Skip to content

FociSolutions/submodule-markdown

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Developing in DevContainers

Use This Kit

  • create a git repo that has the base files and start tweaking

Getting Windows Git Credentials into WSL2

git config --global credential.helper "/mnt/c/Program\ Files/Git/mingw64/libexec/git-core/git-credential-manager.exe"

source

Getting a .devcontainer.json into a repo

Using Github Gist

This process is easier with git submodules.

curl --output .devcontainer.json -L  https://gist.github.com/waltiam/c94e2d042cac1e7976ebac9e683f2287/raw 

The example here uses the .devcontainer.json for the go lang container.

Using git submodules

This is intended to be used as a git sub-module.

To use in an existing repo first delete the existing .devcontainer folder and commit this change.

git rm -rf .devcontainer\

Then clone and update the .devcontainer submodule.

cd {root project}
git submodule add https://github.com/waltiam/submodule-node.git .devcontainer
git submodule init
git submodule update

If you make change to the .devcontainer that you want to commit back to the repo.

cd {project root}/.devcontainer
git add {changes to add}
git commit -m"{commit mesage}"
git push
cd ..
git submodule update

General WSL

Sone extensions (GitGraph) require socat to communicate with the host this can be installed with:

sudo apt-get install socat

Executed from the WSL shell.

SSH and Commit Signing

Microsoft has this to say about it.

The short of this is that there are three options:

  1. SSH without a passphrase - relying on the public/private key pair.
  2. HTTPS using the Windows Credential Manager
  3. Use the VSCode terminal and not the UI

I opted to go with SSH and no passphrase; the UI tools within VSCode allow for the PR into branches to be and using HHTPS potentially exposes the github credential to attack.

THe GPG and GPG/SM processes below could also be set to use password free, again relying on the public/private keys.

SSH

The general idea is that I do not want tokens, credentials or passwords in the repo. This means there will be inevitably some manual steps happening. To start with we share the ~/.ssh folder with the docker image as ${user}/.ssh, as long as the ssh token have been properly configured in github this should work.

    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",

Commit Signing

A little more complex because there are actual manual steps to create the and sign the token.

Taking the steps to create a gpg cert from Signing your GitHub commits using GPG keys on Windows.

Configure a gpg commit signing key on the WSL instance.

gpg --full-key-gen --pinentry-mode loopback
... etc
  • The important thing here is the --pinentry-mode loopback and be sure that export GPG_TTY=$(tty) has been added to the shell rc file.

Again though, let's start with sharing the folder where the gpg token is stored. Mount e ~/.gnupg folder with the dev container:

    "source=${localEnv:HOME}/.gnupg,target=/home/vscode/.gnupg,type=bind,consistency=cached",

Run the git configuration steps on the docker image, this will require the public key.

The final piece of the puzzle, the GPG commit signing requires a encryption key. Once the PGP key is generated in the WSL environment this "should just work" ™ . Almost, the key turned out to be that for some reason the docker dev container doesn't take the default recipient, fixed that by adding the following line into the ~/.gnupg/gpg.conf file:

recipient {your email accosicated with the token}

Sectigo x.506 - s/mime

Run through the setup in as per the Sectigo Documentation. When it comes to the part about configuring git the commands should be executed in the .devcontainer, only the following are really needed and could be scripted out per user and stored outside the container:

git config --global gpg.program $(which gpgsm)
git config --global gpg.format x509
git config --global user.signingkey 0xDDDDDDDD
git config --global user.email '[email protected]'

Somewhere, I cannot find the original post anywhere, it was said that the command export GPG_TTY=$(tty) also needed to be executed.

Other things that I still need to explore to help stablize the signing environment:

  • gpgconf --kill gpg-agent
  • echo UPDATESTARTUPTTY | gpg-connect-agent

Password Prompting ...

  • Installing the Gpg4win tool.
  • Update the ~/.gnupg/gpg-agent.conf file with the addition of:
pinentry-program "/mnt/c/Program Files (x86)/GnuPG/bin/pinentry-basic.exe"
default-cache-ttl 34560000
max-cache-ttl 34560000

Execute a gpgconf --kill gpg-agent for good luck (gI feel this is sort of like a goat sacrifice at this point).

Resources that Got Us Here

More information:

The template-golang has this sub-module already inserted.

If you make changes to this submodule remember to add and commit from the .devcontainer folder.

Licensed under the MIT License.

//! TODO: add license file

Deprecation Notice of Folders

There is a far better repository by Microsoft here.

Setup and Initial Configuration

This is a quick walk through of setting up a development environment in VS Code using docker images. I don't claim great knowledge on this, I've got them running and they seem to be ok.

To the best of my knowledge this technology does not apply to Visual Studio.

Issues

If you've run into issues with file ownership:

Linux Error

If this is your error:

> git commit -m"clever commit message"
$ fatal: could not open '.git/COMMIT_EDITMSG': Permission denied

This should resolve the immediate challenge

chown -R $(whoami) .

A better, and longer term solution would be to review the users in the local and remote docker container.

Releases

No releases published

Packages

No packages published