Begin the devcontainer setup

Author: MareStare

.devcontainer/devcontainer.json

@@ -0,0 +1,75 @@
+{
+  "build": {
+    "dockerfile": "../docker/app/Dockerfile",
+    "context": ".."
+  },
+
+  "mounts": [
+    // Use a "docker outside of docker" setup where we reuse the host's docker daemon:
+    // https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker
+    {
+      "source": "/var/run/docker.sock",
+      "target": "/var/run/docker.sock",
+      "type": "bind"
+    }
+  ],
+
+  "workspaceMount": "source=${localWorkspaceFolder},target=/home/philomena/philomena,type=bind",
+  "workspaceFolder": "/home/philomena/philomena",
+
+  "containerEnv": {
+    "HOST_WORKSPACE": "${localWorkspaceFolder}"
+  },
+
+  // While technically optional, --init enables an init process to properly handle
+  // signals and ensure Zombie Processes are cleaned up.
+  "runArgs": [
+    "--init",
+
+    // Do some initial setup tasks at runtime.
+    "--entrypoint",
+    "${containerWorkspaceFolder}/.devcontainer/docker-init.sh"
+  ],
+
+  // Make sure our custom `docker-init.sh` script is run at startup
+  "overrideCommand": false,
+
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        // Rust LSP
+        "rust-lang.rust-analyzer",
+
+        // Elixir LSP
+        "lexical-lsp.lexical",
+
+        // Dockerfile LSP
+        "ms-azuretools.vscode-docker",
+
+        // Github Actions LSP
+        "github.vscode-github-actions",
+
+        // Bash LSP
+        "mads-hartmann.bash-ide-vscode",
+
+        // `.slime` syntax highlighting
+        "xolan.slime",
+
+        // `.js`, `.ts` linter
+        "dbaeumer.vscode-eslint",
+
+        // `.css` linter
+        "stylelint.vscode-stylelint",
+
+        // `.js`, `.ts`. `.css`, `.json`, `.yaml`, `.md` formatter
+        "esbenp.prettier-vscode",
+
+        // Spell checker enforced on CI
+        "tekumara.typos-vscode",
+
+        // `.toMatchInlineSnapshot()` syntax highlighting
+        "tlent.jest-snapshot-language-support"
+      ]
+    }
+  }
+}

.devcontainer/docker-init.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+. "$(dirname "${BASH_SOURCE[0]}")/../scripts/lib.sh"
+
+# Add the current user to the docker group to allow running docker commands
+# without sudo. We have to do this right at the start of the container instead
+# of the build time because the docker socket is mounted only at runtime.
+docker_gid=$(stat -c '%g' /var/run/docker.sock)
+
+if [[ "${docker_gid}" == '0' ]]; then
+  die "Unsupported configuration: docker socket is owned by root"
+fi
+
+# This is really annoying, but to provide sudo-less access to the docker socket,
+# we need to add the current user to the group that owns the socket. Because we
+# mount it from the host the group may have arbitrary ID that we can't easily
+# control.
+#
+# There can also be an existing group in the container with the ID of the host
+# docker socket group, which is very likely to happen given that the usual docker
+# group has ID 999 and Alpine Linux uses this GID for the `ping` group:
+# https://github.com/alpinelinux/docker-alpine/issues/323
+existing_group=$(getent group "${docker_gid}")
+
+if [ "$existing_group" = '' ]; then
+  step sudo groupadd --gid "${docker_gid}" docker-host
+else
+  info "Group with the host docker socket GID already exists: ${existing_group}. Reusing it."
+fi
+
+user=$(id -u -n)
+
+if [ "$(id "$user" | grep -E "groups=.*(=|,)${docker_gid}\\(")" = '' ]; then
+  step sudo usermod --append --groups "${docker_gid}" "$user"
+else
+  info "User ${user} is already in the group ${docker_gid}. No need to add it again."
+fi
+
+step exec sleep infinity

.gitignore

@@ -29,7 +29,7 @@ philomena-*.tar
 npm-debug.log
 
 # The directory NPM downloads your dependencies sources to.
-/assets/node_modules/
+node_modules/
 
 # Since we are building assets from assets/,
 # we ignore priv/static. You may want to comment
@@ -64,9 +64,3 @@ npm-debug.log
 
