They are not, at least not within reasonable security constraints. The agents are currently running inside kubernetes pods, which means new containers would either need to run as side cars or through docker in docker. We could theoretically enable docker in docker, but that comes with a large number of security concerns, and is something we would rather not enable if at all possible.
Additionally, we’re planning on cutting over to Github actions for precommit CI relatively soon (more details to come soon), so that’s something to keep in mind. We will still need a good solution to this problem after cutting over, but that’s probably something to keep in mind when building out a solution.