Skip to content

fix: add --chown to Dockerfile COPY so app files are owned by bedrock_agentcore#358

Merged
tejaskash merged 1 commit intomainfrom
fix/dockerfile-copy-chown
Feb 20, 2026
Merged

fix: add --chown to Dockerfile COPY so app files are owned by bedrock_agentcore#358
tejaskash merged 1 commit intomainfrom
fix/dockerfile-copy-chown

Conversation

@tejaskash
Copy link
Contributor

@tejaskash tejaskash commented Feb 20, 2026
edited
Loading

Summary

  • Fixes CONT-03 (P1): Application files in the container template were owned by root:root despite the process running as bedrock_agentcore, because Docker's COPY defaults to root ownership regardless of the USER directive.
  • Adds --chown=bedrock_agentcore:bedrock_agentcore to the COPY . . instruction in src/assets/container/python/Dockerfile so files are owned by the correct user.
  • Only affects newly scaffolded container projects; existing user projects are not impacted.

Test plan

  • Snapshot tests pass (72/72)
  • Scaffold a new container-type agent project and verify the generated Dockerfile includes --chown
  • Build the container image and verify file ownership: docker run --rm <image> ls -la /app
  • Deploy a container agent and confirm it responds to an invoke

@tejaskash
fix: add --chown to Dockerfile COPY so app files are owned by bedrock…
dd05765 
…_agentcore

COPY after USER still defaults to root:root ownership. Without --chown,
application files in the container are owned by root even though the
process runs as bedrock_agentcore, which customers may cargo-cult.
@tejaskash tejaskash requested a review from a team February 20, 2026 15:45
@github-actions github-actions bot added the size/xs PR size: XS label Feb 20, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 20, 2026

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 43.54% 2884 / 6623
🔵 Statements 43.15% 3040 / 7045
🔵 Functions 45.68% 609 / 1333
🔵 Branches 48.48% 1893 / 3904
Generated in workflow #464 for commit dd05765 by the Vitest Coverage Report Action

vivdalal
vivdalal approved these changes Feb 20, 2026
View reviewed changes
Copy link

@vivdalal vivdalal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tejaskash tejaskash changed the title fix: add --chown to Dockerfile COPY for correct file ownership fix: add --chown to Dockerfile COPY so app files are owned by bedrock_agentcore Feb 20, 2026
@tejaskash tejaskash merged commit be9b99b into main Feb 20, 2026
21 of 23 checks passed
@tejaskash tejaskash deleted the fix/dockerfile-copy-chown branch February 20, 2026 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vivdalal vivdalal vivdalal approved these changes

Assignees

No one assigned

Labels

size/xs PR size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tejaskash @vivdalal