feat(runtime): add cloud image build support#13
Conversation
Signed-off-by: 117503445 <t117503445@gmail.com>
There was a problem hiding this comment.
Pull request overview
Adds cloud image build support for Agent Runtime YAML workflows, allowing ar runtime apply to build images before deployment and adding a standalone ar runtime cloud-build command.
Changes:
- Adds parsing and serialization for
spec.container.cloudBuild. - Adds docker-image-builder download/execution helpers and CLI command wiring.
- Updates runtime docs, examples, and tests for cloud-build behavior.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
src/agentrun_cli/_utils/agentruntime_yaml.py |
Parses cloudBuild YAML fields into runtime model objects. |
src/agentrun_cli/_utils/cloud_build.py |
Implements builder environment, arguments, binary download/cache, execution, and output serialization. |
src/agentrun_cli/commands/runtime/cloud_build_cmd.py |
Adds standalone runtime cloud-build command. |
src/agentrun_cli/commands/runtime/apply_cmd.py |
Runs cloud build before runtime reconciliation and includes result output. |
src/agentrun_cli/commands/runtime/render_cmd.py |
Adds cloud build plan preview to render output. |
src/agentrun_cli/commands/runtime/__init__.py |
Registers the new cloud-build subcommand. |
tests/unit/test_runtime_yaml.py |
Adds cloud build YAML parsing and validation coverage. |
tests/unit/test_cloud_build.py |
Adds unit tests for cloud build helpers. |
tests/integration/test_runtime_cmd.py |
Adds CLI integration coverage for render, cloud-build, and apply behavior. |
README.md, README_zh.md, docs/en/runtime.md, docs/zh/runtime.md, docs/en/runtime-yaml.md, docs/zh/runtime-yaml.md, agentruntime.yaml |
Documents cloud build usage and YAML schema. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Args: | ||
| value: Field value. | ||
| where: Path used in error messages. | ||
| """ |
| url = f"{BUILDER_BASE_URL}/{tag}/{_artifact_name()}" | ||
| try: | ||
| _download_binary(url, tmp) | ||
| tmp.chmod(tmp.stat().st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH) | ||
| tmp.replace(target) |
Sodawyx
left a comment
Sodawyx
left a comment
There was a problem hiding this comment.
Reviewed the cloud build PR. The implementation direction looks good, but I found a few issues that should be addressed before merge.
| _set_env_if_present( | ||
| env, | ||
| "DOCKER_IMAGE_BUILDER_REGION", | ||
| cloud_build.region or _cfg_value(cfg, "region_id"), |
There was a problem hiding this comment.
This lets pre-existing DOCKER_IMAGE_BUILDER_REGION silently override cloudBuild.region and the active AgentRun profile. For example, if the shell has DOCKER_IMAGE_BUILDER_REGION=cn-hangzhou, a YAML value of cloudBuild.region: cn-shanghai is ignored. UID/AK/SK have the same problem when users switch --profile. Explicit YAML/profile values should override the child process environment, with env/.env used only as fallback. Please add regression tests for YAML region and profile credentials overriding stale env values.
| tmp = install_dir / f"{_executable_name()}.tmp-{os.getpid()}" | ||
| url = f"{BUILDER_BASE_URL}/{tag}/{_artifact_name()}" | ||
| try: | ||
| _download_binary(url, tmp) |
There was a problem hiding this comment.
The CLI downloads a binary, marks it executable, caches it, and later runs it without verifying integrity. Because this becomes code execution on the user's machine, the downloader should verify a pinned SHA256 or signature per release tag/platform before replacing the cached binary.
|
|
||
| results = [] | ||
| for parsed in docs: | ||
| if parsed.container.cloud_build is None: |
There was a problem hiding this comment.
For multi-document YAML, this command builds documents as it iterates, then fails when it reaches a later document without spec.container.cloudBuild. That can leave a partial build side effect with exit code 2 and no success output. Please pre-scan all docs for required cloudBuild blocks before invoking any builder process.
No description provided.