From 245befba0b7f2ed3f8d52edd0401306fd7f763ee Mon Sep 17 00:00:00 2001 From: Danielle Maywood Date: Wed, 23 Apr 2025 15:14:29 +0000 Subject: [PATCH 1/3] feat: add `passwordFile` and `hashedPasswordFile` options --- src/code-server/README.md | 2 ++ src/code-server/devcontainer-feature.json | 10 ++++++++++ src/code-server/install.sh | 8 ++++++++ .../code-server-hashed-password-file.sh | 16 +++++++++++++++ .../Dockerfile | 3 +++ test/code-server/code-server-password-file.sh | 16 +++++++++++++++ .../code-server-password-file/Dockerfile | 3 +++ test/code-server/scenarios.json | 20 +++++++++++++++++++ 8 files changed, 78 insertions(+) create mode 100644 test/code-server/code-server-hashed-password-file.sh create mode 100644 test/code-server/code-server-hashed-password-file/Dockerfile create mode 100644 test/code-server/code-server-password-file.sh create mode 100644 test/code-server/code-server-password-file/Dockerfile diff --git a/src/code-server/README.md b/src/code-server/README.md index 02a1cb6..c0624f3 100644 --- a/src/code-server/README.md +++ b/src/code-server/README.md @@ -29,9 +29,11 @@ VS Code in the browser | disableWorkspaceTrust | Disable Workspace Trust feature. This only affects the current session. | boolean | false | | enableProposedAPI | Comma-separated list of VS Code extension IDs to enable proposed API features for. | string | - | | extensions | Comma-separated list of VS Code extensions to install. Format: 'publisher.extension[@version]' (e.g., 'ms-python.python,ms-azuretools.vscode-docker'). | string | - | +| hashedPasswordFile | Path to a file containing the hashed password used for authentication. The password should be hashed with argon2 and be in the encoded form. This takes priority over `passwordFile`. | string | - | | host | The address to bind to for the code-server. Use '0.0.0.0' to listen on all interfaces. | string | 127.0.0.1 | | locale | Set VS Code display language and language shown on the login page. Format should be an IETF language tag (e.g., 'en', 'fr', 'zh-CN'). | string | - | | logFile | Path to a file to send stdout and stderr logs to from code-server. | string | /tmp/code-server.log | +| passwordFile | Path to a file containing the password used for authentication. | string | - | | port | The port to bind to for the code-server. | string | 8080 | | proxyDomain | Domain used for proxying ports. | string | - | | socket | Path to a socket. When specified, host and port will be ignored. | string | - | diff --git a/src/code-server/devcontainer-feature.json b/src/code-server/devcontainer-feature.json index f58b60b..7cd305e 100644 --- a/src/code-server/devcontainer-feature.json +++ b/src/code-server/devcontainer-feature.json @@ -75,6 +75,11 @@ "default": "", "description": "Comma-separated list of VS Code extensions to install. Format: 'publisher.extension[@version]' (e.g., 'ms-python.python,ms-azuretools.vscode-docker')." }, + "hashedPasswordFile": { + "type": "string", + "default": "", + "description": "Path to a file containing the hashed password used for authentication. The password should be hashed with argon2 and be in the encoded form. This takes priority over `passwordFile`." + }, "host": { "type": "string", "default": "127.0.0.1", @@ -90,6 +95,11 @@ "default": "/tmp/code-server.log", "description": "Path to a file to send stdout and stderr logs to from code-server." }, + "passwordFile": { + "type": "string", + "default": "", + "description": "Path to a file containing the password used for authentication." + }, "port": { "type": "string", "default": "8080", diff --git a/src/code-server/install.sh b/src/code-server/install.sh index da27dff..6f90b6e 100644 --- a/src/code-server/install.sh +++ b/src/code-server/install.sh @@ -116,6 +116,14 @@ fi $(declare -p FLAGS) +if [[ -f "$PASSWORDFILE" ]]; then + export PASSWORD="\$(cat '$PASSWORDFILE')" +fi + +if [[ -f "$HASHEDPASSWORDFILE" ]]; then + export HASHED_PASSWORD="\$(cat '$HASHEDPASSWORDFILE')" +fi + code-server "\${FLAGS[@]}" "$CODE_SERVER_WORKSPACE" >"$LOGFILE" 2>&1 EOF diff --git a/test/code-server/code-server-hashed-password-file.sh b/test/code-server/code-server-hashed-password-file.sh new file mode 100644 index 0000000..e9d41f5 --- /dev/null +++ b/test/code-server/code-server-hashed-password-file.