Skip to content

Comments

use container entrypoint if no command specified#60

Merged
Panaetius merged 1 commit intomainfrom
docker-entrypoint
Jan 30, 2026
Merged

use container entrypoint if no command specified#60
Panaetius merged 1 commit intomainfrom
docker-entrypoint

Conversation

@Panaetius
Copy link
Member

@Panaetius Panaetius commented Jan 30, 2026

PR Type

Enhancement


Description

  • Introduces Docker image metadata inspection

  • Adds support for using container entrypoint when no command specified

  • Enhances image compatibility checking

  • Updates configuration defaults


Diagram Walkthrough

flowchart LR
  A["handle_edf"] -- "image_meta" --> B["validate_arch"]
  A -- "image_meta" --> C["insert edf_image"]
  D["handle_script"] -- "image_meta" --> E["use entrypoint"]
  D -- "image_meta" --> F["command fallback"]
  G["cscs_job_start"] -- "image_meta" --> A
  G -- "image_meta" --> D
Loading

File Walkthrough

Relevant files
Enhancement
handlers.rs
Docker image metadata integration                                               

coman/src/cscs/handlers.rs

  • Added image_meta parameter to handle_edf and handle_script functions
  • Implemented logic to use container entrypoint when no command is
    specified
  • Updated image validation to use metadata for architecture checking
  • Added image metadata inspection in cscs_job_start
+71/-41 
types.rs
OCI image metadata extraction                                                       

coman/src/util/types.rs

  • Replaced oci-distribution with oci-client and oci-spec dependencies
  • Added DockerImageMeta fields for entrypoint and working directory
  • Implemented From conversion for OciPlatform
  • Enhanced inspect() method to extract image metadata including
    entrypoint
+36/-14 
Configuration changes
config.toml
Extended default job timeout                                                         

coman/.config/config.toml

  • Increased default job time limit from 1 hour to 24 hours
+1/-1     
Dependencies
Cargo.toml
Updated OCI dependencies                                                                 

coman/Cargo.toml

  • Replaced oci-distribution dependency with oci-client and oci-spec
  • Added docker_credential dependency
+2/-1     

@Panaetius Panaetius requested a review from a team as a code owner January 30, 2026 12:39
@github-actions
Copy link

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Image Metadata Handling

The PR introduces logic to fetch and validate Docker image metadata, including platform compatibility and entrypoint information. Ensure that the error handling for image inspection is robust and that fallback mechanisms are properly tested.

if let Some(meta) = image_meta {
    if let Some(system_info) = config.values.cscs.systems.get(current_system) {
        let mut compatible = false;
        for sys_platform in system_info.architecture.iter() {
            if meta.platforms.contains(&sys_platform.clone().into()) {
                compatible = true;
            }
        }

        if !compatible {
            return Err(eyre!(
                "System {} only supports images with architecture(s) '{}' but the supplied image is for architecture(s) '{}'",
                current_system,
                system_info.architecture.join(","),
                meta.platforms
                    .iter()
                    .map(|p| p.to_string())
                    .collect::<Vec<String>>()
                    .join(",")
            ));
        }
    }
} else {
    println!("warn: no docker image metadata found, skipping validation");
}
Command Fallback Logic

The command fallback logic now uses the container's entrypoint when no command is specified. Verify that this behavior aligns with expected usage patterns and that the entrypoint is correctly extracted and formatted from the image metadata.

let command = match &options.command {
    Some(cmd) => cmd.clone(),
    None => {
        if !config.values.cscs.command.is_empty() {
            config.values.cscs.command.clone()
        } else {
            // use default entrypoint
            if let Some(meta) = image_meta {
                meta.clone().entrypoint.unwrap_or(vec![])
            } else {
                vec![]
            }
        }
    }
};
context.insert("command", &command.join(" "));
OCI Platform Conversion

New conversion logic from oci_spec::image::Arch to OciPlatform has been added. Confirm that all possible architectures are handled correctly and that the conversion preserves the intended platform representation.

impl From<Arch> for OciPlatform {
    fn from(value: Arch) -> Self {
        match value {
            Arch::ARM64 => Self::arm64,
            Arch::Amd64 => Self::amd64,
            _ => Self::Other,
        }
    }
}

@github-actions
Copy link

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Handle JSON parsing errors properly

Using unwrap() can cause runtime panics if deserialization fails. It's better to
propagate the error using ? operator to handle potential JSON parsing issues
gracefully.

coman/src/util/types.rs [98]

-let config: ConfigFile = serde_json::from_str(&config).unwrap();
+let config: ConfigFile = serde_json::from_str(&config)?;
Suggestion importance[1-10]: 7

__

Why: The suggestion correctly identifies a potential runtime panic from unwrap() during JSON deserialization. Using ? instead propagates the error gracefully, which is a good practice for robust error handling, though it's a moderate improvement in terms of impact.

Medium
Handle missing entrypoint gracefully

The code should handle the case when image_meta is None more explicitly by checking
for entrypoint existence before unwrapping. This prevents potential panics if the
entrypoint is missing.

coman/src/cscs/handlers.rs [732-747]

 let command = match &options.command {
     Some(cmd) => cmd.clone(),
     None => {
         if !config.values.cscs.command.is_empty() {
             config.values.cscs.command.clone()
         } else {
             // use default entrypoint
             if let Some(meta) = image_meta {
-                meta.clone().entrypoint.unwrap_or(vec![])
+                meta.clone().entrypoint.unwrap_or_default()
             } else {
                 vec![]
             }
         }
     }
 };
Suggestion importance[1-10]: 4

__

Why: The suggestion proposes using unwrap_or_default() instead of unwrap_or(vec![]) to handle potential missing entrypoints. While this improves safety slightly, it doesn't address the core issue of potentially missing entrypoints and is a minor stylistic improvement.

Low
General
Simplify architecture compatibility check

The architecture validation logic could be simplified by using any() instead of
manually iterating and setting a boolean flag. This makes the code more readable and
concise.

coman/src/cscs/handlers.rs [649-673]

 if let Some(meta) = image_meta {
     if let Some(system_info) = config.values.cscs.systems.get(current_system) {
-        let mut compatible = false;
-        for sys_platform in system_info.architecture.iter() {
-            if meta.platforms.contains(&sys_platform.clone().into()) {
-                compatible = true;
-            }
-        }
-
-        if !compatible {
+        if !meta.platforms.iter().any(|p| system_info.architecture.contains(&p.to_string())) {
             return Err(eyre!(
                 "System {} only supports images with architecture(s) '{}' but the supplied image is for architecture(s) '{}'",
                 current_system,
                 system_info.architecture.join(","),
                 meta.platforms
                     .iter()
                     .map(|p| p.to_string())
                     .collect::<Vec<String>>()
                     .join(",")
             ));
         }
     }
 } else {
     println!("warn: no docker image metadata found, skipping validation");
 }
Suggestion importance[1-10]: 6

__

Why: The suggestion improves code readability by replacing manual iteration with any() to check architecture compatibility. This makes the logic clearer and more concise without changing functionality.

Low

@Panaetius Panaetius merged commit 34c3280 into main Jan 30, 2026
2 checks passed
@Panaetius Panaetius deleted the docker-entrypoint branch January 30, 2026 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant