From 15ed011d6ffdf3e97f0f0fb1c5072d691e192da9 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sat, 17 Jun 2023 21:57:17 +0000
Subject: [PATCH 1/9] use dogfood-oss image in devcontainer

---
 .devcontainer/Dockerfile        | 83 ---------------------------------
 .devcontainer/devcontainer.json | 25 ++--------
 2 files changed, 4 insertions(+), 104 deletions(-)
 delete mode 100644 .devcontainer/Dockerfile

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
deleted file mode 100644
index 37adfa198c860..0000000000000
--- a/.devcontainer/Dockerfile
+++ /dev/null
@@ -1,83 +0,0 @@
-FROM ubuntu
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
-ENV EDITOR=vim
-
-RUN apt-get update && apt-get upgrade --yes
-
-RUN apt-get install --yes \
-	ca-certificates \
-	bash-completion \
-	build-essential \
-	curl \
-	cmake \
-	direnv \
-	emacs-nox \
-	gnupg \
-	htop \
-	jq \
-	less \
-	lsb-release \
-	lsof \
-	man-db \
-	nano \
-	neovim \
-	ssl-cert \
-	sudo \
-	unzip \
-	xz-utils \
-	zip
-
-# configure locales to UTF8
-RUN apt-get install locales && locale-gen en_US.UTF-8
-ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
-
-# configure direnv
-RUN direnv hook bash >> $HOME/.bashrc
-
-# install nix
-RUN sh <(curl -L https://nixos.org/nix/install) --daemon
-
-RUN mkdir -p $HOME/.config/nix $HOME/.config/nixpkgs \
-	&& echo 'sandbox = false' >> $HOME/.config/nix/nix.conf \
-	&& echo '{ allowUnfree = true; }' >> $HOME/.config/nixpkgs/config.nix \
-	&& echo '. $HOME/.nix-profile/etc/profile.d/nix.sh' >> $HOME/.bashrc
-
-
-# install docker and configure daemon to use vfs as GitHub codespaces requires vfs
-# https://github.com/moby/moby/issues/13742#issuecomment-725197223
-RUN mkdir -p /etc/apt/keyrings \
-	&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
-	&& echo \
-	"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
-	$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null \
-	&& apt-get update \
-	&& apt-get install --yes docker-ce docker-ce-cli containerd.io docker-compose-plugin \
-	&& mkdir -p /etc/docker \
-	&& echo '{"cgroup-parent":"/actions_job","storage-driver":"vfs"}' >> /etc/docker/daemon.json
-
-# install golang and language tooling
-ENV GO_VERSION=1.20
-ENV GOPATH=$HOME/go-packages
-ENV GOROOT=$HOME/go
-ENV PATH=$GOROOT/bin:$GOPATH/bin:$PATH
-RUN curl -fsSL https://dl.google.com/go/go$GO_VERSION.linux-amd64.tar.gz | tar xzs
-RUN echo 'export PATH=$GOPATH/bin:$PATH' >> $HOME/.bashrc
-
-RUN bash -c ". $HOME/.bashrc \
-	go install -v golang.org/x/tools/gopls@latest \
-	&& go install -v mvdan.cc/sh/v3/cmd/shfmt@latest \
-	&& go install -v github.com/mikefarah/yq/v4@v4.30.6 \
-	"
-
-# install nodejs
-RUN bash -c "$(curl -fsSL https://deb.nodesource.com/setup_14.x)" \
-	&& apt-get install -y nodejs
-
-# install zstd
-RUN bash -c "$(curl -fsSL https://raw.githubusercontent.com/horta/zstd.install/main/install)"
-
-# install nfpm
-RUN echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list \
-	&& apt update \
-	&& apt install nfpm
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 9e53188536eb5..3b91073ad83dc 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,24 +1,7 @@
-// For format details, see https://aka.ms/devcontainer.json
 {
   "name": "Development environments on your infrastructure",
-
-  // Sets the run context to one level up instead of the .devcontainer folder.
-  "context": ".",
-
-  // Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
-  "dockerFile": "Dockerfile",
-
-  // Use 'forwardPorts' to make a list of ports inside the container available locally.
-  // "forwardPorts": [],
-
-  "postStartCommand": "dockerd",
-
-  // privileged is required by GitHub codespaces - https://github.com/microsoft/vscode-dev-containers/issues/727
-  "runArgs": [
-    "--cap-add=SYS_PTRACE",
-    "--security-opt",
-    "seccomp=unconfined",
-    "--privileged",
-    "--init"
-  ]
+  "image": "codercom/dogfood-oss:latest",
+  "runArgs": ["--init", "--privileged"],
+  "overrideCommand": false,
+  "remoteUser": "coder"
 }

