├── .devcontainer.json
├── .github
    ├── dependabot.yml
    └── workflows
    │   ├── release-keyring.yaml
    │   ├── release.yaml
    │   ├── test-all.yaml
    │   ├── test-keyring.yaml
    │   └── test-pr.yaml
├── CODE_OF_CONDUCT.md
├── LICENSE
├── README.md
├── SECURITY.md
├── SUPPORT.md
├── src
    ├── artifacts-helper
    │   ├── NOTES.md
    │   ├── README.md
    │   ├── codespaces_artifacts_helper_keyring
    │   │   ├── .gitignore
    │   │   ├── README.md
    │   │   ├── noxfile.py
    │   │   ├── pdm.lock
    │   │   ├── pyproject.toml
    │   │   ├── src
    │   │   │   └── codespaces_artifacts_helper_keyring
    │   │   │   │   ├── __init__.py
    │   │   │   │   ├── artifacts_helper_credential_provider.py
    │   │   │   │   └── keyring_backend.py
    │   │   └── tests
    │   │   │   ├── __init__.py
    │   │   │   ├── test_artifacts_helper_credential_provider.py
    │   │   │   └── test_keyring_backend.py
    │   ├── devcontainer-feature.json
    │   ├── install.sh
    │   └── scripts
    │   │   ├── install-provider.sh
    │   │   ├── install-python-keyring.sh
    │   │   ├── run-dotnet.sh
    │   │   ├── run-npm.sh
    │   │   ├── run-npx.sh
    │   │   ├── run-nuget.sh
    │   │   ├── run-pnpm.sh
    │   │   ├── run-pnpx.sh
    │   │   ├── run-rush-pnpm.sh
    │   │   ├── run-rush.sh
    │   │   ├── run-yarn.sh
    │   │   └── write-npm.sh
    ├── devtool
    │   ├── NOTES.md
    │   ├── README.md
    │   ├── devcontainer-feature.json
    │   └── install.sh
    ├── docfx
    │   ├── NOTES.md
    │   ├── README.md
    │   ├── devcontainer-feature.json
    │   └── install.sh
    ├── external-repository
    │   ├── NOTES.md
    │   ├── README.md
    │   ├── devcontainer-feature.json
    │   ├── install.sh
    │   └── scripts
    │   │   ├── ado-git.config
    │   │   ├── clone.sh
    │   │   ├── commit-msg.sh
    │   │   ├── external-git
    │   │   ├── prebuild-git.config
    │   │   ├── setup-user.sh
    │   │   ├── usersecret-git.config
    │   │   └── variables.sh
    ├── go
    │   ├── NOTES.md
    │   ├── README.md
    │   ├── devcontainer-feature.json
    │   └── install.sh
    └── microsoft-git
    │   ├── NOTES.md
    │   ├── README.md
    │   ├── devcontainer-feature.json
    │   └── install.sh
└── test
    ├── _global
        ├── debian_tests.sh
        ├── mariner_tests.sh
        ├── scenarios.json
        └── ubuntu_tests.sh
    ├── artifacts-helper
        ├── check_python_and_keyring.sh
        ├── python312_and_keyring_debian.sh
        ├── python38_and_keyring_debian.sh
        ├── python38_and_keyring_ubuntu.sh
        ├── python_and_no_keyring.sh
        ├── scenarios.json
        └── test.sh
    ├── devtool
        └── test.sh
    ├── docfx
        └── test.sh
    ├── external-repository
        ├── README.md
        ├── basic-install.sh
        ├── branch-install.sh
        ├── multi-install.sh
        ├── options-install.sh
        ├── scalar-basic.sh
        ├── scalar-folder.sh
        ├── scalar-no-src.sh
        ├── scenarios.json
        ├── sparse-test.sh
        ├── telemetry-email.sh
        ├── telemetry-msg.sh
        ├── telemetry-name.sh
        └── test.sh
    ├── go
        ├── install_go_tool_in_postCreate.sh
        ├── install_go_twice.sh
        ├── install_mariner.sh
        ├── scenarios.json
        └── test.sh
    └── microsoft-git
        └── test.sh


/.devcontainer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "image": "mcr.microsoft.com/devcontainers/javascript-node:0-18",
 3 |     "customizations": {
 4 |         "vscode": {
 5 |             "extensions": [
 6 |                 "mads-hartmann.bash-ide-vscode",
 7 |                 "GitHub.copilot"
 8 |             ]
 9 |         }
10 |     },
11 |     "features": {
12 |         "ghcr.io/devcontainers/features/docker-in-docker:2": {}
13 |     },
14 |     "remoteUser": "node",
15 |     "postCreateCommand": "npm install -g @devcontainers/cli"
16 | }
17 | 


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 |   # Maintain dependencies for GitHub Actions
4 |   - package-ecosystem: "github-actions"
5 |     directory: "/"
6 |     schedule:
7 |       interval: "weekly"


--------------------------------------------------------------------------------
/.github/workflows/release-keyring.yaml:
--------------------------------------------------------------------------------
 1 | name: Artifacts Helper Keyring Releases
 2 | 
 3 | on:
 4 |   workflow_dispatch:
 5 | 
 6 | jobs:
 7 |   build:
 8 |     runs-on: ubuntu-latest
 9 | 
10 |     defaults:
11 |       run:
12 |         working-directory: src/artifacts-helper/codespaces_artifacts_helper_keyring
13 | 
14 |     steps:
15 |       - uses: actions/checkout@v4
16 | 
17 |       - uses: wntrblm/nox@main
18 |         with:
19 |           python-versions: "3.11, 3.12"
20 | 
21 |       - name: Setup PDM
22 |         uses: pdm-project/setup-pdm@v4
23 |         with:
24 |           version: "2.15.1"
25 |           python-version-file: "src/artifacts-helper/codespaces_artifacts_helper_keyring/pyproject.toml"
26 | 
27 |       - name: Run nox release
28 |         run: pdm release
29 | 
30 |       - name: Upload build artifacts
31 |         uses: actions/upload-artifact@v4
32 |         with:
33 |           name: codespaces_artifacts_helper_keyring
34 |           path: |
35 |             src/artifacts-helper/codespaces_artifacts_helper_keyring/dist
36 | 


--------------------------------------------------------------------------------
/.github/workflows/release.yaml:
--------------------------------------------------------------------------------
 1 | name: "Release dev container features & Generate Documentation"
 2 | on:
 3 |   workflow_dispatch:
 4 | 
 5 | 
 6 | jobs:
 7 |   deploy:
 8 |     if: ${{ github.ref == 'refs/heads/main' }}
 9 |     runs-on: ubuntu-latest
10 |     permissions:
11 |       contents: write
12 |       packages: write
13 |       pull-requests: write
14 |     steps:
15 |       - uses: actions/checkout@v4
16 | 
17 |       - name: "Publish Features"
18 |         uses: devcontainers/action@v1
19 |         with:
20 |           publish-features: "true"
21 |           base-path-to-features: "./src"
22 |           generate-docs: "true"
23 |           
24 |         env:
25 |           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
26 | 
27 |       - name: Create PR for Documentation
28 |         id: push_image_info
29 |         env:
30 |           GITHUB_TOKEN: ${{ secrets.RELEASE_FEATURE }}
31 |         run: |
32 |           set -e
33 |           echo "Start."
34 |           # Configure git and Push updates
35 |           git config --global user.email github-actions@github.com
36 |           git config --global user.name github-actions
37 |           git config pull.rebase false
38 |           branch=automated-documentation-update-$GITHUB_RUN_ID
39 |           git checkout -b $branch
40 |           message='Automated documentation update'
41 |           # Add / update and commit
42 |           git add */**/README.md
43 |           git commit -m 'Automated documentation update [skip ci]' || export NO_UPDATES=true
44 |           # Push
45 |           if [ "$NO_UPDATES" != "true" ] ; then
46 |               git push origin "$branch"
47 |               gh api \
48 |                 --method POST \
49 |                 -H "Accept: application/vnd.github+json" \
50 |                 /repos/${GITHUB_REPOSITORY}/pulls \
51 |                 -f title="$message" \
52 |                 -f body="$message" \
53 |                 -f head="$branch" \
54 |                 -f base='main'
55 |           fi
56 | 


--------------------------------------------------------------------------------
/.github/workflows/test-all.yaml:
--------------------------------------------------------------------------------
 1 | name: "CI - Test All Features"
 2 | on:
 3 |   push:
 4 |     branches:
 5 |       - main
 6 |   workflow_dispatch:
 7 | 
 8 | jobs:
 9 |   test:
10 |     runs-on: ubuntu-latest
11 |     continue-on-error: true
12 |     strategy:
13 |       matrix:
14 |         features:
15 |           - artifacts-helper
16 |           - devtool
17 |           - docfx
18 |           - external-repository        
19 |           - microsoft-git
20 |           - go
21 |         baseImage:
22 |           - mcr.microsoft.com/devcontainers/base:ubuntu
23 |           - mcr.microsoft.com/devcontainers/base:debian
24 |           - mcr.microsoft.com/cbl-mariner/base/core:2.0
25 |     steps:
26 |       - uses: actions/checkout@v4
27 | 
28 |       - name: "Install latest devcontainer CLI"
29 |         run: npm install -g @devcontainers/cli
30 | 
31 |       - name: "Generating tests for '${{ matrix.features }}' against '${{ matrix.baseImage }}'"
32 |         run: devcontainer features test -f ${{ matrix.features }} -i ${{ matrix.baseImage }} .
33 | 
34 |   test-global:
35 |     runs-on: ubuntu-latest
36 |     continue-on-error: true
37 |     steps:
38 |       - uses: actions/checkout@v4
39 | 
40 |       - name: "Install latest devcontainer CLI"
41 |         run: npm install -g @devcontainers/cli
42 | 
43 |       - name: "Testing global scenarios"
44 |         run: devcontainer features test --global-scenarios-only .


--------------------------------------------------------------------------------
/.github/workflows/test-keyring.yaml:
--------------------------------------------------------------------------------
 1 | name: Artifacts Helper Keyring Tests
 2 | 
 3 | on:
 4 |   push:
 5 |     paths:
 6 |       - ".github/workflows/test-keyring.yaml"
 7 |       - "src/artifacts-helper/codespaces_artifacts_helper_keyring/**"
 8 | 
 9 |   pull_request:
10 |     branches:
11 |       - main
12 |     paths:
13 |       - ".github/workflows/test-keyring.yaml"
14 |       - "src/artifacts-helper/codespaces_artifacts_helper_keyring/**"
15 | 
16 | defaults:
17 |   run:
18 |     working-directory: src/artifacts-helper/codespaces_artifacts_helper_keyring
19 | 
20 | jobs:
21 |   generate-jobs:
22 |     name: Generate jobs
23 |     runs-on: ubuntu-latest
24 |     outputs:
25 |       session: ${{ steps.set-matrix.outputs.session }}
26 |     steps:
27 |       - uses: actions/checkout@v4
28 | 
29 |       - uses: wntrblm/nox@main
30 |         with:
31 |           python-versions: "3.12"
32 | 
33 |       - id: set-matrix
34 |         shell: bash
35 |         run: echo session=$(nox --json -l --tags ci | jq -c '[.[].session]') | tee --append $GITHUB_OUTPUT
36 | 
37 |   checks:
38 |     name: Session ${{ matrix.session }}
39 |     needs: [generate-jobs]
40 |     runs-on: ubuntu-latest
41 |     strategy:
42 |       fail-fast: false
43 |       matrix:
44 |         session: ${{ fromJson(needs.generate-jobs.outputs.session) }}
45 |     steps:
46 |       - uses: actions/checkout@v4
47 | 
48 |       - uses: wntrblm/nox@main
49 |         with:
50 |           python-versions: "3.8, 3.9, 3.10, 3.11, 3.12, pypy-3.9, pypy-3.10"
51 | 
52 |       - name: Setup PDM
53 |         uses: pdm-project/setup-pdm@v4
54 |         with:
55 |           version: "2.15.1"
56 |           python-version-file: "src/artifacts-helper/codespaces_artifacts_helper_keyring/pyproject.toml"
57 | 
58 |       - name: Run ${{ matrix.session }}
59 |         run: pdm run nox --error-on-missing-interpreters --error-on-external-run -s "${{ matrix.session }}"
60 | 


--------------------------------------------------------------------------------
/.github/workflows/test-pr.yaml:
--------------------------------------------------------------------------------
 1 | name: "PR - Test Updated Features"
 2 | on:
 3 |   pull_request:
 4 | 
 5 | jobs:
 6 |   detect-changes:
 7 |     runs-on: ubuntu-latest
 8 |     permissions:
 9 |       contents: read
10 |       pull-requests: read
11 |     outputs:
12 |       features: ${{ steps.filter.outputs.changes }}
13 |     steps:
14 |       - uses: dorny/paths-filter@v3
15 |         id: filter
16 |         with:
17 |           filters: |
18 |             artifacts-helper: ./**/artifacts-helper/**
19 |             devtool: ./**/devtool/**
20 |             docfx: ./**/docfx/**
21 |             external-repository: ./**/external-repository/**
22 |             microsoft-git: ./**/microsoft-git/**
23 |             go: ./**/go/**
24 |   test:
25 |     needs: [detect-changes]
26 |     runs-on: ubuntu-latest
27 |     continue-on-error: true
28 |     strategy:
29 |       matrix:
30 |         features: ${{ fromJSON(needs.detect-changes.outputs.features) }}
31 |         baseImage:
32 |           [
33 |             "mcr.microsoft.com/devcontainers/base:ubuntu",
34 |             "mcr.microsoft.com/devcontainers/base:debian",
35 |             "mcr.microsoft.com/cbl-mariner/base/core:2.0",
36 |           ]
37 |     steps:
38 |       - uses: actions/checkout@v4
39 | 
40 |       - name: "Install latest devcontainer CLI"
41 |         run: npm install -g @devcontainers/cli
42 | 
43 |       - name: "Generating tests for '${{ matrix.features }}' against '${{ matrix.baseImage }}'"
44 |         run: devcontainer features test  --skip-scenarios -f ${{ matrix.features }} -i ${{ matrix.baseImage }} .
45 | 
46 |   test-scenarios:
47 |     needs: [detect-changes]
48 |     runs-on: ubuntu-latest
49 |     continue-on-error: true
50 |     strategy:
51 |       matrix:
52 |         features: ${{ fromJSON(needs.detect-changes.outputs.features) }}
53 |     steps:
54 |       - uses: actions/checkout@v4
55 | 
56 |       - name: "Install latest devcontainer CLI"
57 |         run: npm install -g @devcontainers/cli
58 | 
59 |       - name: "Testing '${{ matrix.features }}' scenarios"
60 |         run: devcontainer features test -f ${{ matrix.features }} --skip-autogenerated  .


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Open Source Code of Conduct
 2 | 
 3 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 4 | 
 5 | Resources:
 6 | 
 7 | - [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
 8 | - [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
 9 | - Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
10 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 |     MIT License
 2 | 
 3 |     Copyright (c) Microsoft Corporation.
 4 | 
 5 |     Permission is hereby granted, free of charge, to any person obtaining a copy
 6 |     of this software and associated documentation files (the "Software"), to deal
 7 |     in the Software without restriction, including without limitation the rights
 8 |     to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 |     copies of the Software, and to permit persons to whom the Software is
10 |     furnished to do so, subject to the following conditions:
11 | 
12 |     The above copyright notice and this permission notice shall be included in all
13 |     copies or substantial portions of the Software.
14 | 
15 |     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 |     IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 |     FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 |     AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 |     LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 |     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 |     SOFTWARE
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Codespace Features
 2 | 
 3 | 
 4 | This is a repository of [devcontainer features](https://containers.dev/implementors/features/)
 5 | to assist teams in adopting Codespaces. Here is a list of the features in this repository:
 6 | 
 7 | | Feature | Description |
 8 | | ------- | ----------- |
 9 | | [artifacts-helper](src/artifacts-helper)   | Install Azure Artifacts credential helper configured for Codespace authentication |
10 | | [devtool](src/devtool) | Installs DevTool (Microsoft-internal only) |
11 | | [docfx](src/docfx)   | Install docfx to support editing and testing documentation |
12 | | [external-repository](src/external-repository)   | Handles all the details of working with an external git repository in Codespaces |
13 | | [microsoft-git](src/microsoft-git) | Install microsoft/git with Scalar and GVFS support |
14 | | [go](src/go) | Install go (with support for Mariner) |
15 | 
16 | ## Contributing
17 | 
18 | This project welcomes contributions and suggestions.  Most contributions require you to agree to a
19 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
20 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
21 | 
22 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide
23 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
24 | provided by the bot. You will only need to do this once across all repos using our CLA.
25 | 
26 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
27 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
28 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
29 | 
30 | ## Trademarks
31 | 
32 | This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft 
33 | trademarks or logos is subject to and must follow 
34 | [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
35 | Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
36 | Any use of third-party trademarks or logos are subject to those third-party's policies.
37 | 


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
 1 | <!-- BEGIN MICROSOFT SECURITY.MD V0.0.8 BLOCK -->
 2 | 
 3 | ## Security
 4 | 
 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 6 | 
 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
 8 | 
 9 | ## Reporting Security Issues
10 | 
11 | **Please do not report security vulnerabilities through public GitHub issues.**
12 | 
13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
14 | 
15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
16 | 
17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
18 | 
19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
20 | 
21 |   * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
22 |   * Full paths of source file(s) related to the manifestation of the issue
23 |   * The location of the affected source code (tag/branch/commit or direct URL)
24 |   * Any special configuration required to reproduce the issue
25 |   * Step-by-step instructions to reproduce the issue
26 |   * Proof-of-concept or exploit code (if possible)
27 |   * Impact of the issue, including how an attacker might exploit the issue
28 | 
29 | This information will help us triage your report more quickly.
30 | 
31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
32 | 
33 | ## Preferred Languages
34 | 
35 | We prefer all communications to be in English.
36 | 
37 | ## Policy
38 | 
39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
40 | 
41 | <!-- END MICROSOFT SECURITY.MD BLOCK -->
42 | 


--------------------------------------------------------------------------------
/SUPPORT.md:
--------------------------------------------------------------------------------
 1 | # Support
 2 | 
 3 | ## How to file issues and get help  
 4 | 
 5 | This project uses GitHub Issues to track bugs and feature requests. Please search the existing 
 6 | issues before filing new issues to avoid duplicates.  For new issues, file your bug or 
 7 | feature request as a new Issue.
 8 | 
 9 | For help and questions about using this project, please use our [Discussions](https://github.com/microsoft/codespace-features/discussions)
10 | 
11 | ## Microsoft Support Policy  
12 | 
13 | Support for this **PROJECT or PRODUCT** is limited to the resources listed above.
14 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/NOTES.md:
--------------------------------------------------------------------------------
 1 | This installs [Azure Artifacts Credential Provider](https://github.com/microsoft/artifacts-credprovider)
 2 | and optionally configures functions which shadow `dotnet`, `nuget`, `npm`, `yarn`, `rush`, and `pnpm` which dynamically sets an authentication token
 3 | for pulling artifacts from a feed before running the command.
 4 | 
 5 | For `npm`, `yarn`, `rush`, and `pnpm` this requires that your `~/.npmrc` file is configured to use the ${ARTIFACTS_ACCESSTOKEN}
 6 | environment variable for the `authToken`. A helper script has been added that you can use to write your `~/.npmrc`
 7 | file during your setup process, though there are many ways you could accomplish this. To use the script, run it like
 8 | this:
 9 | 
10 | ```
11 | write-npm.sh pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm
12 | write-npm.sh pkgs.dev.azure.com/orgname/projectname/_packaging/feed2/npm username
13 | write-npm.sh pkgs.dev.azure.com/orgname/projectname/_packaging/feed3/npm username email
14 | ```
15 | 
16 | You must pass the feed name to the script, but you can optionally provide a username and email if desired. Defaults
17 | are put in place if they are not provided. An example of the `.npmrc` file created is this:
18 | 
19 | ```
20 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/registry/:username=codespaces
21 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/registry/:_authToken=${ARTIFACTS_ACCESSTOKEN}
22 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/registry/:email=codespaces@github.com
23 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/:username=codespaces
24 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/:_authToken=${ARTIFACTS_ACCESSTOKEN}
25 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/:email=codespaces@github.com
26 | ```
27 | 
28 | ## Python Keyring Helper
29 | 
30 | Add the optional `{ "python" : true }` to install a Python Keyring helper that will handle authentication
31 | to Python feeds using the same mechanism as the other languages. To install a package just run something
32 | like:
33 | 
34 | ```
35 | pip install <package_name> --index-url https://pkgs.dev.azure.com/<org_name>/_packaging/<feed_name>/pypi/simple
36 | ```
37 | 
38 | When the feed URL is an Azure Artifacts feed pip will use the keyring helper to provide the credentials needed
39 | to download the package.
40 | 
41 | ## OS Support
42 | 
43 | This feature is tested to work on Debian/Ubuntu and Mariner CBL 2.0
44 | 
45 | ## Changing where functions are configured
46 | 
47 | By default, the functions are defined in `/etc/bash.bashrc` and `/etc/zsh/zshrc` if the container user is `root`, otherwise `~/.bashrc` and `~/.zshrc`.
48 | This default configuration ensures that the functions are always available for any interactive shells.
49 | 
50 | In some cases it can be useful to have the functions written to a non-default location. For example:
51 | - the configuration file of a shell other than `bash` and `zsh`
52 | - a custom file which is not a shell configuration script (so that it can be `source`d in non-interactive shells and scripts)
53 | 
54 | To do this, set the `targetFiles` option to the path script path where the functions should be written. Note that the default paths WILL NOT be used
55 | if the `targetFiles` option is provided, so you may want to include them in the overridden value, or add `source` the custom script in those configurations:
56 | 
57 | ```bash
58 | # .devcontainer/devcontainer.json
59 | {
60 |     // ...
61 |     "targetFiles": "/custom/path/to/auth-helper.sh"
62 | }
63 | 
64 | # ~/.bashrc
65 | 
66 | source /custom/path/to/auth-helper.sh
67 | ```


