Skip to content

fix(harness): build and push harness Dockerfile via CDK asset (#927)#930

Closed
aryankhanna2004 wants to merge 1 commit intoaws:previewfrom
aryankhanna2004:fix/harness-dockerfile-silent-ignore
Closed

fix(harness): build and push harness Dockerfile via CDK asset (#927)#930
aryankhanna2004 wants to merge 1 commit intoaws:previewfrom
aryankhanna2004:fix/harness-dockerfile-silent-ignore

Conversation

@aryankhanna2004
Copy link
Copy Markdown

@aryankhanna2004 aryankhanna2004 commented Apr 22, 2026

Summary

Fixes #927. When a harness's harness.json sets dockerfile instead of containerUri, the deploy pipeline previously dropped the field silently: the CDK stack produced no image asset and the mapper omitted environmentArtifact from CreateHarness, so the harness came up without the user's custom container.

This wires the dockerfile through end-to-end:

  • src/assets/cdk/bin/cdk.ts — forwards dockerfile and a resolved codeLocation (absolute harness directory) into the stack props.
  • src/assets/cdk/lib/cdk-stack.ts — creates a linux/arm64 DockerImageAsset per harness that specifies a dockerfile, and emits its imageUri as a per-harness CfnOutput named ApplicationHarness<Pascal>ImageUri.
  • src/cli/operations/deploy/imperative/deployers/harness-mapper.ts — resolves that output from cdkOutputs and populates environmentArtifact.containerConfiguration.containerUri on CreateHarness. If the expected output is missing (e.g. Docker was unavailable during synth), the mapper now throws an actionable error instead of continuing silently.

Behavior preserved when neither dockerfile nor containerUri is set (harness uses the managed default image). Explicit containerUri still takes precedence over a built image.

A Docker daemon with buildx linux/arm64 support is required at agentcore deploy time, matching the existing requirement for agent runtime Dockerfiles.

Test plan

  • npm run typecheck clean
  • npm run lint — 0 errors (all remaining warnings are pre-existing)
  • 3 new unit tests in harness-mapper.test.ts:
    • resolves built image URI from CDK outputs when dockerfile is set
    • throws actionable error when output is missing
    • explicit containerUri still wins over built image
  • Asset snapshot tests updated (npm run test:update-snapshots for the affected CDK files)
  • End-to-end against a real project (harness with dockerfile: "Dockerfile", AWS_IAM auth, Claude Opus, browser + code interpreter, PPTX skill):
    • arm64 image built locally and pushed to cdk-hnb659fds-container-assets-<acct>-us-east-1
    • Stack output ApplicationHarnessPptagentImageUri emitted
    • CreateHarness accepted the environmentArtifact; harness reached READY

Fixes #927

@aryankhanna2004
fix(harness): build and push harness Dockerfile via CDK asset (aws#927)
3661db1 
When a harness's harness.json sets "dockerfile" instead of "containerUri",
the deploy pipeline previously silently dropped the field: the CDK stack
created no image asset and the mapper omitted environmentArtifact from
CreateHarness, so the harness came up without the user's custom
container. See aws#927 for the repro.

This change wires the dockerfile through end-to-end:

- src/assets/cdk/bin/cdk.ts now forwards `dockerfile` and a resolved
  `codeLocation` (absolute harness directory) into the stack props.
- src/assets/cdk/lib/cdk-stack.ts creates a linux/arm64 DockerImageAsset
  per harness that specifies a dockerfile and emits its imageUri as a
  per-harness CfnOutput named `ApplicationHarness<Pascal>ImageUri`.
- src/cli/operations/deploy/imperative/deployers/harness-mapper.ts
  resolves that output from cdkOutputs and populates
  environmentArtifact.containerConfiguration.containerUri on the
  CreateHarness call. If the stack lacks the output (e.g. Docker was
  unavailable during synth), the mapper throws an actionable error
  instead of continuing silently.

Behavior preserved when neither `dockerfile` nor `containerUri` is set
(harness uses the managed default image). Explicit `containerUri` still
takes precedence over a built image.

Docker daemon with buildx linux/arm64 support is required at
`agentcore deploy` time, matching the existing requirement for agent
runtime Dockerfiles.

Tests:
- 3 new harness-mapper unit tests covering dockerfile + cdkOutputs,
  missing-output error, and containerUri precedence.
- Updated asset snapshot tests for the new CDK files.
- Verified end-to-end against a real project:
    * arm64 image built and pushed to
      cdk-hnb659fds-container-assets-<acct>-us-east-1.
    * ApplicationHarnessPptagentImageUri stack output emitted.
    * CreateHarness succeeded and harness reached READY.

Fixes aws#927
This was referenced Apr 22, 2026
Open
Open
@aryankhanna2004
Copy link
Copy Markdown
Author

aryankhanna2004 commented Apr 22, 2026

Closing in favor of #929 (by @tejaskash), which landed a few minutes before this one and takes a cleaner approach.

tl;dr: #929 reuses the existing agent Container build pipeline in the CLI (ContainerSourceAssetFromPath + AgentEcrRepository + ContainerBuildProject + ContainerImageBuilder from @aws/agentcore-cdk), so the build runs in AWS CodeBuild with native arm64 and no local Docker daemon required. This PR used DockerImageAsset from aws-cdk-lib/aws-ecr-assets, which forces every user to have a local docker buildx with arm64 emulation and introduces a second build primitive alongside the one agents already use.

Full comparison and rationale in #927 (comment).

No action items for reviewers here — please move discussion to #929.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aryankhanna2004