feat: add custom dockerfile support for Container agent builds#783
Merged
aidandaly24 merged 4 commits intoaws:mainfrom Apr 7, 2026
Merged
feat: add custom dockerfile support for Container agent builds#783aidandaly24 merged 4 commits intoaws:mainfrom
aidandaly24 merged 4 commits intoaws:mainfrom
Conversation
Add an optional `dockerfile` field to Container agent configuration, allowing users to specify a custom Dockerfile name (e.g. Dockerfile.gpu) instead of the default "Dockerfile". Changes across all layers: - Schema: Add dockerfile field to AgentEnvSpecSchema with filename validation - CLI wizard: Add "Custom Dockerfile" option to Advanced settings multi-select, with dedicated Dockerfile input step in the breadcrumb wizard - Dev server: Thread dockerfile through container config to docker build - Deploy preflight: Validate custom dockerfile exists before deploy - Packaging: Pass dockerfile to container build commands - Security: getDockerfilePath rejects path traversal (/, \, ..) - Tests: 64 new/updated tests across schema, preflight, dev config, packaging, wizard, and constants Constraint: Dockerfile must be a filename only (no path separators) Rejected: Accept full paths | path traversal security risk Rejected: Auto-copy Dockerfile on create | users manage their own Dockerfiles Confidence: high Scope-risk: moderate Not-tested: Interactive TUI tested manually via TUI harness (not in CI)
Contributor
Package TarballHow to installnpm install https://github.com/aws/agentcore-cli/releases/download/pr-783-tarball/aws-agentcore-0.6.0.tgz |
- Remove unused ADVANCED_GROUP_LABELS constant (dead code) - Remove unnecessary export on DOCKERFILE_NAME_REGEX - Fix stale `steps` dependency in useGenerateWizard setAdvanced callback - Trim computeByoSteps.test.ts to dockerfile-only tests (remove 11 tests for pre-existing behavior unchanged by this PR) - Remove redundant "uses default Dockerfile" tests that duplicate existing coverage in preflight, config, and container packager test files - Consolidate shell metacharacter it.each from 5 cases to 1 representative Confidence: high Scope-risk: narrow
When a custom dockerfile is configured (e.g. Dockerfile.gpu), the renderer was still copying the default template Dockerfile into the agent directory, leaving an unused file alongside the custom one. Thread the dockerfile config through AgentRenderConfig and use a new exclude option on copyAndRenderDir to skip the template Dockerfile when a custom one is specified. The .dockerignore is still scaffolded. Constraint: copyAndRenderDir is a shared utility used by all renderers Rejected: Delete template after render | user requested option A (don't create) Confidence: high Scope-risk: narrow
Replace the TextInput with PathInput for Dockerfile selection in both the BYO add-agent and Generate wizard flows. This gives users a real file browser with directory navigation and existence validation on submit, matching the UX pattern used by the policy file picker. BYO flow: PathInput scoped to the agent's code directory so users browse their existing files and pick a Dockerfile. Generate flow: PathInput scoped to cwd so users browse the filesystem to find a Dockerfile to copy into the new project. Added allowEmpty and emptyHelpText props to PathInput so users can press Enter to use the default Dockerfile. Constraint: PathInput is a shared component used by policy and import screens Rejected: Soft warning on TextInput | user preferred real file picker like policy Confidence: high Scope-risk: narrow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add an optional
dockerfilefield to Container agent configuration, allowing users to specify a custom Dockerfile name (e.g.Dockerfile.gpu) instead of the defaultDockerfile. This threads the new field through every layer: schema validation, CLI wizard, dev server, deploy preflight, and packaging.Screenshots
Advanced settings multi-select with "Custom Dockerfile" option:
Dockerfile path input step:
Changes
Schema
src/schema/schemas/agent-env.tsdockerfilefield with filename regex validationsrc/schema/llm-compacted/agentcore.tsdockerfileto compacted schemaCLI Wizard (TUI)
src/cli/tui/screens/generate/types.tsdockerfileto advanced settings typessrc/cli/tui/screens/generate/useGenerateWizard.tssrc/cli/tui/screens/generate/GenerateWizardUI.tsxsrc/cli/tui/screens/agent/AddAgentScreen.tsxsrc/cli/tui/screens/agent/types.tssrc/cli/tui/screens/agent/useAddAgent.tssrc/cli/tui/screens/create/useCreateFlow.tsDev Server
src/cli/operations/dev/config.tssrc/cli/operations/dev/container-dev-server.tsDeploy & Packaging
src/cli/operations/deploy/preflight.tssrc/cli/operations/agent/generate/schema-mapper.tssrc/lib/packaging/container.tssrc/lib/constants.tsgetDockerfilePath()with path traversal guardTests (64 new/updated)
src/schema/schemas/__tests__/agent-env.test.tssrc/cli/operations/deploy/__tests__/preflight-container.test.tssrc/cli/operations/dev/__tests__/config.test.tssrc/lib/packaging/__tests__/container.test.tssrc/lib/__tests__/constants.test.tssrc/cli/tui/screens/generate/__tests__/useGenerateWizard.test.tsxsrc/cli/tui/screens/agent/__tests__/computeByoSteps.test.tsSecurity
getDockerfilePath()rejects any dockerfile name containing/,\, or..to prevent path traversal attacks. The Zod schema additionally enforces^[a-zA-Z0-9][a-zA-Z0-9._-]*$.Test plan
npm test— 3203 passed (5 pre-existing failures in JWT gateway, unrelated)Dockerfile.gpudeployed to AWS, status READY, invoke returns responseagentcore devbuilds fromDockerfile.gpu— confirmed in Docker build logagentcore devwith no dockerfile field builds fromDockerfile— confirmedRelated