chore(examples): update devcontainer-docker template #14199
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,11 +7,15 @@ terraform { | |
| docker = { | ||
| source = "kreuzwerker/docker" | ||
| } | ||
| envbuilder = { | ||
| source = "coder/envbuilder" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| provider "coder" {} | ||
| provider "docker" {} | ||
| provider "envbuilder" {} | ||
| data "coder_provisioner" "me" {} | ||
| data "coder_workspace" "me" {} | ||
| data "coder_workspace_owner" "me" {} | ||
|
|
@@ -89,14 +93,19 @@ EOF | |
|
|
||
| variable "cache_repo" { | ||
| default = "" | ||
| description = "(Optional) Use a container registry as a cache to speed up builds." | ||
| type = string | ||
| } | ||
|
|
||
| variable "insecure_cache_repo" { | ||
| default = false | ||
| description = "Enable this option if your cache registry does not serve HTTPS." | ||
| type = bool | ||
| } | ||
|
|
||
| variable "cache_repo_docker_config_path" { | ||
| default = "" | ||
| description = "(Optional) Path to a docker config.json containing credentials to the provided cache repo, if required." | ||
| sensitive = true | ||
|
There was a problem hiding this comment. Is this actually sensitive if it's just the path to a file? There was a problem hiding this comment. 🤷 maybe? The nice thing about making the file sensitive is that the content automatically becomes sensitive. (That's my recollection anyhow) There was a problem hiding this comment. Ok, so there’s some magic there wrt content? If so please keep it as is 👍 |
||
| type = string | ||
| } | ||
|
|
@@ -107,6 +116,24 @@ locals { | |
| git_author_name = coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name) | ||
| git_author_email = data.coder_workspace_owner.me.email | ||
| repo_url = data.coder_parameter.repo.value == "custom" ? data.coder_parameter.custom_repo_url.value : data.coder_parameter.repo.value | ||
| # The envbuilder provider requires a key-value map of environment variables. | ||
| envbuilder_env = { | ||
| "CODER_AGENT_TOKEN" : coder_agent.main.token, | ||
| # Use the docker gateway if the access URL is 127.0.0.1 | ||
| "CODER_AGENT_URL" : replace(data.coder_workspace.me.access_url, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal"), | ||
| "ENVBUILDER_GIT_URL" : local.repo_url, | ||
| # Use the docker gateway if the access URL is 127.0.0.1 | ||
| "ENVBUILDER_INIT_SCRIPT" : replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal"), | ||
| "ENVBUILDER_FALLBACK_IMAGE" : data.coder_parameter.fallback_image.value, | ||
| "ENVBUILDER_CACHE_REPO" : var.cache_repo, | ||
| "ENVBUILDER_DOCKER_CONFIG_BASE64" : try(data.local_sensitive_file.cache_repo_dockerconfigjson[0].content_base64, ""), | ||
| "ENVBUILDER_PUSH_IMAGE" : var.cache_repo == "" ? "" : "true", | ||
| "ENVBUILDER_INSECURE" : "${var.insecure_cache_repo}", | ||
| } | ||
|
There was a problem hiding this comment. If these are fed in via extra env, shouldn't they be included in the computed env the resource outputs? (In which case the below would be unnecessary?) There was a problem hiding this comment. Yes, but I'm going to keep it like this until coder/terraform-provider-envbuilder#31 is fixed. |
||
| # Convert the above map to the format expected by the docker provider. | ||
| docker_env = [ | ||
| for k, v in local.envbuilder_env : "${k}=${v}" | ||
| ] | ||
| } | ||
|
|
||
| data "local_sensitive_file" "cache_repo_dockerconfigjson" { | ||
|
|
@@ -145,23 +172,29 @@ resource "docker_volume" "workspaces" { | |
| } | ||
| } | ||
|
|
||
| # Check for the presence of a prebuilt image in the cache repo | ||
| # that we can use instead. | ||
| resource "envbuilder_cached_image" "cached" { | ||
| count = var.cache_repo == "" ? 0 : data.coder_workspace.me.start_count | ||
| builder_image = local.devcontainer_builder_image | ||
| git_url = local.repo_url | ||
| cache_repo = var.cache_repo | ||
|
There was a problem hiding this comment. Should we make these optional and let them be provided via extra env too? Would simplify a bit and a user knows they can just cram everything in extra. Right now for url is given here and in extra, what if the values differ? What's the behavior? (IMO maybe it's an error). There was a problem hiding this comment. Alternatively, we could validate at runtime that There was a problem hiding this comment. I agree, that’s what I had in mind, but in a more roundabout way 😅. I think it would help with avoiding mistakes, and remove ambiguity. |
||
| extra_env = local.envbuilder_env | ||
| insecure = var.insecure_cache_repo | ||
| } | ||
|
|
||
| resource "docker_container" "workspace" { | ||
| count = data.coder_workspace.me.start_count | ||
| image = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image | ||
| # Uses lower() to avoid Docker restriction on container names. | ||
| name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}" | ||
| # Hostname makes the shell more user friendly: coder@my-workspace:~$ | ||
| hostname = data.coder_workspace.me.name | ||
| # Use the environment specified by the envbuilder provider, if available. | ||
| # FIXME: https://github.com/coder/terraform-provider-envbuilder/issues/31 | ||
| #env = var.cache_repo == "" ? local.docker_env : envbuilder_cached_image.cached.0.env | ||
| env = local.docker_env | ||
| # network_mode = "host" # Uncomment if testing with a registry running on `localhost`. | ||
| host { | ||
| host = "host.docker.internal" | ||
| ip = "host-gateway" | ||
|
|
@@ -298,3 +331,20 @@ resource "coder_app" "code-server" { | |
| threshold = 6 | ||
| } | ||
| } | ||
|
|
||
| resource "coder_metadata" "container_info" { | ||
| count = data.coder_workspace.me.start_count | ||
| resource_id = coder_agent.main.id | ||
| item { | ||
| key = "workspace image" | ||
| value = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image | ||
| } | ||
| item { | ||
| key = "git url" | ||
| value = local.repo_url | ||
| } | ||
| item { | ||
| key = "cache repo" | ||
| value = var.cache_repo == "" ? "not enabled" : var.cache_repo | ||
| } | ||
|
|
||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
review: this shouldn't contain any credentials and it's kind of annoying to have this sensitive