--------------------------------------------------------------------------------
/src/artifacts-helper/README.md:
--------------------------------------------------------------------------------
  1 | 
  2 | # Azure Artifacts Credential Helper (artifacts-helper)
  3 | 
  4 | Configures Codespace to authenticate with Azure Artifact feeds
  5 | 
  6 | ## Example Usage
  7 | 
  8 | ```json
  9 | "features": {
 10 |     "ghcr.io/microsoft/codespace-features/artifacts-helper:2": {}
 11 | }
 12 | ```
 13 | 
 14 | ## Options
 15 | 
 16 | | Options Id | Description | Type | Default Value |
 17 | |-----|-----|-----|-----|
 18 | | nugetURIPrefixes | Nuget URI Prefixes | string | https://pkgs.dev.azure.com/ |
 19 | | dotnet6 | Use .NET 6 Runtime | boolean | false |
 20 | | dotnetAlias | Create alias for dotnet | boolean | true |
 21 | | nugetAlias | Create alias for nuget | boolean | true |
 22 | | npmAlias | Create alias for npm | boolean | true |
 23 | | yarnAlias | Create alias for yarn | boolean | true |
 24 | | npxAlias | Create alias for npx | boolean | true |
 25 | | rushAlias | Create alias for rush | boolean | true |
 26 | | pnpmAlias | Create alias for pnpm | boolean | true |
 27 | | targetFiles | Comma separated list of files to write to. Default is '/etc/bash.bashrc,/etc/zsh/zshrc' for root and '~/.bashrc,~/.zshrc' for non-root | string | DEFAULT |
 28 | | python | Install Python keyring helper for pip | boolean | false |
 29 | 
 30 | ## Customizations
 31 | 
 32 | ### VS Code Extensions
 33 | 
 34 | - `ms-codespaces-tools.ado-codespaces-auth`
 35 | 
 36 | This installs [Azure Artifacts Credential Provider](https://github.com/microsoft/artifacts-credprovider)
 37 | and optionally configures functions which shadow `dotnet`, `nuget`, `npm`, `yarn`, `rush`, and `pnpm` which dynamically sets an authentication token
 38 | for pulling artifacts from a feed before running the command.
 39 | 
 40 | For `npm`, `yarn`, `rush`, and `pnpm` this requires that your `~/.npmrc` file is configured to use the ${ARTIFACTS_ACCESSTOKEN}
 41 | environment variable for the `authToken`. A helper script has been added that you can use to write your `~/.npmrc`
 42 | file during your setup process, though there are many ways you could accomplish this. To use the script, run it like
 43 | this:
 44 | 
 45 | ```
 46 | write-npm.sh pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm
 47 | write-npm.sh pkgs.dev.azure.com/orgname/projectname/_packaging/feed2/npm username
 48 | write-npm.sh pkgs.dev.azure.com/orgname/projectname/_packaging/feed3/npm username email
 49 | ```
 50 | 
 51 | You must pass the feed name to the script, but you can optionally provide a username and email if desired. Defaults
 52 | are put in place if they are not provided. An example of the `.npmrc` file created is this:
 53 | 
 54 | ```
 55 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/registry/:username=codespaces
 56 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/registry/:_authToken=${ARTIFACTS_ACCESSTOKEN}
 57 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/registry/:email=codespaces@github.com
 58 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/:username=codespaces
 59 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/:_authToken=${ARTIFACTS_ACCESSTOKEN}
 60 | //pkgs.dev.azure.com/orgname/projectname/_packaging/feed1/npm/:email=codespaces@github.com
 61 | ```
 62 | 
 63 | ## Python Keyring Helper
 64 | 
 65 | Add the optional `{ "python" : true }` to install a Python Keyring helper that will handle authentication
 66 | to Python feeds using the same mechanism as the other languages. To install a package just run something
 67 | like:
 68 | 
 69 | ```
 70 | pip install <package_name> --index-url https://pkgs.dev.azure.com/<org_name>/_packaging/<feed_name>/pypi/simple
 71 | ```
 72 | 
 73 | When the feed URL is an Azure Artifacts feed pip will use the keyring helper to provide the credentials needed
 74 | to download the package.
 75 | 
 76 | ## OS Support
 77 | 
 78 | This feature is tested to work on Debian/Ubuntu and Mariner CBL 2.0
 79 | 
 80 | ## Changing where functions are configured
 81 | 
 82 | By default, the functions are defined in `/etc/bash.bashrc` and `/etc/zsh/zshrc` if the container user is `root`, otherwise `~/.bashrc` and `~/.zshrc`.
 83 | This default configuration ensures that the functions are always available for any interactive shells.
 84 | 
 85 | In some cases it can be useful to have the functions written to a non-default location. For example:
 86 | - the configuration file of a shell other than `bash` and `zsh`
 87 | - a custom file which is not a shell configuration script (so that it can be `source`d in non-interactive shells and scripts)
 88 | 
 89 | To do this, set the `targetFiles` option to the path script path where the functions should be written. Note that the default paths WILL NOT be used
 90 | if the `targetFiles` option is provided, so you may want to include them in the overridden value, or add `source` the custom script in those configurations:
 91 | 
 92 | ```bash
 93 | # .devcontainer/devcontainer.json
 94 | {
 95 |     // ...
 96 |     "targetFiles": "/custom/path/to/auth-helper.sh"
 97 | }
 98 | 
 99 | # ~/.bashrc
100 | 
101 | source /custom/path/to/auth-helper.sh
102 | ```
103 | 
104 | ---
105 | 
106 | _Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/microsoft/codespace-features/blob/main/src/artifacts-helper/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
107 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/.gitignore:
--------------------------------------------------------------------------------
  1 | ### Python ###
  2 | # Byte-compiled / optimized / DLL files
  3 | __pycache__/
  4 | *.py[cod]
  5 | *$py.class
  6 | 
  7 | # C extensions
  8 | *.so
  9 | 
 10 | # Distribution / packaging
 11 | .Python
 12 | build/
 13 | develop-eggs/
 14 | dist/
 15 | downloads/
 16 | eggs/
 17 | .eggs/
 18 | lib/
 19 | lib64/
 20 | parts/
 21 | sdist/
 22 | var/
 23 | wheels/
 24 | share/python-wheels/
 25 | *.egg-info/
 26 | .installed.cfg
 27 | *.egg
 28 | MANIFEST
 29 | 
 30 | # PyInstaller
 31 | #  Usually these files are written by a python script from a template
 32 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 33 | *.manifest
 34 | *.spec
 35 | 
 36 | # Installer logs
 37 | pip-log.txt
 38 | pip-delete-this-directory.txt
 39 | 
 40 | # Unit test / coverage reports
 41 | htmlcov/
 42 | .tox/
 43 | .nox/
 44 | .coverage
 45 | .coverage.*
 46 | .cache
 47 | nosetests.xml
 48 | coverage.xml
 49 | *.cover
 50 | *.py,cover
 51 | .hypothesis/
 52 | .pytest_cache/
 53 | cover/
 54 | 
 55 | # Translations
 56 | *.mo
 57 | *.pot
 58 | 
 59 | # Django stuff:
 60 | *.log
 61 | local_settings.py
 62 | db.sqlite3
 63 | db.sqlite3-journal
 64 | 
 65 | # Flask stuff:
 66 | instance/
 67 | .webassets-cache
 68 | 
 69 | # Scrapy stuff:
 70 | .scrapy
 71 | 
 72 | # Sphinx documentation
 73 | docs/_build/
 74 | 
 75 | # PyBuilder
 76 | .pybuilder/
 77 | target/
 78 | 
 79 | # Jupyter Notebook
 80 | .ipynb_checkpoints
 81 | 
 82 | # IPython
 83 | profile_default/
 84 | ipython_config.py
 85 | 
 86 | # pyenv
 87 | #   For a library or package, you might want to ignore these files since the code is
 88 | #   intended to run in multiple environments; otherwise, check them in:
 89 | # .python-version
 90 | 
 91 | # pipenv
 92 | #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 93 | #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 94 | #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 95 | #   install all needed dependencies.
 96 | #Pipfile.lock
 97 | 
 98 | # poetry
 99 | #   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
100 | #   This is especially recommended for binary packages to ensure reproducibility, and is more
101 | #   commonly ignored for libraries.
102 | #   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
103 | #poetry.lock
104 | 
105 | # pdm
106 | #   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
107 | #pdm.lock
108 | #   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
109 | #   in version control.
110 | #   https://pdm.fming.dev/#use-with-ide
111 | .pdm.toml
112 | 
113 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
114 | __pypackages__/
115 | 
116 | # Celery stuff
117 | celerybeat-schedule
118 | celerybeat.pid
119 | 
120 | # SageMath parsed files
121 | *.sage.py
122 | 
123 | # Environments
124 | .env
125 | .venv
126 | env/
127 | venv/
128 | ENV/
129 | env.bak/
130 | venv.bak/
131 | 
132 | # Spyder project settings
133 | .spyderproject
134 | .spyproject
135 | 
136 | # Rope project settings
137 | .ropeproject
138 | 
139 | # mkdocs documentation
140 | /site
141 | 
142 | # mypy
143 | .mypy_cache/
144 | .dmypy.json
145 | dmypy.json
146 | 
147 | # Pyre type checker
148 | .pyre/
149 | 
150 | # pytype static type analyzer
151 | .pytype/
152 | 
153 | # Cython debug symbols
154 | cython_debug/
155 | 
156 | # PyCharm
157 | #  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
158 | #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
159 | #  and can be added to the global gitignore or merged into this file.  For a more nuclear
160 | #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
161 | #.idea/
162 | 
163 | ### Python Patch ###
164 | # Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration
165 | poetry.toml
166 | 
167 | # ruff
168 | .ruff_cache/
169 | 
170 | # LSP config files
171 | pyrightconfig.json
172 | 
173 | # PDM
174 | .pdm-python
175 | 
176 | ### macOS ###
177 | # General
178 | .DS_Store
179 | .AppleDouble
180 | .LSOverride
181 | 
182 | # Icon must end with two \r
183 | Icon
184 | 
185 | # Thumbnails
186 | ._*
187 | 
188 | # Files that might appear in the root of a volume
189 | .DocumentRevisions-V100
190 | .fseventsd
191 | .Spotlight-V100
192 | .TemporaryItems
193 | .Trashes
194 | .VolumeIcon.icns
195 | .com.apple.timemachine.donotpresent
196 | 
197 | # Directories potentially created on remote AFP share
198 | .AppleDB
199 | .AppleDesktop
200 | Network Trash Folder
201 | Temporary Items
202 | .apdisk
203 | 
204 | ### macOS Patch ###
205 | # iCloud generated files
206 | *.icloud
207 | 
208 | ### Windows ###
209 | # Windows thumbnail cache files
210 | Thumbs.db
211 | Thumbs.db:encryptable
212 | ehthumbs.db
213 | ehthumbs_vista.db
214 | 
215 | # Dump file
216 | *.stackdump
217 | 
218 | # Folder config file
219 | [Dd]esktop.ini
220 | 
221 | # Recycle Bin used on file shares
222 | $RECYCLE.BIN/
223 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/README.md:
--------------------------------------------------------------------------------
  1 | # codespaces_artifacts_helper_keyring
  2 | 
  3 | The `codespaces_artifacts_helper_keyring` package provides [keyring](https://pypi.org/project/keyring) authentication for consuming Python packages from Azure Artifacts feeds using the [Codespaces Artifacts Helper](https://github.com/microsoft/codespace-features/tree/main/src/artifacts-helper) and its underlying authentication tool, [ado-codespaces-auth](https://github.com/microsoft/ado-codespaces-auth).
  4 | 
  5 | This package is an extension to [keyring](https://pypi.org/project/keyring), which will automatically find and use it once installed. Both [pip](https://pypi.org/project/pip) and [twine](https://pypi.org/project/twine) will use keyring to find credentials.
  6 | 
  7 | ## Installation
  8 | 
  9 | ### From Source
 10 | 
 11 | To install this package from source:
 12 | 
 13 | ```sh
 14 | $ cd src/artifacts-helper/codespaces_artifacts_helper_keyring
 15 | 
 16 | # PDM is used to manage the project
 17 | $ pip install 'pdm>=2.14'
 18 | 
 19 | # Install dependencies and build the package
 20 | $ pdm build
 21 | 
 22 | # Install package and dependencies with pip
 23 | $ pip install dist/codespaces_artifacts_helper_keyring-*.whl
 24 | ```
 25 | 
 26 | ### From GitHub Releases
 27 | 
 28 | TODO: Write instructions
 29 | 
 30 | ## Usage
 31 | 
 32 | ### Requirements
 33 | 
 34 | To use `codespaces_artifacts_helper_keyring` to set up authentication between `pip` and Azure Artifacts, the following requirements must be met:
 35 | 
 36 | - pip version **19.2** or higher
 37 | - python version **3.8** or higher
 38 | - running inside a Codespace with [Codespaces Artifacts Helper](https://github.com/microsoft/codespace-features/tree/main/src/artifacts-helper) and the `param` option set to `true`. This will automatically install the `codespaces_artifacts_helper_keyring` package for you.
 39 |   ```json
 40 |   {
 41 |     "features": {
 42 |       "ghcr.io/microsoft/codespace-features/artifacts-helper:1": {
 43 |         "python": true
 44 |       }
 45 |     }
 46 |   }
 47 |   ```
 48 | 
 49 | ### Inner Workings
 50 | 
 51 | The `codespaces_artifacts_helper_keyring` will detect if the package index has a domain that matches Azure Artifacts, e.g. `pkgs.dev.azure.com`. If it does, it will use the `ado-codespaces-auth` tool at `~/ado-auth-helper` to fetch an access token. This token will be used to authenticate with the Azure Artifacts feed.
 52 | 
 53 | ### Installing Packages from an Azure Artifacts Feed
 54 | 
 55 | Once the codespace is ready, to consume a package, use the following `pip` command, replacing **<org_name>** and **<feed_name>** with your own, and **<package_name>** with the package you want to install:
 56 | 
 57 | ```
 58 | pip install <package_name> --index-url https://pkgs.dev.azure.com/<org_name>/_packaging/<feed_name>/pypi/simple
 59 | ```
 60 | 
 61 | ## Contributing
 62 | 
 63 | We use [PDM](https://pdm-project.org/) to manage the project and its dependencies. To get started, install PDM:
 64 | 
 65 | ```sh
 66 | $ pip install 'pdm>=2.14'
 67 | ```
 68 | 
 69 | Then, install the project dependencies:
 70 | 
 71 | ```sh
 72 | $ pdm install
 73 | ```
 74 | 
 75 | ### Scripts
 76 | 
 77 | A set of scripts are in `pyproject.toml` to help with common tasks. These can be run using `pdm <script name> <extra args>`. For example:
 78 | 
 79 | ```sh
 80 | # Lint and exit with non-zero status if there are issues
 81 | $ pdm lint
 82 | 
 83 | # Lint and attempt to fix issues
 84 | $ pdm run lint-fix
 85 | 
 86 | # Format and fix issues
 87 | $ pdm run format [target files or directories]
 88 | 
 89 | # Type check
 90 | $ pdm mypy
 91 | 
 92 | # Run tests
 93 | $ pdm tests
 94 | 
 95 | # Test on all supported Python versions
 96 | $ pdm run nox
 97 | ```
 98 | 
 99 | The scripts are wrappers around [nox](https://github.com/wntrblm/nox) sessions. You can directly run them from nox and use more specific filters. For example, to list the sessions that would run tests on Python 3.11:
100 | 
101 | ```sh
102 | $ pdm run nox -l -s tests --python '3.11'
103 | 
104 | * tests(python='3.11', keyring='20') -> Run the test suite.
105 | * tests(python='3.11', keyring='25.1') -> Run the test suite.
106 | ```
107 | 
108 | The underlying [nox](https://github.com/wntrblm/nox) configuration is defined in `noxfile.py`. You can modify this file to add new test environments or change the behavior of existing ones. Any tests with the `"ci"` tag will be run in the CI pipeline.
109 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/noxfile.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | from typing import List
 3 | 
 4 | import nox
 5 | 
 6 | os.environ.update({"PDM_IGNORE_SAVED_PYTHON": "1"})
 7 | 
 8 | DEFAULT_PYTHON_VERSION = "3.11"
 9 | PYTHON_VERSIONS: List[str] = ["3.8", "3.9", "3.10", "3.11", "3.12"]
10 | 
11 | DEFAULT_TEST_LOCATION = "tests"
12 | LOCATIONS = ["src", DEFAULT_TEST_LOCATION, "noxfile.py"]
13 | 
14 | 
15 | @nox.session(py=DEFAULT_PYTHON_VERSION, tags=["ci"])
16 | def lint(session):
17 |     """Run the linter.
18 | 
19 |     Returns a failure if the linter finds any issues.
20 |     """
21 |     session.run_always("pdm", "install", "-dG", "lint", external=True)
22 |     session.run("ruff", "check", *LOCATIONS, *session.posargs)
23 | 
24 | 
25 | @nox.session(py=DEFAULT_PYTHON_VERSION, tags=["ci"])
26 | def format_check(session):
27 |     """Run the formatter and fail if issues are found."""
28 |     session.notify("format", posargs=["--check", *LOCATIONS])
29 | 
30 | 
31 | @nox.session(py=DEFAULT_PYTHON_VERSION)
32 | def format(session):
33 |     """Run the formatter and fix issues."""
34 |     session.run_always("pdm", "install", "-dG", "lint", external=True)
35 |     args = session.posargs or LOCATIONS
36 |     session.run("ruff", "format", *args)
37 | 
38 | 
39 | @nox.session(tags=["ci"])
40 | @nox.parametrize(
41 |     "python,keyring",
42 |     [
43 |         (python, keyring)
44 |         for python in PYTHON_VERSIONS
45 |         for keyring in ("20", "25.1")
46 |         # exclude keyring 20 because it is incompatible with python 3.12
47 |         if (python, keyring) != ("3.12", "20")
48 |     ],
49 | )
50 | def tests(session, keyring):
51 |     """Run the test suite."""
52 |     session.run_always("pdm", "install", "-dG", "test", external=True)
53 |     session.install(f"keyring=={keyring}")
54 |     args = session.posargs or [DEFAULT_TEST_LOCATION]
55 |     session.run("pytest", "-v", *args)
56 | 
57 | 
58 | @nox.session(py=PYTHON_VERSIONS, tags=["ci"])
59 | def mypy(session):
60 |     """Run the type checker."""
61 |     session.run_always("pdm", "install", external=True)
62 |     args = session.posargs or LOCATIONS
63 |     session.run("mypy", *args)
64 | 
65 | 
66 | @nox.session(py=DEFAULT_PYTHON_VERSION)
67 | def release(session):
68 |     """Build the package only.
69 | 
70 |     Usually, this would also upload the package to PyPI, but we only publish to
71 |     GitHub Releases in this project. See the `release-keyring.yaml` workflow.
72 |     """
73 |     session.run_always("pdm", "install", external=True)
74 |     session.run("pdm", "build", external=True)
75 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/pyproject.toml:
--------------------------------------------------------------------------------
 1 | [project]
 2 | name = "codespaces-artifacts-helper-keyring"
 3 | dynamic = ["version"]
 4 | description = "Keyring backend to retrieve credentials for Azure Artifacts on Codespaces using https://github.com/microsoft/ado-codespaces-auth"
 5 | authors = [{ name = "Microsoft Corporation" }]
 6 | classifiers = [
 7 |     "Development Status :: 3 - Alpha",
 8 |     "Intended Audience :: Developers",
 9 |     "License :: OSI Approved :: MIT License",
10 |     "Programming Language :: Python :: 3 :: Only",
11 |     "Typing :: Typed",
12 | ]
13 | dependencies = [
14 |     "jaraco-classes>=3.0.0",
15 |     "keyring>=20.0.0",
16 |     "requests>=2.20.0",
17 | ]
18 | requires-python = ">=3.8"
19 | readme = "README.md"
20 | license = { text = "MIT" }
21 | 
22 | [project.urls]
23 | Homepage = "https://github.com/microsoft/codespace-features"
24 | Documentation = "https://github.com/microsoft/codespace-features/tree/main/src/artifacts-helper"
25 | Repository = "https://github.com/microsoft/codespace-features.git"
26 | Issues = "https://github.com/microsoft/codespace-features/issues"
27 | 
28 | [project.entry-points."keyring.backends"]
29 | CodespacesArtifactsHelperKeyringBackend = "codespaces_artifacts_helper_keyring"
30 | 
31 | [build-system]
32 | requires = ["setuptools>=61", "wheel"]
33 | build-backend = "setuptools.build_meta"
34 | 
35 | [tool.setuptools.packages.find]
36 | where = ["src"]
37 | 
38 | [tool.setuptools.package-data]
39 | "codespaces_artifacts_helper_keyring" = ["py.typed"]
40 | 
41 | [tool.setuptools.dynamic]
42 | version = {attr = "codespaces_artifacts_helper_keyring.__version__"}
43 | 
44 | [tool.pdm]
45 | distribution = true
46 | 
47 | [tool.pdm.dev-dependencies]
48 | lint = [
49 |     "mypy>=1.9.0",
50 |     "ruff>=0.4.0",
51 | ]
52 | dev = ["pip>=24.0", "nox>=2024.4.15"]
53 | test = ["pytest>=8.1.1", "pytest-cov>=5.0.0"]
54 | stubs = ["types-requests>=2.31.0.20240406"]
55 | 
56 | [tool.pdm.scripts]
57 | lint-fix = "pdm lint --fix"
58 | lint = "nox --error-on-external-run -R -s lint -- {args}"
59 | 
60 | format-check = "pdm format --check"
61 | format = "nox --error-on-external-run -R -s format -- {args}"
62 | 
63 | mypy = "nox --error-on-external-run -R -s mypy -- {args}"
64 | tests = "nox --error-on-external-run -R -s tests -- {args}"
65 | 
66 | release = "nox --error-on-external-run -R -s release"
67 | 
68 | [tool.ruff]
69 | # Allow imports relative to the "src" and "test" directories. Also allows ruff's
70 | # isort to determine that our package is first party when importing it in tests.
71 | src = ["src", "test"]
72 | 
73 | line-length = 88
74 | indent-width = 4
75 | 
76 | [tool.ruff.lint]
77 | extend-select = ["B", "C4", "D", "E", "F", "I", "W", "Q"]
78 | ignore = ["D102"]
79 | 
80 | [tool.ruff.lint.pydocstyle]
81 | convention = "google"
82 | 
83 | [tool.ruff.lint.per-file-ignores]
84 | "__init__.py" = ["F401"]
85 | "noxfile.py" = ["D1"]
86 | "**/{tests,docs,tools}/*" = ["D1", "E402"]
87 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/src/codespaces_artifacts_helper_keyring/__init__.py:
--------------------------------------------------------------------------------
1 | """Provides a keyring backend for the Codespaces Artifacts Helper."""
2 | 
3 | from .artifacts_helper_credential_provider import ArtifactsHelperCredentialProvider
4 | from .keyring_backend import CodespacesArtifactsHelperKeyringBackend
5 | 
6 | __version__ = "0.1.0"
7 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/src/codespaces_artifacts_helper_keyring/artifacts_helper_credential_provider.py:
--------------------------------------------------------------------------------
  1 | """Wrapper to interface with the artifacts authentication helper."""
  2 | 
  3 | from __future__ import absolute_import
  4 | 
  5 | import os
  6 | import shutil
  7 | import subprocess
  8 | from pathlib import Path
  9 | from typing import Optional, Union
 10 | 
 11 | import requests
 12 | 
 13 | 
 14 | class ArtifactsHelperCredentialProviderError(RuntimeError):
 15 |     """Generic error for ArtifactsHelperCredentialProvider."""
 16 | 
 17 | 
 18 | class ArtifactsHelperCredentialProvider:
 19 |     """A wrapper retrieve credentials from the artifacts authentication helper.
 20 | 
 21 |     The authentication helper should be installed from
 22 |     https://github.com/microsoft/ado-codespaces-auth.
 23 | 
 24 |     Attributes:
 25 |         DEFAULT_AUTH_HELPER_PATH: The default path to the authentication helper
 26 |             executable.
 27 | 
 28 |     Raises:
 29 |         ArtifactsHelperCredentialProviderError: When the credentials could not be
 30 |             retrieved.
 31 |     """
 32 | 
 33 |     DEFAULT_AUTH_HELPER_PATH = "~/ado-auth-helper"
 34 | 
 35 |     def __init__(
 36 |         self,
 37 |         auth_helper_path: Union[os.PathLike, str] = DEFAULT_AUTH_HELPER_PATH,
 38 |         timeout: int = 30,
 39 |     ):
 40 |         """Initialise the provider.
 41 | 
 42 |         Args:
 43 |             auth_helper_path: The path to the authentication helper executable, or the
 44 |                 name of the executable if it is in the PATH. Defaults to
 45 |                 DEFAULT_AUTH_HELPER_PATH.
 46 | 
 47 |             timeout: The timeout in seconds for calling the authentication helper and
 48 |                 any HTTP requests made to test credentials. Defaults to 30.
 49 |         """
 50 |         self.auth_tool_path = self.resolve_auth_helper_path(auth_helper_path)
 51 |         self.timeout = timeout
 52 | 
 53 |     @staticmethod
 54 |     def resolve_auth_helper_path(
 55 |         auth_helper_path: Union[os.PathLike, str],
 56 |     ) -> Optional[str]:
 57 |         """Resolve the path to the authentication helper executable.
 58 | 
 59 |         Returns:
 60 |             The path to the authentication helper executable, or `None` if it is not
 61 |             executable or not found.
 62 |         """
 63 |         return shutil.which(str(Path(auth_helper_path).expanduser()), mode=os.X_OK)
 64 | 
 65 |     @classmethod
 66 |     def auth_helper_installed(cls, auth_helper_path: Union[os.PathLike, str]) -> bool:
 67 |         """Check whether the authentication helper is installed and executable."""
 68 |         return cls.resolve_auth_helper_path(auth_helper_path) is not None
 69 | 
 70 |     def get_token(self, url: str) -> Optional[str]:
 71 |         """Get an access token for the given URL.
 72 | 
 73 |         Args:
 74 |             url: The URL to retrieve credentials for.
 75 | 
 76 |         Returns:
 77 |             The token for the URL, or `None` if no credentials could be retrieved.
 78 |         """
 79 |         # Public feed short circuit: return nothing if not getting credentials for the
 80 |         # upload endpoint (which always requires auth) and the endpoint is public (can
 81 |         # authenticate without credentials).
 82 |         if not self._is_upload_endpoint(url) and self._can_authenticate(url, None):
 83 |             return None
 84 | 
 85 |         token = self._get_token_from_helper()
 86 |         return token if token else None
 87 | 
 88 |     @staticmethod
 89 |     def _is_upload_endpoint(url) -> bool:
 90 |         url = url[:-1] if url[-1] == "/" else url
 91 |         return url.endswith("pypi/upload")
 92 | 
 93 |     def _can_authenticate(self, url, auth) -> bool:
 94 |         response = requests.get(url, auth=auth, timeout=self.timeout)
 95 |         return response.status_code < 500 and response.status_code not in (401, 403)
 96 | 
 97 |     def _get_token_from_helper(self) -> str:
 98 |         if self.auth_tool_path is None:
 99 |             raise ArtifactsHelperCredentialProviderError(
100 |                 "Failed to get credentials: No authentication tool found"
101 |             )
102 | 
103 |         try:
104 |             p = subprocess.run(
105 |                 [self.auth_tool_path, "get-access-token"],
106 |                 capture_output=True,
107 |                 encoding="utf-8",
108 |                 check=True,
109 |                 timeout=self.timeout,
110 |             )
111 |             stdout = p.stdout
112 |             if stdout:
113 |                 return stdout.strip()
114 |             else:
115 |                 raise ArtifactsHelperCredentialProviderError(
116 |                     "Failed to get credentials: "
117 |                     f"No output from subprocess {self.auth_tool_path}"
118 |                 )
119 | 
120 |         except subprocess.CalledProcessError as e:
121 |             raise ArtifactsHelperCredentialProviderError(
122 |                 f"Failed to get credentials: Process {self.auth_tool_path} exited with "
123 |                 f"code {e.returncode}. Error: {e.stderr}"
124 |             ) from e
125 |         except subprocess.TimeoutExpired as e:
126 |             raise ArtifactsHelperCredentialProviderError(
127 |                 f"Failed to get credentials: Process {self.auth_tool_path} timed out "
128 |                 f"after {self.timeout} seconds"
129 |             ) from e
130 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/src/codespaces_artifacts_helper_keyring/keyring_backend.py:
--------------------------------------------------------------------------------
 1 | """Keyring backend for Codespaces Artifacts Helper."""
 2 | 
 3 | import warnings
 4 | from typing import Optional, Type
 5 | from urllib.parse import urlsplit
 6 | 
 7 | from jaraco.classes import properties
 8 | from keyring.backend import KeyringBackend
 9 | from keyring.credentials import Credential, SimpleCredential
10 | 
11 | from .artifacts_helper_credential_provider import ArtifactsHelperCredentialProvider
12 | 
13 | 
14 | class CodespacesArtifactsHelperKeyringBackend(KeyringBackend):
15 |     """A keyring backend for Azure Artifacts using the ADO Codespaces Auth Helper."""
16 | 
17 |     SUPPORTED_NETLOC = (
18 |         "pkgs.dev.azure.com",
19 |         "pkgs.visualstudio.com",
20 |         "pkgs.codedev.ms",
21 |         "pkgs.vsts.me",
22 |     )
23 | 
24 |     DEFAULT_USERNAME = "codespaces"
25 | 
26 |     _PROVIDER: Type[ArtifactsHelperCredentialProvider] = (
27 |         ArtifactsHelperCredentialProvider
28 |     )
29 |     AUTH_HELPER_PATH = _PROVIDER.DEFAULT_AUTH_HELPER_PATH
30 | 
31 |     @properties.classproperty
32 |     @classmethod
33 |     def priority(cls) -> float:
34 |         if not cls._PROVIDER.auth_helper_installed(cls.AUTH_HELPER_PATH):
35 |             raise RuntimeError(
36 |                 f"Auth helper not found at {cls.AUTH_HELPER_PATH}. "
37 |                 "Install https://github.com/microsoft/ado-codespaces-auth"
38 |             )
39 |         return 10.0
40 | 
41 |     def get_credential(
42 |         self, service: str, username: Optional[str]
43 |     ) -> Optional[Credential]:
44 |         if not self._is_supported_netloc(service):
45 |             return None
46 | 
47 |         provider = self._PROVIDER(auth_helper_path=self.AUTH_HELPER_PATH)
48 |         token = provider.get_token(service)
49 |         if not token:
50 |             return None
51 |         return SimpleCredential(username or self.DEFAULT_USERNAME, token)
52 | 
53 |     def _is_supported_netloc(self, service) -> bool:
54 |         try:
55 |             parsed = urlsplit(service, scheme="https")
56 |         except Exception as exc:
57 |             warnings.warn(str(exc), stacklevel=2)
58 |             return False
59 | 
60 |         netloc = parsed.netloc.rpartition("@")[-1]
61 |         return netloc is not None and netloc.endswith(self.SUPPORTED_NETLOC)
62 | 
63 |     def get_password(self, service, username):
64 |         creds = self.get_credential(service, None)
65 |         if creds and username == creds.username:
66 |             return creds.password
67 |         return None
68 | 
69 |     def set_password(self, service, username, password):
70 |         raise NotImplementedError()
71 | 
72 |     def delete_password(self, service, username):
73 |         raise NotImplementedError()
74 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/microsoft/codespace-features/c59303b11d113755b816e37faa6740130f4eafe2/src/artifacts-helper/codespaces_artifacts_helper_keyring/tests/__init__.py


