Skip to content
This repository was archived by the owner on Feb 15, 2026. It is now read-only.

chore: initialize devcontainer setup for better DX #4285

Open
FelixRizzolli wants to merge 1 commit into
base: develop
Choose a base branch
from
+142 −0
Open

chore: initialize devcontainer setup for better DX #4285

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .devcontainer/.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
PORT=5055
HOST=0.0.0.0
31 changes: 31 additions & 0 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
FROM mcr.microsoft.com/devcontainers/typescript-node:18

Copilot AI Nov 9, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The base image tag :18 is not pinned to a specific version, which means builds may produce different results over time as the underlying image updates. Consider using a specific version tag like :18-bullseye or a digest to ensure reproducible builds.

Suggested change
FROM mcr.microsoft.com/devcontainers/typescript-node:18
FROM mcr.microsoft.com/devcontainers/typescript-node:18-bullseye

Copilot uses AI. Check for mistakes.

RUN echo "INSTALL OVERSEER DEVCONTAINER IMAGE" && \
# Configure Bash
# --> Disable Bash's bracket paste mode
echo "bind 'set enable-bracket-paste off'" >> ~/.bashrc && \
# --> Always show hidden files in ls and colorize the output
echo "alias ls='ls -a --color=auto'" >> ~/.bashrc && \
# Configure Git
# --> Ensure that git treats /workspace as a safe directory to avoid permission-related issues.
git config --global --add safe.directory /workspace && \
# Install common dependencies
apt-get update && \
(type -p curl >/dev/null || (apt-get install curl -y)) && \
(type -p ca-certificates >/dev/null || (apt-get install ca-certificates -y)) && \
(type -p gnupg >/dev/null || (apt-get install gnupg -y)) && \
(type -p wget >/dev/null || (apt-get install wget -y)) && \
(type -p unzip >/dev/null || (apt-get install unzip -y)) && \
(type -p lsb-release >/dev/null || (apt-get install lsb-release -y)) && \
Comment on lines +14 to +19

Copilot AI Nov 9, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The type -p checks for package binaries won't work correctly for packages like ca-certificates, gnupg, and lsb-release which don't provide executables with those exact names. These checks will always fail and attempt installation. Use dpkg -l | grep -q <package> instead, or simply install all packages unconditionally since apt-get install handles already-installed packages gracefully.

Suggested change
(type -p curl >/dev/null || (apt-get install curl -y)) && \
(type -p ca-certificates >/dev/null || (apt-get install ca-certificates -y)) && \
(type -p gnupg >/dev/null || (apt-get install gnupg -y)) && \
(type -p wget >/dev/null || (apt-get install wget -y)) && \
(type -p unzip >/dev/null || (apt-get install unzip -y)) && \
(type -p lsb-release >/dev/null || (apt-get install lsb-release -y)) && \
apt-get install -y curl ca-certificates gnupg wget unzip lsb-release && \

Copilot uses AI. Check for mistakes.
# Install GitHub CLI
mkdir -p -m 755 /etc/apt/keyrings /etc/apt/sources.list.d && \
wget -nv -O /etc/apt/keyrings/githubcli-archive-keyring.gpg https://cli.github.com/packages/githubcli-archive-keyring.gpg && \
chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" > /etc/apt/sources.list.d/github-cli.list && \
apt-get update && apt-get install -y gh && \
gh --version && \
# Clean up
apt-get clean && \
rm -rf /var/lib/apt/lists/*

EXPOSE 5055
28 changes: 28 additions & 0 deletions .devcontainer/compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
services:
devcontainer:
build:
context: .
dockerfile: Dockerfile
environment:
GH_TOKEN: ${GH_TOKEN}
env_file:
- path: ./.env
required: true
volumes:
- ../:/workspace
# Mount the SSH keys from the host to the container for git access
- ~/.ssh:/root/local-ssh
Comment on lines +8 to +14

Copilot AI Nov 9, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mounting the entire ~/.ssh directory grants the container access to all SSH keys from the host, including keys for other services. Consider mounting only specific keys needed for the project (e.g., ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub) or using SSH agent forwarding instead with - $SSH_AUTH_SOCK:/ssh-agent and SSH_AUTH_SOCK=/ssh-agent environment variable.

