chore: initialize devcontainer setup for better DX#4285
chore: initialize devcontainer setup for better DX#4285FelixRizzolli wants to merge 1 commit intosct:developfrom
Conversation
FelixRizzolli
requested review from
OwsleyJr,
TheCatLady,
danshilm and
sct
as code owners
There was a problem hiding this comment.
Pull Request Overview
This PR adds DevContainer configuration to enable a consistent development environment using VS Code's DevContainers feature. The setup includes Docker configuration, automated SSH key management, and VS Code extensions/settings for the Overseer project.
- Adds Docker Compose setup with devcontainer service
- Implements automated SSH key copying and permission configuration
- Configures VS Code with project-specific extensions and settings
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
.devcontainer/Dockerfile |
Creates a Node 18-based development container with Git, GitHub CLI, and common utilities |
.devcontainer/compose.yml |
Defines Docker Compose service with volume mounts for workspace and SSH keys |
.devcontainer/devcontainer.json |
Configures VS Code extensions, settings, and port forwarding for the development environment |
.devcontainer/setup.sh |
Bash script that copies SSH keys from mounted volume and sets proper permissions |
.devcontainer/.env |
Defines environment variables for port and host configuration |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Copy SSH keys | ||
| echo "🔑 Configuring SSH keys..." | ||
| mkdir -p /root/.ssh | ||
| cp -p /root/local-ssh/* /root/.ssh/ |
There was a problem hiding this comment.
The cp command will fail if /root/local-ssh/ is empty or doesn't exist, causing the setup script to abort due to set -e. Add a check to verify the directory exists and contains files, or use a glob pattern that won't fail: cp -p /root/local-ssh/* /root/.ssh/ 2>/dev/null || true or add an existence check before copying.
| cp -p /root/local-ssh/* /root/.ssh/ | |
| cp -p /root/local-ssh/* /root/.ssh/ 2>/dev/null || true |
| @@ -0,0 +1,31 @@ | |||
| FROM mcr.microsoft.com/devcontainers/typescript-node:18 | |||
There was a problem hiding this comment.
The base image tag :18 is not pinned to a specific version, which means builds may produce different results over time as the underlying image updates. Consider using a specific version tag like :18-bullseye or a digest to ensure reproducible builds.
| FROM mcr.microsoft.com/devcontainers/typescript-node:18 | |
| FROM mcr.microsoft.com/devcontainers/typescript-node:18-bullseye |
| (type -p curl >/dev/null || (apt-get install curl -y)) && \ | ||
| (type -p ca-certificates >/dev/null || (apt-get install ca-certificates -y)) && \ | ||
| (type -p gnupg >/dev/null || (apt-get install gnupg -y)) && \ | ||
| (type -p wget >/dev/null || (apt-get install wget -y)) && \ | ||
| (type -p unzip >/dev/null || (apt-get install unzip -y)) && \ | ||
| (type -p lsb-release >/dev/null || (apt-get install lsb-release -y)) && \ |
There was a problem hiding this comment.
The type -p checks for package binaries won't work correctly for packages like ca-certificates, gnupg, and lsb-release which don't provide executables with those exact names. These checks will always fail and attempt installation. Use dpkg -l | grep -q <package> instead, or simply install all packages unconditionally since apt-get install handles already-installed packages gracefully.
| (type -p curl >/dev/null || (apt-get install curl -y)) && \ | |
| (type -p ca-certificates >/dev/null || (apt-get install ca-certificates -y)) && \ | |
| (type -p gnupg >/dev/null || (apt-get install gnupg -y)) && \ | |
| (type -p wget >/dev/null || (apt-get install wget -y)) && \ | |
| (type -p unzip >/dev/null || (apt-get install unzip -y)) && \ | |
| (type -p lsb-release >/dev/null || (apt-get install lsb-release -y)) && \ | |
| apt-get install -y curl ca-certificates gnupg wget unzip lsb-release && \ |
| env_file: | ||
| - path: ./.env | ||
| required: true | ||
| volumes: | ||
| - ../:/workspace | ||
| # Mount the SSH keys from the host to the container for git access | ||
| - ~/.ssh:/root/local-ssh |
There was a problem hiding this comment.
Mounting the entire ~/.ssh directory grants the container access to all SSH keys from the host, including keys for other services. Consider mounting only specific keys needed for the project (e.g., ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub) or using SSH agent forwarding instead with - $SSH_AUTH_SOCK:/ssh-agent and SSH_AUTH_SOCK=/ssh-agent environment variable.
| env_file: | |
| - path: ./.env | |
| required: true | |
| volumes: | |
| - ../:/workspace | |
| # Mount the SSH keys from the host to the container for git access | |
| - ~/.ssh:/root/local-ssh | |
| SSH_AUTH_SOCK: /ssh-agent | |
| env_file: | |
| - path: ./.env | |
| required: true | |
| volumes: | |
| - ../:/workspace | |
| # Forward the SSH agent socket for git access | |
| - $SSH_AUTH_SOCK:/ssh-agent |
|
|
||
| echo "🔒 Setting SSH key permissions..." | ||
| chmod 700 /root/.ssh | ||
| find /root/.ssh -type f -exec sh -c 'case "$1" in *.pub) chmod 644 "$1";; *) chmod 600 "$1";; esac' _ {} \; |
There was a problem hiding this comment.
The script sets permissions for all files in /root/.ssh, but SSH requires stricter permissions. The known_hosts file should be 644, authorized_keys should be 600, and private keys should be 600. However, files like config should be 600, not 644. The current logic incorrectly assumes only .pub files should be readable. Consider being more explicit: set 600 for everything by default, then specifically set 644 only for .pub files.
| find /root/.ssh -type f -exec sh -c 'case "$1" in *.pub) chmod 644 "$1";; *) chmod 600 "$1";; esac' _ {} \; | |
| # Set 600 for all files by default | |
| find /root/.ssh -type f -exec chmod 600 {} \; | |
| # Set 644 for public keys and known_hosts | |
| find /root/.ssh -type f -name "*.pub" -exec chmod 644 {} \; | |
| if [ -f /root/.ssh/known_hosts ]; then chmod 644 /root/.ssh/known_hosts; fi |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
@FelixRizzolli hi 👋🏼 I like the idea behind improving DX. While I personally don’t use devcontainers, I’m sure many other developers do. Would you mind transferring this PR over to https://github.com/seerr-team/seerr? This repository is no longer actively maintained |
Description
This pull request sets up a new development container configuration for the project, making it easier to work in a standardized and reproducible environment. It introduces Docker and devcontainer files, configures the container for TypeScript/Node development, sets up SSH key handling, and includes recommended VSCode extensions and settings for a smooth developer experience.
Devcontainer setup:
.devcontainer/Dockerfileto define the devcontainer image based on TypeScript/Node 18, install common dependencies, configure Bash and Git, and install GitHub CLI. The container exposes port 5055..devcontainer/compose.ymlfor Docker Compose configuration, mapping the workspace, SSH keys, and setup script into the container, and forwarding port 5055..devcontainer/devcontainer.jsonto specify the devcontainer name, service, VSCode extensions, editor settings, and post-create setup script. It also configures port forwarding and workspace folder.Environment and setup scripts:
.devcontainer/.envto definePORTandHOSTenvironment variables for the container..devcontainer/setup.shto automate copying and securing SSH keys within the container for git access.To-Dos
yarn buildyarn i18n:extract