[DEVCONTAINER] support customization and run as non-root user (open-telemetry#3270)

Author: dbarker

.devcontainer/Dockerfile.dev

@@ -3,26 +3,54 @@
 
 FROM otel/cpp_format_tools
 
+ARG USER_UID=1000
+ARG USER_GID=1000
+ARG INSTALL_PACKAGES=
+
+ARG CXX_STANDARD=17
+ARG ABSEIL_CPP_VERSION=20230125.3
+ARG PROTOBUF_VERSION=23.3
 ARG GRPC_VERSION=v1.55.0
-ARG PROTOBUF_VERSION=23.4
-ARG ABSEIL_CPP_VERSION=20240116.1
 
-ENV PROTOBUF_VERSION=${PROTOBUF_VERSION}
+ENV CXX_STANDARD=${CXX_STANDARD}
 ENV ABSEIL_CPP_VERSION=${ABSEIL_CPP_VERSION}
+ENV PROTOBUF_VERSION=${PROTOBUF_VERSION}
+ENV GRPC_VERSION=${GRPC_VERSION}
 
 COPY ci /opt/ci
 
 RUN apt update && apt install -y wget \
 	ninja-build \
 	libcurl4-openssl-dev \
-	markdownlint
+	clang-tidy \
+	shellcheck
 
 RUN cd /opt/ci && bash setup_cmake.sh
 RUN cd /opt/ci && bash setup_ci_environment.sh
 RUN cd /opt && bash ci/setup_googletest.sh \
-	&& bash ci/setup_grpc.sh -r ${GRPC_VERSION}
+    && bash ci/install_abseil.sh \
+    && bash ci/install_protobuf.sh \
+    && bash ci/setup_grpc.sh -r $GRPC_VERSION -s $CXX_STANDARD -p protobuf -p abseil
 
 ADD https://github.com/bazelbuild/bazelisk/releases/download/v1.22.1/bazelisk-linux-amd64 /usr/local/bin
 
 RUN git config --global core.autocrlf input \
 	&& chmod +x /usr/local/bin/bazelisk-linux-amd64
+
+ENV INSTALL_PACKAGES=${INSTALL_PACKAGES}
+ENV USER_NAME=devuser
+ENV USER_UID=${USER_UID}
+ENV USER_GID=${USER_GID}
+ENV IS_CONTAINER_BUILD=true
+
+COPY ./.devcontainer/customize_container.sh /tmp/opentelemetry_cpp/devcontainer/customize_container.sh
+RUN /tmp/opentelemetry_cpp/devcontainer/customize_container.sh
+RUN apt install -y npm && npm install -g markdownlint-cli
+
+USER devuser
+
+WORKDIR  /workspaces/opentelemetry-cpp
+
+ENTRYPOINT []
+
+CMD ["/bin/bash"]

.devcontainer/README.md

@@ -0,0 +1,58 @@
+# Customizing Your Dev Container
+
+Customize your dev container using build arguments (for direct Docker builds) or
+environment variables (for evaluation in `devcontainer.json`).
+
+* **CXX standard:**
+  This is the C++ standard to build from (eg: 17, 20, ...). (Default: 17)
+  * Docker ARG:
+   `CXX_STANDARD`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_CXX_STANDARD`
+
+* **abseil-cpp version:**
+  This is the version of abseil-cpp that will be used to build protobuf, gRPC,
+  and opentelemetry-cpp (when WITH_ABSEIL is set).
+  * Docker ARG:
+   `ABSEIL_CPP_VERSION`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_ABSEIL_CPP_VERSION`
+
+* **Protobuf version:**
+  * Docker ARG:
+   `PROTOBUF_VERSION`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_PROTOBUF_VERSION`
+
+* **gRPC version:**
+  * Docker ARG:
+   `GRPC_VERSION`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_GRPC_VERSION`
+
+* **User ID (UID):**
+  User ID (Default: `1000`)
+  * Docker ARG:
+   `USER_UID`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_USER_UID`
+
+* **Group ID (GID):**
+  User group ID (Default: `1000`)
+  * Docker ARG:
+   `USER_GID`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_USER_GID`
+
+* **Install Packages:**
+  These are the additional packages that will be installed via `apt install` in the devcontainer. This is a space separated list.
+  * Docker ARG:
+   `INSTALL_PACKAGES`  (Default: ``)
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_INSTALL_PACKAGES` (Default: ``)
+
+## Examples
+
+* `docker build --build-arg CXX_STANDARD="20" --build-arg INSTALL_PACKAGES="nano gitk"...`
+* `export OTEL_CPP_DEVCONTAINER_CXX_STANDARD=20`
+* `export OTEL_CPP_DEVCONTAINER_INSTALL_PACKAGES="nano gitk"`

.devcontainer/customize_container.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Copyright The OpenTelemetry Authors
+# SPDX-License-Identifier: Apache-2.0
+
+set -eu
+
+if [[ $IS_CONTAINER_BUILD != "true" ]]; then
+     echo "This script should only run inside a Docker container."
+     exit 1
+fi
+
+if [[ -n "$INSTALL_PACKAGES" ]]; then
+    packages=($INSTALL_PACKAGES)
+    for package in "${packages[@]}"; do
+        apt install -y "$package"
+    done
+fi
+
+if [[ $(id "$USER_NAME" 2>/dev/null) ]]; then
+    echo "User '$USER_NAME' already exists. Removing it."
+    userdel -rf "$USER_NAME"
+elif [[ $(id -u "$USER_UID" 2>/dev/null) ]]; then
+    OTHER_USER=$(getent passwd "$USER_UID" | cut -d: -f1)
+    echo "User '$OTHER_USER' exists with UID $USER_UID. Removing it."
+    userdel -rf "$OTHER_USER"
+fi
+
+if [[ ! $(getent group "$USER_GID" 2>/dev/null) ]]; then
+    echo "Group '$USER_GID' does not exist. Adding it."
+    groupadd -g "$USER_GID" "$USER_NAME"
+fi
+
+useradd -m -u "$USER_UID" -g "$USER_GID" -s /bin/bash "$USER_NAME"
+echo "Created user '$USER_NAME' (UID: $USER_UID, GID: $USER_GID)."
+
+echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/"$USER_NAME"
+
+echo "User and group setup complete."

