You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: add --image-mount flag to bake images-to-mount init scripts
Add support for loading images-to-mount YAML files and appending their
shell init snippets to /sandbox/.bashrc and /sandbox/.zshrc inside the
built image.
- src/image_mount.rs (new): parse images-to-mount YAML files (local
path or URL), derive the mount name from the filename stem, and
replace $MOUNT with /sandbox/mnt/<name> in the init value.
- src/containerfile.rs: introduce ContainerfileOptions struct to
replace the positional argument list in generate(); add
image_mount_inits field that emits printf calls appending each
resolved init snippet to .bashrc and .zshrc in the same RUN layer
that creates the profile files; add init_for_printf() helper that
escapes backslashes, newlines, and single quotes for safe use in a
single-quoted shell printf argument; add unit tests covering
ordering, multiple mounts, single-quote escaping, and the
no-mount-no-zshrc invariant.
- src/main.rs: add --image-mount <PATH|URL> CLI flag (clap Append
action, repeatable); thread image_mounts through run(); add unit
tests for single mount, multiple mounts, and invalid path error.
- tests/integration_test.rs: add image_mount module with integration
tests (marked #[ignore] for those requiring podman) covering .bashrc
and .zshrc content, sandbox ownership, and absence of .zshrc when
the flag is not used; add non-ignored binary smoke-test for the
invalid-path error path; register cleanup of the new test image tag.
- README.md: document the new flag — YAML format, $MOUNT substitution
rule, files written, CLI examples, and option table entry.
Copy file name to clipboardExpand all lines: README.md
+50-1Lines changed: 50 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@
4
4
5
5
OpenShell ships a set of [pre-built sandbox images](https://github.com/NVIDIA/OpenShell-Community), but they are general-purpose. `openshell-image-builder` lets you build your own: lightweight, workspace-specific images that contain only what you need — without writing a Containerfile by hand.
6
6
7
-
The tool assembles the image in layers — base image, agent installation, agent settings, OpenShell network policy, and project-specific toolchains. Use `--runtime` to select which container CLI drives the build (`podman`, `docker`, or the macOS `container` CLI):
7
+
The tool assembles the image in layers — base image, agent installation, agent settings, OpenShell network policy, project-specific toolchains, and image-mount init scripts. Use `--runtime` to select which container CLI drives the build (`podman`, `docker`, or the macOS `container` CLI):
8
8
9
9
1.**Base image** — Ubuntu, Fedora, Red Hat UBI, or Red Hat Hardened Images (HummingBird), any tag. Ubuntu 24.04 is the default.
10
10
2.**Agent installation** (`--agent`) — the agent binary is pre-installed in `PATH`.
@@ -21,6 +21,7 @@ The tool assembles the image in layers — base image, agent installation, agent
21
21
-**Inference network rules** — LLM backend endpoints are added by `--inference`.
22
22
-**Workspace network rules** — user-defined hosts declared in `.kaiden/workspace.json` are added to the policy when `--with-workspace-config` is used.
23
23
5.**Installation of project-specific toolchains** — toolchains and utilities declared as Dev Container Features in `.kaiden/workspace.json` are installed in the image when `--with-workspace-config` is used.
24
+
6.**Image-mount init scripts** (`--image-mount`) — shell init snippets from images-to-mount YAML files are appended to `/sandbox/.bashrc` and `/sandbox/.zshrc`.
24
25
25
26
### workspace.json fields
26
27
@@ -498,6 +499,53 @@ An invalid or unparseable host entry (e.g. a bare space or malformed URL) causes
498
499
499
500
With this configuration, `cargo build` and `cargo fetch` inside the sandbox can download crate metadata and source tarballs.
500
501
502
+
## Image-mount init scripts
503
+
504
+
Use `--image-mount` to bake the initialisation snippet from an [images-to-mount](https://github.com/feloy/images-to-mount) YAML file into the image's shell startup files. The flag can be repeated to process multiple YAML files.
505
+
506
+
### YAML format
507
+
508
+
```yaml
509
+
image: docker.io/curlimages/curl:latest # the image to mount — not used by this tool
510
+
init: export PATH=$MOUNT/usr/bin:$PATH # shell snippet added to .bashrc and .zshrc
511
+
```
512
+
513
+
The `image` field is present in the file but is ignored by `openshell-image-builder`. Only the `init` field is read.
514
+
515
+
`$MOUNT`in the `init` value is replaced at build time with `/sandbox/mnt/<name>`, where `<name>` is the filename stem of the YAML file — for example, `curl.yaml` → `/sandbox/mnt/curl`.
516
+
517
+
### What gets written
518
+
519
+
The resolved `init` snippet (with `$MOUNT` replaced) is appended to:
520
+
521
+
- `/sandbox/.bashrc`— sourced by interactive bash sessions
522
+
- `/sandbox/.zshrc`— sourced by interactive zsh sessions (created if it does not already exist)
523
+
524
+
The append happens in the same `RUN` layer that creates the profile files, so both files are owned by the `sandbox` user.
525
+
526
+
### Example
527
+
528
+
```sh
529
+
# From a local YAML file — mount name derived from filename: "curl"
| `--with-workspace-config` | Read `.kaiden/workspace.json` and apply its features, skills, and network rules |
517
565
| `--with-policy` | Include OpenShell sandbox policy (`/etc/openshell/policy.yaml`) in the image |
518
566
| `--with-agent-settings` | Generate and include agent settings in the image (see [Agent settings](#agent-settings)) |
567
+
| `--image-mount <PATH\|URL>` | Append the `init` snippet from an images-to-mount YAML file to `.bashrc` and `.zshrc`; may be repeated (see [Image-mount init scripts](#image-mount-init-scripts)) |
0 commit comments