feat: add container.mounts to AWF config file schema#5755
Conversation
container.mounts to AWF config file schema
There was a problem hiding this comment.
Pull request overview
Adds a config-file equivalent for the existing --mount/-v CLI flag by introducing container.mounts in the AWF config schema and wiring it through config parsing/mapping so mount specs can be validated and provided via --config/stdin.
Changes:
- Extend the AWF JSON Schema (src + docs) with
container.mounts(array of strings) and add schema validation tests. - Extend the config-file TypeScript interface with
container.mounts?: string[]. - Map
container.mountsinto the CLI options object asmount, with mapper tests.
Show a summary per file
| File | Description |
|---|---|
| src/schema.test.ts | Adds schema validation tests for container.mounts. |
| src/config-mapper.ts | Maps container.mounts → CLI option mount. |
| src/config-file.ts | Extends AwfFileConfig.container with mounts?: string[]. |
| src/config-file-mapping.test.ts | Adds tests verifying container.mounts mapping behavior. |
| src/awf-config-schema.json | Introduces container.mounts schema definition (runtime validation source). |
| docs/awf-config.schema.json | Mirrors schema change for external consumers/documentation. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 6/6 changed files
- Comments generated: 2
- Review effort level: Low
| "mounts": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string", | ||
| "pattern": "^[^:]+:[^:]+(:(ro|rw))?$" | ||
| }, | ||
| "description": "Custom volume mounts for the agent container. Format: \"host_path:container_path[:ro|rw]\". In chroot mode, container paths are automatically prefixed with /host." |
| it('accepts valid container.mounts array', () => { | ||
| expect(validate({ container: { mounts: ['/tmp/gh-aw:/tmp/gh-aw:ro'] } })).toBe(true); | ||
| expect(validate({ container: { mounts: ['/tmp/gh-aw:/tmp/gh-aw:rw', '/data:/data'] } })).toBe(true); | ||
| expect(validate({ container: { mounts: [] } })).toBe(true); | ||
| }); | ||
|
|
||
| it('rejects invalid container.mounts entries', () => { | ||
| expect(validate({ container: { mounts: ['invalid-no-colon'] } })).toBe(false); | ||
| expect(validate({ container: { mounts: ['/src:/dst:invalid-mode'] } })).toBe(false); | ||
| expect(validate({ container: { mounts: 'not-an-array' } })).toBe(false); | ||
| }); |
|
@copilot address review feedback |
Done in the latest commit. Both schema files now use |
|
✅ Copilot review passed with no inline comments. @copilot Add the |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
✅ Contribution Check completed successfully! Contribution guidelines review complete for PR #5755: all applicable CONTRIBUTING.md requirements are satisfied based on the provided PR metadata, diff, and CONTRIBUTING.md context. No comment needed. |
|
✅ Build Test Suite completed successfully! |
|
🔌 Smoke Services — All services reachable! ✅ |
|
✅ Smoke Claude passed |
|
🚀 Security Guard has started processing this pull request |
|
🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅ |
|
📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅ |
|
✅ Smoke Gemini completed. All facets verified. 💎 |
|
✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟 |
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
Smoke Test: Claude Engine Validation
Overall result: PASS ✅
|
Smoke Test: Copilot BYOK (Direct) Mode ✅ PASSTests:
Mode: Direct BYOK (agent → api-proxy sidecar → api.githubcopilot.com)
|
🔬 Smoke Test ResultsPR: feat: add
Overall: PASS ✅
|
Smoke Test Results
Overall Status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
Smoke Test: PAT Auth — FAIL ❌
Overall: FAIL — template variables (
|
🔍 Smoke Test: API Proxy OTEL Tracing
All 5 scenarios pass. OTEL integration is complete and functional.
|
|
Running in direct BYOK mode via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) authenticated via Microsoft Entra. Overall status: PASS
|
Chroot Version Comparison Results
Overall: ❌ Not all tests passed — Python and Node.js versions differ between host and chroot environments.
|
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
Smoke Test: GitHub Actions Services Connectivity
Overall: ❌ FAIL —
|
|
Merged PR titles:
Checks:
|
|
Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY + COPILOT_PROVIDER_BASE_URL) via api-proxy → Azure OpenAI (Foundry, o4-mini-aw) fix: ensure chmod runs even when chown fails in rootless permission repair — ✅ GitHub.com connectivity — ✅ Overall: PASS cc
|
Add missing container.mounts CLI mapping entry to awf-config-spec.md. PR #5755 added container.mounts to the JSON schema, TypeScript types, and config-file.ts mapping, but the Section 5 CLI mapping table in docs/awf-config-spec.md was not updated. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: propagate config fields to all layers Add missing container.mounts CLI mapping entry to awf-config-spec.md. PR #5755 added container.mounts to the JSON schema, TypeScript types, and config-file.ts mapping, but the Section 5 CLI mapping table in docs/awf-config-spec.md was not updated. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Landon Cox <landon.cox@microsoft.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
The
--mount/-vCLI flag had no config-file equivalent, forcing security-sensitive mount specs (e.g., ARC/DinD ro-base + rw-overlay patterns) to be passed as positional CLI arguments rather than through validated stdin config.Changes
docs/awf-config.schema.json+src/awf-config-schema.json— Addcontainer.mountsproperty: array of strings validated against^[^:]+:[^:]+(:(ro|rw))?$src/config-file.ts— Addmounts?: string[]to thecontainerinterfacesrc/config-mapper.ts— Mapcontainer.mounts→mountCLI option (picked up by the existingagent-options.tsarray validator)Usage
{ "container": { "mounts": [ "${RUNNER_TEMP}/gh-aw:${RUNNER_TEMP}/gh-aw:ro", "${RUNNER_TEMP}/gh-aw/home:${RUNNER_TEMP}/gh-aw/home:rw", "${RUNNER_TEMP}/gh-aw/sandbox/agent:${RUNNER_TEMP}/gh-aw/sandbox/agent:rw" ] } }CLI precedence is preserved — explicit
--mountflags still override config values.