.devcontainer/devcontainer.json

@@ -8,19 +8,27 @@
 		"context": "..",
 		"dockerfile": "Dockerfile.dev",
 		"args": {
-			"GRPC_VERSION": "v1.55.0",
-			"PROTOBUF_VERSION": "23.4",
-			"ABSEIL_CPP_VERSION":"20240116.1"
+			"USER_UID": "${localEnv:OTEL_CPP_DEVCONTAINER_USER_UID:1000}",
+			"USER_GID": "${localEnv:OTEL_CPP_DEVCONTAINER_USER_GID:1000}",
+			"INSTALL_PACKAGES": "${localEnv:OTEL_CPP_DEVCONTAINER_INSTALL_PACKAGES:}",
+			"CXX_STANDARD": "${localEnv:OTEL_CPP_DEVCONTAINER_CXX_STANDARD:17}",
+			"GRPC_VERSION": "${localEnv:OTEL_CPP_DEVCONTAINER_GRPC_VERSION:v1.55.0}",
+			"PROTOBUF_VERSION": "${localEnv:OTEL_CPP_DEVCONTAINER_PROTOBUF_VERSION:23.3}",
+			"ABSEIL_CPP_VERSION":"${localEnv:OTEL_CPP_DEVCONTAINER_ABSEIL_CPP_VERSION:20230125.3}"
 		}
 	},
-	"settings": {
-		"terminal.integrated.shell.linux": "/bin/sh"
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"ms-vscode.cpptools",
+				"ms-azuretools.vscode-docker",
+				"ms-vscode.cpptools-extension-pack"
+			],
+			"settings": {
+				"terminal.integrated.shell.linux": "/bin/bash",
+			}
+		}
 	},
-	"extensions": [
-		"ms-vscode.cpptools",
-		"ms-azuretools.vscode-docker",
-		"ms-vscode.cpptools-extension-pack"
-	],
 
-	"remoteUser": "root"
+	"remoteUser": "devuser"
 }

CHANGELOG.md

@@ -24,6 +24,9 @@ Increment the:
 * [SDK] Add meter scope configurator
   [#3268](https://github.com/open-telemetry/opentelemetry-cpp/pull/3268)
 
+* [DEVCONTAINER] Support customization and run as non-root user
+  [#3270](https://github.com/open-telemetry/opentelemetry-cpp/pull/3270)
+
 Important changes:
 
 * [SDK] Support OTEL_SDK_DISABLED environment variable

CONTRIBUTING.md

@@ -89,6 +89,9 @@ Before getting started, ensure you have the following installed:
    files provided (e.g., `.devcontainer/devcontainer.json`). This setup will install
    required dependencies, tools, and environment variables needed for the project.
 
+* **Container Customization**:
+   See `.devcontainer/README.md` for devcontainer configuration options.
+
 #### Available Commands
 
 Once inside the DevContainer, you can use the following commands to run tests
@@ -145,6 +148,33 @@ If you encounter issues:
 * **Bazelisk Documentation**: [https://github.com/bazelbuild/bazelisk](https://github.com/bazelbuild/bazelisk)
 * **VSCode DevContainer Documentation**: [https://code.visualstudio.com/docs/remote/containers](https://code.visualstudio.com/docs/remote/containers)
 
+### Docker Development Image
+
+The `.devcontainer/Dockerfile.dev`
+dockerfile can be built directly with the following command.
+
+```sh
+ docker build -t opentelemetry-cpp-dev -f ./.devcontainer/Dockerfile.dev .
+```
+
+You can customize the image using build arguments
+ to match permissions with the host user.
+
+```sh
+ docker build -t opentelemetry-cpp-dev \
+  --build-arg USER_UID="$(id -u)" \
+  --build-arg USER_GID="$(id -g)" \
+  -f ./.devcontainer/Dockerfile.dev .
+
+```
+
+Run an interactive bash session binding your host
+ opentelemetry-cpp directory to the container's workspace:
+
+```sh
+docker run -it -v "$PWD:/workspaces/opentelemetry-cpp" opentelemetry-cpp-dev bash
+```
+
 ## Pull Requests
 
 ### How to Send Pull Requests
@@ -195,6 +225,12 @@ If you made changes to the Markdown documents (`*.md` files), install the latest
 markdownlint .
 ```
 
+If you modified shell scripts (`*.sh` files), install `shellcheck` and run:
+
+```sh
+shellcheck --severity=error <path to shell script>.sh
+```
+
 Open a pull request against the main `opentelemetry-cpp` repo.
 
 To run tests locally, please read the [CI instructions](ci/README.md).
@@ -271,11 +307,11 @@ the C++ repository.
 
 * [OpenTelemetry
   Specification](https://github.com/open-telemetry/opentelemetry-specification)
-  * The OpenTelemetry Specification describes the requirements and expectations
-    of for all OpenTelemetry implementations.
+* The OpenTelemetry Specification describes the requirements and expectations
+  of for all OpenTelemetry implementations.
 
 * Read through the OpenTelemetry C++ documentation
-  * The
+* The
     [API](https://opentelemetry-cpp.readthedocs.io/en/latest/api/api.html)
     and
     [SDK](https://opentelemetry-cpp.readthedocs.io/en/latest/sdk/sdk.html)