PM-31106: Dev container improvements (#6651)

* Add rust feature * Give the community create command the non-interactive treatment * Add ability to load custom root CA * Update .devcontainer/community_dev/postCreateCommand.sh Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * Update .devcontainer/community_dev/postCreateCommand.sh Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
2026-01-27 14:53:21 +00:00 · 2026-01-23 16:23:45 -05:00
parent 80d05eef07
commit 866ba6609d
5 changed files with 59 additions and 16 deletions
--- a/.devcontainer/community_dev/devcontainer.json
+++ b/.devcontainer/community_dev/devcontainer.json
@@ -6,7 +6,8 @@
  "features": {
    "ghcr.io/devcontainers/features/node:1": {
      "version": "16"
-    }
+    },
+    "ghcr.io/devcontainers/features/rust:1": {}
  },
  "mounts": [
    {
--- a/.devcontainer/community_dev/postCreateCommand.sh
+++ b/.devcontainer/community_dev/postCreateCommand.sh
@@ -3,11 +3,46 @@ export DEV_DIR=/workspace/dev
 export CONTAINER_CONFIG=/workspace/.devcontainer/community_dev
 git config --global --add safe.directory /workspace

+if [[ -z "${CODESPACES}" ]]; then
+    allow_interactive=1
+else
+    echo "Doing non-interactive setup"
+    allow_interactive=0
+fi
+
+get_option() {
+    # Helper function for reading the value of an environment variable
+    # primarily but then falling back to an interactive question if allowed
+    # and lastly falling back to a default value input when either other
+    # option is available.
+    name_of_var="$1"
+    question_text="$2"
+    default_value="$3"
+    is_secret="$4"
+
+    if [[ -n "${!name_of_var}" ]]; then
+        # If the env variable they gave us has a value, then use that value
+        echo "${!name_of_var}"
+    elif [[ "$allow_interactive" == 1 ]]; then
+        # If we can be interactive, then use the text they gave us to request input
+        if [[ "$is_secret" == 1 ]]; then
+            read -r -s -p "$question_text" response
+            echo "$response"
+        else
+            read -r -p "$question_text" response
+            echo "$response"
+        fi
+    else
+        # If no environment variable and not interactive, then just give back default value
+        echo "$default_value"
+    fi
+}
+
 get_installation_id_and_key() {
    pushd ./dev >/dev/null || exit
    echo "Please enter your installation id and key from https://bitwarden.com/host:"
-    read -r -p "Installation id: " INSTALLATION_ID
-    read -r -p "Installation key: " INSTALLATION_KEY
+    INSTALLATION_ID="$(get_option "INSTALLATION_ID" "Installation id: " "00000000-0000-0000-0000-000000000001")"
+    INSTALLATION_KEY="$(get_option "INSTALLATION_KEY" "Installation key: " "" 1)"
    jq ".globalSettings.installation.id = \"$INSTALLATION_ID\" |
        .globalSettings.installation.key = \"$INSTALLATION_KEY\"" \
        secrets.json.example >secrets.json # create/overwrite secrets.json
@@ -30,11 +65,10 @@ configure_other_vars() {
 }

 one_time_setup() {
-    read -r -p \
-        "Would you like to configure your secrets and certificates for the first time?
+    do_secrets_json_setup="$(get_option "SETUP_SECRETS_JSON" "Would you like to configure your secrets and certificates for the first time?
 WARNING: This will overwrite any existing secrets.json and certificate files.
-Proceed? [y/N] " response
-    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+Proceed? [y/N] " "n")"
+    if [[ "$do_secrets_json_setup" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
        echo "Running one-time setup script..."
        sleep 1
        get_installation_id_and_key
@@ -50,11 +84,4 @@ Proceed? [y/N] " response
    fi
 }

-# main
-if [[ -z "${CODESPACES}" ]]; then
-  one_time_setup
-else
-  # Ignore interactive elements when running in codespaces since they are not supported there
-  # TODO Write codespaces specific instructions and link here
-  echo "Running in codespaces, follow instructions here: https://contributing.bitwarden.com/getting-started/server/guide/ to continue the setup"
-fi
+one_time_setup
--- a/.devcontainer/internal_dev/devcontainer.json
+++ b/.devcontainer/internal_dev/devcontainer.json
@@ -9,7 +9,8 @@
  "features": {
    "ghcr.io/devcontainers/features/node:1": {
      "version": "16"
-    }
+    },
+    "ghcr.io/devcontainers/features/rust:1": {}
  },
  "mounts": [
    {
@@ -24,6 +25,7 @@
      "extensions": ["ms-dotnettools.csdevkit"]
    }
  },
+  "onCreateCommand": "bash .devcontainer/internal_dev/onCreateCommand.sh",
  "postCreateCommand": "bash .devcontainer/internal_dev/postCreateCommand.sh",
  "forwardPorts": [1080, 1433, 3306, 5432, 10000, 10001, 10002],
  "portsAttributes": {
--- a/.devcontainer/internal_dev/onCreateCommand.sh
+++ b/.devcontainer/internal_dev/onCreateCommand.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+export REPO_ROOT="$(git rev-parse --show-toplevel)"
+
+file="$REPO_ROOT/dev/custom-root-ca.crt"
+
+if [ -e "$file" ]; then
+  echo "Adding custom root CA"
+  sudo cp "$file" /usr/local/share/ca-certificates/
+  sudo update-ca-certificates
+else
+  echo "No custom root CA found, skipping..."
+fi
--- a/dev/.gitignore
+++ b/dev/.gitignore
@@ -18,3 +18,4 @@ signingkey.jwk

 # Reverse Proxy Conifg
 reverse-proxy.conf
+*.crt