fix: make workspace creation faster

[arian81]

TL;DR

Added a custom workspace Docker image with pre-installed dependencies and updated Coder templates to use it, improving workspace startup performance and reliability.

What changed?

• Created a new GitHub Actions workflow to build and push a workspace Docker image to GitHub Container Registry
• Added a Dockerfile that extends codercom/enterprise-base:ubuntu with pre-installed zip, unzip, curl, bun, and code-server
• Updated both Kubernetes Coder templates to use the new custom image (ghcr.io/beanie-brick-band/leopard/workspace:latest) instead of the base Ubuntu image
• Removed the home disk size parameter and persistent volume claim from the ephemeral template
• Added starter code URL parameter to the ephemeral template for automatic code provisioning
• Optimized VS Code extension installation with hash-based caching to avoid reinstalling the same version
• Improved healthcheck intervals and thresholds for better responsiveness
• Streamlined startup scripts by removing redundant package installations since dependencies are now baked into the image

How to test?

1. Trigger the workspace image workflow manually or push changes to infra/docker/workspace/**
2. Create a new workspace using either Kubernetes template
3. Verify that code-server starts faster and all dependencies (bun, zip, etc.) are available immediately
4. Test that the VS Code extension installs correctly and doesn't reinstall on subsequent startups
5. For the ephemeral template, test starter code download functionality

Why make this change?

This change significantly improves workspace startup time by pre-installing all required dependencies in a custom Docker image rather than installing them during each workspace initialization. It also enhances reliability by ensuring consistent environments and reduces network overhead during startup.

also fixes #320

[arian81]

• fix: make workspace creation faster #319 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Greptile Summary

This PR improves workspace startup performance by baking bun, code-server, and common utilities into a custom Docker image, and updates both Coder templates to use it. It also adds hash-based VS Code extension caching and introduces a starter_code_url parameter to the ephemeral template for automatic code provisioning.

• Dockerfile echo produces invalid JSON — echo in /bin/sh (dash) does not interpret \n escape sequences, so settings.json will contain literal backslash-n characters outside of quoted strings, making it unparseable JSON. Code-server will not apply the intended settings (disabled AI features, hidden sidebar). Fix by switching to printf.
• The approach of downloading submit.ts from https://nolapse.tech/submit.ts at runtime and executing it without any checksum verification is a supply-chain risk. This pattern already existed in the standard template, but it's worth considering pinning a hash or hosting the script in-repo.
• The PR description is missing a resolves #issue-id link, which is required by the project's PR template.

Confidence Score: 4/5

• Safe to merge after fixing the echo/printf issue in the Dockerfile so that settings.json is valid JSON.
• The core goal (faster workspace startup via a pre-built image) is solid and the CI workflow and template changes are correct. Only one targeted fix remains: the echo command in the Dockerfile that produces invalid JSON for code-server's settings file.
• infra/docker/workspace/Dockerfile — invalid JSON written by echo without -e.

Important Files Changed

Filename	Overview
infra/docker/workspace/Dockerfile	New Dockerfile baking bun and code-server into the image — has a bug where echo does not interpret \n escape sequences in sh/dash, producing an invalid settings.json that code-server will not parse correctly.
.github/workflows/workspace-image.yml	New CI workflow to build and push the workspace Docker image to GHCR. Uses GHA layer caching and tags with both latest and the commit SHA. Looks correct.
infra/coder-templates/kubernetes-ephermal/main.tf	Replaced home PVC with empty_dir (ephemeral), swapped home disk parameter for a starter_code_url parameter, added hash-based VSIX caching, and switched to the custom image. Introduces the same nolapse.tech script-download-and-execute pattern that already exists in the standard template.
infra/coder-templates/kubernetes/main.tf	Removes in-startup bun/code-server installation now that they're baked into the image; adds VSIX hash-based caching; tightens healthcheck thresholds. Clean, focused changes.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: infra/docker/workspace/Dockerfile
Line: 19-21

Comment:
**`echo` produces invalid JSON in `settings.json`**

`echo` in `/bin/sh` (dash on Ubuntu) does **not** interpret `\n` as newlines unless `-e` is passed. As written, the file will literally contain `{\n  "workbench...` — the `\` characters outside a JSON string value make this invalid JSON. Code-server will likely fail to parse the file and ignore or overwrite it, so the AI feature flags and sidebar settings won't actually be applied.

Use `printf` instead, which reliably interprets escape sequences across all POSIX shells:

```suggestion
RUN mkdir -p /home/coder/.local/share/code-server/User \
    && printf '{\n  "workbench.secondarySideBar.defaultVisibility": "hidden",\n  "chat.disableAIFeatures": true\n}\n' \
    > /home/coder/.local/share/code-server/User/settings.json
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix: make workspace creation faster" | Re-trigger Greptile}

[greptile-apps]

echo produces invalid JSON in settings.json

echo in /bin/sh (dash on Ubuntu) does not interpret \n as newlines unless -e is passed. As written, the file will literally contain {\n "workbench... — the \ characters outside a JSON string value make this invalid JSON. Code-server will likely fail to parse the file and ignore or overwrite it, so the AI feature flags and sidebar settings won't actually be applied.

Use printf instead, which reliably interprets escape sequences across all POSIX shells:

Suggested change

	RUN mkdir -p /home/coder/.local/share/code-server/User \
	&& echo '{\n "workbench.secondarySideBar.defaultVisibility": "hidden",\n "chat.disableAIFeatures": true\n}' \
	> /home/coder/.local/share/code-server/User/settings.json
	RUN mkdir -p /home/coder/.local/share/code-server/User \
	&& printf '{\n "workbench.secondarySideBar.defaultVisibility": "hidden",\n "chat.disableAIFeatures": true\n}\n' \
	> /home/coder/.local/share/code-server/User/settings.json

Prompt To Fix With AI

This is a comment left during a code review.
Path: infra/docker/workspace/Dockerfile
Line: 19-21

Comment:
**`echo` produces invalid JSON in `settings.json`**

`echo` in `/bin/sh` (dash on Ubuntu) does **not** interpret `\n` as newlines unless `-e` is passed. As written, the file will literally contain `{\n  "workbench...` — the `\` characters outside a JSON string value make this invalid JSON. Code-server will likely fail to parse the file and ignore or overwrite it, so the AI feature flags and sidebar settings won't actually be applied.

Use `printf` instead, which reliably interprets escape sequences across all POSIX shells:

```suggestion
RUN mkdir -p /home/coder/.local/share/code-server/User \
    && printf '{\n  "workbench.secondarySideBar.defaultVisibility": "hidden",\n  "chat.disableAIFeatures": true\n}\n' \
    > /home/coder/.local/share/code-server/User/settings.json
```

How can I resolve this? If you propose a fix, please make it concise.

[graphite-app]

Changing the resource type from kubernetes_deployment_v1 to kubernetes_deployment will cause Terraform to destroy and recreate the deployment on the next apply, resulting in workspace downtime. Terraform treats these as different resources in the state file.

Fix: Keep using kubernetes_deployment_v1 to maintain state continuity:

resource "kubernetes_deployment_v1" "main" {
  count            = data.coder_workspace.me.start_count

Suggested change

	resource "kubernetes_deployment" "main" {
	count = data.coder_workspace.me.start_count
	resource "kubernetes_deployment_v1" "main" {
	count = data.coder_workspace.me.start_count

Spotted by Graphite



Is this helpful? React 👍 or 👎 to let us know.

[graphite-app]

Graphite Automations

"Request reviewers once CI passes" took an action on this PR • (03/24/26)

1 reviewer was added to this PR based on Arian Ahmadinejad's automation.