Add --engine-args flag for custom container engine arguments

[rhatdan]

Implement a new --engine-args flag that allows users to pass additional arguments directly to the container engine (podman/docker). This provides flexibility for advanced users who need to customize container behavior beyond what RamaLama's built-in flags offer.

The flag is named --engine-args (not --container-args) to clarify that arguments are passed to the container engine, not the container itself.

Changes:

• Add --engine-args CLI argument in runtime_options()
• Can be specified multiple times to add multiple arguments
• Implement add_engine_args() method in Engine class
• Arguments are appended directly to exec_args before execution
• Add validation to conflict with --nocontainer flag
• Add engine_args to BaseConfig for ramalama.conf support
• Document flag in ramalama-run and ramalama-serve man pages
• Include usage examples, config file examples, and conflict documentation

Configuration file support:
Users can set default engine args in ramalama.conf:

[ramalama]
engine_args = ["--read-only", "--tmpfs /tmp"]

Use cases enabled:

• Custom mounts: --engine-args '--mount type=bind,src=/data,dst=/data'
• Additional env vars: --engine-args '--env CUSTOM_VAR=value'
• Security options: --engine-args '--security-opt label=disable'
• Read-only containers: --engine-args '--read-only'
• Any other podman/docker run flags

Tests:

• Unit tests verify arguments are added to exec_args correctly
• E2E dryrun tests verify arguments appear in engine command
• Conflict tests verify --engine-args raises error with --nocontainer
• All tests passing (5 new unit tests, 2 e2e tests)

The arguments are passed directly to the container engine, allowing users to leverage the full power of podman/docker without RamaLama needing to explicitly support every possible container option.

Fixes #2440

This PR was created with the assistance of Cursor AI.

Summary by Sourcery

Add support for passing custom arguments to the container engine via CLI and configuration, and ensure they are applied to engine execution only when container mode is enabled.

New Features:

• Introduce a --engine-args CLI flag for run and serve commands to pass additional arguments directly to the container engine.
• Allow configuring default engine_args in ramalama.conf and the BaseConfig so custom engine flags can be set globally.

Enhancements:

• Extend the Engine initialization to append user-specified engine arguments into the container execution command.
• Add validation to prevent using --engine-args when containers are disabled via --nocontainer.

Documentation:

• Document the --engine-args option and configuration usage, including examples, in ramalama-run, ramalama-serve, and ramalama.conf manuals.

Tests:

• Add unit tests for engine_args validation with/without containers and for propagating engine_args into engine exec_args.
• Add end-to-end dry-run tests to verify engine_args appear correctly in the constructed container command.

[sourcery-ai]

Reviewer's Guide

Adds a new --engine-args option that can be provided via CLI or ramalama.conf to append arbitrary podman/docker flags to the container engine invocation, with validation to disallow use in nocontainer mode and documentation/tests covering the new behavior.

File-Level Changes

Change	Details	Files
Introduce --engine-args CLI option wired into Engine to append custom container engine flags.	Add --engine-args argument to runtime_options() with append semantics and config-driven default. Store engine_args in BaseConfig so defaults can be set in ramalama.conf. Extend Engine.init to call a new add_engine_args() helper that appends engine_args to exec_args.	ramalama/cli.py ramalama/config.py ramalama/engine.py
Enforce that --engine-args is only valid when containers are enabled.	Add post-parse validation to raise ValueError when engine_args is provided with container=False. Add unit tests to cover allowed and disallowed combinations of engine_args and container flag.	ramalama/cli.py test/unit/test_cli.py
Document engine_args support in user-facing docs and sample config.	Document --engine-args flag, usage patterns, and nocontainer conflict in ramalama-run and ramalama-serve man pages. Describe engine_args in ramalama.conf man page and example config file with TOML examples.	docs/ramalama-run.1.md docs/ramalama-serve.1.md docs/ramalama.conf.5.md docs/ramalama.conf
Add tests to verify engine_args are propagated to the engine command line.	Add unit tests for Engine to ensure single/multiple/no engine_args are handled correctly. Extend e2e dry-run tests to assert engine_args appear in the constructed engine command.	test/unit/test_engine.py test/e2e/test_run.py