From 766c7b2302a605a941c289a6b280d45df2e213c1 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sat, 17 Jun 2023 21:58:38 +0000
Subject: [PATCH 2/9] fix image name

---
 .devcontainer/devcontainer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 3b91073ad83dc..02133afb5f714 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,6 +1,6 @@
 {
   "name": "Development environments on your infrastructure",
-  "image": "codercom/dogfood-oss:latest",
+  "image": "codercom/oss-dogfood:latest",
   "runArgs": ["--init", "--privileged"],
   "overrideCommand": false,
   "remoteUser": "coder"

From 500d4a188cfe6a83554084c504a1372fbbb8da6f Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <me@matifali.dev>
Date: Mon, 19 Jun 2023 13:27:55 +0300
Subject: [PATCH 3/9] use Dockerfile

---
 .devcontainer/devcontainer.json | 10 ++++++++--
 dogfood/Dockerfile              | 12 ++----------
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 02133afb5f714..4bcc9c8efbb12 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,7 +1,13 @@
 {
   "name": "Development environments on your infrastructure",
-  "image": "codercom/oss-dogfood:latest",
+  "context": "../dogfood",
+  "dockerFile": "../dogfood/Dockerfile",
   "runArgs": ["--init", "--privileged"],
   "overrideCommand": false,
-  "remoteUser": "coder"
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker:1": {
+      "version": "latest",
+      "moby": true
+    }
+  }
 }
diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
index cf9b3a017b7e6..304bb48710212 100644
--- a/dogfood/Dockerfile
+++ b/dogfood/Dockerfile
@@ -165,15 +165,9 @@ RUN apt-get update --quiet && apt-get install --yes \
 	# Configure FIPS-compliant policies
 	update-crypto-policies --set FIPS
 
-# Install the docker buildx component.
-RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' |  sed -E 's/.*"(v[^"]+)".*/\1/') && \
-	mkdir -p /usr/local/lib/docker/cli-plugins && \
-	curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \
-	chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx
-
 # See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof
 # the apt repository is unreliable
-RUN curl -L https://github.com/cli/cli/releases/download/v2.14.7/gh_2.14.7_linux_amd64.deb -o gh.deb && \
+RUN curl -L https://github.com/cli/cli/releases/download/v2.30.0/gh_2.30.0_linux_amd64.deb -o gh.deb && \
 	dpkg -i gh.deb
 
 # Install Lazygit
@@ -207,9 +201,7 @@ RUN systemctl disable \
 	postgresql
 
 # Configure systemd services for CVMs
-RUN systemctl enable \
-	docker \
-	ssh
+RUN systemctl enable ssh
 
 # Install tools with published releases, where that is the
 # preferred/recommended installation method.

From 4809f5c61aafe5040f2536b5aa2dde07fe5b9e10 Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <matifali@live.com>
Date: Tue, 27 Jun 2023 16:02:43 +0300
Subject: [PATCH 4/9] Discard changes to dogfood/Dockerfile

---
 dogfood/Dockerfile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
index fdaecd7ba0313..34ea4d5aaaf27 100644
--- a/dogfood/Dockerfile
+++ b/dogfood/Dockerfile
@@ -166,9 +166,15 @@ RUN apt-get update --quiet && apt-get install --yes \
 	# Configure FIPS-compliant policies
 	update-crypto-policies --set FIPS
 
