Add devcontainer config #2
Conversation
kevinbackhouse
requested review from
JarLob,
m-y-mo,
p- and
sylwia-budzynska
as code owners
There was a problem hiding this comment.
Pull request overview
This PR adds devcontainer configuration to the seclab-taskflows repository, enabling developers to quickly spin up a consistent development environment using VS Code devcontainers or GitHub Codespaces. The configuration was copied from the related seclab-taskflow-agent repository.
Key changes:
- Dockerfile configures Ubuntu 24.04 base with CodeQL CLI installation
- devcontainer.json sets up Python 3.11, Git, GitHub CLI, and Docker-in-Docker features with VS Code extensions
- Post-create script automates virtual environment setup, dependency installation, and .env template creation
- Post-attach script provides warnings for missing Codespaces secrets
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
.devcontainer/Dockerfile |
Defines base Ubuntu 24.04 image with system dependencies and CodeQL CLI installation |
.devcontainer/devcontainer.json |
Configures devcontainer features (Python 3.11, Git, GitHub CLI, Docker), VS Code extensions, and lifecycle scripts |
.devcontainer/post-create.sh |
Automates development environment setup including venv creation, dependency installation, and .env file generation |
.devcontainer/post-attach.sh |
Validates Codespaces secrets and reminds users to activate the virtual environment |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| source .venv/bin/activate | ||
| python -m pip install --upgrade pip | ||
| python -m pip install hatch | ||
| hatch build |
There was a problem hiding this comment.
Running hatch build followed by pip install -e . is redundant. The pip install -e . command (editable install) on line 18 will build and install the package in development mode without needing the separate hatch build step. Consider removing line 15 to simplify the setup process.
| hatch build |
| python -m pip install hatch | ||
| hatch build | ||
|
|
There was a problem hiding this comment.
[nitpick] Installing hatch may be unnecessary if you're only using pip install -e . for development. The pyproject.toml uses hatchling as the build backend, which pip will invoke automatically during installation. Consider removing this line unless hatch is specifically needed for other development tasks.
| python -m pip install hatch | |
| hatch build |
| // Features to add to the dev container | ||
| "features": { | ||
| "ghcr.io/devcontainers/features/python:1": { | ||
| "version": "3.11", |
There was a problem hiding this comment.
Python version 3.8 is listed as supported in pyproject.toml classifiers (line 19), but the devcontainer specifies Python 3.11. The pyproject.toml also requires Python >=3.9 (line 10), which conflicts with the 3.8 classifier. Consider either:
- Using Python 3.9 in the devcontainer to match the minimum supported version
- Or document that 3.11 is the recommended development version
This ensures consistency between the declared support and the development environment.
| "version": "3.11", | |
| "version": "3.9", |
| && rm /tmp/codeql.zip | ||
|
|
||
| # Set working directory | ||
| WORKDIR /workspaces/seclab-taskflows |
There was a problem hiding this comment.
The WORKDIR is set to /workspaces/seclab-taskflows, but devcontainers typically mount the repository at /workspaces/<repo-name> where the repo name is determined dynamically. The default mount path may not match this hardcoded path. Consider removing this line and letting the devcontainer handle the working directory, or use a variable path like /workspaces/${localWorkspaceFolderBasename} in the devcontainer.json configuration.
| WORKDIR /workspaces/seclab-taskflows |
| @@ -0,0 +1,34 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Ensure this script has executable permissions when added to the repository. Run chmod +x .devcontainer/post-create.sh before committing, or the devcontainer may fail to execute it.
| RUN curl -Ls -o /tmp/codeql.zip https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip \ | ||
| && unzip /tmp/codeql.zip -d /opt \ |
There was a problem hiding this comment.
The unzip command is used to extract the CodeQL CLI archive, but the unzip package is not installed in the previous RUN command. This will cause the build to fail. Add unzip to the apt-get install command on line 7, e.g., build-essential unzip \.
| && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| # Install CodeQL CLI | ||
| RUN curl -Ls -o /tmp/codeql.zip https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip \ |
There was a problem hiding this comment.
The curl command is used to download the CodeQL CLI, but curl may not be installed in the base image. To ensure reliability, add curl to the apt-get install command on line 7, e.g., build-essential curl unzip \.
| @@ -0,0 +1,15 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
Ensure this script has executable permissions when added to the repository. Run chmod +x .devcontainer/post-attach.sh before committing, or the devcontainer may fail to execute it.
| if [ ! -f .env ]; then | ||
| echo "📝 Creating .env template..." | ||
| echo "# Optional: CodeQL database base path" >> .env | ||
| echo "CODEQL_DBS_BASE_PATH=$(realpath data)" >> .env |
There was a problem hiding this comment.
According to the README, the project requires MEMCACHE_STATE_DIR, CODEQL_DBS_BASE_PATH, and DATA_DIR environment variables. Currently, only CODEQL_DBS_BASE_PATH is added to the .env file. Consider adding the other required environment variables:
echo "MEMCACHE_STATE_DIR=$(realpath data)" >> .env
echo "DATA_DIR=$(realpath data)" >> .envThis ensures the devcontainer setup aligns with the documented requirements.
| echo "CODEQL_DBS_BASE_PATH=$(realpath data)" >> .env | |
| echo "CODEQL_DBS_BASE_PATH=$(realpath data)" >> .env | |
| echo "MEMCACHE_STATE_DIR=$(realpath data)" >> .env | |
| echo "DATA_DIR=$(realpath data)" >> .env |
2 participants
Copied from https://github.com/GitHubSecurityLab/seclab-taskflow-agent/tree/main/.devcontainer