Upgrade devcontainer support for docker-in-docker (#4921)

* Remove use of software-properties-common

* Use latest docker-in-docker script

* Address lint issue

* Fix devcontainer configuration for docker-in-docker

- Add --privileged flag required by new docker-in-docker script
- Remove conflicting docker socket mount (docker-from-docker pattern)
- Fix VS Code setting for source.organizeImports
- Ensure proper docker-in-docker functionality with filesystem mounts

The new docker-in-docker script requires privileged access to mount
/sys/kernel/security and /tmp, and conflicts with the docker-from-docker
socket mounting approach.

* Revert to docker-from-docker for CI compatibility

- Remove docker-in-docker setup and revert to docker-from-docker pattern
- Install Docker CLI only (not daemon) for shared socket usage
- Remove --privileged requirement from devcontainer config
- Restore docker socket mount for CI workflow compatibility
- Remove unused docker-in-docker library scripts

This fixes CI failures where containers were exiting due to missing
privileges required by docker-in-docker, while maintaining the upgraded
Docker CLI installation approach.

* Consolidate apt updates

* Downgrade az

Author: theunrepentantgeek

.devcontainer/Dockerfile

@@ -4,19 +4,23 @@
 FROM mcr.microsoft.com/devcontainers/go:1.24
 
 # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+
 ARG TARGETARCH
 
 # APT dependencies
+# including docker-cli for docker-from-docker pattern
+# and az-cli for interacting with azure resources
 ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update \
-    && apt-get -y install --no-install-recommends bash-completion software-properties-common lsb-release graphviz zip nodejs npm python3-pip \
+RUN curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends bash-completion lsb-release graphviz zip nodejs npm python3-pip docker-ce-cli docker-compose-plugin\
     # install az-cli
-    && curl -sL https://aka.ms/InstallAzureCLIDeb | bash -
-
-# install docker
-# - not yet needed?
-# RUN curl -fsSL https://get.docker.com | sh -
-# RUN usermod -aG docker vscode
+    && curl -sL https://aka.ms/InstallAzureCLIDeb | bash - \
+    # Temporary fix to avoid regression in v2.77
+    && apt-get remove azure-cli --assume-yes \
+    && apt-get -y install azure-cli=2.76.0-1~bookworm \
+    && rm -rf /var/lib/apt/lists/*
 
 COPY install-dependencies.sh .
 RUN ./install-dependencies.sh devcontainer && rm install-dependencies.sh
@@ -44,13 +48,7 @@ RUN curl -sL "https://raw.githubusercontent.com/go-task/task/v3.2.0/completion/b
 
 ENV KIND_CLUSTER_NAME=aso
 
-# install docker, from: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/docker.md
-COPY library-scripts/docker-debian.sh /tmp/library-scripts/
-
-# these are all the default values except for the last one (USE_MOBY) which is what we want to set.
-# currently packages.microsoft.com does not have Moby packages for Debian Bullseye, which the
-# devcontainer image is based on: https://github.com/microsoft/vscode-dev-containers/issues/1008
-RUN bash /tmp/library-scripts/docker-debian.sh true /var/run/docker-host.sock /var/run/docker.sock automatic false
+# Add user to docker group for docker socket access
+RUN groupadd -f docker && usermod -aG docker vscode
 
-ENTRYPOINT ["/usr/local/share/docker-init.sh"]
 CMD ["sleep", "infinity"]

.devcontainer/devcontainer.json

@@ -35,7 +35,7 @@
 					"editor.snippetSuggestions": "none",
 					"editor.formatOnSave": true,
 					"editor.codeActionsOnSave": {
-						"source.organizeImports": true
+						"source.organizeImports": "explicit"
 					}
 				}
 			}
@@ -51,7 +51,7 @@
 
 	"remoteUser": "vscode",
 
-	// to allow docker use from inside container: https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker
+	// Use docker-from-docker: mount host docker socket for CI compatibility
 	"mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ],
 	"overrideCommand": false
 }

.devcontainer/library-scripts/docker-debian.sh

@@ -54,7 +54,7 @@ import (
 )
 
 func getRoot() (string, error) {
-	cmd := exec.Command("git", "rev-parse", "--show-toplevel")
+	cmd := exec.CommandContext(context.Background(), "git", "rev-parse", "--show-toplevel")
 	out, err := cmd.Output()
 	if err != nil {
 		return "", eris.Wrapf(err, "failed to get root directory")