+# Install the docker buildx component.
+RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' |  sed -E 's/.*"(v[^"]+)".*/\1/') && \
+	mkdir -p /usr/local/lib/docker/cli-plugins && \
+	curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \
+	chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx
+
 # See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof
 # the apt repository is unreliable
-RUN curl -L https://github.com/cli/cli/releases/download/v2.30.0/gh_2.30.0_linux_amd64.deb -o gh.deb && \
+RUN curl -L https://github.com/cli/cli/releases/download/v2.14.7/gh_2.14.7_linux_amd64.deb -o gh.deb && \
 	dpkg -i gh.deb
 
 # Install Lazygit
@@ -202,7 +208,9 @@ RUN systemctl disable \
 	postgresql
 
 # Configure systemd services for CVMs
-RUN systemctl enable ssh
+RUN systemctl enable \
+	docker \
+	ssh
 
 # Install tools with published releases, where that is the
 # preferred/recommended installation method.

From 32d0d14b5a659ce6e2a1d92d4ae3140e6365893f Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <atif@coder.com>
Date: Thu, 29 Jun 2023 01:19:34 +0300
Subject: [PATCH 5/9] Use features to get docker in docker

---
 .devcontainer/devcontainer.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 4bcc9c8efbb12..e4a275dcb278e 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -2,12 +2,7 @@
   "name": "Development environments on your infrastructure",
   "context": "../dogfood",
   "dockerFile": "../dogfood/Dockerfile",
-  "runArgs": ["--init", "--privileged"],
-  "overrideCommand": false,
   "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:1": {
-      "version": "latest",
-      "moby": true
-    }
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {}
   }
 }

From ec35475317d89bcedd81f503d10c0dd7d13b644d Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Mon, 3 Jul 2023 14:37:23 +0000
Subject: [PATCH 6/9] use previleged container

---
 .devcontainer/devcontainer.json | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index e4a275dcb278e..71fceb49acd12 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -2,7 +2,6 @@
   "name": "Development environments on your infrastructure",
   "context": "../dogfood",
   "dockerFile": "../dogfood/Dockerfile",
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {}
-  }
+  "runArgs": ["--init","--privileged"],
+  "postCreateCommand": "service docker start"
 }

From b769b497337ad0ef963f66ac538bf9f66b825f2a Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <atif@coder.com>
Date: Tue, 4 Jul 2023 15:41:40 +0000
Subject: [PATCH 7/9] use codercom/oss-dogfood image

---
 .devcontainer/devcontainer.json | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 71fceb49acd12..c413dae3ba7f4 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,7 +1,12 @@
 {
   "name": "Development environments on your infrastructure",
-  "context": "../dogfood",
-  "dockerFile": "../dogfood/Dockerfile",
-  "runArgs": ["--init","--privileged"],
-  "postCreateCommand": "service docker start"
+  "image": "codercom/oss-dogfood:latest",
+
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "version": "latest",
+      "enableNonRootDocker": "true",
+      "moby": "true"
+    }
+  }
 }

From 7446206edd4a5b9a370e26fcd540c412485e4ef6 Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <atif@coder.com>
Date: Wed, 5 Jul 2023 08:50:36 +0000
Subject: [PATCH 8/9] add `--priviliged` to fix GitHub Codespaces builds

---
 .devcontainer/devcontainer.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index c413dae3ba7f4..39ab24c7fd9fb 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -8,5 +8,8 @@
       "enableNonRootDocker": "true",
       "moby": "true"
     }
-  }
+  },
+  // SYS_PTRACE to enable go debugging
+  // without --priviliged the Github Codespace build fails (not required otherwise)
+  "runArgs": ["--cap-add=SYS_PTRACE", "--privileged"]
 }

From 31b29fe97db818ca739a715d3894c177092fb323 Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <atif@coder.com>
Date: Wed, 5 Jul 2023 17:10:26 +0300
Subject: [PATCH 9/9] remove default options

---
 .devcontainer/devcontainer.json | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 39ab24c7fd9fb..8e190f906d57a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -3,11 +3,8 @@
   "image": "codercom/oss-dogfood:latest",
 
   "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "version": "latest",
-      "enableNonRootDocker": "true",
-      "moby": "true"
-    }
+    // See all possible options here https://github.com/devcontainers/features/tree/main/src/docker-in-docker
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {}
   },
   // SYS_PTRACE to enable go debugging
   // without --priviliged the Github Codespace build fails (not required otherwise)