Skip to content

feat: dev container #982

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gaoxueyu merged 3 commits into from
Dec 18, 2025
Merged

feat: dev container #982

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9244573
Add Docker development environment
rophy Nov 26, 2025
b1ca97e
Update README.md for Docker development setup
rophy Nov 26, 2025
1bbdadc
chore: .devcontainer; oracle free container is optional
rophy Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# IvorySQL Build and Test Container - Modern Ubuntu
# Alternative to CentOS with same capabilities

FROM ubuntu:22.04

# Prevent interactive prompts
ENV DEBIAN_FRONTEND=noninteractive

# Install build dependencies matching the workflow requirements
RUN apt-get update && apt-get install -y \
# Build tools
build-essential git lcov bison flex pkg-config cppcheck \
# Core dependencies
libkrb5-dev libssl-dev libldap-dev libpam-dev \
libxml2-dev libxslt-dev libreadline-dev libedit-dev \
zlib1g-dev uuid-dev libossp-uuid-dev libuuid1 e2fsprogs \
# ICU support
libicu-dev \
# Language support
python3-dev tcl-dev libperl-dev gettext \
# Perl test modules
libipc-run-perl libtime-hires-perl libtest-simple-perl \
# LLVM/Clang
llvm clang \
# LZ4 compression
liblz4-dev \
# System libraries
libselinux1-dev libsystemd-dev \
# GSSAPI
libgssapi-krb5-2 \
# Locale support
locales \
# For dev containers
sudo tini \
&& rm -rf /var/lib/apt/lists/*

# Set up locale
RUN locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8 \
LANGUAGE=en_US:en \
LC_ALL=en_US.UTF-8

# Create ivorysql user with matching host UID/GID (1000:1000)
# and grant sudo privileges without password
ARG USER_UID=1000
ARG USER_GID=1000
RUN groupadd -g ${USER_GID} ivorysql || true && \
useradd -m -u ${USER_UID} -g ${USER_GID} -d /home/ivorysql -s /bin/bash ivorysql && \
echo "ivorysql ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
Comment on lines +43 to +49
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Nov 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Security risk: passwordless sudo for all commands.

Granting the ivorysql user passwordless sudo access to all commands poses a security risk. Even in development containers, this should be restricted or at minimum documented with clear security disclaimers. Consider limiting sudo to specific commands (e.g., apt-get, package management) or requiring authentication for sensitive operations.

If passwordless sudo is intentional, add a comment explaining the security trade-off and the intended use case (e.g., "local dev-only, not for production").

 # Create ivorysql user with matching host UID/GID (1000:1000)
-# and grant sudo privileges without password
+# and grant sudo privileges without password (dev-only, security trade-off for convenience)
 ARG USER_UID=1000
 ARG USER_GID=1000
 RUN groupadd -g ${USER_GID} ivorysql || true && \
     useradd -m -u ${USER_UID} -g ${USER_GID} -d /home/ivorysql -s /bin/bash ivorysql && \
     echo "ivorysql ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Create ivorysql user with matching host UID/GID (1000:1000)
# and grant sudo privileges without password
ARG USER_UID=1000
ARG USER_GID=1000
RUN groupadd -g ${USER_GID} ivorysql || true && \
useradd -m -u ${USER_UID} -g ${USER_GID} -d /home/ivorysql -s /bin/bash ivorysql && \
echo "ivorysql ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
# Create ivorysql user with matching host UID/GID (1000:1000)
# and grant sudo privileges without password (dev-only, security trade-off for convenience)
ARG USER_UID=1000
ARG USER_GID=1000
RUN groupadd -g ${USER_GID} ivorysql || true && \
useradd -m -u ${USER_UID} -g ${USER_GID} -d /home/ivorysql -s /bin/bash ivorysql && \
echo "ivorysql ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
🤖 Prompt for AI Agents 
.devcontainer/Dockerfile lines 43-49: the Dockerfile currently adds a sudoers
entry granting passwordless sudo for all commands to the ivorysql user, which is
a security risk; either restrict the sudoers entry to only required commands
(e.g., apt, dpkg, systemctl equivalents used in the dev container) instead of
ALL, or if you intentionally need full passwordless sudo for local development,
leave it but add a clear comment above the RUN explaining the trade-off and that
this is strictly for local-dev containers only (not for production) and document
which workflows require it.

Copy link
Copy Markdown
Contributor Author

@rophy rophy Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Dockerfile is located at .devcontainer/Dockerfile, which should be obvious this is dev-only.

Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rophy, you're absolutely right—the .devcontainer/ directory is a well-established convention that clearly signals this is a development-only container. I appreciate you clarifying that context. I'll note your preference here and won't flag similar patterns in dev container configurations.

🐰✨


# Set working directory
WORKDIR /home/ivorysql/IvorySQL

# Switch to ivorysql user for builds
USER ivorysql

# Default command
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/bin/bash"]
22 changes: 22 additions & 0 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"name": "IvorySQL Dev",
"dockerComposeFile": "../docker-compose.yaml",
"service": "dev",
"workspaceFolder": "/home/ivorysql/IvorySQL",
"remoteUser": "ivorysql",
"customizations": {
"vscode": {
"settings": {
"terminal.integrated.defaultProfile.linux": "bash",
"C_Cpp.default.configurationProvider": "ms-vscode.makefile-tools"
},
"extensions": [
"ms-vscode.cpptools",
"ms-vscode.makefile-tools",
"twxs.cmake",
"mhutchie.git-graph",
"eamodio.gitlens"
]
}
}
}
31 changes: 31 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,37 @@ Furthermore, for more detailed installation instructions, please refer to the [I
- [Rpm installation](https://docs.ivorysql.org/en/ivorysql-doc/v5.0/v5.0/4.1#Rpm-installation)
- [Source code installation](https://docs.ivorysql.org/en/ivorysql-doc/v5.0/v5.0/4.1#Source-code-installation)

## Development with Docker

For a consistent development environment, we provide a Docker-based setup that includes all build dependencies.

### Quick Start

```bash
# Start the development containers
docker compose up -d

# Enter the development container
docker compose exec dev bash

# Configure and build IvorySQL
./configure --prefix=/home/ivorysql/ivorysql \
--enable-debug --enable-cassert \
--with-uuid=e2fs --with-libxml

make -j$(nproc)
make install

# Initialize database in Oracle mode
initdb -D data_ora -m oracle

# Start the server
pg_ctl -D data_ora start

# Run tests
make oracle-check
```

## Developer Formatting hooks and CI:
- A pre-commit formatting hook is provided at `.githooks/pre-commit`. Enable it with `git config core.hooksPath .githooks`, or run `make code-format` (equivalently `bash tools/enable-git-hooks.sh`).
- The hook depends only on in-tree tools `src/tools/pgindent` and `src/tools/pg_bsd_indent`. On commit it formats staged C/C++ files with pgindent and re-adds them to the staged area.
Expand Down
18 changes: 18 additions & 0 deletions docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
services:
dev:
build:
context: .
dockerfile: .devcontainer/Dockerfile
image: ivorysql-dev
container_name: ivorysql-dev
volumes:
- .:/home/ivorysql/IvorySQL:rw
working_dir: /home/ivorysql/IvorySQL
command: ["sleep", "infinity"]

# docker compose --profile ora up -d
oracle:
profiles: [ora]
image: container-registry.oracle.com/database/free:23.26.0.0-lite
environment:
ORACLE_PWD: orapwd