diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile index 5278bb31..d4879111 100644 --- a/.devcontainer/cpp/Dockerfile +++ b/.devcontainer/cpp/Dockerfile @@ -102,7 +102,7 @@ RUN --mount=type=cache,target=/cache,sharing=locked \ && apt-get clean # Update all tool alternatives to the correct version -# and patch root's bashrc to include bash-completion +# and rename the default 'ubuntu' user to 'code' RUN --mount=type=cache,target=/var/log,sharing=locked \ update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \ --slave /usr/bin/g++ g++ /usr/bin/g++-14 \ @@ -114,7 +114,10 @@ RUN --mount=type=cache,target=/var/log,sharing=locked \ --slave /usr/bin/mull-reporter mull-reporter /usr/bin/mull-reporter-${CLANG_VERSION} \ --slave /usr/lib/mull-ir-frontend mull-ir-frontend /usr/lib/mull-ir-frontend-${CLANG_VERSION} \ && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 \ - && cp /etc/skel/.bashrc /root/.bashrc + && usermod -m -d /home/code -l code ubuntu \ + && groupmod -n code ubuntu + +USER code # Set up package managers CPM and Conan # - Install CPM.cmake to the CMake module path diff --git a/.devcontainer/cpp/devcontainer.json b/.devcontainer/cpp/devcontainer.json index 8ccab2ce..95abe9da 100644 --- a/.devcontainer/cpp/devcontainer.json +++ b/.devcontainer/cpp/devcontainer.json @@ -3,6 +3,7 @@ "dockerfile": "Dockerfile", "context": "../.." }, + "remoteUser": "code", "forwardPorts": [ 6080 ], diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile index 75bbf72b..8e209acd 100644 --- a/.devcontainer/rust/Dockerfile +++ b/.devcontainer/rust/Dockerfile @@ -67,3 +67,19 @@ RUN --mount=type=cache,target=/var/log,sharing=locked \ # Install additional rust tools RUN wget -qO - "https://github.com/cargo-bins/cargo-binstall/releases/download/v${CARGO_BINSTALL_VERSION}/cargo-binstall-$(uname -m)-unknown-linux-gnu.tgz" | tar xz -C "/usr/bin" \ && cargo-binstall -y --locked cargo-binutils@0.3.6 cargo-mutants@25.3.1 flip-link@0.1.10 probe-rs-tools@0.29.1 + +# Create the 'code' user +# First remove the existing ubuntu user and group that use UID/GID 1000 +RUN userdel -r ubuntu 2>/dev/null || true \ + && groupdel ubuntu 2>/dev/null || true \ + && groupadd --gid 1000 code \ + && useradd --uid 1000 --gid code --shell /bin/bash --create-home code \ + && cp /etc/skel/.bashrc /home/code/.bashrc \ + && chown -R code:code /home/code + +# Ensure the code user has access to cargo and rustup +RUN chmod -R a+rX /usr/local/cargo /usr/local/rustup \ + && chown -R code:code /usr/local/cargo /usr/local/rustup + +# Set the default user +USER code diff --git a/.devcontainer/rust/devcontainer.json b/.devcontainer/rust/devcontainer.json index 7b037a0a..49bb7767 100644 --- a/.devcontainer/rust/devcontainer.json +++ b/.devcontainer/rust/devcontainer.json @@ -3,6 +3,7 @@ "dockerfile": "Dockerfile", "context": "../.." }, + "remoteUser": "code", "privileged": true, "remoteEnv": { "CONTAINER_FLAVOR": "rust" diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index b2614955..98f8e159 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -24,3 +24,30 @@ The folder structure of amp-devcontainer is described below, adhere to the exist - `/.devcontainer/[flavor]-test`: Contains a devcontainer.json file for testing the container flavor. - `/.github`: Contains the GitHub workflows for CI/CD, linter configuration, issue templates and re-usable actions. - `/test/[flavor]`: Contains [Bats](https://bats-core.readthedocs.io/en/stable/) integration- and Playwright verification tests for the containers. + +## Conventional Commits + +This repository uses [conventional commit](https://www.conventionalcommits.org/) style for pull request titles and commit messages. Always follow this format: + +``` +[optional scope]: + +[optional body] + +[optional footer(s)] +``` + +Common types used in this repository: +- `feat:` for new features +- `fix:` for bug fixes +- `chore:` for maintenance tasks, dependency updates, etc. +- `docs:` for documentation changes +- `ci:` for CI/CD related changes + +Examples: +- `feat: add non-root user support to devcontainers` +- `fix: resolve permission issues in rust container` +- `chore(deps): update ubuntu base image to latest` +- `docs: update README with security best practices` + +Always use conventional commit style for pull request titles.