One challenge with the PR, is that moving everything out of the dockerfile bypasses the packaging benefits of containers. In many cases, it's considered anti-pattern to push everything into a shell script. This also can be particularly frustrating to users who clone and build from systems with different line endings. One compromise though, is that there can be merits of the bootstrapping scripting, and the contents of the dockerfile doesn't necessarily need to be removed in order to gain some of those merits

With this, my only real reason for not packaging it with the container itself was to comply with the implied "no repackaging" I'm indifferent as to whether or not it gets shipped with the code. If the owner/ceo[s] is fine with it and can sign off, I don't really mind. Technically one could push their copy of this locally to their registry that isn't public, and then technically, that isn't repackaging and redistributing. However, I was also concerned that the initial build step in the previous iteration of the Dockerfile required the BuildKit dependency so that it could hook into the Postgres DB, which to me said that it was doing some kind of database manipulation which I believe can only be done on the target deployed environment.

The buildkit requirement is because of the core architecture issue. I agree that it shouldn't be necessary at build time and hopefully that requirement will get removed altogether in time

Maybe this is invisible to me, which may be why my build isn't launching a web app at the moment.