[universal] - Issue universal config change for non-root default codespace user and installing google chrome browser reuse sandbox to run puppeteer cli in universal image (#1287)

* Changing config to force 1001 as UID for codespace in universal image

* Forcing the UID as 1001 for codespace user in universal image

* Fixing puppeteer code on the --no-sandbox option to to make it work in ubuntu 24.04

* Trying with different image version for runner.

* Reverting back the ubuntu version change for runer

* Setting updateRemoteUserUID flag to false.

* Reverting back the puppeteer fix to ensure the issue is isolated.

* Another fix for puppeteer cli.

* Changes done to make google chrome installation a part of the universal image and setting postCreateCommand instead of postStartCommand.

* Commit again

* Small change to ensure postCreateCoammend doesn't fail when /workspaces/images directory doesn't exist.

* Making change to change the UID workaround.

* Check the increased image size.

* Further change for UID issue fix. Passing the UID & GID of host machine from GitHub action workflow.

* Removing commented lines & debug statements

* Changing the test.sh back to the original version

* Changing the remoteEnv to ContainerEnv as per review comments.

* Rmoving the UID & GID change, adding workaround for the test & changing the size check test.

* Updating the check size test logic for universal image

* Making the image size check more generic as per comments.

---------

Co-authored-by: Daniel Doyle <[email protected]>

Author: Kaniska244

.github/actions/smoke-test/build.sh

@@ -7,6 +7,10 @@ export DOCKER_BUILDKIT=1
 echo "(*) Installing @devcontainer/cli"
 npm install -g @devcontainers/cli
 
-echo "(*) Building image - ${IMAGE}"
 id_label="test-container=${IMAGE}"
+id_image="${IMAGE}-test-image"
+echo "(*) Building image - ${IMAGE}"
+devcontainer build --image-name ${id_image} --workspace-folder "src/${IMAGE}/"
+echo "(*) Starting container - ${IMAGE}"
 devcontainer up --id-label ${id_label} --workspace-folder "src/${IMAGE}/"
+

.github/actions/smoke-test/check-image-size.sh

@@ -32,13 +32,12 @@ install_bc() {
 check_image_size() {
     IMAGE="$1"
     THRESHOLD_IN_GB="$2"
-
+    id_image="$3"
     # call install_bc
     install_bc
 
-    CONTAINER_ID=$(docker ps -q --filter "label=test-container=$IMAGE")
-    # Find the image ID of the container
-    IMAGE_ID=$(docker inspect --format='{{.Image}}' "$CONTAINER_ID")
+    #Read the image id of the original image, not the modified image with uid and gid
+    IMAGE_ID=$(docker images -q  --filter=reference="$id_image")   
     # Find the size of the image
     IMAGE_SIZE=$(docker image inspect --format='{{.Size}}' "$IMAGE_ID")
     # Output the size

.github/actions/smoke-test/test.sh

@@ -10,14 +10,15 @@ set -e
 # Run actual test
 echo "(*) Running test..."
 id_label="test-container=${IMAGE}"
+id_image="${IMAGE}-test-image"
 devcontainer exec --workspace-folder $(pwd)/src/$IMAGE  --id-label ${id_label} /bin/sh -c 'set -e && if [ -f "test-project/test.sh" ]; then cd test-project && if [ "$(id -u)" = "0" ]; then chmod +x test.sh; else sudo chmod +x test.sh; fi && ./test.sh; else ls -a; fi'
 
 echo "(*) Docker image details..."
 docker images
 # Checking size of universal image
 
 if [ $IMAGE == "universal" ]; then
-    check_image_size $IMAGE $THRESHOLD_IN_GB
+    check_image_size $IMAGE $THRESHOLD_IN_GB $id_image
 fi
 
 # Clean up

.github/workflows/push-dev.yml

@@ -29,6 +29,7 @@ jobs:
     - name: Checkout
       id: checkout
       uses: actions/checkout@v3
+       
 
     - name: Build and push dev tags
       id: build_and_push
@@ -40,7 +41,7 @@ jobs:
         STUB_REGISTRY_BASE_PATH: ${{ secrets.STUB_REGISTRY_BASE_PATH }}
         SECONDARY_REGISTRY_BASE_PATH: ${{ secrets.SECONDARY_REGISTRY_BASE_PATH }}
         TOKEN_NAME: ${{ secrets.TOKEN_NAME }}
-        PASSWORD: ${{ secrets.PASSWORD }}
+        PASSWORD: ${{ secrets.PASSWORD }}  
       run: |
         set -e
 

