Skip to content

Commit fa28e69

Browse files
feloyclaude
andcommitted
feat: add --image-mount flag to bake images-to-mount init scripts
Add support for loading images-to-mount YAML files and appending their shell init snippets to /sandbox/.bashrc and /sandbox/.zshrc inside the built image. - src/image_mount.rs (new): parse images-to-mount YAML files (local path or URL), derive the mount name from the filename stem, and replace $MOUNT with /sandbox/mnt/<name> in the init value. - src/containerfile.rs: introduce ContainerfileOptions struct to replace the positional argument list in generate(); add image_mount_inits field that emits printf calls appending each resolved init snippet to .bashrc and .zshrc in the same RUN layer that creates the profile files; add init_for_printf() helper that escapes backslashes, newlines, and single quotes for safe use in a single-quoted shell printf argument; add unit tests covering ordering, multiple mounts, single-quote escaping, and the no-mount-no-zshrc invariant. - src/main.rs: add --image-mount <PATH|URL> CLI flag (clap Append action, repeatable); thread image_mounts through run(); add unit tests for single mount, multiple mounts, and invalid path error. - tests/integration_test.rs: add image_mount module with integration tests (marked #[ignore] for those requiring podman) covering .bashrc and .zshrc content, sandbox ownership, and absence of .zshrc when the flag is not used; add non-ignored binary smoke-test for the invalid-path error path; register cleanup of the new test image tag. - README.md: document the new flag — YAML format, $MOUNT substitution rule, files written, CLI examples, and option table entry. Co-authored-by: Claude <claude@anthropic.com> Signed-off-by: Philippe Martin <phmartin@redhat.com>
1 parent 8b192b1 commit fa28e69

5 files changed

Lines changed: 731 additions & 32 deletions

File tree

README.md

Lines changed: 50 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
OpenShell ships a set of [pre-built sandbox images](https://github.com/NVIDIA/OpenShell-Community), but they are general-purpose. `openshell-image-builder` lets you build your own: lightweight, workspace-specific images that contain only what you need — without writing a Containerfile by hand.
66

7-
The tool assembles the image in layers — base image, agent installation, agent settings, OpenShell network policy, and project-specific toolchains. Use `--runtime` to select which container CLI drives the build (`podman`, `docker`, or the macOS `container` CLI):
7+
The tool assembles the image in layers — base image, agent installation, agent settings, OpenShell network policy, project-specific toolchains, and image-mount init scripts. Use `--runtime` to select which container CLI drives the build (`podman`, `docker`, or the macOS `container` CLI):
88

99
1. **Base image** — Ubuntu, Fedora, Red Hat UBI, or Red Hat Hardened Images (HummingBird), any tag. Ubuntu 24.04 is the default.
1010
2. **Agent installation** (`--agent`) — the agent binary is pre-installed in `PATH`.
@@ -21,6 +21,7 @@ The tool assembles the image in layers — base image, agent installation, agent
2121
- **Inference network rules** — LLM backend endpoints are added by `--inference`.
2222
- **Workspace network rules** — user-defined hosts declared in `.kaiden/workspace.json` are added to the policy when `--with-workspace-config` is used.
2323
5. **Installation of project-specific toolchains** — toolchains and utilities declared as Dev Container Features in `.kaiden/workspace.json` are installed in the image when `--with-workspace-config` is used.
24+
6. **Image-mount init scripts** (`--image-mount`) — shell init snippets from images-to-mount YAML files are appended to `/sandbox/.bashrc` and `/sandbox/.zshrc`.
2425

2526
### workspace.json fields
2627

@@ -498,6 +499,53 @@ An invalid or unparseable host entry (e.g. a bare space or malformed URL) causes
498499

499500
With this configuration, `cargo build` and `cargo fetch` inside the sandbox can download crate metadata and source tarballs.
500501

502+
## Image-mount init scripts
503+
504+
Use `--image-mount` to bake the initialisation snippet from an [images-to-mount](https://github.com/feloy/images-to-mount) YAML file into the image's shell startup files. The flag can be repeated to process multiple YAML files.
505+
506+
### YAML format
507+
508+
```yaml
509+
image: docker.io/curlimages/curl:latest # the image to mount — not used by this tool
510+
init: export PATH=$MOUNT/usr/bin:$PATH # shell snippet added to .bashrc and .zshrc
511+
```
512+
513+
The `image` field is present in the file but is ignored by `openshell-image-builder`. Only the `init` field is read.
514+
515+
`$MOUNT` in the `init` value is replaced at build time with `/sandbox/mnt/<name>`, where `<name>` is the filename stem of the YAML file — for example, `curl.yaml` → `/sandbox/mnt/curl`.
516+
517+
### What gets written
518+
519+
The resolved `init` snippet (with `$MOUNT` replaced) is appended to:
520+
521+
- `/sandbox/.bashrc` — sourced by interactive bash sessions
522+
- `/sandbox/.zshrc` — sourced by interactive zsh sessions (created if it does not already exist)
523+
524+
The append happens in the same `RUN` layer that creates the profile files, so both files are owned by the `sandbox` user.
525+
526+
### Example
527+
528+
```sh
529+
# From a local YAML file — mount name derived from filename: "curl"
530+
openshell-image-builder \
531+
--runtime podman \
532+
--image-mount /path/to/curl.yaml \
533+
myimage:latest
534+
535+
# From a URL
536+
openshell-image-builder \
537+
--runtime podman \
538+
--image-mount https://raw.githubusercontent.com/feloy/images-to-mount/main/curl.yaml \
539+
myimage:latest
540+
541+
# Multiple mounts — the flag can be repeated
542+
openshell-image-builder \
543+
--runtime podman \
544+
--image-mount /path/to/curl.yaml \
545+
--image-mount /path/to/jq.yaml \
546+
myimage:latest
547+
```
548+
501549
## Full option reference
502550

503551
```
@@ -516,6 +564,7 @@ openshell-image-builder [OPTIONS] <TAG>
516564
| `--with-workspace-config` | Read `.kaiden/workspace.json` and apply its features, skills, and network rules |
517565
| `--with-policy` | Include OpenShell sandbox policy (`/etc/openshell/policy.yaml`) in the image |
518566
| `--with-agent-settings` | Generate and include agent settings in the image (see [Agent settings](#agent-settings)) |
567+
| `--image-mount <PATH\|URL>` | Append the `init` snippet from an images-to-mount YAML file to `.bashrc` and `.zshrc`; may be repeated (see [Image-mount init scripts](#image-mount-init-scripts)) |
519568
| `-v` / `-vv` | Increase log verbosity (info / debug) |
520569
521570
## Examples

0 commit comments

Comments
 (0)