremental:tag as cached",
 		"/usr/libexec/s2i/save-artifacts > /tmp/artifacts.tar",
-		"FROM docker.io/centos/nodejs-8-centos7",
+		"(?m)^FROM docker.io/centos/nodejs-8-centos7",
 		"mkdir -p /tmp/artifacts",
 		"tar -xf /tmp/artifacts.tar -C /tmp/artifacts",
 		"rm /tmp/artifacts.tar",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}

 	runDockerfileTest(t, config, expected, nil, nil)
@@ -1467,15 +1486,16 @@ func TestDockerfileIncrementalAssembleUser(t *testing.T) {
 	}

 	expected := []string{
-		"FROM test:tag as cached\nUSER 2250",
+		"(?m)^FROM test:tag as cached\nUSER 2250",
 		"/usr/libexec/s2i/save-artifacts > /tmp/artifacts.tar",
-		"FROM docker.io/centos/nodejs-8-centos7",
-		"COPY --from=cached --chown=2250:0 /tmp/artifacts.tar /tmp/artifacts.tar",
+		"(?m)^FROM docker.io/centos/nodejs-8-centos7",
+		"(?m)^COPY --from=cached /tmp/artifacts.tar /tmp/artifacts.tar",
+		"(?m)^RUN chown 2250:0 /tmp/artifacts.tar",
 		"mkdir -p /tmp/artifacts",
 		"tar -xf /tmp/artifacts.tar -C /tmp/artifacts",
 		"rm /tmp/artifacts.tar",
-		"RUN /usr/libexec/s2i/assemble",
-		"CMD /usr/libexec/s2i/run",
+		"(?m)^RUN /usr/libexec/s2i/assemble",
+		"(?m)^CMD /usr/libexec/s2i/run",
 	}

 	runDockerfileTest(t, config, expected, nil, nil)
@@ -1507,12 +1527,20 @@ func runDockerfileTest(t *testing.T, config *api.Config, expected []string, notE
 	}

 	for _, s := range expected {
-		if !strings.Contains(dockerfile, s) {
+		reg, err := regexp.Compile(s)
+		if err != nil {
+			t.Fatalf("failed to compile regex %q: %v", s, err)
+		}
+		if !reg.MatchString(dockerfile) {
 			t.Fatalf("Expected dockerfile to contain %s, it did not: \n%s", s, dockerfile)
 		}
 	}
 	for _, s := range notExpected {
-		if strings.Contains(dockerfile, s) {
+		reg, err := regexp.Compile(s)
+		if err != nil {
+			t.Fatalf("failed to compile regex %q: %v", s, err)
+		}
+		if reg.MatchString(dockerfile) {
 			t.Fatalf("Expected dockerfile not to contain %s, it did: \n%s", s, dockerfile)
 		}
 	}