From eb19eed8cfb663e7bc5f5a7030a0dd40300d9709 Mon Sep 17 00:00:00 2001 From: Oliver Gould Date: Tue, 11 Jan 2022 14:38:18 -0800 Subject: [PATCH] Add a devcontainer configuration (#7583) VS Code [devcontainers][dc] provide a way to define a reproducible, customizable developer environment. This should lower the barrier to entry for contributors and reduce the maintenance burden for existing developers, as a docker daemon is now basically all that's needed to get up and running. This change adds a devcontainer for the Linkerd2 project. Its container starts in the host's network so that it can easily access k3d clusters running on the host's docker daemon. [dc]: https://code.visualstudio.com/docs/remote/containers Signed-off-by: Oliver Gould (cherry picked from commit f33bb7beed734e433296bbb1b68d065da11127bf) Signed-off-by: Oliver Gould --- .devcontainer/Dockerfile | 59 +++++++++++++++++++++++++ .devcontainer/README.md | 37 ++++++++++++++++ .devcontainer/devcontainer.json | 28 ++++++++++++ .github/workflows/codecov.yml | 2 +- .github/workflows/policy_controller.yml | 8 ++-- bin/markdownlint | 13 +++--- policy-controller/amd64.dockerfile | 4 +- policy-controller/arm.dockerfile | 4 +- policy-controller/arm64.dockerfile | 4 +- rust-toolchain | 2 +- 10 files changed, 143 insertions(+), 18 deletions(-) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/README.md create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000000000..153ba7fd4479d --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,59 @@ +FROM docker.io/golang:1.17-bullseye + +# Note: we do *not* delete the apt cache so subsequent steps (like docker, +# dotfiles) need not pull the cache again. This comes at the cost of a fatter +# container image. +ENV DEBIAN_FRONTEND=noninteractive +RUN apt update && apt upgrade -y +RUN apt install -y \ + clang \ + cmake \ + libssl-dev \ + lldb \ + lsb-release \ + npm \ + sudo \ + time +RUN npm install markdownlint-cli@0.23.1 --global + +ARG USER=code +ARG USER_UID=1000 +ARG USER_GID=1000 +RUN groupadd --gid=$USER_GID $USER \ + && useradd --uid=$USER_UID --gid=$USER_GID -m $USER \ + && echo "$USER ALL=(root) NOPASSWD:ALL" >/etc/sudoers.d/$USER \ + && chmod 0440 /etc/sudoers.d/$USER + +# Install a Docker client that uses the host's Docker daemon +ARG USE_MOBY=false +ENV DOCKER_BUILDKIT=1 +RUN curl --proto '=https' --tlsv1.3 -vsSfL https://raw.githubusercontent.com/microsoft/vscode-dev-containers/main/script-library/docker-debian.sh \ + | bash -s -- true /var/run/docker-host.sock /var/run/docker.sock "${USER}" "${USE_MOBY}" latest + +RUN (echo "LC_ALL=en_US.UTF-8" \ + && echo "LANGUAGE=en_US.UTF-8") >/etc/default/locale + +USER $USER +ENV USER=$USER +ENV HOME=/home/$USER +RUN mkdir -p $HOME/bin +ENV PATH=$HOME/bin:$PATH + +RUN curl --proto '=https' --tlsv1.3 -vsSfLo $HOME/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \ + && chmod 755 $HOME/kubectl +RUN curl --proto '=https' --tlsv1.3 -vsSfL https://raw.githubusercontent.com/rancher/k3d/main/install.sh \ + | USE_SUDO=false K3D_INSTALL_DIR=$HOME/bin bash + +RUN curl --proto '=https' --tlsv1.3 -vsSfL https://sh.rustup.rs \ + | sh -s -- -y --default-toolchain 1.56.1 -c rustfmt -c clippy -c rls + +RUN mkdir /tmp/cargo-deny && cd /tmp/cargo-deny && \ + curl --proto '=https' --tlsv1.3 -vsSfL https://github.com/EmbarkStudios/cargo-deny/releases/download/0.11.0/cargo-deny-0.11.0-x86_64-unknown-linux-musl.tar.gz | tar zxf - && \ + mv cargo-deny-0.11.0-x86_64-unknown-linux-musl/cargo-deny $HOME/bin && \ + cd .. && rm -rf /tmp/cargo-deny + +RUN curl --proto '=https' --tlsv1.3 -vsSfL https://run.linkerd.io/install-edge | sh \ + && ln -s $(readlink ~/.linkerd2/bin/linkerd) ~/bin/linkerd + +ENTRYPOINT ["/usr/local/share/docker-init.sh"] +CMD ["sleep", "infinity"] diff --git a/.devcontainer/README.md