Aug 14, 2024 · Aug 7, 2024 · Aug 13, 2024 · Aug 13, 2024 · Aug 13, 2024 · Aug 13, 2024
diff --git a/examples/templates/devcontainer-docker/README.md b/examples/templates/devcontainer-docker/README.md

 This template provisions the following resources:

 - Envbuilder cached image (conditional, persistent)
 - Docker image (persistent)
 - Docker container (ephemeral)
 - Docker volume (persistent on `/workspaces`)

 with [`envbuilder`](https://github.com/coder/envbuilder).
 with [`envbuilder`](https://github.com/coder/envbuilder) and [`terraform-provider-envbuilder`](https://github.com/coder/terraform-provider-envbuilder).
 The Git repository is cloned inside the `/workspaces` volume if not present.
 Any local changes to the Devcontainer files inside the volume will be applied when you restart the workspace.
 Keep in mind that any tools or files outside of `/workspaces` or not added as part of the Devcontainer specification are not persisted.

 See the [Envbuilder documentation](https://github.com/coder/envbuilder/blob/main/docs/docker.md) for information on running Docker containers inside a devcontainer built by Envbuilder.


 ## Caching

 To speed up your builds, you can use a container registry as a cache.
 When creating the template, set the parameter `cache_repo`.
 When creating the template, set the parameter `cache_repo` to a valid Docker repository.

 For example, you can run a local registry:


 Then, when creating the template, enter `localhost:5000/devcontainer-cache` for the parameter `cache_repo`.

 See the [Envbuilder Terraform Provider Examples](https://github.com/coder/terraform-provider-envbuilder/blob/main/examples/resources/envbuilder_cached_image/envbuilder_cached_image_resource.tf/) for a more complete example of how the provider works.

 > [!NOTE] We recommend using a registry cache with authentication enabled.
 > To allow Envbuilder to authenticate with the registry cache, specify the variable `cache_repo_docker_config_path`
 > with the path to a Docker config `.json` on disk containing valid credentials for the registry.
diff --git a/examples/templates/devcontainer-docker/main.tf b/examples/templates/devcontainer-docker/main.tf

 variable "cache_repo" {
  default     = ""
  description = "Use a container registry as a cache to speed up builds."
  sensitive   = true
  description = "(Optional) Use a container registry as a cache to speed up builds."
  type        = string
 }

 variable "cache_repo_docker_config_path" {
  default     = ""
  description = "Path to a docker config.json containing credentials to the provided cache repo, if required."
  description = "(Optional)Path to a docker config.json containing credentials to the provided cache repo, if required."
  sensitive   = true
  type        = string
 }
 # Check for the presence of a prebuilt image in the cache repo
 # that we can use instead.
 resource "envbuilder_cached_image" "cached" {
  count         = data.coder_workspace.me.start_count
  count         =var.cache_repo == "" ? 0 :data.coder_workspace.me.start_count
  builder_image = local.devcontainer_builder_image
  git_url       = local.repo_url
  cache_repo    = var.cache_repo
 }

 resource "docker_container" "workspace" {
  count = data.coder_workspace.me.start_count
  image = envbuilder_cached_image.cached.0.image
  image =var.cache_repo == "" ? local.devcontainer_builder_image :envbuilder_cached_image.cached.0.image
  # Uses lower() to avoid Docker restriction on container names.
  name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
  # Hostname makes the shell more user friendly: coder@my-workspace:~$
    "ENVBUILDER_FALLBACK_IMAGE=${data.coder_parameter.fallback_image.value}",
    "ENVBUILDER_CACHE_REPO=${var.cache_repo}",
    "ENVBUILDER_DOCKER_CONFIG_BASE64=${try(data.local_sensitive_file.cache_repo_dockerconfigjson[0].content_base64, "")}",
    "ENVBUILDER_PUSH_IMAGE=${var.cache_repo!= "" ? "true" : ""}",
    #"ENVBUILDER_INSECURE=true", # Uncomment if testing with alocalregistry.
    "ENVBUILDER_PUSH_IMAGE=${var.cache_repo== "" ? "" : "true"}",
    #"ENVBUILDER_INSECURE=true", # Uncomment if testing with a registry running on `localhost`.
  ]
  # network_mode = "host" # Uncomment if testing with alocalregistry.
  # network_mode = "host" # Uncomment if testing with a registry running on `localhost`.
  host {
    host = "host.docker.internal"
    ip   = "host-gateway"
    threshold = 6
  }
 }

