Dockerfile: add tsffs-dev target #169
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new tsffs-dev Docker target to support development workflows. The changes include refactoring the existing Dockerfile to use multi-stage builds with named stages and adding development container configuration.
- Adds a multi-stage Docker build with
tsffs-base,tsffs-dev, andtsffs-prodtargets - Creates a development environment with user management, Rust toolchain, and proper permissions
- Configures VS Code dev container integration with extensions
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Dockerfile | Adds multi-stage build with tsffs-dev target for development environment |
| .dockerignore | Excludes dev container config and packages directory from build context |
| .devcontainer.json | Configures VS Code dev container to use tsffs-dev target |
Dockerfile
Outdated
| && echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME | ||
|
|
||
| # create group for developers | ||
| groupadd dev |
There was a problem hiding this comment.
The 'dev' group is created but the user is not added to it. Consider adding the user to the group with 'usermod -a -G dev $USERNAME' to ensure proper permissions for /workspace/{simics,projects}.
| groupadd dev | |
| groupadd dev | |
| # add $USERNAME to the dev group | |
| usermod -a -G dev $USERNAME |
| chown -R root:dev /workspace/{simics,projects} && chmod -R g+w /workspace/{simics,projects} | ||
|
|
||
| # install Rust nightly for the user | ||
| sudo -E -u $USERNAME bash -c 'curl https://sh.rustup.rs -sSf | bash -s -- -y --default-toolchain none' |
There was a problem hiding this comment.
Installing Rust via curl piped to bash poses security risks. Consider using package manager installation or verifying the script's integrity with checksums.
| # create group for developers | ||
| groupadd dev | ||
| # set /workspace/simics permissions to root:dev | ||
| chown -R root:dev /workspace/{simics,projects} && chmod -R g+w /workspace/{simics,projects} |
There was a problem hiding this comment.
[nitpick] Setting group write permissions recursively on /workspace/{simics,projects} may be overly permissive. Consider limiting write access to specific subdirectories that need modification.
| chown -R root:dev /workspace/{simics,projects} && chmod -R g+w /workspace/{simics,projects} | |
| chown -R root:dev /workspace/simics/specific-subdir /workspace/projects/specific-subdir && \ | |
| chmod -R g+w /workspace/simics/specific-subdir /workspace/projects/specific-subdir |
Wenzel
force-pushed
the
dockerfile_dev
branch
4 times, most recently
from
5ca2e5c to
30ba116
Compare
1 participant
No description provided.