From 522765a8a17ce40dc3a0f8608db44455f13021c1 Mon Sep 17 00:00:00 2001 From: stewartshea Date: Mon, 13 Apr 2026 10:41:10 -0400 Subject: [PATCH 1/2] Fix dind: normalize os-release before features + in published image - Add .devcontainer/Dockerfile that patches /usr/lib/os-release and /etc/os-release to bookworm before docker-in-docker runs (works even when GHCR :latest is stale). - Switch devcontainer.json from image to build using that Dockerfile. - Mirror the same normalization in the repo root Dockerfile for CI builds. Made-with: Cursor --- .devcontainer/Dockerfile | 24 ++++++++++++++++++++++++ .devcontainer/devcontainer.json | 8 +++++++- Dockerfile | 16 ++++++++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 .devcontainer/Dockerfile diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..fe29d63 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,24 @@ +# Codespaces / Dev Containers apply features (docker-in-docker) in a follow-on build +# stage. That installer sources /etc/os-release and only allows known VERSION_CODENAME +# values. Upstream base images may still report "forky" while apt is bookworm. +# +# This thin layer runs *before* features, so dind works even when GHCR :latest has +# not yet picked up the same normalization in the repo root Dockerfile. +ARG DEVTOOLS_IMAGE=ghcr.io/runwhen-contrib/codecollection-devtools:latest +FROM ${DEVTOOLS_IMAGE} + +USER root +RUN set -eux; \ + for f in /usr/lib/os-release /etc/os-release; do \ + [ -e "$f" ] || continue; \ + target="$f"; \ + [ -L "$f" ] && target=$(readlink -f "$f"); \ + grep -q '^ID=debian' "$target" || continue; \ + sed -i \ + -e 's/^VERSION_CODENAME=.*/VERSION_CODENAME=bookworm/' \ + -e 's/^VERSION_ID=.*/VERSION_ID="12"/' \ + -e 's/^VERSION=.*/VERSION="12 (bookworm)"/' \ + -e 's|^PRETTY_NAME=.*|PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"|' \ + "$target"; \ + done +USER runwhen diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 5ae5361..b96444c 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,12 @@ { "name": "CodeCollection DevTools", - "image": "ghcr.io/runwhen-contrib/codecollection-devtools:latest", + "build": { + "dockerfile": "Dockerfile", + "context": ".", + "args": { + "DEVTOOLS_IMAGE": "ghcr.io/runwhen-contrib/codecollection-devtools:latest" + } + }, "remoteUser": "runwhen", "updateRemoteUserUID": false, "overrideCommand": false, diff --git a/Dockerfile b/Dockerfile index 1635c1f..37c4385 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,22 @@ RUN set -eux; \ apt-get clean; \ rm -rf /var/lib/apt/lists/* +# docker-in-docker (devcontainer feature) sources /etc/os-release; "forky" is rejected. +# Align with bookworm apt pin above (also patched in .devcontainer/Dockerfile pre-features). +RUN set -eux; \ + for f in /usr/lib/os-release /etc/os-release; do \ + [ -e "$f" ] || continue; \ + target="$f"; \ + [ -L "$f" ] && target=$(readlink -f "$f"); \ + grep -q '^ID=debian' "$target" || continue; \ + sed -i \ + -e 's/^VERSION_CODENAME=.*/VERSION_CODENAME=bookworm/' \ + -e 's/^VERSION_ID=.*/VERSION_ID="12"/' \ + -e 's/^VERSION=.*/VERSION="12 (bookworm)"/' \ + -e 's|^PRETTY_NAME=.*|PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"|' \ + "$target"; \ + done + RUN echo "runwhen ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers # Architecture detection for multi-arch tool installs From 7f4dcab058b2f6440143580f78f618e62f6bffc0 Mon Sep 17 00:00:00 2001 From: stewartshea Date: Mon, 13 Apr 2026 11:47:36 -0400 Subject: [PATCH 2/2] Revert devcontainer on-demand build; use CI image only Drop .devcontainer/Dockerfile and restore image: in devcontainer.json. os-release normalization stays in the root Dockerfile (built by Actions). Made-with: Cursor --- .devcontainer/Dockerfile | 24 ------------------------ .devcontainer/devcontainer.json | 8 +------- Dockerfile | 2 +- 3 files changed, 2 insertions(+), 32 deletions(-) delete mode 100644 .devcontainer/Dockerfile diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile deleted file mode 100644 index fe29d63..0000000 --- a/.devcontainer/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Codespaces / Dev Containers apply features (docker-in-docker) in a follow-on build -# stage. That installer sources /etc/os-release and only allows known VERSION_CODENAME -# values. Upstream base images may still report "forky" while apt is bookworm. -# -# This thin layer runs *before* features, so dind works even when GHCR :latest has -# not yet picked up the same normalization in the repo root Dockerfile. -ARG DEVTOOLS_IMAGE=ghcr.io/runwhen-contrib/codecollection-devtools:latest -FROM ${DEVTOOLS_IMAGE} - -USER root -RUN set -eux; \ - for f in /usr/lib/os-release /etc/os-release; do \ - [ -e "$f" ] || continue; \ - target="$f"; \ - [ -L "$f" ] && target=$(readlink -f "$f"); \ - grep -q '^ID=debian' "$target" || continue; \ - sed -i \ - -e 's/^VERSION_CODENAME=.*/VERSION_CODENAME=bookworm/' \ - -e 's/^VERSION_ID=.*/VERSION_ID="12"/' \ - -e 's/^VERSION=.*/VERSION="12 (bookworm)"/' \ - -e 's|^PRETTY_NAME=.*|PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"|' \ - "$target"; \ - done -USER runwhen diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b96444c..5ae5361 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,12 +1,6 @@ { "name": "CodeCollection DevTools", - "build": { - "dockerfile": "Dockerfile", - "context": ".", - "args": { - "DEVTOOLS_IMAGE": "ghcr.io/runwhen-contrib/codecollection-devtools:latest" - } - }, + "image": "ghcr.io/runwhen-contrib/codecollection-devtools:latest", "remoteUser": "runwhen", "updateRemoteUserUID": false, "overrideCommand": false, diff --git a/Dockerfile b/Dockerfile index 37c4385..7439367 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/* # docker-in-docker (devcontainer feature) sources /etc/os-release; "forky" is rejected. -# Align with bookworm apt pin above (also patched in .devcontainer/Dockerfile pre-features). +# Align with bookworm apt pin above so Codespaces can use the CI-built image + dind. RUN set -eux; \ for f in /usr/lib/os-release /etc/os-release; do \ [ -e "$f" ] || continue; \