Support entrypoint and command for service containers#4276
Merged
ericsciple merged 2 commits intomainfrom Mar 4, 2026
Merged
Conversation
ericsciple
force-pushed
the
users/ericsciple/26-03-services
branch
from
b5f9f62 to
296ae07
Compare
ericsciple
commented
Mar 4, 2026
| "image": { | ||
| "type": "string", | ||
| "description": "Use `jobs.<job_id>.container.image` to define the Docker image to use as the container to run the action. The value can be the Docker Hub image or a registry name." | ||
| "description": "The Docker image to use as the container. The value can be the Docker Hub image or a registry name." |
Collaborator
Author
There was a problem hiding this comment.
Matches descriptions from server copy
ericsciple
commented
Mar 4, 2026
| this.ContainerImage = containerImage; | ||
| this.ContainerDisplayName = $"{container.Alias}_{Pipelines.Validation.NameValidation.Sanitize(containerImage)}_{Guid.NewGuid().ToString("N").Substring(0, 6)}"; | ||
| this.ContainerCreateOptions = container.Options; | ||
| this.ContainerEntryPoint = container.Entrypoint; |
Collaborator
Author
There was a problem hiding this comment.
Sets existing properties, which DockerCommandManager already uses for docker create
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support for entrypoint and command on service containers in workflow YAML, gated behind the actions_service_container_command feature flag, and wires the parsed values through to container creation.
Changes:
- Extend both legacy (DTPipelines) and new (WorkflowParser) schemas/parsers to recognize
services.<id>.entrypointandservices.<id>.command. - Gate parsing/evaluation via
actions_service_container_command(plusACTIONS_SERVICE_CONTAINER_COMMANDenv var fallback) and emit a validation error when disabled. - Add/extend L0 coverage to validate parity between legacy and new evaluators (flag on/off cases).
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Test/L0/Worker/PipelineTemplateEvaluatorWrapperL0.cs | Updates wrapper construction and adds tests for service container entrypoint/command with flag on/off. |
| src/Sdk/WorkflowParser/workflow-v1.0.json | Introduces service-container-mapping and allows entrypoint/command under services. |
| src/Sdk/WorkflowParser/WorkflowFeatures.cs | Adds AllowServiceContainerCommand feature switch to WorkflowParser feature set. |
| src/Sdk/WorkflowParser/JobContainer.cs | Adds Entrypoint and Command properties to WorkflowParser JobContainer. |
| src/Sdk/WorkflowParser/Conversion/WorkflowTemplateConverter.cs | Parses/gates entrypoint/command and sets them on the converted container model. |
| src/Sdk/WorkflowParser/Conversion/WorkflowTemplateConstants.cs | Adds constants for entrypoint and command keys. |
| src/Sdk/DTPipelines/workflow-v1.0.json | Introduces service-container-mapping for legacy schema and allows entrypoint/command under services. |
| src/Sdk/DTPipelines/Pipelines/ObjectTemplating/PipelineTemplateEvaluator.cs | Threads AllowServiceContainerCommand through service container evaluation. |
| src/Sdk/DTPipelines/Pipelines/ObjectTemplating/PipelineTemplateConverter.cs | Parses/gates entrypoint/command for legacy JobContainer conversion. |
| src/Sdk/DTPipelines/Pipelines/ObjectTemplating/PipelineTemplateConstants.cs | Adds constants for entrypoint and command keys in legacy pipeline templating. |
| src/Sdk/DTPipelines/Pipelines/JobContainer.cs | Adds Entrypoint and Command properties to legacy JobContainer. |
| src/Runner.Worker/PipelineTemplateEvaluatorWrapper.cs | Passes the flag into both evaluators and compares Entrypoint/Command for mismatch recording. |
| src/Runner.Worker/ExecutionContext.cs | Reads feature flag + env var and propagates it to evaluators/wrapper. |
| src/Runner.Worker/Container/ContainerInfo.cs | Maps parsed Entrypoint/Command into ContainerInfo for downstream container creation. |
| src/Runner.Common/Constants.cs | Adds actions_service_container_command feature flag constant. |
Comments suppressed due to low confidence (1)
src/Runner.Worker/PipelineTemplateEvaluatorWrapper.cs:418
- These mismatch logs include the full
Commandvalue.commandoften contains long shell fragments and can include secrets; consider avoiding logging the raw command (or redact/limit it) to reduce the risk of leaking sensitive workflow content into diagnostic logs.
if (!string.Equals(legacyResult.Command, newResult.Command, StringComparison.Ordinal))
{
_trace.Info($"CompareJobContainer mismatch - Command differs (legacy='{legacyResult.Command}', new='{newResult.Command}')");
return false;
}
entrypoint and command for service containers
luketomlinson
approved these changes
Mar 4, 2026
dawidmalina
pushed a commit
to dawidmalina/github-runner
that referenced
this pull request
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for
entrypointandcommandproperties on service containers in workflow YAML.Feature flag:
actions_service_container_commandChanges
PipelineTemplateConverter) and new (WorkflowTemplateConverter) parsers to supportentrypointandcommandon service containers when the flag is on, and emitcontext.Errorwith source location when the flag is offContainerInfo.EntryPointandContainerInfo.Commandproperties, whichDockerCommandManageralready uses fordocker createE2E Testing
Validated end-to-end using the following workflow:
Test workflow