.github/workflows/push-manual-dev.yml

@@ -36,7 +36,7 @@ jobs:
       with:
         path: 'release'
         ref: ${{ github.event.inputs.release }}
-      
+
     - name: Build and push
       id: build_and_push
       env:

.github/workflows/push.yml

@@ -28,7 +28,7 @@ jobs:
 
     - name: Checkout
       id: checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v3      
 
     - name: Get tag name
       run: echo "TAG=$(echo "${{ github.ref }}" | grep -oP 'refs/tags/\K(.+)')" >> $GITHUB_ENV

.github/workflows/smoke-universal.yaml

@@ -19,9 +19,10 @@ jobs:
     - name: Checkout
       id: checkout
       uses: actions/checkout@v3
+            
     - name: Smoke test
       env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}    
       id: smoke_test
       uses: ./.github/actions/smoke-test
       with:

src/universal/.devcontainer/Dockerfile

@@ -69,8 +69,9 @@ RUN apt-get update \
     # Install tools and shells not in common script
     && apt-get install -yq vim vim-doc xtail software-properties-common libsecret-1-dev \
     # Install additional tools (useful for 'puppeteer' project)
+    # Also added three new libraries to ensure google chrome sucessful installation
     && apt-get install -y --no-install-recommends libnss3 libnspr4 libatk-bridge2.0-0 libatk1.0-0 libx11-6 libpangocairo-1.0-0 \
-                                                  libx11-xcb1 libcups2 libxcomposite1 libxdamage1 libxfixes3 libpango-1.0-0 libgbm1 libgtk-3-0 \
+                                        libx11-xcb1 libcups2 libxcomposite1 libxdamage1 libxfixes3 libpango-1.0-0 libgbm1 libgtk-3-0 fonts-liberation libvulkan1 xdg-utils \
     # Clean up
     && apt-get autoremove -y && apt-get clean -y \
     # Move first run notice to right spot

src/universal/.devcontainer/devcontainer.json

@@ -7,7 +7,7 @@
         "ghcr.io/devcontainers/features/common-utils:2": {
             "username": "codespace",
             "userUid": "1000",
-            "userGid": "1000"
+            "userGid": "1000"									
         },
         "ghcr.io/devcontainers/features/dotnet:2": {
             "version": "8.0",
@@ -103,7 +103,11 @@
     ],
     "remoteUser": "codespace",
     "containerUser": "codespace",
-
+	// This variable is set to ensure puppeteer library gets the sandbox location by default.
+	// Ref:- https://github.com/devcontainers/internal/issues/249
+    "containerEnv": {
+        "CHROME_DEVEL_SANDBOX": "/usr/local/sbin/chrome-devel-sandbox"
+    },
     // Use 'forwardPorts' to make a list of ports inside the container available locally.
     // "forwardPorts": [],
 

src/universal/.devcontainer/local-features/setup-user/install.sh

@@ -96,4 +96,16 @@ bash -c ". /usr/local/share/nvm/nvm.sh && nvm use 18"
 bash -c "npm -g install -g [email protected]"
 bash -c ". /usr/local/share/nvm/nvm.sh && nvm use stable"
 
+# Installing google chrome to use the sandbox for launching browser using puppeteer library in nodejs. 
+# Ref:- https://github.com/devcontainers/internal/issues/249 
+cd /
+wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
+dpkg -i google-chrome-stable_current_amd64.deb
+cd /opt/google/chrome/
+chown root:root chrome-sandbox
+chmod 4755 chrome-sandbox
+cp -p chrome-sandbox /usr/local/sbin/chrome-devel-sandbox
+cd /
+rm -f google-chrome-stable_current_amd64.deb
+
 echo "Done!"

src/universal/test-project/test.sh

@@ -2,6 +2,8 @@
 cd $(dirname "$0")
 
 source test-utils.sh codespace
+#Changing he ownership of dotnet path to ensure oryx-install-dotnet-2.1 test doesn't fail with permission issue 
+sudo chown -R codespace:codespace /usr/share/dotnet
 
 # Run common tests
 checkCommon
@@ -202,4 +204,4 @@ check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-
 check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch"
 
 # Report result
-reportResults
+reportResults