 resource "coder_metadata" "container_info" {
  count       = data.coder_workspace.me.start_count
  resource_id = docker_container.workspace.0.id
  item {
    key   = "workspace image"
    value = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image
  }
  item {
    key   = "git url"
    value = local.repo_url
  }
  item {
    key   = "cache repo"
    value = var.cache_repo == "" ? "not enabled" : var.cache_repo
  }
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -34,11 +34,12 @@ Coder supports Devcontainers via [envbuilder](https://github.com/coder/envbuilde

		This template provisions the following resources:

		- Envbuilder cached image (conditional, persistent)
		- Docker image (persistent)
		- Docker container (ephemeral)
		- Docker volume (persistent on `/workspaces`)

		with [`envbuilder`](https://github.com/coder/envbuilder).
		with [`envbuilder`](https://github.com/coder/envbuilder) and [`terraform-provider-envbuilder`](https://github.com/coder/terraform-provider-envbuilder).
		The Git repository is cloned inside the `/workspaces` volume if not present.
		Any local changes to the Devcontainer files inside the volume will be applied when you restart the workspace.
		Keep in mind that any tools or files outside of `/workspaces` or not added as part of the Devcontainer specification are not persisted.
Expand All		@@ -51,10 +52,11 @@ Edit the `devcontainer.json` instead!

		See the [Envbuilder documentation](https://github.com/coder/envbuilder/blob/main/docs/docker.md) for information on running Docker containers inside a devcontainer built by Envbuilder.


		## Caching

		To speed up your builds, you can use a container registry as a cache.
		When creating the template, set the parameter `cache_repo`.
		When creating the template, set the parameter `cache_repo` to a valid Docker repository.

		For example, you can run a local registry:

Expand All		@@ -69,6 +71,8 @@ docker run --detach \

		Then, when creating the template, enter `localhost:5000/devcontainer-cache` for the parameter `cache_repo`.

		See the [Envbuilder Terraform Provider Examples](https://github.com/coder/terraform-provider-envbuilder/blob/main/examples/resources/envbuilder_cached_image/envbuilder_cached_image_resource.tf/) for a more complete example of how the provider works.

		> [!NOTE] We recommend using a registry cache with authentication enabled.
		> To allow Envbuilder to authenticate with the registry cache, specify the variable `cache_repo_docker_config_path`
		> with the path to a Docker config `.json` on disk containing valid credentials for the registry.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -93,14 +93,13 @@ EOF

		variable "cache_repo" {
		default = ""
		description = "Use a container registry as a cache to speed up builds."
		sensitive = true
		description = "(Optional) Use a container registry as a cache to speed up builds."
Copy link MemberAuthor johnstcnAug 13, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. review: this shouldn't contain any credentials and it's kind of annoying to have this sensitive
		type = string
		}

