Skip to content

Add devcontainer config #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kevinbackhouse merged 1 commit into from
Nov 27, 2025
Merged

Add devcontainer config #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Use Ubuntu 24.04 as base image to match the current environment
FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04

# Install system dependencies
# Note: Python and Git are installed via devcontainer features
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
&& apt-get -y install --no-install-recommends \
build-essential \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# Install CodeQL CLI
RUN curl -Ls -o /tmp/codeql.zip https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip \
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The curl command is used to download the CodeQL CLI, but curl may not be installed in the base image. To ensure reliability, add curl to the apt-get install command on line 7, e.g., build-essential curl unzip \.

Copilot uses AI. Check for mistakes.
&& unzip /tmp/codeql.zip -d /opt \
Comment on lines +13 to +14
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The unzip command is used to extract the CodeQL CLI archive, but the unzip package is not installed in the previous RUN command. This will cause the build to fail. Add unzip to the apt-get install command on line 7, e.g., build-essential unzip \.

Copilot uses AI. Check for mistakes.
&& mv /opt/codeql /opt/codeql-cli \
&& ln -s /opt/codeql-cli/codeql /usr/local/bin/codeql \
&& rm /tmp/codeql.zip

# Set working directory
WORKDIR /workspaces/seclab-taskflows
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The WORKDIR is set to /workspaces/seclab-taskflows, but devcontainers typically mount the repository at /workspaces/<repo-name> where the repo name is determined dynamically. The default mount path may not match this hardcoded path. Consider removing this line and letting the devcontainer handle the working directory, or use a variable path like /workspaces/${localWorkspaceFolderBasename} in the devcontainer.json configuration.

Suggested change
WORKDIR /workspaces/seclab-taskflows

Copilot uses AI. Check for mistakes.

# The rest of the setup will be done in post-create script
56 changes: 56 additions & 0 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"name": "Seclab Taskflows",
"build": {
"dockerfile": "Dockerfile",
"context": ".."
},
// Features to add to the dev container
"features": {
"ghcr.io/devcontainers/features/python:1": {
"version": "3.11",
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Python version 3.8 is listed as supported in pyproject.toml classifiers (line 19), but the devcontainer specifies Python 3.11. The pyproject.toml also requires Python >=3.9 (line 10), which conflicts with the 3.8 classifier. Consider either:

  • Using Python 3.9 in the devcontainer to match the minimum supported version
  • Or document that 3.11 is the recommended development version

This ensures consistency between the declared support and the development environment.

Suggested change
"version": "3.11",
"version": "3.9",

Copilot uses AI. Check for mistakes.
"installTools": true
},
"ghcr.io/devcontainers/features/git:1": {
"version": "latest"
},
"ghcr.io/devcontainers/features/github-cli:1": {
"version": "latest"
},
"ghcr.io/devcontainers/features/docker-in-docker:2": {
"version": "latest"
}
},
// Configure tool-specific properties
"customizations": {
"vscode": {
"extensions": [
"ms-python.python",
"ms-python.vscode-pylance",
"ms-python.vscode-python-envs",
"redhat.vscode-yaml",
"GitHub.copilot",
"GitHub.copilot-chat",
"ms-azuretools.vscode-docker"
],
"settings": {
"python.useEnvironmentsExtension": true
}
}
},
// Use 'forwardPorts' to make a list of ports inside the container available locally
"forwardPorts": [],
// Use 'postCreateCommand' to run commands after the container is created
"postCreateCommand": "bash .devcontainer/post-create.sh",
// Use 'postStartCommand' to run commands when the container starts
"postAttachCommand": "bash .devcontainer/post-attach.sh",
// Environment variables
"containerEnv": {
"PYTHONUNBUFFERED": "1"
},
// Set the user to use in the container (non-root)
"remoteUser": "vscode",
// Grant the container access to the host's Docker daemon
"runArgs": [
"--init"
]
}
15 changes: 15 additions & 0 deletions .devcontainer/post-attach.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/bash
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure this script has executable permissions when added to the repository. Run chmod +x .devcontainer/post-attach.sh before committing, or the devcontainer may fail to execute it.

Copilot uses AI. Check for mistakes.
set -e

# If running in Codespaces, check for necessary secrets and print error if missing
if [ -v CODESPACES ]; then
echo "🔐 Running in Codespaces - injecting secrets from Codespaces settings..."
if [ ! -v COPILOT_TOKEN ]; then
echo "⚠️ Running in Codespaces - please add COPILOT_TOKEN to your Codespaces secrets"
fi
if [ ! -v GITHUB_PERSONAL_ACCESS_TOKEN ]; then
echo "⚠️ Running in Codespaces - please add GITHUB_PERSONAL_ACCESS_TOKEN to your Codespaces secrets"
fi
fi

echo "💡 Remember to activate the virtual environment: source .venv/bin/activate"
34 changes: 34 additions & 0 deletions .devcontainer/post-create.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/bin/bash
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure this script has executable permissions when added to the repository. Run chmod +x .devcontainer/post-create.sh before committing, or the devcontainer may fail to execute it.

Copilot uses AI. Check for mistakes.
set -e

echo "🚀 Setting up Seclab Taskflows development environment..."

# Create Python virtual environment
echo "📦 Creating Python virtual environment..."
python3 -m venv .venv

# Activate virtual environment and install dependencies
echo "📥 Installing Python dependencies..."
source .venv/bin/activate
python -m pip install --upgrade pip
python -m pip install hatch
hatch build
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Running hatch build followed by pip install -e . is redundant. The pip install -e . command (editable install) on line 18 will build and install the package in development mode without needing the separate hatch build step. Consider removing line 15 to simplify the setup process.

Suggested change
hatch build

Copilot uses AI. Check for mistakes.

Comment on lines +14 to +16
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Installing hatch may be unnecessary if you're only using pip install -e . for development. The pyproject.toml uses hatchling as the build backend, which pip will invoke automatically during installation. Consider removing this line unless hatch is specifically needed for other development tasks.

Suggested change
python -m pip install hatch
hatch build

Copilot uses AI. Check for mistakes.
# Install this package from local directory.
pip install -e .

# Create logs directory if it doesn't exist
mkdir -p logs

# Create optional data directories
mkdir -p data

# Create .env file if it doesn't exist
if [ ! -f .env ]; then
echo "📝 Creating .env template..."
echo "# Optional: CodeQL database base path" >> .env
echo "CODEQL_DBS_BASE_PATH=$(realpath data)" >> .env
Copy link

Copilot AI Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the README, the project requires MEMCACHE_STATE_DIR, CODEQL_DBS_BASE_PATH, and DATA_DIR environment variables. Currently, only CODEQL_DBS_BASE_PATH is added to the .env file. Consider adding the other required environment variables:

echo "MEMCACHE_STATE_DIR=$(realpath data)" >> .env
echo "DATA_DIR=$(realpath data)" >> .env

This ensures the devcontainer setup aligns with the documented requirements.

Suggested change
echo "CODEQL_DBS_BASE_PATH=$(realpath data)" >> .env
echo "CODEQL_DBS_BASE_PATH=$(realpath data)" >> .env
echo "MEMCACHE_STATE_DIR=$(realpath data)" >> .env
echo "DATA_DIR=$(realpath data)" >> .env

Copilot uses AI. Check for mistakes.
echo "⚠️ Please configure the environment or your .env file with required tokens!"
fi

echo "✅ Development environment setup complete!"