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/tests/test_artifacts_helper_credential_provider.py:
--------------------------------------------------------------------------------
  1 | import os
  2 | import stat
  3 | import unittest
  4 | from pathlib import Path
  5 | from typing import Optional, Union
  6 | 
  7 | import pytest
  8 | 
  9 | from codespaces_artifacts_helper_keyring import ArtifactsHelperCredentialProvider
 10 | from codespaces_artifacts_helper_keyring.artifacts_helper_credential_provider import (
 11 |     ArtifactsHelperCredentialProviderError,
 12 | )
 13 | 
 14 | 
 15 | class TestArtifactsHelperWrapper(unittest.TestCase):
 16 |     SUPPORTED_HOST = "https://pkgs.dev.azure.com/"
 17 |     TEST_JWT = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cG4iOiJ1cG5AY29udG9zby5jb20iLCJ1bmlxdWVfbmFtZSI6Im5hbWVAY29udG9zby5jb20ifQ.srKYrr5B0i29XERHsvE6mqZpLBzyyrX-gUKe9OHZODw"  # noqa: E501
 18 | 
 19 |     def __init__(self, *args, **kwargs) -> None:
 20 |         super().__init__(*args, **kwargs)
 21 |         self.tmp_dir: Optional[os.PathLike] = None
 22 |         self.script_name = "mock_artifacts_helper.py"
 23 | 
 24 |     @pytest.fixture(autouse=True)
 25 |     def init_tmp_dir(self, tmp_path):
 26 |         self.tmp_dir = Path(tmp_path)
 27 | 
 28 |     @property
 29 |     def script_path(self):
 30 |         return self.tmp_dir / self.script_name
 31 | 
 32 |     def write_script(self, content: str, shebang: str = "#!/usr/bin/env python3"):
 33 |         with open(self.script_path, "w", encoding="utf-8") as f:
 34 |             f.write(shebang + "\n")
 35 |             f.write(content)
 36 |         set_path_executable(self.script_path)
 37 | 
 38 |     def test_auth_helper_installed_invalid_path(self):
 39 |         assert not ArtifactsHelperCredentialProvider.resolve_auth_helper_path(
 40 |             self.tmp_dir / "nonexistent"
 41 |         )
 42 |         assert not ArtifactsHelperCredentialProvider.auth_helper_installed(
 43 |             self.tmp_dir / "nonexistent"
 44 |         )
 45 | 
 46 |     def test_auth_helper_installed_and_not_executable(self):
 47 |         self.write_script("pass")
 48 |         set_path_not_executable(self.script_path)
 49 |         assert not ArtifactsHelperCredentialProvider.resolve_auth_helper_path(
 50 |             self.script_path
 51 |         )
 52 |         assert not ArtifactsHelperCredentialProvider.auth_helper_installed(
 53 |             self.script_path
 54 |         )
 55 | 
 56 |     def test_auth_helper_installed_and_executable(self):
 57 |         self.write_script("pass")
 58 |         assert (
 59 |             ArtifactsHelperCredentialProvider.resolve_auth_helper_path(self.script_path)
 60 |             is not None
 61 |         )
 62 |         assert ArtifactsHelperCredentialProvider.auth_helper_installed(self.script_path)
 63 | 
 64 |     def test_get_token_from_helper(self):
 65 |         raw_token_value = "raw_token_here._-azAZ09"
 66 |         self.write_script(f"print('{raw_token_value}')")
 67 |         provider = ArtifactsHelperCredentialProvider(self.script_path)
 68 |         assert provider._get_token_from_helper() == raw_token_value.strip()
 69 | 
 70 |     def test_get_token_from_helper_not_installed(self):
 71 |         provider = ArtifactsHelperCredentialProvider()
 72 |         with pytest.raises(
 73 |             ArtifactsHelperCredentialProviderError, match="No authentication tool found"
 74 |         ):
 75 |             provider._get_token_from_helper()
 76 | 
 77 |     def test_get_token(self):
 78 |         self.write_script(f"print('{self.TEST_JWT}')")
 79 |         provider = ArtifactsHelperCredentialProvider(self.script_path)
 80 |         assert provider.get_token(self.SUPPORTED_HOST) == self.TEST_JWT
 81 | 
 82 |     def test_get_token_invalid_token(self):
 83 |         self.write_script(r"print('\n\n\n')")
 84 |         provider = ArtifactsHelperCredentialProvider(self.script_path)
 85 |         assert provider.get_token(self.SUPPORTED_HOST) is None
 86 | 
 87 |     def test_get_token_helper_non_zero_exit(self):
 88 |         self.write_script("exit(1)")
 89 |         provider = ArtifactsHelperCredentialProvider(self.script_path)
 90 |         with pytest.raises(
 91 |             ArtifactsHelperCredentialProviderError,
 92 |             match=f"Process .*{self.script_name}.* exited with code 1",
 93 |         ):
 94 |             provider.get_token(self.SUPPORTED_HOST)
 95 | 
 96 | 
 97 | def set_path_executable(path: Union[os.PathLike, str]):
 98 |     p = Path(path)
 99 |     p.chmod(p.stat().st_mode | stat.S_IEXEC)
100 | 
101 | 
102 | def set_path_not_executable(path: Union[os.PathLike, str]):
103 |     p = Path(path)
104 |     p.chmod(p.stat().st_mode & ~stat.S_IEXEC)
105 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/codespaces_artifacts_helper_keyring/tests/test_keyring_backend.py:
--------------------------------------------------------------------------------
  1 | from pathlib import Path
  2 | 
  3 | import keyring
  4 | import keyring.backend
  5 | import keyring.backends.chainer
  6 | import keyring.errors
  7 | import pytest
  8 | from jaraco.classes import properties
  9 | 
 10 | from codespaces_artifacts_helper_keyring import (
 11 |     ArtifactsHelperCredentialProvider,
 12 |     CodespacesArtifactsHelperKeyringBackend,
 13 | )
 14 | 
 15 | # Shouldn't be accessed by tests, but needs to be able
 16 | # to get past the quick check.
 17 | SUPPORTED_HOST = "https://pkgs.dev.azure.com/"
 18 | 
 19 | 
 20 | class FakeProvider(ArtifactsHelperCredentialProvider):
 21 |     def get_token(self, service):
 22 |         return "pass" + service[-4:]
 23 | 
 24 |     @staticmethod
 25 |     def auth_helper_installed(auth_tool_path):
 26 |         return True
 27 | 
 28 | 
 29 | class PasswordsBackend(keyring.backend.KeyringBackend):
 30 |     priority = 10.0  # type: ignore
 31 | 
 32 |     def __init__(self):
 33 |         self.passwords = {}
 34 | 
 35 |     def get_password(self, system, username):
 36 |         return self.passwords.get((system, username))
 37 | 
 38 |     def set_password(self, system, username, password):
 39 |         self.passwords[system, username] = password
 40 | 
 41 |     def delete_password(self, system, username):
 42 |         try:
 43 |             del self.passwords[system, username]
 44 |         except LookupError as e:
 45 |             raise keyring.errors.PasswordDeleteError(username) from e
 46 | 
 47 | 
 48 | class MockGetResponse:
 49 |     status_code = 200
 50 | 
 51 | 
 52 | @pytest.fixture
 53 | def only_backend():
 54 |     previous = keyring.get_keyring()
 55 |     backend = CodespacesArtifactsHelperKeyringBackend()
 56 |     keyring.set_keyring(backend)
 57 |     yield backend
 58 |     keyring.set_keyring(previous)
 59 | 
 60 | 
 61 | @pytest.fixture
 62 | def passwords(monkeypatch):
 63 |     passwords_backend = PasswordsBackend()
 64 | 
 65 |     def mock_get_all_keyring():
 66 |         return [CodespacesArtifactsHelperKeyringBackend(), passwords_backend]
 67 | 
 68 |     monkeypatch.setattr(keyring.backend, "get_all_keyring", mock_get_all_keyring)
 69 | 
 70 |     chainer_backend = keyring.backends.chainer.ChainerBackend()
 71 | 
 72 |     previous = keyring.get_keyring()
 73 |     keyring.set_keyring(chainer_backend)
 74 |     yield passwords_backend.passwords
 75 |     keyring.set_keyring(previous)
 76 | 
 77 | 
 78 | @pytest.fixture
 79 | def fake_provider(monkeypatch):
 80 |     monkeypatch.setattr(
 81 |         CodespacesArtifactsHelperKeyringBackend, "_PROVIDER", FakeProvider
 82 |     )
 83 | 
 84 | 
 85 | def test_get_credential_unsupported_host(only_backend):
 86 |     assert keyring.get_credential("https://example.com", None) is None
 87 | 
 88 | 
 89 | def test_get_credential_default_username(only_backend, fake_provider):
 90 |     creds = keyring.get_credential(SUPPORTED_HOST + "1234", "user12345678")
 91 |     assert creds.username == "user12345678"
 92 |     assert creds.password == "pass1234"
 93 | 
 94 | 
 95 | def test_get_credential_with_username(only_backend, fake_provider):
 96 |     creds = keyring.get_credential(SUPPORTED_HOST + "1234", None)
 97 |     assert creds.username == "codespaces"
 98 |     assert creds.password == "pass1234"
 99 | 
100 | 
101 | def test_set_password_raises(only_backend):
102 |     with pytest.raises(NotImplementedError):
103 |         keyring.set_password("SYSTEM", "USERNAME", "PASSWORD")
104 | 
105 | 
106 | def test_set_password_fallback(passwords, fake_provider):
107 |     # Ensure we are getting good credentials
108 |     assert keyring.get_credential(SUPPORTED_HOST + "1234", None).password == "pass1234"
109 | 
110 |     assert keyring.get_password("SYSTEM", "USERNAME") is None
111 |     keyring.set_password("SYSTEM", "USERNAME", "PASSWORD")
112 |     assert passwords["SYSTEM", "USERNAME"] == "PASSWORD"
113 |     assert keyring.get_password("SYSTEM", "USERNAME") == "PASSWORD"
114 |     assert keyring.get_credential("SYSTEM", "USERNAME").username == "USERNAME"
115 |     assert keyring.get_credential("SYSTEM", "USERNAME").password == "PASSWORD"
116 | 
117 |     # Ensure we are getting good credentials
118 |     assert keyring.get_credential(SUPPORTED_HOST + "1234", None).password == "pass1234"
119 | 
120 | 
121 | def test_delete_password_raises(only_backend):
122 |     with pytest.raises(NotImplementedError):
123 |         keyring.delete_password("SYSTEM", "USERNAME")
124 | 
125 | 
126 | def test_delete_password_fallback(passwords, fake_provider):
127 |     # Ensure we are getting good credentials
128 |     assert keyring.get_credential(SUPPORTED_HOST + "1234", None).password == "pass1234"
129 | 
130 |     passwords["SYSTEM", "USERNAME"] = "PASSWORD"
131 |     keyring.delete_password("SYSTEM", "USERNAME")
132 |     assert keyring.get_password("SYSTEM", "USERNAME") is None
133 |     assert not passwords
134 |     with pytest.raises(keyring.errors.PasswordDeleteError):
135 |         keyring.delete_password("SYSTEM", "USERNAME")
136 | 
137 | 
138 | def test_cannot_delete_password(passwords, fake_provider):
139 |     # Ensure we are getting good credentials
140 |     creds = keyring.get_credential(SUPPORTED_HOST + "1234", "user1234")
141 |     assert creds.username == "user1234"
142 |     assert creds.password == "pass1234"
143 | 
144 |     with pytest.raises(keyring.errors.PasswordDeleteError):
145 |         keyring.delete_password(SUPPORTED_HOST + "1234", creds.username)
146 | 
147 | 
148 | def test_priority_when_helper_installed(monkeypatch):
149 |     class MockProvider(ArtifactsHelperCredentialProvider):
150 |         @staticmethod
151 |         def resolve_auth_helper_path(auth_helper_path):
152 |             return Path("fake-path")
153 | 
154 |         @properties.classproperty
155 |         @classmethod
156 |         def priority(cls) -> float:
157 |             return True
158 | 
159 |     monkeypatch.setattr(
160 |         CodespacesArtifactsHelperKeyringBackend, "_PROVIDER", MockProvider
161 |     )
162 | 
163 |     assert CodespacesArtifactsHelperKeyringBackend.priority == 10.0
164 |     assert CodespacesArtifactsHelperKeyringBackend().priority == 10.0
165 | 
166 | 
167 | def test_priority_when_helper_not_installed(monkeypatch):
168 |     class MockProvider(ArtifactsHelperCredentialProvider):
169 |         @staticmethod
170 |         def resolve_auth_helper_path(auth_helper_path):
171 |             return None
172 | 
173 |         @properties.classproperty
174 |         @classmethod
175 |         def priority(cls) -> float:
176 |             return False
177 | 
178 |     monkeypatch.setattr(
179 |         CodespacesArtifactsHelperKeyringBackend, "_PROVIDER", MockProvider
180 |     )
181 | 
182 |     with pytest.raises(RuntimeError):
183 |         assert not CodespacesArtifactsHelperKeyringBackend.priority
184 | 
185 |     with pytest.raises(RuntimeError):
186 |         assert not CodespacesArtifactsHelperKeyringBackend().priority
187 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/devcontainer-feature.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "Azure Artifacts Credential Helper",
 3 |     "id": "artifacts-helper",
 4 |     "version": "2.0.3",
 5 |     "description": "Configures Codespace to authenticate with Azure Artifact feeds",
 6 |     "options": {
 7 |         "nugetURIPrefixes": {
 8 |             "type": "string",
 9 |             "default": "https://pkgs.dev.azure.com/",
10 |             "description": "Nuget URI Prefixes"
11 |         },
12 |         "dotnet6": {
13 |             "type": "boolean",
14 |             "default": false,
15 |             "description": "Use .NET 6 Runtime"
16 |         },
17 |         "dotnetAlias": {
18 |             "type": "boolean",
19 |             "default": true,
20 |             "description": "Create alias for dotnet"
21 |         },
22 |         "nugetAlias": {
23 |             "type": "boolean",
24 |             "default": true,
25 |             "description": "Create alias for nuget"
26 |         },
27 |         "npmAlias": {
28 |             "type": "boolean",
29 |             "default": true,
30 |             "description": "Create alias for npm"
31 |         },
32 |         "yarnAlias": {
33 |             "type": "boolean",
34 |             "default": true,
35 |             "description": "Create alias for yarn"
36 |         },
37 |         "npxAlias": {
38 |             "type": "boolean",
39 |             "default": true,
40 |             "description": "Create alias for npx"
41 |         },
42 |         "rushAlias": {
43 |             "type": "boolean",
44 |             "default": true,
45 |             "description": "Create alias for rush"
46 |         },
47 |         "pnpmAlias": {
48 |             "type": "boolean",
49 |             "default": true,
50 |             "description": "Create alias for pnpm"
51 |         },
52 |         "targetFiles": {
53 |             "type": "string",
54 |             "default": "DEFAULT",
55 |             "description": "Comma separated list of files to write to. Default is '/etc/bash.bashrc,/etc/zsh/zshrc' for root and '~/.bashrc,~/.zshrc' for non-root"
56 |         },
57 |         "python": {
58 |             "type": "boolean",
59 |             "default": false,
60 |             "description": "Install Python keyring helper for pip"
61 |         }
62 |     },
63 |     "installsAfter": [
64 |         "ghcr.io/devcontainers/features/common-utils",
65 |         "ghcr.io/devcontainers/features/python"
66 |     ],
67 |     "customizations": {
68 |         "vscode": {
69 |             "extensions": [
70 |                 "ms-codespaces-tools.ado-codespaces-auth"
71 |             ]
72 |         }
73 |     }
74 | }


--------------------------------------------------------------------------------
/src/artifacts-helper/install.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | set -e
  4 | 
  5 | PREFIXES="${NUGETURIPREFIXES:-"https://pkgs.dev.azure.com/"}"
  6 | USENET6="${DOTNET6:-"false"}"
  7 | ALIAS_DOTNET="${DOTNETALIAS:-"true"}"
  8 | ALIAS_NUGET="${NUGETALIAS:-"true"}"
  9 | ALIAS_NPM="${NPMALIAS:-"true"}"
 10 | ALIAS_YARN="${YARNALIAS:-"true"}"
 11 | ALIAS_NPX="${NPXALIAS:-"true"}"
 12 | ALIAS_RUSH="${RUSHALIAS:-"true"}"
 13 | ALIAS_PNPM="${PNPMALIAS:-"true"}"
 14 | INSTALL_PIP_HELPER="${PYTHON:-"false"}"
 15 | COMMA_SEP_TARGET_FILES="${TARGETFILES:-"DEFAULT"}"
 16 | 
 17 | ALIASES_ARR=()
 18 | 
 19 | if [ "${ALIAS_DOTNET}" = "true" ]; then
 20 |     ALIASES_ARR+=('dotnet')
 21 | fi
 22 | if [ "${ALIAS_NUGET}" = "true" ]; then
 23 |     ALIASES_ARR+=('nuget')
 24 | fi
 25 | if [ "${ALIAS_NPM}" = "true" ]; then
 26 |     ALIASES_ARR+=('npm')
 27 | fi
 28 | if [ "${ALIAS_YARN}" = "true" ]; then
 29 |     ALIASES_ARR+=('yarn')
 30 | fi
 31 | if [ "${ALIAS_NPX}" = "true" ]; then
 32 |     ALIASES_ARR+=('npx')
 33 | fi
 34 | if [ "${ALIAS_RUSH}" = "true" ]; then
 35 |     ALIASES_ARR+=('rush')
 36 |     ALIASES_ARR+=('rush-pnpm')
 37 | fi
 38 | if [ "${ALIAS_PNPM}" = "true" ]; then
 39 |     ALIASES_ARR+=('pnpm')
 40 |     ALIASES_ARR+=('pnpx')
 41 | fi
 42 | 
 43 | # Source /etc/os-release to get OS info
 44 | . /etc/os-release
 45 | 
 46 | if [ "$(id -u)" -ne 0 ]; then
 47 |     echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
 48 |     exit 1
 49 | fi
 50 | 
 51 | apt_get_update() {
 52 |     if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
 53 |         echo "Running apt-get update..."
 54 |         apt-get update -y
 55 |     fi
 56 | }
 57 | 
 58 | # Checks if packages are installed and installs them if not
 59 | check_packages() {
 60 |     if ! dpkg -s "$@" > /dev/null 2>&1; then
 61 |         apt_get_update
 62 |         apt-get -y install --no-install-recommends "$@"
 63 |         rm -rf /var/lib/apt/lists/*
 64 |     fi
 65 | }
 66 | 
 67 | export DEBIAN_FRONTEND=noninteractive
 68 | 
 69 | if [ "${ID}" = "mariner" ]; then
 70 |     tdnf install -y wget ca-certificates
 71 |     tdnf clean all
 72 | else
 73 |     check_packages wget ca-certificates
 74 | fi
 75 | 
 76 | # Change to the directory where this script is located
 77 | cd "$(dirname "$0")"
 78 | 
 79 | cp ./scripts/install-provider.sh /tmp
 80 | chmod +rx /tmp/install-provider.sh
 81 | cp ./scripts/install-python-keyring.sh /tmp
 82 | chmod +rx /tmp/install-python-keyring.sh
 83 | 
 84 | sed "s|REPLACE_WITH_AZURE_DEVOPS_NUGET_FEED_URL_PREFIX|${PREFIXES}|g" ./scripts/run-dotnet.sh > /usr/local/bin/run-dotnet.sh
 85 | chmod +rx /usr/local/bin/run-dotnet.sh
 86 | sed "s|REPLACE_WITH_AZURE_DEVOPS_NUGET_FEED_URL_PREFIX|${PREFIXES}|g" ./scripts/run-nuget.sh > /usr/local/bin/run-nuget.sh
 87 | chmod +rx /usr/local/bin/run-nuget.sh
 88 | cp ./scripts/run-npm.sh /usr/local/bin/run-npm.sh
 89 | chmod +rx /usr/local/bin/run-npm.sh
 90 | cp ./scripts/run-yarn.sh /usr/local/bin/run-yarn.sh
 91 | chmod +rx /usr/local/bin/run-yarn.sh
 92 | cp ./scripts/write-npm.sh /usr/local/bin/write-npm.sh
 93 | chmod +rx /usr/local/bin/write-npm.sh
 94 | cp ./scripts/run-npx.sh /usr/local/bin/run-npx.sh
 95 | chmod +rx /usr/local/bin/run-npx.sh
 96 | 
 97 | cp ./scripts/run-rush.sh /usr/local/bin/run-rush.sh
 98 | chmod +rx /usr/local/bin/run-rush.sh
 99 | cp ./scripts/run-rush-pnpm.sh /usr/local/bin/run-rush-pnpm.sh
100 | chmod +rx /usr/local/bin/run-rush-pnpm.sh
101 | 
102 | cp ./scripts/run-pnpm.sh /usr/local/bin/run-pnpm.sh
103 | chmod +rx /usr/local/bin/run-pnpm.sh
104 | cp ./scripts/run-pnpx.sh /usr/local/bin/run-pnpx.sh
105 | chmod +rx /usr/local/bin/run-pnpx.sh
106 | 
107 | if [ "${INSTALL_PIP_HELPER}" = "true" ]; then
108 |     USER="${_REMOTE_USER}" /tmp/install-python-keyring.sh
109 |     rm /tmp/install-python-keyring.sh
110 | fi
111 | 
112 | INSTALL_WITH_SUDO="false"
113 | if command -v sudo >/dev/null 2>&1; then
114 |     if [ "root" != "$_REMOTE_USER" ]; then
115 |         INSTALL_WITH_SUDO="true"
116 |     fi
117 | fi
118 | 
119 | if [ "${COMMA_SEP_TARGET_FILES}" = "DEFAULT" ]; then
120 |     if [ "${INSTALL_WITH_SUDO}" = "true" ]; then
121 |         COMMA_SEP_TARGET_FILES="~/.bashrc,~/.zshrc"
122 |     else
123 |         COMMA_SEP_TARGET_FILES="/etc/bash.bashrc,/etc/zsh/zshrc"
124 |     fi
125 | fi
126 | 
127 | IFS=',' read -r -a TARGET_FILES_ARR <<< "$COMMA_SEP_TARGET_FILES"
128 | 
129 | for ALIAS in "${ALIASES_ARR[@]}"; do
130 |     for TARGET_FILE in "${TARGET_FILES_ARR[@]}"; do
131 |         CMD="$ALIAS() { /usr/local/bin/run-$ALIAS.sh \"\$@\"; }"
132 | 
133 |         if [ "${INSTALL_WITH_SUDO}" = "true" ]; then
134 |             sudo -u ${_REMOTE_USER} bash -c "echo '$CMD' >> $TARGET_FILE"
135 |         else
136 |             echo $CMD >> $TARGET_FILE || true
137 |         fi
138 |     done
139 | done
140 | 
141 | if [ "${INSTALL_WITH_SUDO}" = "true" ]; then
142 |     sudo -u ${_REMOTE_USER} bash -c "/tmp/install-provider.sh ${USENET6}"
143 | fi
144 | rm /tmp/install-provider.sh
145 | 
146 | exit 0


