address PR comments

coder · johnstcn · Aug 23, 2024 · Aug 22, 2024 · Aug 23, 2024 · Aug 23, 2024
commit 740f6a9bd8d49f27e79cc69363d7ad64e6dbcd14
diff --git a/examples/templates/gcp-devcontainer/README.md b/examples/templates/gcp-devcontainer/README.md
@@ -51,14 +51,29 @@ a service account:
 
 This template provisions the following resources:
 
-- GCP VM (persistent)
+- Envbuilder cached image (conditional, persistent) using [`terraform-provider-envbuilder`](https://github.com/coder/terraform-provider-envbuilder)
+- GCP VM (persistent) with a running Docker daemon
 - GCP Disk (persistent, mounted to root)
+- [Envbuilder container](https://github.com/coder/envbuilder) inside the GCP VM
 
 Coder persists the root volume. The full filesystem is preserved when the workspace restarts.
+When the GCP VM starts, a startup script runs that ensures a running Docker daemon, and starts
+an Envbuilder container using this Docker daemon. The Docker socket is also mounted inside the container to allow running Docker containers inside the workspace.
 
 > **Note**
 > This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.
 
+## Caching
+
+To speed up your builds, you can use a container registry as a cache.
+When creating the template, set the parameter `cache_repo` to a valid Docker repository in the form `host.tld/path/to/repo`.
+
+See the [Envbuilder Terraform Provider Examples](https://github.com/coder/terraform-provider-envbuilder/blob/main/examples/resources/envbuilder_cached_image/envbuilder_cached_image_resource.tf/) for a more complete example of how the provider works.
+
+> [!NOTE] We recommend using a registry cache with authentication enabled.
+> To allow Envbuilder to authenticate with the registry cache, specify the variable `cache_repo_docker_config_path`
+> with the path to a Docker config `.json` on disk containing valid credentials for the registry.
+
 ## code-server
 
 `code-server` is installed via the [`code-server`](https://registry.coder.com/modules/code-server) registry module. Please check [Coder Registry](https://registry.coder.com) for a list of all modules and templates.
diff --git a/examples/templates/gcp-devcontainer/main.tf b/examples/templates/gcp-devcontainer/main.tf
@@ -12,8 +12,7 @@ terraform {
   }
 }
 
-provider "coder" {
-}
+provider "coder" {}
 
 provider "google" {
   zone    = data.coder_parameter.zone.value
@@ -31,19 +30,13 @@ variable "project_id" {
 
 variable "cache_repo" {
   default     = ""
-  description = "(Optional) Use a container registry as a cache to speed up builds."
+  description = "(Optional) Use a container registry as a cache to speed up builds. Example: host.tld/path/to/repo."
   type        = string
 }
 
-variable "insecure_cache_repo" {
-  default     = false
-  description = "Enable this option if your cache registry does not serve HTTPS."
-  type        = bool
-}
-
 variable "cache_repo_docker_config_path" {
   default     = ""
-  description = "(Optional) Path to a docker config.json containing credentials to the provided cache repo, if required."
+  description = "(Optional) Path to a docker config.json containing credentials to the provided cache repo, if required. This will depend on your Coder setup. Example: `/home/coder/.docker/config.json`."
   sensitive   = true
   type        = string
 }
@@ -118,8 +111,8 @@ data "coder_parameter" "fallback_image" {
 data "coder_parameter" "devcontainer_builder" {
   description  = <<-EOF
 Image that will build the devcontainer.
-We highly recommend using a specific release as the `:latest` tag will change.
 Find the latest version of Envbuilder here: https://ghcr.io/coder/envbuilder
+Be aware that using the `:latest` tag may expose you to breaking changes.
 EOF
   display_name = "Devcontainer Builder"
   mutable      = true
@@ -141,7 +134,7 @@ data "local_sensitive_file" "cache_repo_dockerconfigjson" {
   filename = var.cache_repo_docker_config_path
 }
 
-
+# Be careful when modifying the below locals!
 locals {
   # Ensure Coder username is a valid Linux username
   linux_user = lower(substr(data.coder_workspace_owner.me.name, 0, 32))
@@ -169,7 +162,8 @@ locals {
     # The following are used to push the image to the cache repo, if defined.
     "ENVBUILDER_CACHE_REPO" : var.cache_repo,
     "ENVBUILDER_PUSH_IMAGE" : var.cache_repo == "" ? "" : "true",
-    "ENVBUILDER_INSECURE" : "${var.insecure_cache_repo}",
+    # You can add other required environment variables here.
+    # See: https://github.com/coder/envbuilder/?tab=readme-ov-file#environment-variables
   }
   # If we have a cached image, use the cached image's environment variables. Otherwise, just use
   # the environment variables we've defined above.
@@ -239,7 +233,6 @@ resource "envbuilder_cached_image" "cached" {
   git_url       = data.coder_parameter.repo_url.value
   cache_repo    = var.cache_repo
   extra_env     = local.envbuilder_env
-  insecure      = var.insecure_cache_repo
 }
 
 # This is useful for debugging the startup script. Left here for reference.