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server hashed-password-file" grep $'export HASHED_PASSWORD="$(cat \'/tmp/code-server-hashed-password\')"' < /usr/local/bin/code-server-entrypoint +check "code-server hashed-password" grep 'Using password from $HASHED_PASSWORD' < /tmp/code-server.log + +# Report results +reportResults diff --git a/test/code-server/code-server-hashed-password-file/Dockerfile b/test/code-server/code-server-hashed-password-file/Dockerfile new file mode 100644 index 0000000..f42a3cc --- /dev/null +++ b/test/code-server/code-server-hashed-password-file/Dockerfile @@ -0,0 +1,3 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu + +RUN su vscode -c 'echo "\$argon2id\$v=19\$m=16,t=2,p=1\$c2FtcGxlc2FsdA\$YBn10Qizrh/i2jf/rPOCCA" > /tmp/code-server-hashed-password' diff --git a/test/code-server/code-server-password-file.sh b/test/code-server/code-server-password-file.sh new file mode 100644 index 0000000..8282d39 --- /dev/null +++ b/test/code-server/code-server-password-file.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server password-file" grep $'export PASSWORD="$(cat \'/tmp/code-server-password\')"' < /usr/local/bin/code-server-entrypoint +check "code-server password" grep 'Using password from $PASSWORD' < /tmp/code-server.log + +# Report results +reportResults diff --git a/test/code-server/code-server-password-file/Dockerfile b/test/code-server/code-server-password-file/Dockerfile new file mode 100644 index 0000000..a3e8a30 --- /dev/null +++ b/test/code-server/code-server-password-file/Dockerfile @@ -0,0 +1,3 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu + +RUN su vscode -c "echo 'some sample password' > /tmp/code-server-password" diff --git a/test/code-server/scenarios.json b/test/code-server/scenarios.json index 7cfb8a6..6832336 100644 --- a/test/code-server/scenarios.json +++ b/test/code-server/scenarios.json @@ -227,5 +227,25 @@ "proxyDomain": "dev.coder.com" } } + }, + "code-server-password-file": { + "build": { + "dockerfile": "Dockerfile" + }, + "features": { + "code-server": { + "passwordFile": "/tmp/code-server-password" + } + } + }, + "code-server-hashed-password-file": { + "build": { + "dockerfile": "Dockerfile" + }, + "features": { + "code-server": { + "hashedPasswordFile": "/tmp/code-server-hashed-password" + } + } } } From e9282058fa9447cc41f812b062472f5dfff1095d Mon Sep 17 00:00:00 2001 From: Danielle Maywood Date: Thu, 24 Apr 2025 09:41:22 +0000 Subject: [PATCH 2/3] feat: add `githubAuthTokenFile` option --- src/code-server/README.md | 1 + src/code-server/devcontainer-feature.json | 5 +++++ src/code-server/install.sh | 4 ++++ .../code-server-github-auth-token-file.sh | 16 ++++++++++++++++ .../Dockerfile | 3 +++ test/code-server/scenarios.json | 10 ++++++++++ 6 files changed, 39 insertions(+) create mode 100644 test/code-server/code-server-github-auth-token-file.sh create mode 100644 test/code-server/code-server-github-auth-token-file/Dockerfile diff --git a/src/code-server/README.md b/src/code-server/README.md index c0624f3..7f3e758 100644 --- a/src/code-server/README.md +++ b/src/code-server/README.md @@ -29,6 +29,7 @@ VS Code in the browser | disableWorkspaceTrust | Disable Workspace Trust feature. This only affects the current session. | boolean | false | | enableProposedAPI | Comma-separated list of VS Code extension IDs to enable proposed API features for. | string | - | | extensions | Comma-separated list of VS Code extensions to install. Format: 'publisher.extension[@version]' (e.g., 'ms-python.python,ms-azuretools.vscode-docker'). | string | - | +| githubAuthTokenFile | Path to a file containing your GitHub auth token. | string | - | | hashedPasswordFile | Path to a file containing the hashed password used for authentication. The password should be hashed with argon2 and be in the encoded form. This takes priority over `passwordFile`. | string | - | | host | The address to bind to for the code-server. Use '0.0.0.0' to listen on all interfaces. | string | 127.0.0.1 | | locale | Set VS Code display language and language shown on the login page. Format should be an IETF language tag (e.g., 'en', 'fr', 'zh-CN'). | string | - | diff --git a/src/code-server/devcontainer-feature.json b/src/code-server/devcontainer-feature.json index 7cd305e..78e6d1b 100644 --- a/src/code-server/devcontainer-feature.json +++ b/src/code-server/devcontainer-feature.json @@ -75,6 +75,11 @@ "default": "", "description": "Comma-separated list of VS Code extensions to install. Format: 'publisher.extension[@version]' (e.g., 'ms-python.python,ms-azuretools.vscode-docker')." }, + "githubAuthTokenFile": { + "type": "string", + "default": "", + "description": "Path to a file containing your GitHub auth token." + }, "hashedPasswordFile": { "type": "string", "default": "", diff --git a/src/code-server/install.sh b/src/code-server/install.sh index 6f90b6e..296eea6 100644 --- a/src/code-server/install.sh +++ b/src/code-server/install.sh @@ -124,6 +124,10 @@ if [[ -f "$HASHEDPASSWORDFILE" ]]; then export HASHED_PASSWORD="\$(cat '$HASHEDPASSWORDFILE')" fi +if [[ -f "$GITHUBAUTHTOKENFILE" ]]; then + export GITHUB_TOKEN="\$(cat '$GITHUBAUTHTOKENFILE')" +fi + code-server "\${FLAGS[@]}" "$CODE_SERVER_WORKSPACE" >"$LOGFILE" 2>&1 EOF diff --git a/test/code-server/code-server-github-auth-token-file.sh b/test/code-server/code-server-github-auth-token-file.sh new file mode 100644 index 0000000..1b91035 --- /dev/null +++ b/test/code-server/code-server-github-auth-token-file.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +cat /tmp/code-server.log +check "code-server github-auth-token-file" grep $'export GITHUB_TOKEN="$(cat \'/tmp/code-server-github-auth-token\')"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-github-auth-token-file/Dockerfile b/test/code-server/code-server-github-auth-token-file/Dockerfile new file mode 100644 index 0000000..7c60978 --- /dev/null +++ b/test/code-server/code-server-github-auth-token-file/Dockerfile @@ -0,0 +1,3 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu + +RUN su vscode -c 'echo "github auth token" > /tmp/code-server-github-auth-token' diff --git a/test/code-server/scenarios.json b/test/code-server/scenarios.json index 6832336..332fce2 100644 --- a/test/code-server/scenarios.json +++ b/test/code-server/scenarios.json @@ -247,5 +247,15 @@ "hashedPasswordFile": "/tmp/code-server-hashed-password" } } + }, + "code-server-github-auth-token-file": { + "build": { + "dockerfile": "Dockerfile" + }, + "features": { + "code-server": { + "githubAuthTokenFile": "/tmp/code-server-github-auth-token" + } + } } } From 5a1700c5c9f07aa02cfb0d63f692c5c55e01e241 Mon Sep 17 00:00:00 2001 From: Danielle Maywood Date: Thu, 24 Apr 2025 09:47:06 +0000 Subject: [PATCH 3/3] feat: add 'absProxyBasePath' option --- src/code-server/README.md | 1 + src/code-server/devcontainer-feature.json | 5 +++++ src/code-server/install.sh | 4 ++++ .../code-server-abs-proxy-base-path.sh | 15 +++++++++++++++ test/code-server/scenarios.json | 8 ++++++++ 5 files changed, 33 insertions(+) create mode 100644 test/code-server/code-server-abs-proxy-base-path.sh diff --git a/src/code-server/README.md b/src/code-server/README.md index 7f3e758..77d3165 100644 --- a/src/code-server/README.md +++ b/src/code-server/README.md @@ -15,6 +15,7 @@ VS Code in the browser | Options Id | Description | Type | Default Value | |-----|-----|-----|-----| +| absProxyBasePath | The base path to prefix to all absproxy requests | string | - | | appName | The name to use in branding. Will be shown in titlebar and welcome message. | string | - | | auth | The type of authentication to use. When 'password' is selected, code-server will auto-generate a password. 'none' disables authentication entirely. | string | password | | cert | Path to certificate. A self signed certificate is generated if none is provided. | string | - | diff --git a/src/code-server/devcontainer-feature.json b/src/code-server/devcontainer-feature.json index 78e6d1b..4e0902b 100644 --- a/src/code-server/devcontainer-feature.json +++ b/src/code-server/devcontainer-feature.json @@ -4,6 +4,11 @@ "version": "1.0.0", "description": "VS Code in the browser", "options": { + "absProxyBasePath": { + "type": "string", + "default": "", + "description": "The base path to prefix to all absproxy requests" + }, "appName": { "type": "string", "default": "", diff --git a/src/code-server/install.sh b/src/code-server/install.sh index 296eea6..b9a041a 100644 --- a/src/code-server/install.sh +++ b/src/code-server/install.sh @@ -106,6 +106,10 @@ if [[ "$PROXYDOMAIN" ]]; then FLAGS+=(--proxy-domain "$PROXYDOMAIN") fi +if [[ "$ABSPROXYBASEPATH" ]]; then + FLAGS+=(--abs-proxy-base-path "$ABSPROXYBASEPATH") +fi + cat > /usr/local/bin/code-server-entrypoint <