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/install-provider.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ "$1" = "true" ]; then
 4 |     echo "Installing artifacts-credprovider with .NET 6 framework"
 5 |     export USE_NET6_ARTIFACTS_CREDENTIAL_PROVIDER=true
 6 | else
 7 |     echo "Installing artifacts-credprovider with .NET 3.1 framework"
 8 | fi
 9 | 
10 | wget -qO- https://aka.ms/install-artifacts-credprovider.sh | bash


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/install-python-keyring.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -e
 4 | 
 5 | WHEEL_URL='https://github.com/microsoft/codespace-features/releases/download/latest/codespaces_artifacts_helper_keyring-0.1.0-py3-none-any.whl'
 6 | WHEEL_DEST_FILENAME='codespaces_artifacts_helper_keyring-0.1.0-py3-none-any.whl'
 7 | 
 8 | cd /tmp
 9 | 
10 | while [[ "$#" -gt 0 ]]; do
11 |     case $1 in
12 |     -h | --help)
13 |         echo "Usage: $(basename "$0") [(-u | --user) <user>] [-h | --help]
14 | 
15 | Options:
16 |   -h --help             Show this screen.
17 |   -u USER, --user USER  Install for another user by specifying their name.
18 |                         Alternatively, set the USER environment variable.
19 | "
20 |         exit
21 |         ;;
22 | 
23 |     -u | --user)
24 |         USER="$2"
25 |         shift
26 |         ;;
27 | 
28 |     *)
29 |         echo "Unknown parameter passed: $1"
30 |         exit 1
31 |         ;;
32 |     esac
33 |     shift
34 | done
35 | 
36 | # Find the path to the Python executable outside of sudo, to account for Python
37 | # not being present in the secure_path.
38 | if command -v python3 &>/dev/null; then
39 |     PYTHON_SRC=$(which python3)
40 | elif command -v python &>/dev/null; then
41 |     PYTHON_SRC=$(which python)
42 | else
43 |     echo "Python not found. Artifacts Helper keyring not installed. whoami=$(whoami), PATH=$PATH"
44 |     exit 1
45 | fi
46 | 
47 | sudo_if_user() {
48 |     COMMAND="$*"
49 |     if [[ $USER ]]; then
50 |         if ! command -v sudo >/dev/null 2>&1; then
51 |             echo "The --user option was specified, but sudo could not be found."
52 |             exit 1
53 |         fi
54 |         sudo -u "$USER" bash -c "$COMMAND"
55 |     else
56 |         $COMMAND
57 |     fi
58 | }
59 | 
60 | install_user_package() {
61 |     sudo_if_user "${PYTHON_SRC}" -m pip install --user --upgrade --no-cache-dir "$1"
62 | }
63 | 
64 | wget "$WHEEL_URL" -O "$WHEEL_DEST_FILENAME"
65 | chmod a=r "$WHEEL_DEST_FILENAME" # Usually not needed, but helpful just in case
66 | install_user_package "$WHEEL_DEST_FILENAME"
67 | rm "$WHEEL_DEST_FILENAME"
68 | 


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-dotnet.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Install artifact credential provider if it is not already installed
 4 | if [ ! -d "${HOME}/.nuget/plugins/netcore" ]; then
 5 |   wget -qO- https://aka.ms/install-artifacts-credprovider.sh | bash
 6 | fi
 7 | 
 8 | if [ -f "${HOME}/ado-auth-helper" ]; then
 9 |   export VSS_NUGET_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
10 |   export VSS_NUGET_URI_PREFIXES=REPLACE_WITH_AZURE_DEVOPS_NUGET_FEED_URL_PREFIX
11 | fi
12 | 
13 | # Find the dotnet executable so we do not run the bash alias again
14 | DOTNET_EXE=$(which dotnet)
15 | 
16 | ${DOTNET_EXE} "$@"
17 | EXIT_CODE=$?
18 | unset DOTNET_EXE
19 | 
20 | if [ -f "${HOME}/ado-auth-helper" ]; then
21 |     unset VSS_NUGET_ACCESSTOKEN
22 |     unset VSS_NUGET_URI_PREFIXES
23 | fi
24 | 
25 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-npm.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "${HOME}/ado-auth-helper" ]; then
 4 |   export ARTIFACTS_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
 5 | fi
 6 | 
 7 | # Find the npm executable so we do not run the bash alias again
 8 | NPM_EXE=$(which npm)
 9 | 
10 | ${NPM_EXE} "$@"
11 | EXIT_CODE=$?
12 | unset NPM_EXE
13 | 
14 | if [ -f "${HOME}/ado-auth-helper" ]; then
15 |     unset ARTIFACTS_ACCESSTOKEN
16 | fi
17 | 
18 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-npx.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "${HOME}/ado-auth-helper" ]; then
 4 |   export ARTIFACTS_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
 5 | fi
 6 | 
 7 | # Find the npm executable so we do not run the bash alias again
 8 | NPX_EXE=$(which npx)
 9 | 
10 | ${NPX_EXE} "$@"
11 | EXIT_CODE=$?
12 | unset NPX_EXE
13 | 
14 | if [ -f "${HOME}/ado-auth-helper" ]; then
15 |     unset ARTIFACTS_ACCESSTOKEN
16 | fi
17 | 
18 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-nuget.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Install artifact credential provider if it is not already installed
 4 | if [ ! -d "${HOME}/.nuget/plugins/netcore" ]; then
 5 |   wget -qO- https://aka.ms/install-artifacts-credprovider.sh | bash
 6 | fi
 7 | 
 8 | if [ -f "${HOME}/ado-auth-helper" ]; then
 9 |   export VSS_NUGET_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
10 |   export VSS_NUGET_URI_PREFIXES=REPLACE_WITH_AZURE_DEVOPS_NUGET_FEED_URL_PREFIX
11 | fi
12 | 
13 | # Find the dotnet executable so we do not run the bash alias again
14 | NUGET_EXE=$(which nuget)
15 | 
16 | ${NUGET_EXE} "$@"
17 | EXIT_CODE=$?
18 | unset NUGET_EXE
19 | 
20 | if [ -f "${HOME}/ado-auth-helper" ]; then
21 |     unset VSS_NUGET_ACCESSTOKEN
22 |     unset VSS_NUGET_URI_PREFIXES
23 | fi
24 | 
25 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-pnpm.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "${HOME}/ado-auth-helper" ]; then
 4 |   export ARTIFACTS_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
 5 | fi
 6 | 
 7 | # Find the pnpm executable so we do not run the bash alias again
 8 | PNPM_EXE=$(which pnpm)
 9 | 
10 | ${PNPM_EXE} "$@"
11 | EXIT_CODE=$?
12 | unset PNPM_EXE
13 | 
14 | if [ -f "${HOME}/ado-auth-helper" ]; then
15 |     unset ARTIFACTS_ACCESSTOKEN
16 | fi
17 | 
18 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-pnpx.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "${HOME}/ado-auth-helper" ]; then
 4 |   export ARTIFACTS_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
 5 | fi
 6 | 
 7 | # Find the pnpx executable so we do not run the bash alias again
 8 | PNPX_EXE=$(which pnpx)
 9 | 
10 | ${PNPX_EXE} "$@"
11 | EXIT_CODE=$?
12 | unset PNPX_EXE
13 | 
14 | if [ -f "${HOME}/ado-auth-helper" ]; then
15 |     unset ARTIFACTS_ACCESSTOKEN
16 | fi
17 | 
18 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-rush-pnpm.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "${HOME}/ado-auth-helper" ]; then
 4 |   export ARTIFACTS_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
 5 | fi
 6 | 
 7 | # Find the rush-pnpm executable so we do not run the bash alias again
 8 | RUSH_PNPM_EXE=$(which rush-pnpm)
 9 | 
10 | ${RUSH_PNPM_EXE} "$@"
11 | EXIT_CODE=$?
12 | unset RUSH_PNPM_EXE
13 | 
14 | if [ -f "${HOME}/ado-auth-helper" ]; then
15 |     unset ARTIFACTS_ACCESSTOKEN
16 | fi
17 | 
18 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-rush.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "${HOME}/ado-auth-helper" ]; then
 4 |   export ARTIFACTS_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
 5 | fi
 6 | 
 7 | # Find the rush executable so we do not run the bash alias again
 8 | RUSH_EXE=$(which rush)
 9 | 
10 | ${RUSH_EXE} "$@"
11 | EXIT_CODE=$?
12 | unset RUSH_EXE
13 | 
14 | if [ -f "${HOME}/ado-auth-helper" ]; then
15 |     unset ARTIFACTS_ACCESSTOKEN
16 | fi
17 | 
18 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/run-yarn.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "${HOME}/ado-auth-helper" ]; then
 4 |   export ARTIFACTS_ACCESSTOKEN=$(${HOME}/ado-auth-helper get-access-token)
 5 | fi
 6 | 
 7 | # Find the yarn executable so we do not run the bash alias again
 8 | YARN_EXE=$(which yarn)
 9 | 
10 | ${YARN_EXE} "$@"
11 | EXIT_CODE=$?
12 | unset YARN_EXE
13 | 
14 | if [ -f "${HOME}/ado-auth-helper" ]; then
15 |     unset ARTIFACTS_ACCESSTOKEN
16 | fi
17 | 
18 | exit $EXIT_CODE


--------------------------------------------------------------------------------
/src/artifacts-helper/scripts/write-npm.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | ARTIFACTS_FEED=${1:-"required"}
 4 | FEED_USER="${2:-"codespaces"}"
 5 | FEED_EMAIL="${3:-"codespaces@github.com"}"
 6 | 
 7 | # If ARTIFACTS_FEED equals "required" then exit with error message
 8 | if [ "${ARTIFACTS_FEED}" = "required" ]; then
 9 |     echo "  Usage: write-npm.sh <ARTIFACTS_FEED> <FEED_USER>(optional) <FEED_EMAIL>(optional)"
10 |     echo "example: write-npm.sh pkgs.dev.azure.com/orgname/projectname/_packaging/feedname/npm"
11 |     exit 1
12 | fi
13 | 
14 | echo "//${ARTIFACTS_FEED}/registry/:username=${FEED_USER}" >> ${HOME}/.npmrc
15 | echo "//${ARTIFACTS_FEED}/registry/:_authToken=\${ARTIFACTS_ACCESSTOKEN}" >> ${HOME}/.npmrc
16 | echo "//${ARTIFACTS_FEED}/registry/:email=${FEED_EMAIL}" >> ${HOME}/.npmrc
17 | echo "//${ARTIFACTS_FEED}/:username=${FEED_USER}"  >> ${HOME}/.npmrc
18 | echo "//${ARTIFACTS_FEED}/:_authToken=\${ARTIFACTS_ACCESSTOKEN}" >> ${HOME}/.npmrc
19 | echo "//${ARTIFACTS_FEED}/:email=${FEED_EMAIL}" >> ${HOME}/.npmrc


--------------------------------------------------------------------------------
/src/devtool/NOTES.md:
--------------------------------------------------------------------------------
1 | This installs a Microsoft-internal tool named DevTool. This will also install
2 | the `xdg-utils` package so that the `xdg-open` CLI is available for the
3 | DevTool CLI to be able to use to open a web browser.
4 | 
5 | ## OS Support
6 | 
7 | This feature is tested to work on Debian/Ubuntu
8 | 


--------------------------------------------------------------------------------
/src/devtool/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # DevTool (devtool)
 3 | 
 4 | Install DevTool
 5 | 
 6 | ## Example Usage
 7 | 
 8 | ```json
 9 | "features": {
10 |     "ghcr.io/microsoft/codespace-features/devtool:1": {}
11 | }
12 | ```
13 | 
14 | 
15 | 
16 | ## Customizations
17 | 
18 | ### VS Code Extensions
19 | 
20 | - `ms-codespaces-tools.ado-codespaces-auth`
21 | 
22 | This installs a Microsoft-internal tool named DevTool. This will also install
23 | the `xdg-utils` package so that the `xdg-open` CLI is available for the
24 | DevTool CLI to be able to use to open a web browser.
25 | 
26 | ## OS Support
27 | 
28 | This feature is tested to work on Debian/Ubuntu
29 | 
30 | 
31 | ---
32 | 
33 | _Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/microsoft/codespace-features/blob/main/src/devtool/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
34 | 


--------------------------------------------------------------------------------
/src/devtool/devcontainer-feature.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "DevTool",
 3 |     "id": "devtool",
 4 |     "version": "1.0.2",
 5 |     "description": "Install DevTool",
 6 |     "installsAfter": [
 7 |         "ghcr.io/devcontainers/features/common-utils"
 8 |     ],
 9 |     "customizations": {
10 |         "vscode": {
11 |             "extensions": [
12 |                 "ms-codespaces-tools.ado-codespaces-auth"
13 |             ]
14 |         }
15 |     },
16 |     "postCreateCommand": "/usr/local/share/install-devtool.sh"
17 | }
18 | 


--------------------------------------------------------------------------------
/src/devtool/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | set -e
 4 | 
 5 | 
 6 | # Source /etc/os-release to get OS info
 7 | . /etc/os-release
 8 | 
 9 | if [ "$(id -u)" -ne 0 ]; then
10 |     echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
11 |     exit 1
12 | fi
13 | 
14 | apt_get_update()
15 | {
16 |     if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
17 |         echo "Running apt-get update..."
18 |         apt-get update -y
19 |     fi
20 | }
21 | 
22 | # Checks if packages are installed and installs them if not
23 | check_packages() {
24 |     if ! dpkg -s "$@" > /dev/null 2>&1; then
25 |         apt_get_update
26 |         apt-get -y install --no-install-recommends "$@"
27 |         rm -rf /var/lib/apt/lists/*
28 |     fi
29 | }
30 | 
31 | export DEBIAN_FRONTEND=noninteractive
32 | 
33 | if [ "${ID}" = "mariner" ]; then
34 |     tdnf install -y curl ca-certificates tar
35 |     tdnf clean all
36 | else
37 |     check_packages curl ca-certificates xdg-utils
38 | fi
39 | 
40 | # --- Generate a 'install-devtool.sh' script to be executed by the 'postCreateCommand' lifecycle hook
41 | DEVTOOL_SCRIPT_PATH="/usr/local/share/install-devtool.sh"
42 | 
43 | tee "$DEVTOOL_SCRIPT_PATH" > /dev/null \
44 | << EOF
45 | #!/bin/bash
46 | set -e
47 | EOF
48 | 
49 | tee -a "$DEVTOOL_SCRIPT_PATH" > /dev/null \
50 | << 'EOF'
51 | 
52 | echo "::step::Waiting for AzDO Authentication Helper..."
53 | # Wait up to 3 minutes for the ado-auth-helper to be installed
54 | for i in {1..180}; do
55 |     if [ -f ${HOME}/ado-auth-helper ]; then
56 |         break
57 |     fi
58 |     sleep 1
59 | done
60 | echo "::step::Installing DevTool..."
61 | cd /tmp
62 | curl -sL https://aka.ms/InstallToolLinux.sh | sh -s DevTool
63 | EOF
64 | 
65 | chmod 755 "$DEVTOOL_SCRIPT_PATH"
66 | 
67 | # Setup PATH so that DevTool will be on PATH when the initial terminal is started
68 | if command -v sudo >/dev/null 2>&1; then
69 |     if [ "root" != "$_REMOTE_USER" ]; then
70 |         echo "Adding DevTool to PATH for $_REMOTE_USER"
71 |         sudo -u ${_REMOTE_USER} bash -c 'echo "export PATH=\$PATH:$HOME/.config/DevTool/CurrentVersion" >> ~/.bashrc'
72 |         sudo -u ${_REMOTE_USER} bash -c 'echo "export PATH=\$PATH:$HOME/.config/DevTool/CurrentVersion" >> ~/.zshrc'
73 |         exit 0
74 |     fi
75 | fi
76 | 
77 | echo "Adding DevTool to PATH for root"
78 | echo "export PATH=\$PATH:/root/.config/DevTool/CurrentVersion" >> /etc/bash.bashrc || true
79 | echo "export PATH=\$PATH:/root/.config/DevTool/CurrentVersion" >> /etc/zsh/zshrc || true
80 | 
81 | exit 0


--------------------------------------------------------------------------------
/src/docfx/NOTES.md:
--------------------------------------------------------------------------------
1 | This feature installs the latest version compatible with Microsoft's internal documentation
2 | platform which is currently 2.67.5. You can install a different version or 'latest" by using
3 | the 'version' option.
4 | 
5 | ## OS Support
6 | 
7 | This feature requires `dotnet tool` and will attempt to install .NET 6.0. It is tested to work on Debian/Ubuntu and Mariner CBL 2.0
8 | 


--------------------------------------------------------------------------------
/src/docfx/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # DocFX (docfx)
 3 | 
 4 | Installs docfx tools
 5 | 
 6 | ## Example Usage
 7 | 
 8 | ```json
 9 | "features": {
10 |     "ghcr.io/microsoft/codespace-features/docfx:2": {}
11 | }
12 | ```
13 | 
14 | ## Options
15 | 
16 | | Options Id | Description | Type | Default Value |
17 | |-----|-----|-----|-----|
18 | | version | Select version of DocFX | string | 2.67.5 |
19 | 
20 | ## Customizations
21 | 
22 | ### VS Code Extensions
23 | 
24 | - `yzhang.markdown-all-in-one`
25 | 
26 | This feature installs the latest version compatible with Microsoft's internal documentation
27 | platform which is currently 2.67.5. You can install a different version or 'latest" by using
28 | the 'version' option.
29 | 
30 | ## OS Support
31 | 
32 | This feature requires `dotnet tool` and will attempt to install .NET 6.0. It is tested to work on Debian/Ubuntu and Mariner CBL 2.0
33 | 
34 | 
35 | ---
36 | 
37 | _Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/microsoft/codespace-features/blob/main/src/docfx/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
38 | 


--------------------------------------------------------------------------------
/src/docfx/devcontainer-feature.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "DocFX",
 3 |   "id": "docfx",
 4 |   "version": "2.0.0",
 5 |   "description": "Installs docfx tools",
 6 |   "options": {
 7 |     "version": {
 8 |         "type": "string",
 9 |         "proposals": [
10 |             "latest",
11 |             "2.67.5"
12 |         ],
13 |         "default": "2.67.5",
14 |         "description": "Select version of DocFX"
15 |     }
16 |   },  
17 |   "customizations": {
18 |     "vscode": {
19 |       "extensions": [
20 |          "yzhang.markdown-all-in-one"
21 |        ]
22 |     }
23 |   },
24 |   "containerEnv": {
25 |      "PATH": "/home/vscode/.dotnet/tools:${PATH}"
26 |   },
27 |   "installsAfter": [
28 |     "ghcr.io/devcontainers/features/common-utils"
29 |   ]    
30 | }
31 | 


--------------------------------------------------------------------------------
/src/docfx/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | DOCFX_VERSION=${VERSION:-"2.67.5"} 
 4 | 
 5 | if command -v tdnf >/dev/null 2>&1; then
 6 |     tdnf update
 7 |     tdnf install -y dotnet-sdk-6.0 sudo awk ca-certificates
 8 |     tdnf clean all
 9 | elif command -v apt-get >/dev/null 2>&1; then
10 |     apt update
11 |     apt-get install -y dotnet6
12 |     rm -rf /var/lib/apt/lists/*
13 | else
14 |     echo "Unsupported package manager"
15 |     exit 1
16 | fi
17 | 
18 | # Check if dotnet is installed
19 | if ! command -v dotnet >/dev/null 2>&1; then
20 |     echo "dotnet is required to install DocFX"
21 |     exit 1
22 | fi
23 | 
24 | 
25 | if command -v sudo >/dev/null 2>&1; then
26 |     if [ "root" != "$_REMOTE_USER" ]; then
27 |         if [ "latest" == "${DOCFX_VERSION}"]; then
28 |             sudo -u ${_REMOTE_USER} bash -c "cd ~ && dotnet tool install --global docfx"
29 |             exit 0
30 |         else
31 |             sudo -u ${_REMOTE_USER} bash -c "cd ~ && dotnet tool install --global docfx --version ${DOCFX_VERSION}"
32 |             exit 0
33 |         fi
34 |     fi
35 | fi
36 | 
37 | if [ "latest" == "${DOCFX_VERSION}"]; then
38 |     dotnet tool install --global docfx
39 | else
40 |     dotnet tool install --global docfx --version ${DOCFX_VERSION}
41 | fi