Suggested change
env_file:
- path: ./.env
required: true
volumes:
- ../:/workspace
# Mount the SSH keys from the host to the container for git access
- ~/.ssh:/root/local-ssh
SSH_AUTH_SOCK: /ssh-agent
env_file:
- path: ./.env
required: true
volumes:
- ../:/workspace
# Forward the SSH agent socket for git access
- $SSH_AUTH_SOCK:/ssh-agent

Copilot uses AI. Check for mistakes.
# Mount the setup.sh script to the container
- ./setup.sh:/root/setup.sh
ports:
- 5055:5055
networks:
- default
command: ["sleep", "infinity"]

networks:
default:
name: devcontainer
driver: bridge
driver_opts:
com.docker.network.bridge.name: devcontainer
65 changes: 65 additions & 0 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
{
"name": "Overseer Dev Container",
"dockerComposeFile": "./compose.yml",
"service": "devcontainer",
"shutdownAction": "none",

"remoteUser": "root",
"workspaceFolder": "/workspace",

"postCreateCommand": "bash /root/setup.sh",

"customizations": {
"vscode": {
"extensions": [
"EditorConfig.editorconfig",
"dbaeumer.vscode-eslint",
"esbenp.prettier-vscode",
"Orta.vscode-jest",
"stylelint.vscode-stylelint",
"bradlc.vscode-tailwindcss",
"mskelton.npm-outdated",
"eamodio.gitlens",
"wix.vscode-import-cost",
"gruntfuggly.todo-tree",
"aaron-bond.better-comments",
"usernamehw.errorlens"
],
"settings": {
"editor.formatOnSave": true,
"editor.defaultFormatter": "esbenp.prettier-vscode",
"prettier.configPath": "/workspace/.prettierrc",
"prettier.ignorePath": "/workspace/.prettierignore",
"eslint.enable": true,
"eslint.validate": [
"javascript",
"javascriptreact",
"typescript",
"typescriptreact"
],
"typescript.tsdk": "node_modules/typescript/lib",
"typescript.preferences.importModuleSpecifier": "non-relative",
"sqltools.connections": [
{
"previewLimit": 50,
"driver": "SQLite",
"name": "Local SQLite",
"database": "./config/db/db.sqlite3"
}
],
"files.associations": {
"globals.css": "tailwindcss"
},
"i18n-ally.localesPaths": ["src/i18n/locale"]
}
}
},

"forwardPorts": [5055],
"portsAttributes": {
"5055": {
"label": "Overseer",
"onAutoForward": "notify"
}
}
}
16 changes: 16 additions & 0 deletions .devcontainer/setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash
set -e

echo "🚀 Setting up development environment..."

# Copy SSH keys
echo "🔑 Configuring SSH keys..."
mkdir -p /root/.ssh
cp -p /root/local-ssh/* /root/.ssh/

Copilot AI Nov 9, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cp command will fail if /root/local-ssh/ is empty or doesn't exist, causing the setup script to abort due to set -e. Add a check to verify the directory exists and contains files, or use a glob pattern that won't fail: cp -p /root/local-ssh/* /root/.ssh/ 2>/dev/null || true or add an existence check before copying.

Suggested change
cp -p /root/local-ssh/* /root/.ssh/
cp -p /root/local-ssh/* /root/.ssh/ 2>/dev/null || true

Copilot uses AI. Check for mistakes.

echo "🔒 Setting SSH key permissions..."
chmod 700 /root/.ssh
find /root/.ssh -type f -exec sh -c 'case "$1" in *.pub) chmod 644 "$1";; *) chmod 600 "$1";; esac' _ {} \;

Copilot AI Nov 9, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script sets permissions for all files in /root/.ssh, but SSH requires stricter permissions. The known_hosts file should be 644, authorized_keys should be 600, and private keys should be 600. However, files like config should be 600, not 644. The current logic incorrectly assumes only .pub files should be readable. Consider being more explicit: set 600 for everything by default, then specifically set 644 only for .pub files.

Suggested change
find /root/.ssh -type f -exec sh -c 'case "$1" in *.pub) chmod 644 "$1";; *) chmod 600 "$1";; esac' _ {} \;
# Set 600 for all files by default
find /root/.ssh -type f -exec chmod 600 {} \;
# Set 644 for public keys and known_hosts
find /root/.ssh -type f -name "*.pub" -exec chmod 644 {} \;
if [ -f /root/.ssh/known_hosts ]; then chmod 644 /root/.ssh/known_hosts; fi

Copilot uses AI. Check for mistakes.
chown -R root:root /root/.ssh

echo "✅ Development environment ready!"