 # Vitest coverage
 /assets/coverage
-
-# The tool output directory is used by the repo init script to store various
-# tools that are used for development. We use this repo-local folder and avoid
-# using system-wide directories to prevent polluting the dev's environment which
-# may be shared with other projects.
-.tools

docker-compose.yml

@@ -11,6 +11,9 @@ services:
     build:
       context: .
       dockerfile: ./docker/app/Dockerfile
+
+    command: run-development
+
     environment:
       - MIX_ENV=dev
       - PGPASSWORD=postgres
@@ -46,12 +49,8 @@ services:
     working_dir: /srv/philomena
     tty: true
 
-    # The `HOST_USER` is set by the wrapper script. This prevents the polluting
-    # the repo directory with root-owned files.
-    user: ${HOST_USER:-root}
-
     volumes:
-      - .:/srv/philomena
+      - ${HOST_WORKSPACE-.}:/home/philomena/philomena
       - app_cargo_data:/srv/philomena/.cargo
       - app_build_data:/srv/philomena/_build
       - app_deps_data:/srv/philomena/deps
@@ -75,7 +74,7 @@ services:
     image: opensearchproject/opensearch:2.19.1
     volumes:
       - opensearch_data:/usr/share/opensearch/data
-      - ./docker/opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
+      - ${HOST_WORKSPACE-.}/docker/opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
     attach: false
     ulimits:
       nofile:
@@ -91,7 +90,7 @@ services:
     environment:
       - JCLOUDS_FILESYSTEM_BASEDIR=/srv/philomena/priv/s3
     volumes:
-      - .:/srv/philomena
+      - ${HOST_WORKSPACE-.}:/srv/philomena
     attach: false
 
   web:
@@ -110,7 +109,7 @@ services:
     user: ${HOST_USER:-root}
 
     volumes:
-      - .:/srv/philomena
+      - ${HOST_WORKSPACE-.}:/srv/philomena
 
     environment:
       - AWS_ACCESS_KEY_ID=local-identity

docker/app/Dockerfile

@@ -36,6 +36,14 @@ RUN ( \
     && mix local.hex --force \
     && mix local.rebar --force
 
+# Dev-only tools
+RUN apk add --update \
+    bottom \
+    docker-cli-compose \
+    # Needed for the `usermod` command
+    shadow \
+    sudo
+
 ADD https://api.github.com/repos/philomena-dev/cli_intensities/git/refs/heads/master /tmp/cli_intensities_version.json
 RUN git clone --depth 1 https://github.com/philomena-dev/cli_intensities /tmp/cli_intensities \
     && cd /tmp/cli_intensities \
@@ -47,11 +55,18 @@ RUN git clone --depth 1 https://github.com/philomena-dev/mediatools /tmp/mediato
     && cd /tmp/mediatools \
     && make -j$(nproc) install
 
-# docker-compose configures a bind-mount of the repo root dir to /srv/philomena
-ENV PATH=$PATH:/srv/philomena/docker/app
+# Create a non-root user to avoid polluting the bind-mounted directories with
+# root-owned files on the host machine.
+ARG USER=philomena
+ARG CONTAINER_WORKSPACE=/home/$USER/philomena
+
+# docker-compose configures a bind-mount of the repo root dir to $REPO
 ENV PATH=$PATH:/root/.cargo/bin
+ENV PATH=$PATH:$CONTAINER_WORKSPACE/docker/app
+ENV PATH=$PATH:$CONTAINER_WORKSPACE/scripts/path
+
+WORKDIR $CONTAINER_WORKSPACE
 
-WORKDIR /app
 RUN --mount=source=./scripts,target=./scripts ./scripts/install/typos.sh
 RUN --mount=source=./scripts,target=./scripts ./scripts/install/shellcheck.sh
 RUN --mount=source=./package.json,target=./package.json \
@@ -61,3 +76,14 @@ RUN --mount=source=./package.json,target=./package.json \
 EXPOSE 5173
 
 CMD ["run-development"]
+
+# The UID of 1000 is the default for most Linux distributions, which should make
+# this user map to the default user on the host system for bind-mounted volumes.
+#
+# However, if you are running this in a devcontainer via VSCode, then it'll update
+# the UID/GID of this user to match the UID/GID of the user on the host automatically:
+#: https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user#_specifying-the-default-container-user
+RUN adduser $USER --uid 1000 --shell /bin/bash --disabled-password \
+    && echo "$USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USER
+
+USER $USER