b/.devcontainer/README.md new file mode 100644 index 0000000000000..a625e8bbdabb3 --- /dev/null +++ b/.devcontainer/README.md @@ -0,0 +1,37 @@ +# devcontainer + +This directory provides a _devcontainer_ configuration that configures a +reproducible development environment for this project. + +## Docker + +This configuration currently uses the parent host's Docker daemon (rather than +running a separate docker daemon within in the container). It creates +devcontainers on the host network so it's easy to use k3d clusters hosted in the +parent host's docker daemon. + +## Customizing + +This configuration is supposed to provide a minimal setup without catering to +any one developer's personal tastes. Devcontainers can be extended with per-user +configuration. + +To add your own extensions to the devcontainer, configure default extensions in +your VS Code settings: + +```jsonc + "remote.containers.defaultExtensions": [ + "eamodio.gitlens", + "GitHub.copilot", + "GitHub.vscode-pull-request-github", + "mutantdino.resourcemonitor", + "stateful.edge" + ], +``` + +Furthermore, you can configure a _dotfiles_ repository to perform customizations +with a configuration like: + +```jsonc + "dotfiles.repository": "https://github.com/olix0r/dotfiles.git", +``` diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000000000..93c60d42ee031 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,28 @@ +{ + "name": "linkerd2", + "image": "ghcr.io/linkerd/dev:v4", + // "dockerFile": "./Dockerfile", + "extensions": [ + "DavidAnson.vscode-markdownlint", + "matklad.rust-analyzer", + "NathanRidley.autotrim", + "samverschueren.final-newline", + "streetsidesoftware.code-spell-checker", + "tamasfe.even-better-toml", + "vadimcn.vscode-lldb", + "zxh404.vscode-proto3" + ], + "runArgs": [ + "--init", + // Use the host network so we can access k3d, etc. + "--net=host", + // For lldb + "--cap-add=SYS_PTRACE", + "--security-opt=seccomp=unconfined" + ], + "overrideCommand": false, + "remoteUser": "code", + "mounts": [ + "source=/var/run/docker.sock,target=/var/run/docker-host.sock,type=bind" + ] +} diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index e493485e1ad65..9e6b67b041a92 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -50,7 +50,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 container: - image: docker://rust:1.56.0 + image: docker://rust:1.56.1 options: --security-opt seccomp=unconfined steps: - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 diff --git a/.github/workflows/policy_controller.yml b/.github/workflows/policy_controller.yml index a6fb0ca09607e..949c4e3564b76 100644 --- a/.github/workflows/policy_controller.yml +++ b/.github/workflows/policy_controller.yml @@ -24,7 +24,7 @@ jobs: timeout-minutes: 5 runs-on: ubuntu-latest container: - image: docker://rust:1.56.0 + image: docker://rust:1.56.1 steps: - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 - run: rustup component add rustfmt @@ -50,7 +50,7 @@ jobs: timeout-minutes: 5 runs-on: ubuntu-latest container: - image: docker://rust:1.56.0 + image: docker://rust:1.56.1 steps: - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 - run: rustup component add clippy @@ -60,7 +60,7 @@ jobs: timeout-minutes: 20 runs-on: ubuntu-latest container: - image: docker://rust:1.56.0 + image: docker://rust:1.56.1 steps: - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # Check each crate independently to ensure its Cargo.toml is sufficient. @@ -77,7 +77,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 container: - image: docker://rust:1.56.0 + image: docker://rust:1.56.1 steps: - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 - run: cargo test --workspace --no-run diff --git a/bin/markdownlint b/bin/markdownlint index afd8f8dd421db..039a4d39ce9ec 100755 --- a/bin/markdownlint +++ b/bin/markdownlint @@ -4,16 +4,17 @@ set -eu bindir=$( cd "${0%/*}" && pwd ) rootdir=$( cd "$bindir"/.. && pwd ) -markdownlintbin="$rootdir/node_modules/.bin/markdownlint" -markdownlint_version=0.23.1 +version=0.23.1 -if [ ! -x "$markdownlintbin" ] || [ "$($markdownlintbin -V)" != $markdownlint_version ]; then +export PATH="$rootdir/node_modules/.bin:$PATH" + +if ! command -v markdownlint >/dev/null || [ "$(markdownlint -V)" != "$version" ]; then if ! [ -x "$(command -v npm)" ]; then - echo 'Error: npm required to install markdownlint command' + echo 'Error: npm required to install markdownlint command' >&2 exit 1 fi - npm install markdownlint-cli@$markdownlint_version + npm install "markdownlint-cli@$version" fi -"$markdownlintbin" "$@" +markdownlint "$@" diff --git a/policy-controller/amd64.dockerfile b/policy-controller/amd64.dockerfile index 42635acb4b560..81d36f10be066 100644 --- a/policy-controller/amd64.dockerfile +++ b/policy-controller/amd64.dockerfile @@ -1,4 +1,4 @@ -ARG RUST_IMAGE=docker.io/library/rust:1.56.0 +ARG RUST_IMAGE=docker.io/library/rust:1.56.1 ARG RUNTIME_IMAGE=gcr.io/distroless/cc # Builds the controller binary. @@ -7,7 +7,7 @@ ARG TARGETARCH WORKDIR /build COPY Cargo.toml Cargo.lock policy-controller/ /build/ RUN --mount=type=cache,target=target \ - --mount=type=cache,from=rust:1.56.0,source=/usr/local/cargo,target=/usr/local/cargo \ + --mount=type=cache,from=rust:1.56.1,source=/usr/local/cargo,target=/usr/local/cargo \ cargo build --locked --target=x86_64-unknown-linux-gnu --release --package=linkerd-policy-controller && \ mv target/x86_64-unknown-linux-gnu/release/linkerd-policy-controller /tmp/ diff --git a/policy-controller/arm.dockerfile b/policy-controller/arm.dockerfile index f6169fd84a8ac..512860235990b 100644 --- a/policy-controller/arm.dockerfile +++ b/policy-controller/arm.dockerfile @@ -1,4 +1,4 @@ -ARG RUST_IMAGE=docker.io/library/rust:1.56.0 +ARG RUST_IMAGE=docker.io/library/rust:1.56.1 ARG RUNTIME_IMAGE=gcr.io/distroless/cc FROM $RUST_IMAGE as build @@ -11,7 +11,7 @@ WORKDIR /build COPY Cargo.toml Cargo.lock policy-controller/ /build/ # XXX(ver) we can't easily cross-compile against openssl, so use rustls on arm. RUN --mount=type=cache,target=target \ - --mount=type=cache,from=rust:1.56.0,source=/usr/local/cargo,target=/usr/local/cargo \ + --mount=type=cache,from=rust:1.56.1,source=/usr/local/cargo,target=/usr/local/cargo \ cargo build --locked --release --target=armv7-unknown-linux-gnueabihf \ --package=linkerd-policy-controller --no-default-features --features="rustls" && \ mv target/armv7-unknown-linux-gnueabihf/release/linkerd-policy-controller /tmp/ diff --git a/policy-controller/arm64.dockerfile b/policy-controller/arm64.dockerfile index 0e1c2b48792e0..3c565fcbbcfc3 100644 --- a/policy-controller/arm64.dockerfile +++ b/policy-controller/arm64.dockerfile @@ -1,4 +1,4 @@ -ARG RUST_IMAGE=docker.io/library/rust:1.56.0 +ARG RUST_IMAGE=docker.io/library/rust:1.56.1 ARG RUNTIME_IMAGE=gcr.io/distroless/cc FROM $RUST_IMAGE as build @@ -11,7 +11,7 @@ WORKDIR /build COPY Cargo.toml Cargo.lock policy-controller/ /build/ # XXX(ver) we can't easily cross-compile against openssl, so use rustls on arm. RUN --mount=type=cache,target=target \ - --mount=type=cache,from=rust:1.56.0,source=/usr/local/cargo,target=/usr/local/cargo \ + --mount=type=cache,from=rust:1.56.1,source=/usr/local/cargo,target=/usr/local/cargo \ cargo build --locked --release --target=aarch64-unknown-linux-gnu \ --package=linkerd-policy-controller --no-default-features --features="rustls" && \ mv target/aarch64-unknown-linux-gnu/release/linkerd-policy-controller /tmp/ diff --git a/rust-toolchain b/rust-toolchain index 3ebf789f5a8df..43c989b55315f 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1 +1 @@ -1.56.0 +1.56.1