feat: add custom dockerfile support for Container agent builds#783
Open
aidandaly24 wants to merge 2 commits intoaws:mainfrom
Open
feat: add custom dockerfile support for Container agent builds#783aidandaly24 wants to merge 2 commits intoaws:mainfrom
aidandaly24 wants to merge 2 commits intoaws:mainfrom
Conversation
Add an optional `dockerfile` field to Container agent configuration, allowing users to specify a custom Dockerfile name (e.g. Dockerfile.gpu) instead of the default "Dockerfile". Changes across all layers: - Schema: Add dockerfile field to AgentEnvSpecSchema with filename validation - CLI wizard: Add "Custom Dockerfile" option to Advanced settings multi-select, with dedicated Dockerfile input step in the breadcrumb wizard - Dev server: Thread dockerfile through container config to docker build - Deploy preflight: Validate custom dockerfile exists before deploy - Packaging: Pass dockerfile to container build commands - Security: getDockerfilePath rejects path traversal (/, \, ..) - Tests: 64 new/updated tests across schema, preflight, dev config, packaging, wizard, and constants Constraint: Dockerfile must be a filename only (no path separators) Rejected: Accept full paths | path traversal security risk Rejected: Auto-copy Dockerfile on create | users manage their own Dockerfiles Confidence: high Scope-risk: moderate Not-tested: Interactive TUI tested manually via TUI harness (not in CI)
Contributor
Package TarballHow to installnpm install https://github.com/aws/agentcore-cli/releases/download/pr-783-tarball/aws-agentcore-0.6.0.tgz |
- Remove unused ADVANCED_GROUP_LABELS constant (dead code) - Remove unnecessary export on DOCKERFILE_NAME_REGEX - Fix stale `steps` dependency in useGenerateWizard setAdvanced callback - Trim computeByoSteps.test.ts to dockerfile-only tests (remove 11 tests for pre-existing behavior unchanged by this PR) - Remove redundant "uses default Dockerfile" tests that duplicate existing coverage in preflight, config, and container packager test files - Consolidate shell metacharacter it.each from 5 cases to 1 representative Confidence: high Scope-risk: narrow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add an optional
dockerfilefield to Container agent configuration, allowing users to specify a custom Dockerfile name (e.g.Dockerfile.gpu) instead of the defaultDockerfile. This threads the new field through every layer: schema validation, CLI wizard, dev server, deploy preflight, and packaging.Screenshots
Advanced settings multi-select with "Custom Dockerfile" option:
Dockerfile path input step:
Changes
Schema
src/schema/schemas/agent-env.tsdockerfilefield with filename regex validationsrc/schema/llm-compacted/agentcore.tsdockerfileto compacted schemaCLI Wizard (TUI)
src/cli/tui/screens/generate/types.tsdockerfileto advanced settings typessrc/cli/tui/screens/generate/useGenerateWizard.tssrc/cli/tui/screens/generate/GenerateWizardUI.tsxsrc/cli/tui/screens/agent/AddAgentScreen.tsxsrc/cli/tui/screens/agent/types.tssrc/cli/tui/screens/agent/useAddAgent.tssrc/cli/tui/screens/create/useCreateFlow.tsDev Server
src/cli/operations/dev/config.tssrc/cli/operations/dev/container-dev-server.tsDeploy & Packaging
src/cli/operations/deploy/preflight.tssrc/cli/operations/agent/generate/schema-mapper.tssrc/lib/packaging/container.tssrc/lib/constants.tsgetDockerfilePath()with path traversal guardTests (64 new/updated)
src/schema/schemas/__tests__/agent-env.test.tssrc/cli/operations/deploy/__tests__/preflight-container.test.tssrc/cli/operations/dev/__tests__/config.test.tssrc/lib/packaging/__tests__/container.test.tssrc/lib/__tests__/constants.test.tssrc/cli/tui/screens/generate/__tests__/useGenerateWizard.test.tsxsrc/cli/tui/screens/agent/__tests__/computeByoSteps.test.tsSecurity
getDockerfilePath()rejects any dockerfile name containing/,\, or..to prevent path traversal attacks. The Zod schema additionally enforces^[a-zA-Z0-9][a-zA-Z0-9._-]*$.Test plan
npm test— 3203 passed (5 pre-existing failures in JWT gateway, unrelated)Dockerfile.gpudeployed to AWS, status READY, invoke returns responseagentcore devbuilds fromDockerfile.gpu— confirmed in Docker build logagentcore devwith no dockerfile field builds fromDockerfile— confirmedRelated