Assessment against linked issues

Issue	Objective	Addressed	Explanation
#2440	Add a CLI flag that allows users to pass arbitrary additional arguments (e.g., --mount, --env) through to the container engine (podman/docker) when running with containers.	✅
#2440	Provide configuration and documentation support for this flag, including config file options and man page / help text so users can set defaults and understand how to use it.	✅

Possibly linked issues

• --container-args flag for overriding/adding podman run commands #2440: PR’s --engine-args flag implements the requested ability to pass extra podman/docker options like mounts and envs.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @rhatdan, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement by providing advanced users with direct control over container engine behavior. It implements a new --engine-args flag, allowing the passing of arbitrary arguments to Podman or Docker. This greatly expands customization capabilities for container execution, enabling use cases like custom mounts, environment variables, and security options that were previously unavailable or required workarounds.

Highlights

• New --engine-args Flag: Introduced a new CLI flag --engine-args to pass custom arguments directly to the container engine (Podman/Docker).
• Flexible Argument Handling: The flag can be specified multiple times for various arguments and supports configuration via ramalama.conf.
• Conflict Validation: Implemented validation to prevent --engine-args from being used with --nocontainer.
• Core Integration: Added a new add_engine_args method in the Engine class to append these arguments to the execution command.
• Comprehensive Documentation: Updated ramalama-run and ramalama-serve man pages, along with ramalama.conf examples, to reflect the new flag.
• Extensive Testing: Included new unit tests for argument parsing and conflict handling, and E2E tests to verify argument propagation to the container engine.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• docs/ramalama-run.1.md
  • Documented the new --engine-args CLI option, including its purpose, conflict with --nocontainer, configuration file support, and usage examples.
• docs/ramalama-serve.1.md
  • Documented the new --engine-args CLI option for the serve command, including its purpose, conflict with --nocontainer, configuration file support, and usage examples.
• docs/ramalama.conf
  • Added a commented-out engine_args entry with examples to the default configuration file.
• docs/ramalama.conf.5.md
  • Documented the engine_args configuration option, explaining its use for passing arguments to the container engine via ramalama.conf.
• ramalama/cli.py
  • Added the --engine-args argument to the CLI parser, allowing it to be specified multiple times and defaulting to values from the configuration.
  • Implemented validation in post_parse_setup to ensure --engine-args is not used when --nocontainer is active.
• ramalama/config.py
  • Added an engine_args field (list of strings) to the BaseConfig class, with a default empty list.
• ramalama/engine.py
  • Implemented a new add_engine_args method to iterate through and append user-provided engine arguments to the exec_args list.
  • Integrated the add_engine_args method into the Engine class's initialization process.
• test/e2e/test_run.py
  • Added two new end-to-end dry-run tests to verify that single and multiple --engine-args are correctly passed to the container engine command.
• test/unit/test_cli.py
  • Added unit tests to confirm that using --engine-args with --nocontainer raises a ValueError.
  • Added a unit test to confirm that --engine-args works correctly when container mode is enabled.
• test/unit/test_engine.py
  • Added unit tests to verify that single and multiple --engine-args are correctly added to the exec_args list within the Engine class.
  • Added a unit test to ensure that no engine_args does not cause issues.

Activity

• Implemented a new --engine-args flag for passing custom arguments to container engines.
• Added support for specifying multiple engine arguments and configuring them via ramalama.conf.
• Included validation to prevent --engine-args from conflicting with --nocontainer.
• Updated documentation for ramalama-run, ramalama-serve, and ramalama.conf to reflect the new feature.
• Developed 5 new unit tests and 2 new end-to-end tests to ensure functionality and conflict handling.
• All tests are passing.
• This PR was created with the assistance of Cursor AI.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - I've found 4 issues, and left some high level feedback:

• Consider moving add_engine_args() later in the Engine.__init__ setup (e.g., after add_port_option() and add_tty_option()) so that user-specified engine arguments can reliably override automatically added flags instead of being overridden by them.
• Right now add_engine_args() appends each provided string as a single token; if you expect users to pass combined flags (e.g., "--mount type=bind,..."), you may want to shlex.split each entry so they can include multiple engine flags or flag/value pairs per --engine-args occurrence.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider moving `add_engine_args()` later in the `Engine.__init__` setup (e.g., after `add_port_option()` and `add_tty_option()`) so that user-specified engine arguments can reliably override automatically added flags instead of being overridden by them.
- Right now `add_engine_args()` appends each provided string as a single token; if you expect users to pass combined flags (e.g., `"--mount type=bind,..."`), you may want to `shlex.split` each entry so they can include multiple engine flags or flag/value pairs per `--engine-args` occurrence.