--------------------------------------------------------------------------------
/src/external-repository/NOTES.md:
--------------------------------------------------------------------------------
  1 | This feature standardizes and simplifies the process of setting up a Codespace
  2 | to work with an external repository -- meaning a Git repository other than
  3 | the one that defines your Codespace. This is being primarily developed to
  4 | support Azure DevOps repositories but it ought to work with any Git repository.
  5 | 
  6 | This feature includes a CLI that handles the details of cloning the external repository
  7 | as well as configuring the Git authentication for the user of the Codespace by
  8 | providing a Git credential helper that does not conflict with the one that is
  9 | installed by Codespaces for the primary repository.
 10 | 
 11 | For Azure DevOps repositories, this installs a companion VSCode extension that provides
 12 | a Git credential helper that uses the web browser to perform an OAuth 2.0 authentication
 13 | process.
 14 | 
 15 | It is always possible to provide a token via the `userSecret` and this is what works with
 16 | other Git hosting providers.
 17 | 
 18 | #### Microsoft Entra ID Tenant Configuration
 19 | 
 20 | The authentication to Azure DevOps happens on the default tenant. If the user is present on
 21 | multiple tenants, and the Azure DevOps organization for the repository belongs to a specific
 22 | one, the repository operations may fail (unauthorized). You can configure the tenant for
 23 | the authentication by providing it as setting to the the underlying extension in your devcontainer.json:
 24 | 
 25 | ```json
 26 | "customizations": {
 27 |   "vscode":{
 28 |     "settings": { 
 29 |       "adoCodespacesAuth.tenantID": "<YOUR_ENTRA_ID_TENANT_ID>",
 30 |      }
 31 |    }
 32 | }
 33 | ```
 34 | 
 35 | ## Example Usage Scenarios
 36 | 
 37 | Here is a minimal example that clones an Azure DevOps repository. This would also require
 38 | you to configure a Codespaces Prebuild and setup a Codespaces Repository secret named
 39 | **ADO_PAT** that contains a token with `read` access to the repository. We **strongly recommend**
 40 | that the token only have this scope.
 41 | 
 42 | ```json
 43 | {
 44 | "image": "mcr.microsoft.com/devcontainers/universal:ubuntu",
 45 | "features": {
 46 |     "ghcr.io/microsoft/codespace-features/external-repository:latest": {
 47 |         "cloneUrl": "https://dev.azure.com/contoso/_git/reposname",
 48 |         "cloneSecret": "ADO_PAT",
 49 |         "folder": "/workspaces/ado-repos"
 50 |     }
 51 | },
 52 | "workspaceFolder": "/workspaces/ado-repos",
 53 | "initializeCommand": "mkdir -p ${localWorkspaceFolder}/../ado-repos",
 54 | "onCreateCommand": "external-git clone",
 55 | "postStartCommand": "external-git config"     
 56 | }
 57 | ```
 58 | 
 59 | This would clone the repository to `/workspaces/ado-repos` during the Prebuild process
 60 | using the PAT stored in a Codespaces secret. At runtime, when a user opens the Codespace
 61 | the `workspaceFolder` feature would open VS Code to this folder automatically and it
 62 | will prompt the user to login to Azure DevOps when they open the Codespace. The user of
 63 | the Codespaces does not need a PAT as the runtime will use their own login provided by
 64 | the VS Code extension.
 65 | 
 66 | ### Secret-less Azure DevOps Prebuilds
 67 | 
 68 | As of version 4, it is possible to avoid using PATs entirely and dynamically obtain a token during prebuild using
 69 | OIDC. This requires creating a Managed Identity or App Registration in Entra, and creating a
 70 | Federated Identity Credential on the Service Principal for the branch you are prebuilding. The 
 71 | Service Principal created must also be added to Azure DevOps and given permission to the repositories
 72 | and feeds you will be accessing during the prebuild process. The configuration replaces the `cloneSecret`
 73 | with parameters for the Azure `clientID` and `tenantID` and also requires adding the feature for
 74 | the azure-cli:
 75 | 
 76 | ```json
 77 | {
 78 | "image": "mcr.microsoft.com/devcontainers/universal:ubuntu",
 79 | "features": {
 80 |     "ghcr.io/devcontainers/features/azure-cli:1": {},
 81 |     "ghcr.io/microsoft/codespace-features/external-repository:latest": {
 82 |         "cloneUrl": "https://dev.azure.com/contoso/_git/reposname",
 83 |         "clientID": "xxxx-yyyy-zzzz",
 84 |         "tenantID": "1111-2222-3333",
 85 |         "folder": "/workspaces/ado-repos"
 86 |     }
 87 | },
 88 | "workspaceFolder": "/workspaces/ado-repos",
 89 | "initializeCommand": "mkdir -p ${localWorkspaceFolder}/../ado-repos",
 90 | "onCreateCommand": "external-git clone",
 91 | "postStartCommand": "external-git config"     
 92 | }
 93 | ```
 94 | 
 95 | In this scenario, during the prebuild process an ADO token will be obtained via OIDC and the Federated Identity Credential.
 96 | This token will be used during the git clone process only. If you have other scripts you are running during
 97 | `onCreateCommand` you can run the command `external-git prebuild` and the ADO token will be sent to stdout for you
 98 | to use in your scripts to install dependencies from feeds or anything else you may need. The token will only be
 99 | available during the prebuild process and this has to be done after the clone command so that the OIDC login has
100 | already happened. Install and use the [artifacts-helper](../artifacts-helper/README.md) feature to provide support
101 | at runtime for artifacts and feeds.
102 | 
103 | > [!NOTE]
104 | > You MUST install the Azure CLI feature in your devcontainer.json if using this option
105 | 
106 | ### Interactive authentication only (avoids PAT token)
107 | 
108 | The advantage of using a PAT token is the ability to clone the repository during the devContainer creation
109 | (onCreateCommand). You can avoid the need to configure a secret by requiring the authentication once the
110 | Codespace loads. This means the repository will be cloned only after the Codespaces UI initializes completely:
111 | 
112 | ```json
113 | {
114 | "image": "mcr.microsoft.com/devcontainers/universal:ubuntu",
115 | "features": {
116 |     "ghcr.io/microsoft/codespace-features/external-repository:latest": {
117 |         "cloneUrl": "https://dev.azure.com/contoso/_git/reposname",
118 |         "folder": "/workspaces/ado-repos"
119 |     }
120 | },
121 | "workspaceFolder": "/workspaces/ado-repos",
122 | "initializeCommand": "mkdir -p ${localWorkspaceFolder}/../ado-repos",
123 | "postStartCommand": "external-git clone && external-git config"     
124 | }
125 | ```
126 | 
127 | > [!NOTE]
128 | > Obtaining the credentials from the user will not work from `onCreateCommand` because the required
129 | > VS Code extension is not available during this phase of the process. In this example, we are running
130 | > the clone during `postStartCommand`. This is important.
131 | 
132 | ## Multiple Repository Support
133 | 
134 | As of version 3, you can clone multiple repositories by separating the URL's with a comma. In this
135 | mode all of the repositories will be cloned to the folder. Each will get a local folder name from the
136 | last part of the clone URL so this value has to be unique for each repository specified.
137 | 
138 | ## AzDO Branch Support
139 | 
140 | When `external-git config` is executed it will check the branch name of the Codespaces bridge repository
141 | and if it begins with "azdo/" then it will treat the rest of the branch name as an AzDO branch name
142 | to checkout on the external repository. The idea here is that a utility could be created in AzDO that
143 | would let you open a Pull Request in a Codespace. The process would create a new branch in the bridge
144 | repository named "azdo/branch/name" and then create the Codespace on that branch name. When the Codespace
145 | opens and clones the AzDO repository default branch it will then detect the need to fetch and checkout
146 | the requested branch.
147 | 
148 | If a different process is desired for determining the branch name, then an environment variabled named
149 | `AZDO_BRANCH` can be created with the name of the branch that should be checked out. When the `external-git config`
150 | command runs it will also detect that this envvar is set and checkout that
151 | 
152 | ## Usage Telemetry
153 | 
154 | If you are looking for ways to track usage of Codespaces within your team, we offer a mechanism
155 | to install a "telemetrySource" for git commits within the Codespace. This offers three options:
156 | 
157 | * `none`: the default. Does not make any changes to git
158 | * `message`: installs commit-msg hook that adds a trailer to the commit message in the form of `Codespaces: name-of-codespace`
159 | * `name`: changes the user name in the git configuration to `Existing Name (Codespaces)`
160 | * `email`: changes the email address in the git configuration to `existing+codespaces@domain.com`
161 | 
162 | ## OS Support
163 | 
164 | This feature is tested to work with Debian, Ubuntu and Mariner for the Codespaces base image
165 | 


--------------------------------------------------------------------------------
/src/external-repository/README.md:
--------------------------------------------------------------------------------
  1 | 
  2 | # External Git Repository in Codespace (external-repository)
  3 | 
  4 | Configures Codespace to work with an external Git repository
  5 | 
  6 | ## Example Usage
  7 | 
  8 | ```json
  9 | "features": {
 10 |     "ghcr.io/microsoft/codespace-features/external-repository:4": {}
 11 | }
 12 | ```
 13 | 
 14 | ## Options
 15 | 
 16 | | Options Id | Description | Type | Default Value |
 17 | |-----|-----|-----|-----|
 18 | | gitProvider | Git Provider | string | azuredevops |
 19 | | cloneUrl | Clone URL without username: https://dev.azure.com/{organization}/{project}/_git/{repository}. Separate multiple URLs with comma. | string | - |
 20 | | folder | Specify the workspace path in the devcontainer for the clone | string | /workspaces/external-repos |
 21 | | username | Username for clone (if required) | string | codespaces |
 22 | | cloneSecret | Name of the Codespaces repository secret that contains the token or password for clone. Example: ADO_PAT | string | - |
 23 | | userSecret | Name of the Codespaces user secret that contains the token or password for Codespace user | string | - |
 24 | | scalar | Use Scalar to clone the repository | boolean | false |
 25 | | sparseCheckout | Sparse checkout paths when using scalar. Example: common projecta/src projectb/src | string | - |
 26 | | options | Additional options for the clone operation: --depth 1 --single-branch --no-tags | string | - |
 27 | | branch | Default branch | string | main |
 28 | | timeout | Timeout for the clone operation | string | 30m |
 29 | | telemetrySource | Configure source of Git commit telemetry | string | none |
 30 | | clientID | Azure Client ID for OIDC token acquisition during prebuild | string | - |
 31 | | tenantID | Azure Tenant ID for OIDC token acquisition during prebuild | string | - |
 32 | 
 33 | ## Customizations
 34 | 
 35 | ### VS Code Extensions
 36 | 
 37 | - `ms-codespaces-tools.ado-codespaces-auth`
 38 | 
 39 | This feature standardizes and simplifies the process of setting up a Codespace
 40 | to work with an external repository -- meaning a Git repository other than
 41 | the one that defines your Codespace. This is being primarily developed to
 42 | support Azure DevOps repositories but it ought to work with any Git repository.
 43 | 
 44 | This feature includes a CLI that handles the details of cloning the external repository
 45 | as well as configuring the Git authentication for the user of the Codespace by
 46 | providing a Git credential helper that does not conflict with the one that is
 47 | installed by Codespaces for the primary repository.
 48 | 
 49 | For Azure DevOps repositories, this installs a companion VSCode extension that provides
 50 | a Git credential helper that uses the web browser to perform an OAuth 2.0 authentication
 51 | process.
 52 | 
 53 | It is always possible to provide a token via the `userSecret` and this is what works with
 54 | other Git hosting providers.
 55 | 
 56 | #### Microsoft Entra ID Tenant Configuration
 57 | 
 58 | The authentication to Azure DevOps happens on the default tenant. If the user is present on
 59 | multiple tenants, and the Azure DevOps organization for the repository belongs to a specific
 60 | one, the repository operations may fail (unauthorized). You can configure the tenant for
 61 | the authentication by providing it as setting to the the underlying extension in your devcontainer.json:
 62 | 
 63 | ```json
 64 | "customizations": {
 65 |   "vscode":{
 66 |     "settings": { 
 67 |       "adoCodespacesAuth.tenantID": "<YOUR_ENTRA_ID_TENANT_ID>",
 68 |      }
 69 |    }
 70 | }
 71 | ```
 72 | 
 73 | ## Example Usage Scenarios
 74 | 
 75 | Here is a minimal example that clones an Azure DevOps repository. This would also require
 76 | you to configure a Codespaces Prebuild and setup a Codespaces Repository secret named
 77 | **ADO_PAT** that contains a token with `read` access to the repository. We **strongly recommend**
 78 | that the token only have this scope.
 79 | 
 80 | ```json
 81 | {
 82 | "image": "mcr.microsoft.com/devcontainers/universal:ubuntu",
 83 | "features": {
 84 |     "ghcr.io/microsoft/codespace-features/external-repository:latest": {
 85 |         "cloneUrl": "https://dev.azure.com/contoso/_git/reposname",
 86 |         "cloneSecret": "ADO_PAT",
 87 |         "folder": "/workspaces/ado-repos"
 88 |     }
 89 | },
 90 | "workspaceFolder": "/workspaces/ado-repos",
 91 | "initializeCommand": "mkdir -p ${localWorkspaceFolder}/../ado-repos",
 92 | "onCreateCommand": "external-git clone",
 93 | "postStartCommand": "external-git config"     
 94 | }
 95 | ```
 96 | 
 97 | This would clone the repository to `/workspaces/ado-repos` during the Prebuild process
 98 | using the PAT stored in a Codespaces secret. At runtime, when a user opens the Codespace
 99 | the `workspaceFolder` feature would open VS Code to this folder automatically and it
100 | will prompt the user to login to Azure DevOps when they open the Codespace. The user of
101 | the Codespaces does not need a PAT as the runtime will use their own login provided by
102 | the VS Code extension.
103 | 
104 | ### Secret-less Azure DevOps Prebuilds
105 | 
106 | As of version 4, it is possible to avoid using PATs entirely and dynamically obtain a token during prebuild using
107 | OIDC. This requires creating a Managed Identity or App Registration in Entra, and creating a
108 | Federated Identity Credential on the Service Principal for the branch you are prebuilding. The 
109 | Service Principal created must also be added to Azure DevOps and given permission to the repositories
110 | and feeds you will be accessing during the prebuild process. The configuration replaces the `cloneSecret`
111 | with parameters for the Azure `clientID` and `tenantID` and also requires adding the feature for
112 | the azure-cli:
113 | 
114 | ```json
115 | {
116 | "image": "mcr.microsoft.com/devcontainers/universal:ubuntu",
117 | "features": {
118 |     "ghcr.io/devcontainers/features/azure-cli:1": {},
119 |     "ghcr.io/microsoft/codespace-features/external-repository:latest": {
120 |         "cloneUrl": "https://dev.azure.com/contoso/_git/reposname",
121 |         "clientID": "xxxx-yyyy-zzzz",
122 |         "tenantID": "1111-2222-3333",
123 |         "folder": "/workspaces/ado-repos"
124 |     }
125 | },
126 | "workspaceFolder": "/workspaces/ado-repos",
127 | "initializeCommand": "mkdir -p ${localWorkspaceFolder}/../ado-repos",
128 | "onCreateCommand": "external-git clone",
129 | "postStartCommand": "external-git config"     
130 | }
131 | ```
132 | 
133 | In this scenario, during the prebuild process an ADO token will be obtained via OIDC and the Federated Identity Credential.
134 | This token will be used during the git clone process only. If you have other scripts you are running during
135 | `onCreateCommand` you can run the command `external-git prebuild` and the ADO token will be sent to stdout for you
136 | to use in your scripts to install dependencies from feeds or anything else you may need. The token will only be
137 | available during the prebuild process and this has to be done after the clone command so that the OIDC login has
138 | already happened. Install and use the [artifacts-helper](../artifacts-helper/README.md) feature to provide support
139 | at runtime for artifacts and feeds.
140 | 
141 | > [!NOTE]
142 | > You MUST install the Azure CLI feature in your devcontainer.json if using this option
143 | 
144 | ### Interactive authentication only (avoids PAT token)
145 | 
146 | The advantage of using a PAT token is the ability to clone the repository during the devContainer creation
147 | (onCreateCommand). You can avoid the need to configure a secret by requiring the authentication once the
148 | Codespace loads. This means the repository will be cloned only after the Codespaces UI initializes completely:
149 | 
150 | ```json
151 | {
152 | "image": "mcr.microsoft.com/devcontainers/universal:ubuntu",
153 | "features": {
154 |     "ghcr.io/microsoft/codespace-features/external-repository:latest": {
155 |         "cloneUrl": "https://dev.azure.com/contoso/_git/reposname",
156 |         "folder": "/workspaces/ado-repos"
157 |     }
158 | },
159 | "workspaceFolder": "/workspaces/ado-repos",
160 | "initializeCommand": "mkdir -p ${localWorkspaceFolder}/../ado-repos",
161 | "postStartCommand": "external-git clone && external-git config"     
162 | }
163 | ```
164 | 
165 | > [!NOTE]
166 | > Obtaining the credentials from the user will not work from `onCreateCommand` because the required
167 | > VS Code extension is not available during this phase of the process. In this example, we are running
168 | > the clone during `postStartCommand`. This is important.
169 | 
170 | ## Multiple Repository Support
171 | 
172 | As of version 3, you can clone multiple repositories by separating the URL's with a comma. In this
173 | mode all of the repositories will be cloned to the folder. Each will get a local folder name from the
174 | last part of the clone URL so this value has to be unique for each repository specified.
175 | 
176 | ## AzDO Branch Support
177 | 
178 | When `external-git config` is executed it will check the branch name of the Codespaces bridge repository
179 | and if it begins with "azdo/" then it will treat the rest of the branch name as an AzDO branch name
180 | to checkout on the external repository. The idea here is that a utility could be created in AzDO that
181 | would let you open a Pull Request in a Codespace. The process would create a new branch in the bridge
182 | repository named "azdo/branch/name" and then create the Codespace on that branch name. When the Codespace
183 | opens and clones the AzDO repository default branch it will then detect the need to fetch and checkout
184 | the requested branch.
185 | 
186 | If a different process is desired for determining the branch name, then an environment variabled named
187 | `AZDO_BRANCH` can be created with the name of the branch that should be checked out. When the `external-git config`
188 | command runs it will also detect that this envvar is set and checkout that
189 | 
190 | ## Usage Telemetry
191 | 
192 | If you are looking for ways to track usage of Codespaces within your team, we offer a mechanism
193 | to install a "telemetrySource" for git commits within the Codespace. This offers three options:
194 | 
195 | * `none`: the default. Does not make any changes to git
196 | * `message`: installs commit-msg hook that adds a trailer to the commit message in the form of `Codespaces: name-of-codespace`
197 | * `name`: changes the user name in the git configuration to `Existing Name (Codespaces)`
198 | * `email`: changes the email address in the git configuration to `existing+codespaces@domain.com`
199 | 
200 | ## OS Support
201 | 
202 | This feature is tested to work with Debian, Ubuntu and Mariner for the Codespaces base image
203 | 
204 | 
205 | ---
206 | 
207 | _Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/microsoft/codespace-features/blob/main/src/external-repository/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
208 | 


--------------------------------------------------------------------------------
/src/external-repository/devcontainer-feature.json:
--------------------------------------------------------------------------------
  1 | {
  2 |     "name": "External Git Repository in Codespace",
  3 |     "id": "external-repository",
  4 |     "version": "4.0.0",
  5 |     "description": "Configures Codespace to work with an external Git repository",
  6 |     "options": {
  7 |         "gitProvider": {
  8 |             "type": "string",
  9 |             "enum": [
 10 |                 "azuredevops",
 11 |                 "other"
 12 |             ],
 13 |             "default": "azuredevops",
 14 |             "description": "Git Provider"
 15 |         },
 16 |         "cloneUrl": {
 17 |             "type": "string",
 18 |             "default": "",
 19 |             "description": "Clone URL without username: https://dev.azure.com/{organization}/{project}/_git/{repository}. Separate multiple URLs with comma."
 20 |         },
 21 |         "folder": {
 22 |             "type": "string",
 23 |             "default": "/workspaces/external-repos",
 24 |             "description": "Specify the workspace path in the devcontainer for the clone"
 25 |         },
 26 |         "username": {
 27 |             "type": "string",
 28 |             "default": "codespaces",
 29 |             "description": "Username for clone (if required)"
 30 |         },
 31 |         "cloneSecret": {
 32 |             "type": "string",
 33 |             "default": "",
 34 |             "description": "Name of the Codespaces repository secret that contains the token or password for clone. Example: ADO_PAT"
 35 |         },
 36 |         "userSecret": {
 37 |             "type": "string",
 38 |             "default": "",
 39 |             "description": "Name of the Codespaces user secret that contains the token or password for Codespace user"
 40 |         },
 41 |         "scalar": {
 42 |             "type": "boolean",
 43 |             "default": false,
 44 |             "description": "Use Scalar to clone the repository"
 45 |         },
 46 |         "sparseCheckout": {
 47 |             "type": "string",
 48 |             "default": "",
 49 |             "description": "Sparse checkout paths when using scalar. Example: common projecta/src projectb/src"
 50 |         },
 51 |         "options": {
 52 |             "type": "string",
 53 |             "default": "",
 54 |             "description": "Additional options for the clone operation: --depth 1 --single-branch --no-tags"
 55 |         },
 56 |         "branch": {
 57 |             "type": "string",
 58 |             "default": "main",
 59 |             "description": "Default branch"
 60 |         },  
 61 |         "timeout": {
 62 |             "type": "string",
 63 |             "default": "30m",
 64 |             "description": "Timeout for the clone operation"
 65 |         },
 66 |         "telemetrySource": {
 67 |             "type": "string",
 68 |             "enum": [
 69 |                 "none",
 70 |                 "message",
 71 |                 "name",
 72 |                 "email"
 73 |             ],
 74 |             "default": "none",
 75 |             "description": "Configure source of Git commit telemetry"
 76 |         },
 77 |         "clientID": {
 78 |             "type": "string",
 79 |             "default": "",
 80 |             "description": "Azure Client ID for OIDC token acquisition during prebuild"
 81 |         },
 82 |         "tenantID": {
 83 |             "type": "string",
 84 |             "default": "",
 85 |             "description": "Azure Tenant ID for OIDC token acquisition during prebuild"
 86 |         }
 87 |     },
 88 |     "installsAfter": [
 89 |         "ghcr.io/devcontainers/features/common-utils",
 90 |         "ghcr.io/devcontainers/features/azure-cli"
 91 |     ],
 92 |     "customizations": {
 93 |         "vscode": {
 94 |             "extensions": [
 95 |                 "ms-codespaces-tools.ado-codespaces-auth"
 96 |             ]
 97 |         }
 98 |     }    
 99 | }
100 | 


--------------------------------------------------------------------------------
/src/external-repository/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | set -e
 4 | 
 5 | EXT_GIT_PROVIDER="${GITPROVIDER:-"azuredevops"}"
 6 | EXT_GIT_REPO_URL="${CLONEURL:-"required"}"
 7 | EXT_GIT_USERNAME="${USERNAME:-"user"}"
 8 | EXT_GIT_PREBUILD_PAT="${CLONESECRET:-""}"
 9 | EXT_GIT_LOCAL_PATH="${FOLDER:-"/workspace/external-repos"}"
10 | EXT_GIT_USER_PAT="${USERSECRET:-""}"
11 | EXT_GIT_CLONE_TIMEOUT="${TIMEOUT:-"30m"}"
12 | EXT_GIT_BRANCH="${BRANCH:-"main"}"
13 | EXT_GIT_OPTIONS="${OPTIONS:-""}"
14 | EXT_GIT_SCALAR="${SCALAR:-"false"}"
15 | EXT_GIT_SPARSECHECKOUT="${SPARSECHECKOUT:-""}"
16 | EXT_GIT_TELEMETRY="${TELEMETRYSOURCE:-"none"}"
17 | EXT_GIT_AZURE_CLIENT_ID="${CLIENTID:-""}"
18 | EXT_GIT_AZURE_TENANT_ID="${TENANTID:-""}"
19 | 
20 | EXT_GIT_OIDC_PREBUILD="false"
21 | if [ -n "${EXT_GIT_AZURE_CLIENT_ID}" ] && [ -n "${EXT_GIT_AZURE_TENANT_ID}" ]; then
22 |     EXT_GIT_OIDC_PREBUILD="true"
23 | fi
24 | 
25 | if [ "$(id -u)" -ne 0 ]; then
26 |     echo 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
27 |     exit 1
28 | fi
29 | 
30 | # Change to the directory where this script is located
31 | cd "$(dirname "$0")"
32 | 
33 | # Install our scripts to the devcontainer
34 | cp ./scripts/external-git /usr/local/bin
35 | chmod a+rx /usr/local/bin/external-git
36 | 
37 | mkdir -p /usr/local/external-repository-feature
38 | chmod +r /usr/local/external-repository-feature
39 | cp ./scripts/clone.sh /usr/local/external-repository-feature
40 | cp ./scripts/setup-user.sh /usr/local/external-repository-feature
41 | cp ./scripts/commit-msg.sh /usr/local/external-repository-feature
42 | 
43 | # Write the variables.sh script
44 | echo "EXT_GIT_PROVIDER=\"${EXT_GIT_PROVIDER}\"" > /usr/local/external-repository-feature/variables.sh
45 | echo "EXT_GIT_REPO_URL=\"${EXT_GIT_REPO_URL}\"" >> /usr/local/external-repository-feature/variables.sh
46 | echo "EXT_GIT_LOCAL_PATH=\"${EXT_GIT_LOCAL_PATH}\"" >> /usr/local/external-repository-feature/variables.sh
47 | echo "EXT_GIT_USERNAME=\"${EXT_GIT_USERNAME}\"" >> /usr/local/external-repository-feature/variables.sh
48 | echo "EXT_GIT_USER_PAT=\"${EXT_GIT_USER_PAT}\"" >> /usr/local/external-repository-feature/variables.sh
49 | echo "EXT_GIT_PREBUILD_PAT=\"${EXT_GIT_PREBUILD_PAT}\"" >> /usr/local/external-repository-feature/variables.sh
50 | echo "EXT_GIT_CLONE_TIMEOUT=\"${EXT_GIT_CLONE_TIMEOUT}\"" >> /usr/local/external-repository-feature/variables.sh
51 | echo "EXT_GIT_BRANCH=\"${EXT_GIT_BRANCH}\"" >> /usr/local/external-repository-feature/variables.sh
52 | echo "EXT_GIT_OPTIONS=\"${EXT_GIT_OPTIONS}\"" >> /usr/local/external-repository-feature/variables.sh
53 | echo "EXT_GIT_SCALAR=\"${EXT_GIT_SCALAR}\"" >> /usr/local/external-repository-feature/variables.sh
54 | echo "EXT_GIT_SPARSECHECKOUT=\"${EXT_GIT_SPARSECHECKOUT}\"" >> /usr/local/external-repository-feature/variables.sh
55 | echo "EXT_GIT_TELEMETRY=\"${EXT_GIT_TELEMETRY}\"" >> /usr/local/external-repository-feature/variables.sh
56 | echo "EXT_GIT_AZURE_CLIENT_ID=\"${EXT_GIT_AZURE_CLIENT_ID}\"" >> /usr/local/external-repository-feature/variables.sh
57 | echo "EXT_GIT_AZURE_TENANT_ID=\"${EXT_GIT_AZURE_TENANT_ID}\"" >> /usr/local/external-repository-feature/variables.sh
58 | echo "EXT_GIT_OIDC_PREBUILD=\"${EXT_GIT_OIDC_PREBUILD}\"" >> /usr/local/external-repository-feature/variables.sh
59 | 
60 | # Make the scripts executable
61 | chmod +rx /usr/local/external-repository-feature/*.sh
62 | cat /usr/local/external-repository-feature/variables.sh
63 | 
64 | # Create the Git config file templates
65 | cp ./scripts/*.config /usr/local/external-repository-feature
66 | 
67 | chmod +r /usr/local/external-repository-feature/*.config
68 | 
69 | exit 0
70 | 