		variable "cache_repo_docker_config_path" {
		default = ""
		description = "Path to a docker config.json containing credentials to the provided cache repo, if required."
		description = "(Optional)Path to a docker config.json containing credentials to the provided cache repo, if required."
		sensitive = true
Copy link Member mafredriAug 14, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Is this actually sensitive if it's just the path to a file? Copy link MemberAuthor johnstcnAug 14, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. 🤷 maybe? The nice thing about making the file sensitive is that the content automatically becomes sensitive. (That's my recollection anyhow) Copy link Member mafredriAug 14, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Ok, so there’s some magic there wrt content? If so please keep it as is 👍
		type = string
		}
Expand DownExpand Up		@@ -152,15 +151,15 @@ resource "docker_volume" "workspaces" {
		# Check for the presence of a prebuilt image in the cache repo
		# that we can use instead.
		resource "envbuilder_cached_image" "cached" {
		count = data.coder_workspace.me.start_count
		count =var.cache_repo == "" ? 0 :data.coder_workspace.me.start_count
		builder_image = local.devcontainer_builder_image
		git_url = local.repo_url
		cache_repo = var.cache_repo
Copy link Member mafredriAug 14, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Should we make these optional and let them be provided via extra env too? Would simplify a bit and a user knows they can just cram everything in extra. Right now for url is given here and in extra, what if the values differ? What's the behavior? (IMO maybe it's an error). Copy link MemberAuthor johnstcnAug 14, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Alternatively, we could validate at runtime that`extra_env` does not contain any duplicated variables from the inputs? Copy link Member mafredriAug 14, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. I agree, that’s what I had in mind, but in a more roundabout way 😅. I think it would help with avoiding mistakes, and remove ambiguity. johnstcn reacted with thumbs up emoji
		}

		resource "docker_container" "workspace" {
		count = data.coder_workspace.me.start_count
		image = envbuilder_cached_image.cached.0.image
		image =var.cache_repo == "" ? local.devcontainer_builder_image :envbuilder_cached_image.cached.0.image
		# Uses lower() to avoid Docker restriction on container names.
		name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
		# Hostname makes the shell more user friendly: coder@my-workspace:~$
Expand All		@@ -174,10 +173,10 @@ resource "docker_container" "workspace" {
		"ENVBUILDER_FALLBACK_IMAGE=${data.coder_parameter.fallback_image.value}",
		"ENVBUILDER_CACHE_REPO=${var.cache_repo}",
		"ENVBUILDER_DOCKER_CONFIG_BASE64=${try(data.local_sensitive_file.cache_repo_dockerconfigjson[0].content_base64, "")}",
Copy link Member mafredriAug 7, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Should this also be passed to`enbuilder_cached_image`? What about utilizing the output`envbuilder_cached_image.cached.env`? Copy link MemberAuthor johnstcnAug 7, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. oop, forgot about the env 👍 Copy link MemberAuthor johnstcnAug 13, 2024• edited Loading Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. OK, I took a stab at this -- unfortunately there's abug in the provider that mangles the init script. I can remove the FIXME after this is done though.
		"ENVBUILDER_PUSH_IMAGE=${var.cache_repo!= "" ? "true" : ""}",
		#"ENVBUILDER_INSECURE=true", # Uncomment if testing with alocalregistry.
		"ENVBUILDER_PUSH_IMAGE=${var.cache_repo== "" ? "" : "true"}",
		#"ENVBUILDER_INSECURE=true", # Uncomment if testing with a registry running on `localhost`.
		]
		# network_mode = "host" # Uncomment if testing with alocalregistry.
		# network_mode = "host" # Uncomment if testing with a registry running on `localhost`.
		host {
		host = "host.docker.internal"
		ip = "host-gateway"
Expand DownExpand Up		@@ -314,3 +313,20 @@ resource "coder_app" "code-server" {
		threshold = 6
		}
		}

		resource "coder_metadata" "container_info" {
		count = data.coder_workspace.me.start_count
		resource_id = docker_container.workspace.0.id
		item {
		key = "workspace image"
		value = var.cache_repo == "" ? local.devcontainer_builder_image : envbuilder_cached_image.cached.0.image
		}
		item {
		key = "git url"
		value = local.repo_url
		}
		item {
		key = "cache repo"
		value = var.cache_repo == "" ? "not enabled" : var.cache_repo
		}
Copy link Member mafredriAug 14, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Nice addition ❤️
		}