## Individual Comments

### Comment 1
<location> `ramalama/cli.py:1050-1056` </location>
<code_context>
         help="""pass `--group-add keep-groups` to podman.
 If GPU device on host is accessible to via group access, this option leaks the user groups into the container.""",
+    )
+    parser.add_argument(
+        "--engine-args",
+        dest="engine_args",
+        action='append',
+        type=str,
+        default=config.engine_args,
+        help="""additional arguments to pass to the container engine
+(e.g., '--mount type=bind,src=/path,dst=/path' or '--env VAR=value').
+Only valid when using containers (conflicts with --nocontainer)""",
</code_context>

<issue_to_address>
**issue (bug_risk):** Using `action='append'` with `default=config.engine_args` risks mutating the config list across parses.

`argparse` will append directly into `config.engine_args`, so each parse mutates the same list and later parses see accumulated values (e.g., args “sticking” in a long-lived process). Instead, avoid sharing the config list with argparse: use `default=None` or `default=[]` and then merge with `config.engine_args` explicitly when wiring config and CLI together.
</issue_to_address>

### Comment 2
<location> `ramalama/engine.py:119-124` </location>
<code_context>
         if getattr(self.args, "podman_keep_groups", None):
             self.exec_args += ["--group-add", "keep-groups"]

+    def add_engine_args(self):
+        """Add custom engine arguments specified by the user."""
+        engine_args = getattr(self.args, "engine_args", None)
+        if engine_args:
+            for arg in engine_args:
+                self.exec_args.append(arg)
+
     def add(self, newargs: Sequence[str]):
</code_context>

<issue_to_address>
**issue (bug_risk):** Appending raw strings with spaces to `exec_args` can break engine CLI parsing; consider splitting each arg.

Each `engine_args` entry is added as a single argv element, even when it includes spaces (e.g. `"--mount type=bind,..."`), so the engine receives one argument instead of multiple tokens. To align with normal CLI behavior, consider `shlex.split(arg)` and `self.exec_args.extend(...)` so composite flags are split into separate argv items.
</issue_to_address>

### Comment 3
<location> `test/e2e/test_run.py:223-232` </location>
<code_context>
         pytest.param(
             ["--device", "none", "--pull", "never"], r".*--device.*", None, None, False, None,
             id="check --device with unsupported value", marks=skip_if_no_container),
+        pytest.param(
+            ["--engine-args", "--read-only"], r".*--read-only.*", None, None, True, None,
+            id="check --engine-args with single arg", marks=skip_if_no_container),
+        pytest.param(
+            ["--engine-args", "--mount type=bind,src=/data,dst=/data",
+             "--engine-args", "--env CUSTOM_VAR=value"],
+            r".*--mount type=bind,src=/data,dst=/data.*--env CUSTOM_VAR=value.*", None, None, True, None,
+            id="check --engine-args with multiple args", marks=skip_if_no_container),
         # fmt: on
     ],
</code_context>

<issue_to_address>
**suggestion (testing):** Add an E2E test for `--engine-args` used together with `--nocontainer` to cover the user-facing error path

The new E2E tests confirm that engine args reach the dry-run command, but they don’t cover the CLI error behavior when `--engine-args` is used with `--nocontainer` (currently only covered by a unit test in `test_cli.py`). Please add a `pytest.param` combining `--engine-args` and `--nocontainer` that asserts the run fails with the expected error message, so this user-visible behavior is exercised end to end.

