From dfbd1fbe79fb8201257a6c52352042586100e41e Mon Sep 17 00:00:00 2001 From: Robin Windey Date: Fri, 31 Mar 2023 06:40:04 +0000 Subject: [PATCH] Dedicated DevContainer user + NVM * Use dedicated DevContainer user to run Apache (ensure file permissions) * Install NVM for node Signed-off-by: GitHub --- .devcontainer/Dockerfile | 20 ++++++++++++--- .devcontainer/README.md | 39 +++++++++++++++++++++++++++++- .devcontainer/codespace.config.php | 6 +++-- .devcontainer/devcontainer.json | 4 +-- .devcontainer/entrypoint.sh | 3 +-- .devcontainer/setup.sh | 6 ++--- 6 files changed, 64 insertions(+), 14 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 642ee36d1a1..99755ca2289 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -33,18 +33,15 @@ RUN apt-get install --no-install-recommends -y \ curl \ lsof \ make \ - nodejs \ - npm + unzip # Composer -# Download the Composer installer script to a temporary file RUN curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php && \ curl -sS https://composer.github.io/installer.sig -o /tmp/composer-setup.sig && \ php -r "if (hash_file('sha384', '/tmp/composer-setup.php') !== trim(file_get_contents('/tmp/composer-setup.sig'))) { echo 'Composer installation failed, invalid hash'; exit(1); }" && \ php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer && \ rm /tmp/composer-setup.php /tmp/composer-setup.sig - RUN echo "xdebug.remote_enable = 1" >> /etc/php/8.1/cli/conf.d/20-xdebug.ini && \ echo "xdebug.remote_autostart = 1" >> /etc/php/8.1/cli/conf.d/20-xdebug.ini @@ -70,4 +67,19 @@ RUN apt-get -y install \ apt-get install -y docker-ce docker-ce-cli containerd.io && \ ln -s /var/run/docker-host.sock /var/run/docker.sock +# Dedicated DevContainer user runs Apache +ENV APACHE_RUN_USER=devcontainer +ENV APACHE_RUN_GROUP=devcontainer +RUN useradd -ms /bin/bash ${APACHE_RUN_USER} && \ + adduser ${APACHE_RUN_USER} sudo && \ + echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \ + sed -ri "s/^export APACHE_RUN_USER=.*$/export APACHE_RUN_USER=${APACHE_RUN_USER}/" "/etc/apache2/envvars" && \ + sed -ri "s/^export APACHE_RUN_GROUP=.*$/export APACHE_RUN_GROUP=${APACHE_RUN_GROUP}/" "/etc/apache2/envvars" + +USER devcontainer + +# NVM +RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash +RUN bash --login -i -c 'source /home/devcontainer/.bashrc && nvm install 16' + WORKDIR /var/www/html diff --git a/.devcontainer/README.md b/.devcontainer/README.md index b1c8ed6d340..da540711fc8 100644 --- a/.devcontainer/README.md +++ b/.devcontainer/README.md @@ -31,5 +31,42 @@ The following services will be started: |---------|------------|-------------| | Nextcloud (served via Apache) | `80` | The main application | | Mailhog | `8025` | SMTP email delivery for testing | -| Adminer | `8080` | Database viewer. Use credentials from above and connect to `localhost:5432` to get access to the NC database | +| Adminer | `8080` | Database viewer. Use credentials from above and connect to `localhost` to get access to the NC database | +## Permissions + +The container runs with the user `devcontainer` who is also running the Apache2 process. All mounted source files have +proper permissions so that this user can access everything which is inside the current workspace. If you need to +get root permissions for whatever reason, use `sudo su` or `sudo ` (for example `sudo service apache2 restart`). +Everything else (like building the application, adjusting files, ...) should be done as `devcontainer` user. + +## NodeJs and NVM + +The container comes with [`nvm`](https://github.com/nvm-sh/nvm) and Node 16 installed. This should be sufficient to +build Nextcloud Core sources via `make`. If you need a different Node Version (for example for +app development), you can easily switch between different versions by running: + +```bash +# Install and use Node 14 +nvm install 14 +nvm use 14 + +# Check version +node -v + +# Switch back to Node 16 +nvm use 16 + +# Check version +node -v +``` + +Note that `nvm` is only installed for the user `devcontainer` and won't work out of the box for +any other user. + +## Debugging + +The Apache webserver is already configured to automatically try to connect to a debugger process +listening on port `9003`. To start the VSCode debugger process, use the delivered debug profile `Listen for XDebug`. +After you started the VSCode debugger, just navigate to the appropriate Nextcloud URL to get your +debug hits. \ No newline at end of file diff --git a/.devcontainer/codespace.config.php b/.devcontainer/codespace.config.php index c191698c256..3c525763540 100644 --- a/.devcontainer/codespace.config.php +++ b/.devcontainer/codespace.config.php @@ -14,7 +14,9 @@ $CONFIG = [ ]; if(is_string($codespaceName) && !empty($codespaceName) && is_string($codespaceDomain) && !empty($codespaceDomain)) { - $CONFIG['overwritehost'] = $codespaceName . '-80.' . $codespaceDomain; + $host = $codespaceName . '-80.' . $codespaceDomain; + $CONFIG['overwritehost'] = $host; + $CONFIG['overwrite.cli.url'] = 'https://' . $host; $CONFIG['overwriteprotocol'] = 'https'; - $CONFIG['trusted_domains'] = [ $CONFIG['overwritehost'] ]; + $CONFIG['trusted_domains'] = [ $host ]; } diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 709744e3f0d..3fb1bf42e44 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -3,7 +3,6 @@ "dockerComposeFile": "docker-compose.yml", "service": "nextclouddev", "postCreateCommand": ".devcontainer/setup.sh", - "postStartCommand": "chown -R www-data:www-data /var/www/html", "forwardPorts": [ 80, 8080, @@ -23,5 +22,6 @@ } } }, - "workspaceFolder": "/var/www/html" + "workspaceFolder": "/var/www/html", + "remoteUser": "devcontainer" } diff --git a/.devcontainer/entrypoint.sh b/.devcontainer/entrypoint.sh index a2aecb7ecb7..952f6f8aad6 100755 --- a/.devcontainer/entrypoint.sh +++ b/.devcontainer/entrypoint.sh @@ -1,6 +1,5 @@ #!/bin/bash -# Set proper permissions and start webserver -chown -R www-data:www-data /var/www/html && service apache2 start +sudo service apache2 start while sleep 1000; do :; done diff --git a/.devcontainer/setup.sh b/.devcontainer/setup.sh index aec20f3b4dc..2b61f3f9190 100755 --- a/.devcontainer/setup.sh +++ b/.devcontainer/setup.sh @@ -12,9 +12,9 @@ git config --global --add safe.directory /var/www/html git config --global --add safe.directory /var/www/html/3rdparty # Onetime installation setup -if [[ ! $(sudo -u www-data php occ status) =~ installed:[[:space:]]*true ]]; then +if [[ ! $(sudo -u ${APACHE_RUN_USER} php occ status) =~ installed:[[:space:]]*true ]]; then echo "Running NC installation" - sudo -u www-data php occ maintenance:install \ + sudo -u ${APACHE_RUN_USER} php occ maintenance:install \ --verbose \ --database=pgsql \ --database-name=postgres \ @@ -26,4 +26,4 @@ if [[ ! $(sudo -u www-data php occ status) =~ installed:[[:space:]]*true ]]; the --admin-pass admin fi -service apache2 restart +sudo service apache2 restart