diff --git a/src/bentoml/_internal/container/generate.py b/src/bentoml/_internal/container/generate.py index 0b0e8b26934..feb645b8838 100644 --- a/src/bentoml/_internal/container/generate.py +++ b/src/bentoml/_internal/container/generate.py @@ -181,7 +181,9 @@ def generate_containerfile( user_templates = docker.dockerfile_template if user_templates is not None: - dir_path = os.path.dirname(resolve_user_filepath(user_templates, build_ctx)) + dir_path = os.path.dirname( + resolve_user_filepath(user_templates, build_ctx, secure=False) + ) user_templates = os.path.basename(user_templates) TEMPLATES_PATH.append(dir_path) environment = ENVIRONMENT.overlay( diff --git a/tests/unit/_internal/container/test_generate.py b/tests/unit/_internal/container/test_generate.py index e39364671e3..427fb17d40a 100644 --- a/tests/unit/_internal/container/test_generate.py +++ b/tests/unit/_internal/container/test_generate.py @@ -5,6 +5,30 @@ from bentoml._internal.container.generate import generate_containerfile +def test_generate_containerfile_dockerfile_template_outside_cwd(tmp_path) -> None: + # Regression test for https://github.com/bentoml/BentoML/issues/5566. + # During `bentoml containerize` the build context is a BentoML-managed temp + # directory (not under os.getcwd()), so resolve_user_filepath must be called + # with secure=False — otherwise it raises ValueError for any /tmp path. + template_dir = tmp_path / "env" / "docker" + template_dir.mkdir(parents=True) + (template_dir / "Dockerfile.template").write_text( + "{% extends bento_base_template %}\n" + ) + + # Must not raise ValueError even though tmp_path is outside os.getcwd() + generate_containerfile( + DockerOptions( + distro="debian", + python_version="3.11", + dockerfile_template="env/docker/Dockerfile.template", + ), + str(tmp_path), + conda=CondaOptions(), + bento_fs=tmp_path, + ) + + def test_generate_containerfile_quotes_system_packages(tmp_path) -> None: dockerfile = generate_containerfile( DockerOptions(