Change device ownership inside the container

- This avoids creating a new group in a new container image
- Also there is no need for the environment file to be dynamically generated

Signed-off-by: Doru Blânzeanu <[email protected]>

Author: dblnz

.devcontainer/Dockerfile

@@ -1,7 +1,59 @@
-FROM ghcr.io/hyperlight-dev/hyperlight-devcontainer:latest
+## Dockerfile for devcontainer
 
-COPY .env /tmp/.env
+FROM mcr.microsoft.com/devcontainers/base:debian AS base
 
-RUN . /tmp/.env && \
-    sudo groupadd -r -g ${DEVICE_GID} -U ${USER} ${DEVICE_GROUP}
+ARG USER
+ARG GROUP
+ARG RUST_TOOLCHAIN
+
+ENV HOME="/home/${USER}"
+ENV PATH="$HOME/.cargo/bin:$PATH"
+
+# Install dependencies
+RUN apt-get update \
+    && apt-get -y install \
+        build-essential \
+        cmake \
+        curl \
+        git \
+        gnupg \
+        lsb-release \
+        make \
+        software-properties-common \
+        sudo \
+        wget
+
+# Install llvm
+RUN wget https://apt.llvm.org/llvm.sh \
+    && chmod +x ./llvm.sh         \
+    && sudo ./llvm.sh 17 all      \
+    && sudo ln -s /usr/lib/llvm-17/bin/clang-cl /usr/bin/clang-cl \
+    && sudo ln -s /usr/lib/llvm-17/bin/llvm-lib /usr/bin/llvm-lib \
+    && sudo ln -s /usr/lib/llvm-17/bin/lld-link /usr/bin/lld-link \
+    && sudo ln -s /usr/lib/llvm-17/bin/llvm-ml /usr/bin/llvm-ml   \
+    && sudo ln -s /usr/lib/llvm-17/bin/ld.lld /usr/bin/ld.lld     \
+    && sudo ln -s /usr/lib/llvm-17/bin/clang /usr/bin/clang
+
+FROM base AS dev
+
+# Make sure the devcontainer user has sudo access
+RUN chown -R "${USER}:$GROUP" /home/${USER} \
+    && echo "${USER} ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+# Persist bash hystory
+RUN SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
+    && mkdir /commandhistory \
+    && touch /commandhistory/.bash_history \
+    && chown -R $USER /commandhistory \
+    && echo "$SNIPPET" >> "/home/$USER/.bashrc"
+
+USER $USER
+
+# Install rust
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rustup default $RUST_TOOLCHAIN \
+    && rustup target add x86_64-unknown-linux-gnu \
+    && rustup target add x86_64-unknown-none      \
+    && rustup target add x86_64-pc-windows-msvc   \
+    && cargo install just
 

.devcontainer/Dockerfile.base

@@ -3,19 +3,22 @@
 {
   "name": "Hyperlight",
 
-  "build": {
-    "dockerfile": "Dockerfile"
-  },
+  "image": "ghcr.io/dblnz/hyperlight-devcontainer:latest",
 
-  "remoteUser": "vscode",
+  "containerUser": "vscode",
+  // Environment for the container also used by in the `postCreateCommand`
+  "containerEnv": {
+    "REMOTE_USER": "vscode",
+    "REMOTE_GROUP": "vscode",
+    "DEVICE": "/dev/kvm"
+  },
 
   "runArgs": [
-      "--env-file", ".devcontainer/.env",
       "--device=/dev/kvm"
   ],
 
-  // Use 'initializeCommand' to run commands before container image build
-  "initializeCommand": "bash .devcontainer/create_env.sh",
+  // Use 'postCreateCommand' to run commands after the container is created
+  "postCreateCommand": "bash .devcontainer/setup.sh",
 
   "customizations": {
     "vscode": {

.devcontainer/create_env.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Change device ownership
+sudo chown -R $REMOTE_USER:$REMOTE_GROUP ${DEVICE}
+

.devcontainer/devcontainer.json

@@ -3,7 +3,7 @@ name: Create and publish devcontainer Docker image
 on:
   push:
     paths:
-      - ".devcontainer/Dockerfile.base"
+      - ".devcontainer/Dockerfile"
       - ".github/workflows/CreateDevcontainerImage.yml"
 
 # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.

.devcontainer/setup.sh

@@ -16,9 +16,6 @@
 # Mono auto generated files
 mono_crash.*
 
-# Devcontainer generated files
-.devcontainer/.env
-
 # Build results
 **/[Dd]ebug/*
 /[Dd]ebugPublic/