--------------------------------------------------------------------------------
/src/external-repository/scripts/ado-git.config:
--------------------------------------------------------------------------------
1 | [credential]
2 | 	helper =
3 | 	helper = /usr/local/bin/external-git ado-helper


--------------------------------------------------------------------------------
/src/external-repository/scripts/clone.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | # Change to the directory where this script is located
  4 | cd "$(dirname "$0")"
  5 | 
  6 | # Load the variables
  7 | source ./variables.sh
  8 | 
  9 | check_prebuild() {
 10 |     # If EXT_GIT_OIDC_PREBUILD is true and ACTIONS_ID_TOKEN_REQUEST_URL is set then return 0
 11 |     if [[ "${EXT_GIT_OIDC_PREBUILD}" == "true" && "${ACTIONS_ID_TOKEN_REQUEST_URL}" != "" ]]; then
 12 |         return 0
 13 |     fi
 14 |     # If EXT_GIT_PREBUILD_PAT is set and the value of the variable is not empty then return 0
 15 |     if [[ "${EXT_GIT_PREBUILD_PAT}" != "" && "${!EXT_GIT_PREBUILD_PAT}" != "" ]]; then
 16 |         return 0
 17 |     fi
 18 |     return 1
 19 | }
 20 | 
 21 | clone_repository() {
 22 |     set -e
 23 |     GIT_REPO_URL=${1}
 24 |     GIT_LOCAL_PATH=${2}
 25 | 
 26 |     # If .git directory exists, then we can assume that the repo has already been cloned
 27 |     if [ ! -d  "${GIT_LOCAL_PATH}"/.git ]; then 
 28 |         # Check if ${HOME}/.gitconfig exists and save it
 29 |         if [ -f ${HOME}/.gitconfig ]; then
 30 |             mv ${HOME}/.gitconfig ${HOME}/.gitconfig.external_git_feature
 31 |         fi
 32 | 
 33 |         if check_prebuild; then
 34 |             # Put the prebuild git config in place
 35 |             cp /usr/local/external-repository-feature/prebuild-git.config ${HOME}/.gitconfig
 36 |         else
 37 |             # Put the ado-auth-helper git config in place
 38 |             cp /usr/local/external-repository-feature/ado-git.config ${HOME}/.gitconfig
 39 |         fi
 40 | 
 41 |         # Perform a git clone
 42 |         if [[ "${EXT_GIT_SCALAR}" != "true" ]]; then
 43 |             echo "Cloning ${GIT_REPO_URL} to ${GIT_LOCAL_PATH}"
 44 |             timeout ${EXT_GIT_CLONE_TIMEOUT} git clone ${EXT_GIT_OPTIONS} "${GIT_REPO_URL}" "${GIT_LOCAL_PATH}"
 45 |             if [ $? -eq 124 ]; then
 46 |                 echo "git clone command timed out..."
 47 |             fi
 48 |         else
 49 |             # Perform a scalar clone
 50 |             echo "Cloning ${GIT_REPO_URL} to ${GIT_LOCAL_PATH} using scalar"
 51 |             
 52 |             # Scalar cannot clone into an existing folder so we need to remove it
 53 |             # Anyone using workspaceFolder in Codespaces will have created this folder already
 54 |             # so this will be a common scenario. We have already confirmed there is no .git folder
 55 |             # let's just do one more check to make sure there is not a src/.git folder which
 56 |             # would indicate a previous Scalar clone has been done
 57 |             if [ -d  "${GIT_LOCAL_PATH}"/src/.git ]; then
 58 |                 echo "Repository already cloned"
 59 |                 rm ${HOME}/.gitconfig
 60 |                 # Put back the original .gitconfig if it exists
 61 |                 if [ -f ${HOME}/.gitconfig.external_git_feature ]; then
 62 |                     mv ${HOME}/.gitconfig.external_git_feature ${HOME}/.gitconfig
 63 |                 fi
 64 |                 return 0
 65 |             fi
 66 | 
 67 |             # Remove the local path if it exists
 68 |             if [ -d  "${GIT_LOCAL_PATH}" ]; then
 69 |                 rm -rf "${GIT_LOCAL_PATH}"
 70 |             fi
 71 | 
 72 |             timeout ${EXT_GIT_CLONE_TIMEOUT} scalar clone ${EXT_GIT_OPTIONS} "${GIT_REPO_URL}" "${GIT_LOCAL_PATH}"
 73 |             if [ $? -eq 124 ]; then
 74 |                 echo "scalar clone command timed out..."
 75 |             fi
 76 |             # Figure out the where the .git directory is and change to the parent. Can vary whether --no-src is used
 77 |             if [ -d  "${GIT_LOCAL_PATH}"/.git ]; then 
 78 |                 cd "${GIT_LOCAL_PATH}"
 79 |             else
 80 |                 cd "${GIT_LOCAL_PATH}"/src
 81 |             fi
 82 |             if [[ "${EXT_GIT_SPARSECHECKOUT}" != "" ]]; then
 83 |                 timeout ${EXT_GIT_CLONE_TIMEOUT} git sparse-checkout add ${EXT_GIT_SPARSECHECKOUT}
 84 |                 if [ $? -eq 124 ]; then
 85 |                     echo "git sparse-checkout command timed out..."
 86 |                 fi
 87 |             fi
 88 |             cd "$(dirname "$0")"
 89 |         fi
 90 | 
 91 |         rm ${HOME}/.gitconfig
 92 |         # Put back the original .gitconfig if it exists
 93 |         if [ -f ${HOME}/.gitconfig.external_git_feature ]; then
 94 |             mv ${HOME}/.gitconfig.external_git_feature ${HOME}/.gitconfig
 95 |         fi
 96 |     else
 97 |         echo "Repository already cloned"
 98 |     fi    
 99 |     
100 | }
101 | 
102 | if [[ "${EXT_GIT_REPO_URL}" == "" ]]; then
103 |     echo "Clone URL is not set"
104 |     exit 0;
105 | fi
106 | 
107 | if [[ "${EXT_GIT_LOCAL_PATH}" == "" ]]; then
108 |     echo "Workspace folder for external repository is not set"
109 |     exit 0;
110 | fi
111 | 
112 | 
113 | if check_prebuild; then
114 |     if [[ "${EXT_GIT_OIDC_PREBUILD}" == "true" ]]; then
115 |         EXT_GIT_PAT_VALUE="OIDC"
116 |     else
117 |         EXT_GIT_PAT_VALUE=${!EXT_GIT_PREBUILD_PAT}
118 |     fi
119 | 
120 |     if [[ "${EXT_GIT_PAT_VALUE}" == "" ]]; then
121 |         echo "There is no secret stored in ${EXT_GIT_PREBUILD_PAT}"
122 |         exit 0;
123 |     fi
124 | fi
125 | 
126 | # Split EXT_GIT_REPO_URL into an array based on a comma delimiter
127 | IFS=',' read -ra EXT_GIT_REPO_URL_ARRAY <<< "${EXT_GIT_REPO_URL}"
128 | # If there is more than one repo URL, then we need to clone each one
129 | # When there is more than one repo URL, the EXT_GIT_LOCAL_PATH is the parent folder
130 | # that will contain the repositories. When there is only one repo URL, the EXT_GIT_LOCAL_PATH
131 | # is the folder that will contain the repository
132 | if [ ${#EXT_GIT_REPO_URL_ARRAY[@]} -gt 1 ]; then
133 |     # Loop through each repo URL
134 |     for i in "${EXT_GIT_REPO_URL_ARRAY[@]}"; do
135 |         # Set the repo URL to the current value
136 |         REPO_URL=$i
137 |         # Get the folder name from the last part of the URL (dropping .git if necessary)
138 |         REPO_FOLDER=$(echo "${REPO_URL}" | sed 's/\.git$//;s#.*/##')
139 |         LOCAL_PATH=${EXT_GIT_LOCAL_PATH}/${REPO_FOLDER}
140 |         # Clone the repo
141 |         clone_repository ${REPO_URL} ${LOCAL_PATH}
142 |     done
143 |     exit 0
144 | fi
145 | # There was only one repository specified
146 | clone_repository ${EXT_GIT_REPO_URL} ${EXT_GIT_LOCAL_PATH}


--------------------------------------------------------------------------------
/src/external-repository/scripts/commit-msg.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # Script inspired by the commit-msg hook used in Gerrit Code Review
 4 | # This adds a trailer to the commit with the value of CODESPACE_NAME
 5 | 
 6 | set -u
 7 | 
 8 | # avoid [[ which is not POSIX sh.
 9 | if test "$#" != 1 ; then
10 |   echo "$0 requires an argument."
11 |   exit 1
12 | fi
13 | 
14 | if test ! -f "$1" ; then
15 |   echo "file does not exist: $1"
16 |   exit 1
17 | fi
18 | 
19 | # if $CODESPACE_NAME is not set then exit
20 | if test -z "${CODESPACE_NAME:-}" ; then
21 |   echo "not running in a codespace"
22 |   exit 0
23 | fi
24 | 
25 | if git rev-parse --verify HEAD >/dev/null 2>&1; then
26 |   refhash="$(git rev-parse HEAD)"
27 | else
28 |   refhash="$(git hash-object -t tree /dev/null)"
29 | fi
30 | 
31 | random=$({ git var GIT_COMMITTER_IDENT ; echo "$refhash" ; cat "$1"; } | git hash-object --stdin)
32 | dest="$1.tmp.${random}"
33 | 
34 | trap 'rm -f "$dest" "$dest-2"' EXIT
35 | 
36 | if ! git stripspace --strip-comments < "$1" > "${dest}" ; then
37 |    echo "cannot strip comments from $1"
38 |    exit 1
39 | fi
40 | 
41 | if test ! -s "${dest}" ; then
42 |   echo "file is empty: $1"
43 |   exit 1
44 | fi
45 | 
46 | token="Codespace"
47 | value="$CODESPACE_NAME"
48 | pattern=".*"
49 | 
50 | # If the trailer already exists, do nothing
51 | if git interpret-trailers --parse < "$1" | grep -q "^$token: $pattern$" ; then
52 |   exit 0
53 | fi
54 | 
55 | # There must be a Signed-off-by trailer for the code below to work. Insert a
56 | # sentinel at the end to make sure there is one.
57 | # Avoid the --in-place option which only appeared in Git 2.8
58 | if ! git interpret-trailers \
59 |          --trailer "Signed-off-by: SENTINEL" < "$1" > "$dest-2" ; then
60 |   echo "cannot insert Signed-off-by sentinel line in $1"
61 |   exit 1
62 | fi
63 | 
64 | # Make sure the trailer appears before any Signed-off-by trailers by inserting
65 | # it as if it was a Signed-off-by trailer and then use sed to remove the
66 | # Signed-off-by prefix and the Signed-off-by sentinel line.
67 | # Avoid the --in-place option which only appeared in Git 2.8
68 | # Avoid the --where option which only appeared in Git 2.15
69 | if ! git -c trailer.where=before interpret-trailers \
70 |          --trailer "Signed-off-by: $token: $value" < "$dest-2" |
71 |      sed -e "s/^Signed-off-by: \($token: \)/\1/" \
72 |          -e "/^Signed-off-by: SENTINEL/d" > "$dest" ; then
73 |   echo "cannot insert $token line in $1"
74 |   exit 1
75 | fi
76 | 
77 | if ! mv "${dest}" "$1" ; then
78 |   echo "cannot mv ${dest} to $1"
79 |   exit 1
80 | fi


--------------------------------------------------------------------------------
/src/external-repository/scripts/external-git:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -e
 3 | 
 4 | SUBCOMMAND=$1
 5 | 
 6 | case "${SUBCOMMAND}" in
 7 |     "clone")
 8 |         exec /bin/bash "/usr/local/external-repository-feature/clone.sh"
 9 |         ;;
10 |     "config")
11 |         exec /bin/bash "/usr/local/external-repository-feature/setup-user.sh"
12 |         ;;
13 |     "setup-user")
14 |         exec /bin/bash "/usr/local/external-repository-feature/setup-user.sh"
15 |         ;;
16 |     "prebuild")
17 |         source /usr/local/external-repository-feature/variables.sh
18 |         if [ "${EXT_GIT_OIDC_PREBUILD}" == "true" ]; then
19 |           # Get token using OIDC
20 |             if [ "$2" = "get" ]; then
21 |                 FIC=$(curl -s -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=api://AzureADTokenExchange" | jq -r '.value')
22 |                 if az login --service-principal -u ${EXT_GIT_AZURE_CLIENT_ID} --tenant ${EXT_GIT_AZURE_TENANT_ID} --federated-token "${FIC}" --allow-no-subscriptions --only-show-errors &>/dev/null; then
23 |                     ADO_TOKEN=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 | jq -r .accessToken)
24 |                 else
25 |                     ADO_TOKEN="ERROR"
26 |                 fi
27 |                 echo "username=${EXT_GIT_USERNAME}"
28 |                 echo "password=${ADO_TOKEN}"
29 |             else
30 |                # This allows the prebuild command to be called and just get the token on stdout
31 |                 echo $(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 | jq -r .accessToken)
32 |             fi
33 |         else
34 |             # Get token using PAT
35 |             if [ "$2" = "get" ]; then
36 |                 PREBUILD_PAT=${!EXT_GIT_PREBUILD_PAT}
37 |                 echo "username=${EXT_GIT_USERNAME}"
38 |                 echo "password=${PREBUILD_PAT}"
39 |             fi
40 |         fi
41 |         exit 0
42 |         ;;
43 |     "helper")
44 |         if [ "$2" = "get" ]; then
45 |             source /usr/local/external-repository-feature/variables.sh
46 |             USER_PAT=${!EXT_GIT_USER_PAT}
47 |             echo "username=${EXT_GIT_USERNAME}"
48 |             echo "password=${USER_PAT}"
49 |         fi
50 |         exit 0
51 |         ;;
52 |     "ado-helper")
53 |         if [ "$2" = "get" ]; then
54 |             # Wait up to 120 seconds for the ado-auth-helper to be installed
55 |             for i in {1..120}; do
56 |                 if [ -f ${HOME}/ado-auth-helper ]; then
57 |                     ~/ado-auth-helper get
58 |                     exit 0
59 |                 fi
60 |                 sleep 1
61 |             done
62 |             # Helper is not available
63 |             echo "username=helper"
64 |             echo "password=notinstalled"
65 |         fi
66 |         exit 0
67 |         ;;        
68 |     *)
69 |         echo "devcontainer.json example:"
70 |         echo "  "\"onCreateCommand\": \"external-git clone\",""
71 |         echo "  "\"postStartCommand\": \"external-git config\",""
72 |         exit 0
73 |         ;;
74 | esac
75 | exit $?


--------------------------------------------------------------------------------
/src/external-repository/scripts/prebuild-git.config:
--------------------------------------------------------------------------------
1 | [credential]
2 | 	helper =
3 | 	helper = /usr/local/bin/external-git prebuild


--------------------------------------------------------------------------------
/src/external-repository/scripts/setup-user.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | # Change to the directory where this script is located
  4 | cd "$(dirname "$0")"
  5 | 
  6 | # Load the variables
  7 | source ./variables.sh
  8 | 
  9 | checkout_branch() {
 10 |     # If AZDO_BRANCH is not set, then return
 11 |     if [[ "${AZDO_BRANCH}" == "" ]]; then
 12 |         return
 13 |     fi
 14 |     cd ${1}
 15 | 
 16 |     # Get the current branch name
 17 |     CURRENT_BRANCH=$(git branch --show-current)
 18 |     if [[ "${CURRENT_BRANCH}" == "${AZDO_BRANCH}" ]]; then
 19 |         echo "Already on branch ${AZDO_BRANCH}"
 20 |         return
 21 |     fi
 22 | 
 23 |     echo "Checking out branch ${AZDO_BRANCH}"
 24 |     
 25 |     if [ ! -f ${HOME}/ado-auth-helper ]; then
 26 |         echo "Waiting up to 180 seconds for ado-auth-helper extension to be installed"
 27 |     fi    
 28 |     # Wait up to 3 minutes for the ado-auth-helper to be installed
 29 |     for i in {1..180}; do
 30 |         if [ -f ${HOME}/ado-auth-helper ]; then
 31 |             break
 32 |         fi
 33 |         sleep 1
 34 |     done
 35 | 
 36 |     # fetch the branch named AZDO_BRANCH
 37 |     git fetch origin ${AZDO_BRANCH}
 38 |     git checkout ${AZDO_BRANCH}
 39 | }
 40 | 
 41 | configure_git_for_user() {
 42 |     GIT_PATH=""
 43 |     WC_PATH=""
 44 |     if [ -d  "${1}"/.git ]; then 
 45 |         GIT_PATH="${1}/.git"
 46 |         WC_PATH="${1}"
 47 |     else
 48 |         GIT_PATH="${1}/src/.git"
 49 |         WC_PATH="${1}/src"
 50 |     fi
 51 | 
 52 |     # See if $GIT_PATH/.git/config contains [credential] section
 53 |     if grep -q "\[credential\]" "${GIT_PATH}/config"; then
 54 |         if grep -q "helper =" "${GIT_PATH}/config"; then
 55 |             echo "Git [credential] is already configured"
 56 |             return
 57 |         fi
 58 |     fi
 59 | 
 60 |     if [ "$ADO" = "true" ]; then
 61 |         echo "Configuring ADO Authorization Helper"
 62 |         cat "./ado-git.config" >> "${GIT_PATH}/config"
 63 |         # See if there was a request to checkout an AzDO branch by checking the branch name of
 64 |         # the Codespaces bridge repository. If the branch name begins with azdo/ then the
 65 |         # rest of the branch name is the branch to checkout.
 66 |         if [[ "${RepositoryName}" != "" ]]; then
 67 |             CS_FOLDER=/workspaces/${RepositoryName}
 68 |             if [ -d "${CS_FOLDER}" ]; then
 69 |                 CS_BRANCH_NAME=$(git -C ${CS_FOLDER} branch --show-current)
 70 |                 if [[ ${CS_BRANCH_NAME} == azdo/* ]]; then
 71 |                     export AZDO_BRANCH=${CS_BRANCH_NAME#azdo/}
 72 |                 fi
 73 |             fi
 74 |         fi        
 75 | 
 76 |         # Call the function regardless so that some other process can set the AZDO_BRANCH variable
 77 |         # before this script is called and it will still work. This allows for other techniques to be
 78 |         # used to communicate the desire to checkout a branch
 79 |         checkout_branch ${WC_PATH}
 80 |     else
 81 |         echo "Configuring Git Credentials to use a secret"
 82 |         cat "./usersecret-git.config" >> "${GIT_PATH}/config"
 83 |     fi
 84 | 
 85 |     # Setup Git Telemetry .. note that the checks for the credentials
 86 |     # will already have exited the script before we get here if
 87 |     # they have previously been configured. So we are relying on
 88 |     # that as our way to only do this once
 89 | 
 90 |     if [ "${EXT_GIT_TELEMETRY}" = "message" ]; then
 91 |         echo "Configuring Git commit-msg hook"
 92 |         cp "/usr/local/external-repository-feature/commit-msg.sh" "${GIT_PATH}/hooks/commit-msg"
 93 |         chmod +x "${GIT_PATH}/hooks/commit-msg"
 94 |         return
 95 |     fi
 96 | 
 97 |     if [ "${EXT_GIT_TELEMETRY}" = "name" ]; then
 98 |         echo "Confguring Git Username"
 99 |         cd "${WC_PATH}"
100 |         # Retrieve the user's name from the git config
101 |         GIT_USER_NAME=$(git config user.name)
102 |         if [ "${GIT_USER_NAME}" = "" ]; then
103 |             echo "Git Username is not set"
104 |             return
105 |         fi
106 |         # Set the git user name to the telemetry name
107 |         git config user.name "${GIT_USER_NAME} (Codespaces)"
108 |         return
109 |     fi
110 | 
111 |     if [ "${EXT_GIT_TELEMETRY}" = "email" ]; then
112 |         echo "Configuring Git Email address"
113 |         cd "${WC_PATH}"
114 |         # Retrieve the user's email from the git config
115 |         GIT_USER_EMAIL=$(git config user.email)
116 |         if [ "${GIT_USER_EMAIL}" = "" ]; then
117 |             echo "Git Email is not set"
118 |             return
119 |         fi
120 |         # Split the email address at the @ sign
121 |         IFS="@"
122 |         set -- ${GIT_USER_EMAIL}
123 |         if [ "${#@}" -ne 2 ];then
124 |             echo "Could not parse email address"
125 |             return
126 |         fi
127 |         # Set the git user email to the telemetry email
128 |         git config user.email "${1}+codespaces@${2}"
129 |         return
130 |     fi
131 |         
132 | }
133 | 
134 | if [[ "${EXT_GIT_LOCAL_PATH}" == "" ]]; then
135 |     echo "Repository Local Path is not set"
136 |     exit 1;
137 | fi
138 | 
139 | # If repository does not exist, we will initialize an empty one
140 | # that points to the remote repository. This would only be the case
141 | # when someone is testing Codespaces without setting up prebuild
142 | if [ ! -d "${EXT_GIT_LOCAL_PATH}" ]; then
143 |     echo "Initializing empty repository at ${EXT_GIT_LOCAL_PATH}"
144 |     mkdir -p "${EXT_GIT_LOCAL_PATH}"
145 |     cd "${EXT_GIT_LOCAL_PATH}"
146 |     git init -b "${EXT_GIT_BRANCH}"
147 |     git remote add origin "${EXT_GIT_REPO_URL}"
148 |     cd "$(dirname "$0")"
149 | fi
150 | 
151 | # Configure to use ado-auth-helper unless a userSecret is specified
152 | if [ "${EXT_GIT_PROVIDER}" = "azuredevops" ]; then
153 |     # Check if a USER PAT variable name is specified
154 |     # and if it exists with a value set. Otherwise, use ADO Helper
155 |     ADO="true"
156 |     if [[ "${EXT_GIT_USER_PAT}" != "" ]]; then
157 |         EXT_GIT_PAT_VALUE=${!EXT_GIT_USER_PAT}
158 |         if [[ "${EXT_GIT_PAT_VALUE}" != "" ]]; then
159 |             ADO="false"
160 |         fi
161 |     fi
162 | else
163 |     ADO="false"
164 | fi
165 | 
166 | 
167 | # Split EXT_GIT_REPO_URL into an array based on a comma delimiter if multiple URLs are specified
168 | IFS=',' read -ra EXT_GIT_REPO_URL_ARRAY <<< "${EXT_GIT_REPO_URL}"
169 | # If there is more than one repo URL, then we need to configure each one
170 | # When there is more than one repo URL, the EXT_GIT_LOCAL_PATH is the parent folder
171 | # that will contain the repositories. When there is only one repo URL, the EXT_GIT_LOCAL_PATH
172 | # is the folder that will contain the repository
173 | if [ ${#EXT_GIT_REPO_URL_ARRAY[@]} -gt 1 ]; then
174 |     # Loop through each repo URL
175 |     for i in "${EXT_GIT_REPO_URL_ARRAY[@]}"; do
176 |         # Set the repo URL to the current value
177 |         REPO_URL=$i
178 |         # Get the folder name from the last part of the URL (dropping .git if necessary)
179 |         REPO_FOLDER=$(echo "${REPO_URL}" | sed 's/\.git$//;s#.*/##')
180 |         LOCAL_PATH=${EXT_GIT_LOCAL_PATH}/${REPO_FOLDER}
181 |         # Clone the repo
182 |         configure_git_for_user ${LOCAL_PATH}
183 |     done
184 |     exit 0
185 | fi
186 | # There was only one repository specified
187 | configure_git_for_user ${EXT_GIT_LOCAL_PATH}
188 | 


--------------------------------------------------------------------------------
/src/external-repository/scripts/usersecret-git.config:
--------------------------------------------------------------------------------
1 | [credential]
2 | 	helper =
3 | 	helper = /usr/local/bin/external-git helper


--------------------------------------------------------------------------------
/src/external-repository/scripts/variables.sh:
--------------------------------------------------------------------------------
 1 | # This file does not get installed with the feature
 2 | # It exists as an example of what will be installed based on the 
 3 | # options provided when installing the feature. You can source this file
 4 | # in your own scripts to get the values of the variables
 5 | # source /usr/local/external-repository-feature/variables.sh
 6 | EXT_GIT_PROVIDER="azuredevops"
 7 | EXT_GIT_REPO_URL="https://dev.azure.com/contoso/MyProject/_git/MyRepo"
 8 | EXT_GIT_LOCAL_PATH="/workspaces/MyRepo"
 9 | EXT_GIT_PREBUILD_PAT="EXT_GIT_PAT"
10 | EXT_GIT_USERNAME="codespaces"
11 | EXT_GIT_USER_PAT="EXT_GIT_PAT"
12 | EXT_GIT_BRANCH="main"
13 | EXT_GIT_CLONE_TIMEOUT="30m"
14 | EXT_GIT_BRANCH="main"
15 | EXT_GIT_OPTIONS=
16 | EXT_GIT_SCALAR="false"
17 | EXT_GIT_SPARSECHECKOUT=
18 | EXT_GIT_TELEMETRY="none"
19 | EXT_GIT_AZURE_CLIENT_ID=""
20 | EXT_GIT_AZURE_TENANT_ID=""
21 | EXT_GIT_OIDC_PREBUILD="false"
22 | 


--------------------------------------------------------------------------------
/src/go/NOTES.md:
--------------------------------------------------------------------------------
1 | 
2 | 
3 | ## OS Support
4 | 
5 | This Feature should work on recent versions of Debian/Ubuntu-based distributions with the `apt` package manager installed
6 | as well as Azure Linux (Mariner) with the `tdnf` package manager installed.
7 | 
8 | `bash` is required to execute the `install.sh` script.