Suggested implementation:

```python
        pytest.param(
            ["--engine-args", "--mount type=bind,src=/data,dst=/data",
             "--engine-args", "--env CUSTOM_VAR=value"],
            r".*--mount type=bind,src=/data,dst=/data.*--env CUSTOM_VAR=value.*", None, None, True, None,
            id="check --engine-args with multiple args", marks=skip_if_no_container),
        pytest.param(
            ["--engine-args", "--read-only", "--nocontainer"],
            r".*engine-args.*nocontainer.*", None, None, False, None,
            id="check --engine-args with --nocontainer errors"),
        # fmt: on
    ],
)

```

The regex `r".*engine-args.*nocontainer.*"` should be updated to match the **actual** user-facing error message emitted by the CLI when `--engine-args` is combined with `--nocontainer`. You can copy the exact message from the existing unit test in `test_cli.py` that covers this behavior and adjust the pattern accordingly (e.g. `r".*The --engine-args option cannot be used together with --nocontainer.*"` or similar).
</issue_to_address>

### Comment 4
<location> `docs/ramalama-run.1.md:48-50` </location>
<code_context>
 Possible values are "never", "always" and "auto". (default: auto)

+#### **--engine-args**=*ARG*
+Additional arguments to pass to the container engine (podman or docker).
+This option can be specified multiple times to add multiple arguments.
+
</code_context>

<issue_to_address>
**suggestion (typo):** Consider capitalizing "Podman" and "Docker" for consistency with other docs.

Elsewhere in the docs (e.g., `ramalama.conf.5.md`) these names are capitalized; aligning with that usage would keep things consistent.

```suggestion
#### **--engine-args**=*ARG*
Additional arguments to pass to the container engine (Podman or Docker).
This option can be specified multiple times to add multiple arguments.
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (testing): Add an E2E test for --engine-args used together with --nocontainer to cover the user-facing error path

The new E2E tests confirm that engine args reach the dry-run command, but they don’t cover the CLI error behavior when --engine-args is used with --nocontainer (currently only covered by a unit test in test_cli.py). Please add a pytest.param combining --engine-args and --nocontainer that asserts the run fails with the expected error message, so this user-visible behavior is exercised end to end.

Suggested implementation:

        pytest.param(
            ["--engine-args", "--mount type=bind,src=/data,dst=/data",
             "--engine-args", "--env CUSTOM_VAR=value"],
            r".*--mount type=bind,src=/data,dst=/data.*--env CUSTOM_VAR=value.*", None, None, True, None,
            id="check --engine-args with multiple args", marks=skip_if_no_container),
        pytest.param(
            ["--engine-args", "--read-only", "--nocontainer"],
            r".*engine-args.*nocontainer.*", None, None, False, None,
            id="check --engine-args with --nocontainer errors"),
        # fmt: on
    ],
)

The regex r".*engine-args.*nocontainer.*" should be updated to match the actual user-facing error message emitted by the CLI when --engine-args is combined with --nocontainer. You can copy the exact message from the existing unit test in test_cli.py that covers this behavior and adjust the pattern accordingly (e.g. r".*The --engine-args option cannot be used together with --nocontainer.*" or similar).

[gemini-code-assist]

Code Review

The pull request introduces a useful --engine-args flag to pass custom arguments to the container engine. I have identified a potential issue with how arguments containing spaces are handled when passed to the execution command, and I've suggested using shlex.split to ensure they are correctly tokenized. I've also suggested corresponding updates to the unit tests.

[rhatdan]

@bmahabirbu @olliewalsh @engelmi @ieaves PTAL

This is ready for review.

[olliewalsh]

There are a few PRs now that are ready to merge but very likely to conflict.

I think in the interest of fairness #2473 should land first as it was already in main but had to revert. It's also the most significant user-visible feature.

After that merges I'll need to manually rebase and resolve all of the conflicts for #2456. Maybe it would be easier if I then refactor this change on top of that PR?

Finally there is #2427. I think that should be lowest priority since it's just more type checking. I think it might be best to split that up into multiple PR to make it easier to merge over time.

@rhatdan @ieaves WDYT?

[rhatdan]

I am fine with waiting.

[olliewalsh]

I am fine with waiting.

Looking at #2473, it's not ready to merge... not sure how best to proceed with this. @ieaves can you get this resolved today?

[ieaves]

I don't know why you were seeing what you were seeing @olliewalsh but virtually none of the issues you identified in the PR are even present in the diff.

Nevertheless, I've made the cosmetic changes you requested as well.