--------------------------------------------------------------------------------
/src/go/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # Go (go)
 3 | 
 4 | Installs Go and common Go utilities. Auto-detects latest version and installs needed dependencies.
 5 | 
 6 | ## Example Usage
 7 | 
 8 | ```json
 9 | "features": {
10 |     "ghcr.io/microsoft/codespace-features/go:1": {}
11 | }
12 | ```
13 | 
14 | ## Options
15 | 
16 | | Options Id | Description | Type | Default Value |
17 | |-----|-----|-----|-----|
18 | | version | Select or enter a Go version to install | string | latest |
19 | | golangciLintVersion | Version of golangci-lint to install | string | latest |
20 | 
21 | ## Customizations
22 | 
23 | ### VS Code Extensions
24 | 
25 | - `golang.Go`
26 | 
27 | 
28 | 
29 | ## OS Support
30 | 
31 | This Feature should work on recent versions of Debian/Ubuntu-based distributions with the `apt` package manager installed
32 | as well as Azure Linux (Mariner) with the `tdnf` package manager installed.
33 | 
34 | `bash` is required to execute the `install.sh` script.
35 | 
36 | ---
37 | 
38 | _Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/microsoft/codespace-features/blob/main/src/go/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
39 | 


--------------------------------------------------------------------------------
/src/go/devcontainer-feature.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "id": "go",
 3 |     "version": "1.2.0",
 4 |     "name": "Go",
 5 |     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/go",
 6 |     "description": "Installs Go and common Go utilities. Auto-detects latest version and installs needed dependencies.",
 7 |     "options": {
 8 |         "version": {
 9 |             "type": "string",
10 |             "proposals": [
11 |                 "latest",
12 |                 "none",
13 |                 "1.19",
14 |                 "1.18"
15 |             ],
16 |             "default": "latest",
17 |             "description": "Select or enter a Go version to install"
18 |         },
19 |         "golangciLintVersion": {
20 |             "type": "string",
21 |             "default": "latest",
22 |             "description": "Version of golangci-lint to install"
23 |         }
24 |     },
25 |     "init": true,
26 |     "customizations": {
27 |         "vscode": {
28 |             "extensions": [
29 |                 "golang.Go"
30 |             ]
31 |         }
32 |     },
33 |     "containerEnv": {
34 |         "GOROOT": "/usr/local/go",
35 |         "GOPATH": "/go",
36 |         "PATH": "/usr/local/go/bin:/go/bin:${PATH}"
37 |     },
38 |     "capAdd": [
39 |         "SYS_PTRACE"
40 |     ],
41 |     "securityOpt": [
42 |         "seccomp=unconfined"
43 |     ],
44 |     "installsAfter": [
45 |         "ghcr.io/devcontainers/features/common-utils"
46 |     ]
47 | }


--------------------------------------------------------------------------------
/src/go/install.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | #-------------------------------------------------------------------------------------------------------------
  3 | # Copyright (c) Microsoft Corporation. All rights reserved.
  4 | # Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information
  5 | #-------------------------------------------------------------------------------------------------------------
  6 | #
  7 | # Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/go.md
  8 | # Maintainer: The VS Code and Codespaces Teams
  9 | 
 10 | TARGET_GO_VERSION="${VERSION:-"latest"}"
 11 | GOLANGCILINT_VERSION="${GOLANGCILINTVERSION:-"latest"}"
 12 | 
 13 | TARGET_GOROOT="${TARGET_GOROOT:-"/usr/local/go"}"
 14 | TARGET_GOPATH="${TARGET_GOPATH:-"/go"}"
 15 | USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
 16 | INSTALL_GO_TOOLS="${INSTALL_GO_TOOLS:-"true"}"
 17 | 
 18 | # https://www.google.com/linuxrepositories/
 19 | GO_GPG_KEY_URI="https://dl.google.com/linux/linux_signing_key.pub"
 20 | 
 21 | set -e
 22 | # Source /etc/os-release to get OS info
 23 | . /etc/os-release
 24 | 
 25 | if [ "$(id -u)" -ne 0 ]; then
 26 |     echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
 27 |     exit 1
 28 | fi
 29 | 
 30 | # Ensure that login shells get the correct path if the user updated the PATH using ENV.
 31 | rm -f /etc/profile.d/00-restore-env.sh
 32 | echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
 33 | chmod +x /etc/profile.d/00-restore-env.sh
 34 | 
 35 | # Determine the appropriate non-root user
 36 | if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then
 37 |     USERNAME=""
 38 |     POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)")
 39 |     for CURRENT_USER in "${POSSIBLE_USERS[@]}"; do
 40 |         if id -u ${CURRENT_USER} > /dev/null 2>&1; then
 41 |             USERNAME=${CURRENT_USER}
 42 |             break
 43 |         fi
 44 |     done
 45 |     if [ "${USERNAME}" = "" ]; then
 46 |         USERNAME=root
 47 |     fi
 48 | elif [ "${USERNAME}" = "none" ] || ! id -u ${USERNAME} > /dev/null 2>&1; then
 49 |     USERNAME=root
 50 | fi
 51 | 
 52 | # Figure out correct version of a three part version number is not passed
 53 | find_version_from_git_tags() {
 54 |     local variable_name=$1
 55 |     local requested_version=${!variable_name}
 56 |     if [ "${requested_version}" = "none" ]; then return; fi
 57 |     local repository=$2
 58 |     local prefix=${3:-"tags/v"}
 59 |     local separator=${4:-"."}
 60 |     local last_part_optional=${5:-"false"}    
 61 |     if [ "$(echo "${requested_version}" | grep -o "." | wc -l)" != "2" ]; then
 62 |         local escaped_separator=${separator//./\\.}
 63 |         local last_part
 64 |         if [ "${last_part_optional}" = "true" ]; then
 65 |             last_part="(${escaped_separator}[0-9]+)?"
 66 |         else
 67 |             last_part="${escaped_separator}[0-9]+"
 68 |         fi
 69 |         local regex="${prefix}\\K[0-9]+${escaped_separator}[0-9]+${last_part}$"
 70 |         local version_list="$(git ls-remote --tags ${repository} | grep -oP "${regex}" | tr -d ' ' | tr "${separator}" "." | sort -rV)"
 71 |         if [ "${requested_version}" = "latest" ] || [ "${requested_version}" = "current" ] || [ "${requested_version}" = "lts" ]; then
 72 |             declare -g ${variable_name}="$(echo "${version_list}" | head -n 1)"
 73 |         else
 74 |             set +e
 75 |             declare -g ${variable_name}="$(echo "${version_list}" | grep -E -m 1 "^${requested_version//./\\.}([\\.\\s]|$)")"
 76 |             set -e
 77 |         fi
 78 |     fi
 79 |     if [ -z "${!variable_name}" ] || ! echo "${version_list}" | grep "^${!variable_name//./\\.}$" > /dev/null 2>&1; then
 80 |         echo -e "Invalid ${variable_name} value: ${requested_version}\nValid values:\n${version_list}" >&2
 81 |         exit 1
 82 |     fi
 83 |     echo "${variable_name}=${!variable_name}"
 84 | }
 85 | 
 86 | # Get central common setting
 87 | get_common_setting() {
 88 |     if [ "${common_settings_file_loaded}" != "true" ]; then
 89 |         curl -sfL "https://aka.ms/vscode-dev-containers/script-library/settings.env" 2>/dev/null -o /tmp/vsdc-settings.env || echo "Could not download settings file. Skipping."
 90 |         common_settings_file_loaded=true
 91 |     fi
 92 |     if [ -f "/tmp/vsdc-settings.env" ]; then
 93 |         local multi_line=""
 94 |         if [ "$2" = "true" ]; then multi_line="-z"; fi
 95 |         local result="$(grep ${multi_line} -oP "$1=\"?\K[^\"]+" /tmp/vsdc-settings.env | tr -d '\0')"
 96 |         if [ ! -z "${result}" ]; then declare -g $1="${result}"; fi
 97 |     fi
 98 |     echo "$1=${!1}"
 99 | }
100 | 
101 | apt_get_update()
102 | {
103 |     if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
104 |         echo "Running apt-get update..."
105 |         apt-get update -y
106 |     fi
107 | }
108 | 
109 | # Checks if packages are installed and installs them if not
110 | check_packages() {
111 |     if ! dpkg -s "$@" > /dev/null 2>&1; then
112 |         apt_get_update
113 |         apt-get -y install --no-install-recommends "$@"
114 |     fi
115 | }
116 | 
117 | export DEBIAN_FRONTEND=noninteractive
118 | 
119 | if [ "${ID}" = "mariner" ]; then
120 |     tdnf install -y curl ca-certificates gnupg2 tar g++ gcc make git build-essential
121 | else
122 |     # Clean up
123 |     rm -rf /var/lib/apt/lists/*
124 |     check_packages curl ca-certificates
125 |     # Install curl, tar, git, other dependencies if missing
126 |     check_packages curl ca-certificates gnupg2 tar g++ gcc libc6-dev make pkg-config
127 |     if ! type git > /dev/null 2>&1; then
128 |         check_packages git
129 |     fi
130 | fi
131 | 
132 | # Get closest match for version number specified
133 | find_version_from_git_tags TARGET_GO_VERSION "https://go.googlesource.com/go" "tags/go" "." "true"
134 | 
135 | architecture="$(uname -m)"
136 | case $architecture in
137 |     x86_64) architecture="amd64";;
138 |     aarch64 | armv8*) architecture="arm64";;
139 |     aarch32 | armv7* | armvhf*) architecture="armv6l";;
140 |     i?86) architecture="386";;
141 |     *) echo "(!) Architecture $architecture unsupported"; exit 1 ;;
142 | esac
143 | 
144 | # Install Go
145 | umask 0002
146 | if ! cat /etc/group | grep -e "^golang:" > /dev/null 2>&1; then
147 |     groupadd -r golang
148 | fi
149 | usermod -a -G golang "${USERNAME}"
150 | mkdir -p "${TARGET_GOROOT}" "${TARGET_GOPATH}"
151 | 
152 | if [[ "${TARGET_GO_VERSION}" != "none" ]] && [[ "$(go version)" != *"${TARGET_GO_VERSION}"* ]]; then
153 |     # Use a temporary location for gpg keys to avoid polluting image
154 |     export GNUPGHOME="/tmp/tmp-gnupg"
155 |     mkdir -p ${GNUPGHOME}
156 |     chmod 700 ${GNUPGHOME}
157 |     get_common_setting GO_GPG_KEY_URI
158 |     curl -sSL -o /tmp/tmp-gnupg/golang_key "${GO_GPG_KEY_URI}"
159 |     gpg -q --import /tmp/tmp-gnupg/golang_key
160 |     echo "Downloading Go ${TARGET_GO_VERSION}..."
161 |     set +e
162 |     curl -fsSL -o /tmp/go.tar.gz "https://golang.org/dl/go${TARGET_GO_VERSION}.linux-${architecture}.tar.gz"
163 |     exit_code=$?
164 |     set -e
165 |     if [ "$exit_code" != "0" ]; then
166 |         echo "(!) Download failed."
167 |         # Try one break fix version number less if we get a failure. Use "set +e" since "set -e" can cause failures in valid scenarios.
168 |         set +e
169 |         major="$(echo "${TARGET_GO_VERSION}" | grep -oE '^[0-9]+' || echo '')"
170 |         minor="$(echo "${TARGET_GO_VERSION}" | grep -oP '^[0-9]+\.\K[0-9]+' || echo '')"
171 |         breakfix="$(echo "${TARGET_GO_VERSION}" | grep -oP '^[0-9]+\.[0-9]+\.\K[0-9]+' 2>/dev/null || echo '')"
172 |         # Handle Go's odd version pattern where "0" releases omit the last part
173 |         if [ "${breakfix}" = "" ] || [ "${breakfix}" = "0" ]; then
174 |             ((minor=minor-1))
175 |             TARGET_GO_VERSION="${major}.${minor}"
176 |             # Look for latest version from previous minor release
177 |             find_version_from_git_tags TARGET_GO_VERSION "https://go.googlesource.com/go" "tags/go" "." "true"
178 |         else 
179 |             ((breakfix=breakfix-1))
180 |             if [ "${breakfix}" = "0" ]; then
181 |                 TARGET_GO_VERSION="${major}.${minor}"
182 |             else 
183 |                 TARGET_GO_VERSION="${major}.${minor}.${breakfix}"
184 |             fi
185 |         fi
186 |         set -e
187 |         echo "Trying ${TARGET_GO_VERSION}..."
188 |         curl -fsSL -o /tmp/go.tar.gz "https://golang.org/dl/go${TARGET_GO_VERSION}.linux-${architecture}.tar.gz"
189 |     fi
190 |     curl -fsSL -o /tmp/go.tar.gz.asc "https://golang.org/dl/go${TARGET_GO_VERSION}.linux-${architecture}.tar.gz.asc"
191 |     gpg --verify /tmp/go.tar.gz.asc /tmp/go.tar.gz
192 |     echo "Extracting Go ${TARGET_GO_VERSION}..."
193 |     tar -xzf /tmp/go.tar.gz -C "${TARGET_GOROOT}" --strip-components=1
194 |     rm -rf /tmp/go.tar.gz /tmp/go.tar.gz.asc /tmp/tmp-gnupg
195 | else
196 |     echo "(!) Go is already installed with version ${TARGET_GO_VERSION}. Skipping."
197 | fi
198 | 
199 | # Install Go tools that are isImportant && !replacedByGopls based on
200 | # https://github.com/golang/vscode-go/blob/v0.38.0/src/goToolsInformation.ts
201 | GO_TOOLS="\
202 |     golang.org/x/tools/gopls@latest \
203 |     honnef.co/go/tools/cmd/staticcheck@latest \
204 |     golang.org/x/lint/golint@latest \
205 |     github.com/mgechev/revive@latest \
206 |     github.com/go-delve/delve/cmd/dlv@latest \
207 |     github.com/fatih/gomodifytags@latest \
208 |     github.com/haya14busa/goplay/cmd/goplay@latest \
209 |     github.com/cweill/gotests/gotests@latest \ 
210 |     github.com/josharian/impl@latest"
211 | 
212 | if [ "${INSTALL_GO_TOOLS}" = "true" ]; then
213 |     echo "Installing common Go tools..."
214 |     export PATH=${TARGET_GOROOT}/bin:${PATH}
215 |     mkdir -p /tmp/gotools /usr/local/etc/vscode-dev-containers ${TARGET_GOPATH}/bin
216 |     cd /tmp/gotools
217 |     export GOPATH=/tmp/gotools
218 |     export GOCACHE=/tmp/gotools/cache
219 | 
220 |     # Use go get for versions of go under 1.16
221 |     go_install_command=install
222 |     if [[ "1.16" > "$(go version | grep -oP 'go\K[0-9]+\.[0-9]+(\.[0-9]+)?')" ]]; then
223 |         export GO111MODULE=on
224 |         go_install_command=get
225 |         echo "Go version < 1.16, using go get."
226 |     fi 
227 | 
228 |     (echo "${GO_TOOLS}" | xargs -n 1 go ${go_install_command} -v )2>&1 | tee -a /usr/local/etc/vscode-dev-containers/go.log
229 | 
230 |     # Move Go tools into path and clean up
231 |     if [ -d /tmp/gotools/bin ]; then
232 |         mv /tmp/gotools/bin/* ${TARGET_GOPATH}/bin/
233 |         rm -rf /tmp/gotools
234 |     fi
235 | 
236 |     # Install golangci-lint from precompiled binares
237 |     if [ "$GOLANGCILINT_VERSION" = "latest" ] || [ "$GOLANGCILINT_VERSION" = "" ]; then
238 |         echo "Installing golangci-lint latest..."
239 |         curl -fsSL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \
240 |             sh -s -- -b "${TARGET_GOPATH}/bin"
241 |     else
242 |         echo "Installing golangci-lint ${GOLANGCILINT_VERSION}..."
243 |         curl -fsSL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \
244 |             sh -s -- -b "${TARGET_GOPATH}/bin" "v${GOLANGCILINT_VERSION}"
245 |     fi
246 | fi
247 | 
248 | 
249 | chown -R "${USERNAME}:golang" "${TARGET_GOROOT}" "${TARGET_GOPATH}"
250 | chmod -R g+r+w "${TARGET_GOROOT}" "${TARGET_GOPATH}"
251 | find "${TARGET_GOROOT}" -type d -print0 | xargs -n 1 -0 chmod g+s
252 | find "${TARGET_GOPATH}" -type d -print0 | xargs -n 1 -0 chmod g+s
253 | 
254 | # Clean up
255 | if [ "${ID}" = "mariner" ]; then
256 |     tdnf clean all
257 | else
258 |     rm -rf /var/lib/apt/lists/*
259 | fi
260 | 
261 | echo "Done!"


--------------------------------------------------------------------------------
/src/microsoft-git/NOTES.md:
--------------------------------------------------------------------------------
1 | 
2 | This installs the [Microsoft fork of Git](https://github.com/microsoft/git) that includes
3 | Scalar and support for GVFS protocol.
4 | 
5 | ## OS Support
6 | 
7 | This feature is tested on base images for Debian/Ubuntu and Mariner-CBL 2.0


--------------------------------------------------------------------------------
/src/microsoft-git/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # Microsoft Git for monorepo with GVFS support (microsoft-git)
 3 | 
 4 | A fork of Git containing Microsoft-specific patches
 5 | 
 6 | ## Example Usage
 7 | 
 8 | ```json
 9 | "features": {
10 |     "ghcr.io/microsoft/codespace-features/microsoft-git:1": {}
11 | }
12 | ```
13 | 
14 | ## Options
15 | 
16 | | Options Id | Description | Type | Default Value |
17 | |-----|-----|-----|-----|
18 | | version | Select version of Microsoft Git, if not latest. | string | latest |
19 | 
20 | 
21 | This installs the [Microsoft fork of Git](https://github.com/microsoft/git) that includes
22 | Scalar and support for GVFS protocol.
23 | 
24 | ## OS Support
25 | 
26 | This feature is tested on base images for Debian/Ubuntu and Mariner-CBL 2.0
27 | 
28 | ---
29 | 
30 | _Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/microsoft/codespace-features/blob/main/src/microsoft-git/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
31 | 


--------------------------------------------------------------------------------
/src/microsoft-git/devcontainer-feature.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "Microsoft Git for monorepo with GVFS support",
 3 |     "id": "microsoft-git",
 4 |     "version": "1.0.6",
 5 |     "description": "A fork of Git containing Microsoft-specific patches",
 6 |     "options": {
 7 |         "version": {
 8 |             "type": "string",
 9 |             "proposals": [
10 |                 "latest",
11 |                 "2.43.0.vfs.0.0",
12 |                 "2.42.0.vfs.0.3",
13 |                 "2.40.1.vfs.0.2",
14 |                 "2.39.2.vfs.0.0",
15 |                 "2.38.1.vfs.0.1"
16 |             ],
17 |             "default": "latest",
18 |             "description": "Select version of Microsoft Git, if not latest."
19 |         }
20 |     },
21 |     "installsAfter": [
22 |         "ghcr.io/devcontainers/features/common-utils"
23 |     ]
24 | }
25 | 


--------------------------------------------------------------------------------
/src/microsoft-git/install.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | #-------------------------------------------------------------------------------------------------------------
 3 | # Copyright (c) Microsoft Corporation. All rights reserved.
 4 | # Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
 5 | #-------------------------------------------------------------------------------------------------------------
 6 | 
 7 | 
 8 | GIT_VERSION=${VERSION:-"latest"} 
 9 | 
10 | set -e
11 | 
12 | # Source /etc/os-release to get OS info
13 | . /etc/os-release
14 | 
15 | if [ "$(id -u)" -ne 0 ]; then
16 |     echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
17 |     exit 1
18 | fi
19 | 
20 | apt_get_update()
21 | {
22 |     if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
23 |         echo "Running apt-get update..."
24 |         apt-get update -y
25 |     fi
26 | }
27 | 
28 | # Checks if packages are installed and installs them if not
29 | check_packages() {
30 |     if ! dpkg -s "$@" > /dev/null 2>&1; then
31 |         apt_get_update
32 |         apt-get -y install --no-install-recommends "$@"
33 |     fi
34 | }
35 | 
36 | export DEBIAN_FRONTEND=noninteractive
37 | 
38 | if [ "${ID}" = "mariner" ]; then
39 |     tdnf install -y curl ca-certificates
40 | else
41 |     check_packages curl ca-certificates
42 | fi
43 | 
44 | # Partial version matching
45 | if [ "$(echo "${GIT_VERSION}" | grep -o '\.' | wc -l)" != "2" ]; then
46 |     requested_version="${GIT_VERSION}"
47 |     version_list="$(curl -sSL -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/microsoft/git/tags?per_page=100" | grep -oP '"name":\s*"v\K[0-9]+\.[0-9]+\.[0-9]+\.vfs\.[0-9]+\.[0-9]+"' | tr -d '"' | sort -rV)"
48 |     if [ "${requested_version}" = "latest" ] || [ "${requested_version}" = "lts" ] || [ "${requested_version}" = "current" ]; then
49 |         GIT_VERSION="$(echo "${version_list}" | head -n 1)"
50 |     else
51 |         set +e
52 |         GIT_VERSION="$(echo "${version_list}" | grep -E -m 1 "^${requested_version//./\\.}([\\.\\s]|$)")"
53 |         set -e
54 |     fi
55 |     if [ -z "${GIT_VERSION}" ] || ! echo "${version_list}" | grep "^${GIT_VERSION//./\\.}$" > /dev/null 2>&1; then
56 |         echo "Invalid git version: ${requested_version}" >&2
57 |         exit 1
58 |     fi
59 | fi
60 | 
61 | 
62 | echo "Downloading Microsoft Git ${GIT_VERSION}..."
63 | 
64 | # If ID is mariner
65 | if [ "${ID}" = "mariner" ]; then
66 |     # We need to build Git from source release on Mariner
67 |     tdnf install -y wget tar git pcre2 binutils build-essential openssl-devel expat-devel curl-devel python3-devel gettext asciidoc xmlto cronie
68 |     wget -q https://github.com/microsoft/git/archive/refs/tags/v${GIT_VERSION}.tar.gz
69 |     tar xvf v${GIT_VERSION}.tar.gz -C /usr
70 |     rm v${GIT_VERSION}.tar.gz
71 |     cd /usr/git-${GIT_VERSION}
72 |     make prefix=/usr/local all install
73 |     cd /usr
74 |     rm -rf git-${GIT_VERSION}
75 |     tdnf clean all
76 |     exit 0
77 | fi
78 | 
79 | # Install for Debian/Ubuntu
80 | check_packages wget git
81 | 
82 | wget -q https://github.com/microsoft/git/releases/download/v${GIT_VERSION}/microsoft-git_${GIT_VERSION}.deb
83 | 
84 | dpkg -i "microsoft-git_${GIT_VERSION}.deb"
85 | 
86 | rm "microsoft-git_${GIT_VERSION}.deb"
87 | 
88 | rm -rf /var/lib/apt/lists/*
89 | echo "Done!"


--------------------------------------------------------------------------------
/test/_global/debian_tests.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library bundled with the devcontainer CLI
 6 | source dev-container-features-test-lib
 7 | 
 8 | check "git-version" bash -c "git --version | grep 'vfs'"
 9 | check "no-dirs"  grep -v "drwxr" <(ls -l /tmp/debian_tests)
10 | check "git-config" grep "ado-helper" <(cat /tmp/debian_tests/.git/config)
11 | check "dotnet" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-dotnet.sh)
12 | check "nuget" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-nuget.sh)
13 | 
14 | # Report result
15 | # If any of the checks above exited with a non-zero exit code, the test will fail.
16 | reportResults


--------------------------------------------------------------------------------
/test/_global/mariner_tests.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library bundled with the devcontainer CLI
 6 | source dev-container-features-test-lib
 7 | 
 8 | check "git-version" bash -c "git --version | grep 'vfs'"
 9 | check "no-dirs"  grep -v "drwxr" <(ls -l /tmp/mariner_tests)
10 | check "git-config" grep "ado-helper" <(cat /tmp/mariner_tests/.git/config)
11 | check "dotnet" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-dotnet.sh)
12 | check "nuget" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-nuget.sh)
13 | check "docfx-version" bash -c "docfx --version"
14 | 
15 | # Report result
16 | # If any of the checks above exited with a non-zero exit code, the test will fail.
17 | reportResults


--------------------------------------------------------------------------------
/test/_global/scenarios.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "debian_tests": {
 3 |         "image": "mcr.microsoft.com/devcontainers/python:3",
 4 |         "features": {
 5 |             "microsoft-git": {
 6 |                 "version": "2.39.2.vfs.0.0"
 7 |             },
 8 |             "artifacts-helper": {},
 9 |             "external-repository": {
10 |                 "gitProvider": "azuredevops",
11 |                 "cloneUrl": "https://github.com/devcontainers/features",
12 |                 "folder": "/tmp/debian_tests",
13 |                 "cloneSecret": "EXT_GIT_PAT",
14 |                 "options": "--single-branch --no-src",
15 |                 "scalar": "true"
16 |             }
17 |         },
18 |         "remoteEnv": {
19 |             "EXT_GIT_PAT": "dummypat"
20 |         },
21 |         "onCreateCommand": "external-git clone",
22 |         "postStartCommand": "external-git config"
23 |     },
24 |     "ubuntu_tests": {
25 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
26 |         "features": {
27 |             "microsoft-git": {},
28 |             "external-repository": {
29 |                 "gitProvider": "azuredevops",
30 |                 "cloneUrl": "https://github.com/devcontainers/features",
31 |                 "folder": "/tmp/ubuntu_tests",
32 |                 "cloneSecret": "EXT_GIT_PAT",
33 |                 "options": "--single-branch --no-src",
34 |                 "scalar": "true"
35 |             },
36 |             "artifacts-helper": {}
37 |         },
38 |         "remoteEnv": {
39 |             "EXT_GIT_PAT": "dummypat"
40 |         },
41 |         "onCreateCommand": "external-git clone",
42 |         "postStartCommand": "external-git config"
43 |     },
44 |     "mariner_tests": {
45 |         "image": "mcr.microsoft.com/cbl-mariner/base/core:2.0",
46 |         "features": {
47 |             "ghcr.io/devcontainers/features/common-utils:2": {},
48 |             "microsoft-git": {},
49 |             "external-repository": {
50 |                 "gitProvider": "azuredevops",
51 |                 "cloneUrl": "https://github.com/devcontainers/features",
52 |                 "folder": "/tmp/mariner_tests",
53 |                 "cloneSecret": "EXT_GIT_PAT",
54 |                 "options": "--single-branch --no-src",
55 |                 "scalar": "true"
56 |             },
57 |             "artifacts-helper": {},
58 |             "docfx": {"version": "latest"}
59 |         },
60 |         "remoteEnv": {
61 |             "EXT_GIT_PAT": "dummypat"
62 |         },
63 |         "onCreateCommand": "external-git clone",
64 |         "postStartCommand": "external-git config"
65 |     }
66 | }
67 | 


--------------------------------------------------------------------------------
/test/_global/ubuntu_tests.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library bundled with the devcontainer CLI
 6 | source dev-container-features-test-lib
 7 | 
 8 | check "git-version" bash -c "git --version | grep 'vfs'"
 9 | check "no-dirs"  grep -v "drwxr" <(ls -l /tmp/debian_tests)
10 | check "git-config" grep "ado-helper" <(cat /tmp/debian_tests/.git/config)
11 | check "dotnet" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-dotnet.sh)
12 | check "nuget" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-nuget.sh)
13 | 
14 | # Report result
15 | # If any of the checks above exited with a non-zero exit code, the test will fail.
16 | reportResults


--------------------------------------------------------------------------------
/test/artifacts-helper/check_python_and_keyring.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | # Import test library bundled with the devcontainer CLI
 4 | source dev-container-features-test-lib || exit 1
 5 | 
 6 | # Confidence check for prerequisites
 7 | check 'pip should be installed' python3 -m pip --version
 8 | 
 9 | check 'keyring should be installed' python3 -m pip show keyring
10 | check 'codespaces_artifacts_helper_keyring should be installed' python3 -m pip show codespaces_artifacts_helper_keyring
11 | 
12 | # Report results
13 | # If any of the checks above exited with a non-zero exit code, the test will fail.
14 | reportResults
15 | 


--------------------------------------------------------------------------------
/test/artifacts-helper/python312_and_keyring_debian.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | 
3 | set -e
4 | ./check_python_and_keyring.sh
5 | 


--------------------------------------------------------------------------------
/test/artifacts-helper/python38_and_keyring_debian.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | 
3 | set -e
4 | ./check_python_and_keyring.sh
5 | 


--------------------------------------------------------------------------------
/test/artifacts-helper/python38_and_keyring_ubuntu.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | 
3 | set -e
4 | ./check_python_and_keyring.sh
5 | 


--------------------------------------------------------------------------------
/test/artifacts-helper/python_and_no_keyring.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | # Import test library bundled with the devcontainer CLI
 4 | source dev-container-features-test-lib || exit 1
 5 | 
 6 | # Confidence check for prerequisites
 7 | check 'pip should be installed' bash -c 'python3 -m pip --version'
 8 | 
 9 | check 'codespaces_artifacts_helper_keyring should not be installed' bash -c '! python3 -m pip show codespaces_artifacts_helper_keyring'
10 | 
11 | # Report results
12 | # If any of the checks above exited with a non-zero exit code, the test will fail.
13 | reportResults


--------------------------------------------------------------------------------
/test/artifacts-helper/scenarios.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "python38_and_keyring_debian": {
 3 |         "image": "mcr.microsoft.com/devcontainers/base:debian",
 4 |         "features": {
 5 |             "ghcr.io/devcontainers/features/python:1": {
 6 |                 "version": "3.8"
 7 |             },
 8 |             "artifacts-helper": {
 9 |                 "python": true
10 |             }
11 |         }
12 |     },
13 |     "python38_and_keyring_ubuntu": {
14 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
15 |         "features": {
16 |             "ghcr.io/devcontainers/features/python:1": {
17 |                 "version": "3.8"
18 |             },
19 |             "artifacts-helper": {
20 |                 "python": true
21 |             }
22 |         }
23 |     },
24 |     "python312_and_keyring_debian": {
25 |         "image": "mcr.microsoft.com/devcontainers/base:debian",
26 |         "features": {
27 |             "ghcr.io/devcontainers/features/python:1": {
28 |                 "version": "3.12"
29 |             },
30 |             "artifacts-helper": {
31 |                 "python": true
32 |             }
33 |         }
34 |     },
35 |     "python_and_no_keyring": {
36 |         "image": "mcr.microsoft.com/devcontainers/base:debian",
37 |         "features": {
38 |             "ghcr.io/devcontainers/features/python:1": {
39 |                 "version": "3.8"
40 |             },
41 |             "artifacts-helper": {
42 |                 "python": false
43 |             }
44 |         }
45 |     }
46 | }


--------------------------------------------------------------------------------
/test/artifacts-helper/test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library bundled with the devcontainer CLI
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Feature-specific tests
 9 | check "dotnet" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-dotnet.sh)
10 | check "nuget" grep "pkgs.dev.azure.com" <(cat /usr/local/bin/run-nuget.sh)
11 | check "write-npm" /usr/local/bin/write-npm.sh pkgs.dev.azure.com && grep "pkgs.dev.azure.com" <(cat ~/.npmrc)
12 | 
13 | 
14 | # Report results
15 | # If any of the checks above exited with a non-zero exit code, the test will fail.
16 | reportResults


--------------------------------------------------------------------------------
/test/devtool/test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library bundled with the devcontainer CLI
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Feature-specific tests
 9 | check "devtool" grep "DevTool" <(cat ~/.bashrc)
10 | 
11 | # Report results
12 | # If any of the checks above exited with a non-zero exit code, the test will fail.
13 | reportResults


--------------------------------------------------------------------------------
/test/docfx/test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library bundled with the devcontainer CLI
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Feature-specific tests
 9 | check "version" bash -c "docfx --version | grep '2.67.5'"
10 | 
11 | # Report results
12 | # If any of the checks above exited with a non-zero exit code, the test will fail.
13 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/README.md:
--------------------------------------------------------------------------------
1 | Dropping a note here about the tests.
2 | 
3 | The automated tests run a set of tests on different platforms that tests
4 | installing this feature with no parameters. For this feature, these tests
5 | are expected to fail.
6 | 
7 | The tests that should not fail for this feature are the scenario tests. These
8 | run the tests with parameters and perform actual git operations etc.


--------------------------------------------------------------------------------
/test/external-repository/basic-install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | check "git-config" grep "ado-helper" <(cat /tmp/basic-repos/.git/config)
10 | 
11 | # Report result
12 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/branch-install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | touch ${HOME}/ado-auth-helper
10 | check "git-config" grep "ado-helper" <(cat /tmp/branch-repos/.git/config)
11 | check "branch" grep "joshaber/parallel-execution-schema" <(git -C /tmp/branch-repos branch --show-current)
12 | 
13 | # Report result
14 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/multi-install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | check "git-config-1" grep "ado-helper" <(cat /tmp/multi-repos/community/.git/config)
10 | check "git-config-2" grep "ado-helper" <(cat /tmp/multi-repos/spec/.git/config)
11 | check "git-config-3" grep "ado-helper" <(cat /tmp/multi-repos/devcontainers.github.io/.git/config)
12 | 
13 | # Report result
14 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/options-install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | check "git-config" grep "external-git helper" <(cat /tmp/options-repos/.git/config)
10 | 
11 | # Report result
12 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/scalar-basic.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | 
10 | check "git-config" grep "ado-helper" <(cat /tmp/scalar-basic/src/.git/config)
11 | check "no-dirs"  grep -v "drwxr" <(ls -l /tmp/scalar-basic/src)
12 | 
13 | # Report result
14 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/scalar-folder.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | 
10 | check "git-config" grep "ado-helper" <(cat /tmp/scalar-folder/.git/config)
11 | check "no-dirs"  grep -v "drwxr" <(ls -l /tmp/scalar-folder)
12 | 
13 | # Report result
14 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/scalar-no-src.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | 
10 | check "git-config" grep "ado-helper" <(cat /tmp/scalar-no-src/.git/config)
11 | check "no-dirs"  grep -v "drwxr" <(ls -l /tmp/scalar-no-src)
12 | 
13 | 
14 | # Report result
15 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/scenarios.json:
--------------------------------------------------------------------------------
  1 | {
  2 |     "basic-install": {
  3 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
  4 |         "features": {
  5 |             "external-repository": {
  6 |                 "cloneUrl": "https://github.com/devcontainers/community",
  7 |                 "cloneSecret": "EXT_GIT_PAT",
  8 |                 "folder": "/tmp/basic-repos"
  9 |             }
 10 |         },
 11 |         "remoteEnv": {
 12 |             "EXT_GIT_PAT": "dummypat"
 13 |         },   
 14 |         "postStartCommand": "external-git clone && external-git config"     
 15 |     },
 16 |     "multi-install": {
 17 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
 18 |         "features": {
 19 |             "external-repository": {
 20 |                 "cloneUrl": "https://github.com/devcontainers/community,https://github.com/devcontainers/spec.git,https://github.com/devcontainers/devcontainers.github.io",
 21 |                 "cloneSecret": "EXT_GIT_PAT",
 22 |                 "folder": "/tmp/multi-repos"
 23 |             }
 24 |         },
 25 |         "remoteEnv": {
 26 |             "EXT_GIT_PAT": "dummypat"
 27 |         },   
 28 |         "postStartCommand": "external-git clone && external-git config"     
 29 |     },
 30 |     "branch-install": {
 31 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
 32 |         "features": {
 33 |             "external-repository": {
 34 |                 "cloneUrl": "https://github.com/devcontainers/spec",
 35 |                 "cloneSecret": "EXT_GIT_PAT",
 36 |                 "folder": "/tmp/branch-repos"
 37 |             }
 38 |         },
 39 |         "remoteEnv": {
 40 |             "AZDO_BRANCH": "joshaber/parallel-execution-schema",
 41 |             "EXT_GIT_PAT": "dummypat"
 42 |         },
 43 |         "postStartCommand": "external-git clone && external-git config"     
 44 |     },
 45 |     "telemetry-msg": {
 46 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
 47 |         "features": {
 48 |             "external-repository": {
 49 |                 "cloneUrl": "https://github.com/devcontainers/community",
 50 |                 "folder": "/tmp/telemetry-msg",
 51 |                 "cloneSecret": "EXT_GIT_PAT",
 52 |                 "telemetrySource": "message"
 53 |             }
 54 |         },
 55 |         "remoteEnv": {
 56 |             "EXT_GIT_PAT": "dummypat"
 57 |         },    
 58 |         "onCreateCommand": "external-git clone",
 59 |         "postCreateCommand": "git config --global user.name 'Test User' && git config --global user.email 'testuser@microsoft.com'",
 60 |         "postStartCommand": "external-git config"     
 61 |     },
 62 |     "telemetry-name": {
 63 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
 64 |         "features": {
 65 |             "external-repository": {
 66 |                 "cloneUrl": "https://github.com/devcontainers/community",
 67 |                 "folder": "/tmp/telemetry-name",
 68 |                 "cloneSecret": "EXT_GIT_PAT",
 69 |                 "telemetrySource": "name"
 70 |             }
 71 |         },
 72 |         "remoteEnv": {
 73 |             "EXT_GIT_PAT": "dummypat"
 74 |         },    
 75 |         "onCreateCommand": "external-git clone",
 76 |         "postCreateCommand": "git config --global user.name 'Test User' && git config --global user.email 'testuser@microsoft.com'",
 77 |         "postStartCommand": "external-git config"     
 78 |     },
 79 |     "telemetry-email": {
 80 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
 81 |         "features": {
 82 |             "external-repository": {
 83 |                 "cloneUrl": "https://github.com/devcontainers/community",
 84 |                 "folder": "/tmp/telemetry-email",
 85 |                 "cloneSecret": "EXT_GIT_PAT",
 86 |                 "telemetrySource": "email"
 87 |             }
 88 |         },
 89 |         "remoteEnv": {
 90 |             "EXT_GIT_PAT": "dummypat"
 91 |         },    
 92 |         "onCreateCommand": "external-git clone",
 93 |         "postCreateCommand": "git config --global user.name 'Test User' && git config --global user.email 'testuser@microsoft.com'",
 94 |         "postStartCommand": "external-git config"     
 95 |     },
 96 |     "options-install": {
 97 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
 98 |         "features": {
 99 |             "external-repository": {
100 |                 "gitProvider": "other",
101 |                 "cloneUrl": "https://github.com/devcontainers/community",
102 |                 "folder": "/tmp/options-repos",
103 |                 "cloneSecret": "EXT_GIT_PAT",
104 |                 "options": "--depth 1 --single-branch --no-tags"
105 |             }
106 |         },
107 |         "remoteEnv": {
108 |             "EXT_GIT_PAT": "dummypat"
109 |         },    
110 |         "onCreateCommand": "external-git clone",
111 |         "postStartCommand": "external-git config"     
112 |     },
113 |     "scalar-basic": {
114 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
115 |         "features": {
116 |             "external-repository": {
117 |                 "cloneUrl": "https://github.com/devcontainers/features",
118 |                 "folder": "/tmp/scalar-basic",
119 |                 "cloneSecret": "EXT_GIT_PAT",
120 |                 "scalar": "true"
121 |             }
122 |         },
123 |         "remoteEnv": {
124 |             "EXT_GIT_PAT": "dummypat"
125 |         },    
126 |         "onCreateCommand": "external-git clone",
127 |         "postStartCommand": "external-git config"     
128 |     },
129 |     "scalar-no-src": {
130 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
131 |         "features": {
132 |             "microsoft-git": {"version": "latest"},
133 |             "external-repository": {
134 |                 "gitProvider": "azuredevops",
135 |                 "cloneUrl": "https://github.com/devcontainers/features",
136 |                 "folder": "/tmp/scalar-no-src",
137 |                 "cloneSecret": "EXT_GIT_PAT",
138 |                 "options": "--single-branch --no-src",
139 |                 "scalar": "true"
140 |             }
141 |         },
142 |         "remoteEnv": {
143 |             "EXT_GIT_PAT": "dummypat"
144 |         },    
145 |         "onCreateCommand": "external-git clone",
146 |         "postStartCommand": "external-git config"     
147 |     },
148 |     "sparse-test": {
149 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
150 |         "features": {
151 |             "microsoft-git": {"version": "latest"},
152 |             "external-repository": {
153 |                 "cloneUrl": "https://github.com/devcontainers/features",
154 |                 "folder": "/tmp/sparse-repos",
155 |                 "cloneSecret": "EXT_GIT_PAT",
156 |                 "options": "--single-branch",
157 |                 "scalar": "true",
158 |                 "sparseCheckout": "src/common-utils test/common-utils"
159 |             }
160 |         },
161 |         "remoteEnv": {
162 |             "EXT_GIT_PAT": "dummypat"
163 |         },    
164 |         "onCreateCommand": "external-git clone",
165 |         "postStartCommand": "external-git config"     
166 |     },
167 |     "scalar-folder": {
168 |         "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
169 |         "features": {
170 |             "microsoft-git": {"version": "latest"},
171 |             "external-repository": {
172 |                 "gitProvider": "azuredevops",
173 |                 "cloneUrl": "https://github.com/devcontainers/features",
174 |                 "folder": "/tmp/scalar-folder",
175 |                 "cloneSecret": "EXT_GIT_PAT",
176 |                 "options": "--single-branch --no-src",
177 |                 "scalar": "true"
178 |             }
179 |         },
180 |         "remoteEnv": {
181 |             "EXT_GIT_PAT": "dummypat"
182 |         },    
183 |         "onCreateCommand": "mkdir /tmp/scalar-folder && external-git clone",
184 |         "postStartCommand": "external-git config"     
185 |     }    
186 | }


--------------------------------------------------------------------------------
/test/external-repository/sparse-test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | 
10 | check "git-config" grep "ado-helper" <(cat /tmp/sparse-repos/src/.git/config)
11 | check "dirs"  grep "drwxr" <(ls -l /tmp/sparse-repos/src)
12 | 
13 | # Report result
14 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/telemetry-email.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | 
10 | check "git-config" grep "ado-helper" <(cat /tmp/telemetry-email/.git/config)
11 | 
12 | cd /tmp/telemetry-email
13 | export CODESPACE_NAME="commit.hooks-testing"
14 | echo "Make changes to README.md" >> README.md
15 | git add README.md
16 | git commit -m "Change the README.md file"
17 | 
18 | check "hook" grep "+codespaces" <(git log -1)
19 | 
20 | # Report result
21 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/telemetry-msg.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | 
10 | check "git-config" grep "ado-helper" <(cat /tmp/telemetry-msg/.git/config)
11 | 
12 | cd /tmp/telemetry-msg
13 | export CODESPACE_NAME="commit.hooks-testing"
14 | echo "Make changes to README.md" >> README.md
15 | git add README.md
16 | git commit -m "Change the README.md file"
17 | 
18 | check "hook" grep "Codespace:" <(git log -1)
19 | 
20 | # Report result
21 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/telemetry-name.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Definition specific tests
 9 | 
10 | check "git-config" grep "ado-helper" <(cat /tmp/telemetry-name/.git/config)
11 | 
12 | cd /tmp/telemetry-name
13 | export CODESPACE_NAME="commit.hooks-testing"
14 | echo "Make changes to README.md" >> README.md
15 | git add README.md
16 | git commit -m "Change the README.md file"
17 | 
18 | check "hook" grep "(Codespaces)" <(git log -1)
19 | 
20 | # Report result
21 | reportResults


--------------------------------------------------------------------------------
/test/external-repository/test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library bundled with the devcontainer CLI
 6 | source dev-container-features-test-lib
 7 | 
 8 | # Feature-specific tests
 9 | check "installed" grep "devcontainer" <(external-git)
10 | 
11 | # Report results
12 | # If any of the checks above exited with a non-zero exit code, the test will fail.
13 | reportResults


--------------------------------------------------------------------------------
/test/go/install_go_tool_in_postCreate.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | check "mkcert version" bash -c "mkcert --version | grep v1.4.2"
 9 | check "mkcert is installed at correct path" bash -c "which mkcert | grep /go/bin/mkcert"
10 | check "golangci-lint version" bash -c "golangci-lint --version | grep 'golangci-lint has version 1.50.0'"
11 | 
12 | # Report result
13 | reportResults


--------------------------------------------------------------------------------
/test/go/install_go_twice.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | check "go-version" bash -c "go version | grep 1.19"
 9 | 
10 | # Report result
11 | reportResults


--------------------------------------------------------------------------------
/test/go/install_mariner.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | check "go-version" bash -c "go version"
 9 | check "golangci-lint version" bash -c "golangci-lint --version | grep 'golangci-lint has version 1.50.0'"
10 | 
11 | # Report result
12 | reportResults


--------------------------------------------------------------------------------
/test/go/scenarios.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "install_go_tool_in_postCreate": {
 3 |         "image": "ubuntu:focal",
 4 |         "features": {
 5 |             "go": {
 6 |                 "version": "latest",
 7 |                 "golangciLintVersion": "1.50.0"
 8 |             }
 9 |         },
10 |         "postCreateCommand": "go install filippo.io/mkcert@v1.4.2"
11 |     },
12 |     "install_mariner": {
13 |         "image": "mcr.microsoft.com/cbl-mariner/base/core:2.0",
14 |         "features": {
15 |             "go": {
16 |                 "version": "latest",
17 |                 "golangciLintVersion": "1.50.0"
18 |             }
19 |         }
20 |     }, 
21 |     "install_go_twice": {
22 |         "image": "mcr.microsoft.com/devcontainers/go:1.18",
23 |         "features": {
24 |             "go": {
25 |                 "version": "1.19"
26 |             }
27 |         }
28 |     }
29 | }


--------------------------------------------------------------------------------
/test/go/test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Optional: Import test library
 6 | source dev-container-features-test-lib
 7 | 
 8 | # go
 9 | check "version" go version
10 | 
11 | # revive
12 | check "revive version" revive --version
13 | check "revive is installed at correct path" bash -c "which revive | grep /go/bin/revive"
14 | 
15 | # gomodifytags
16 | check "gomodifytags is installed at correct path" bash -c "which gomodifytags | grep /go/bin/gomodifytags"
17 | 
18 | # goplay
19 | check "goplay is installed at correct path" bash -c "which goplay | grep /go/bin/goplay"
20 | 
21 | # gotests
22 | check "gotests is installed at correct path" bash -c "which gotests | grep /go/bin/gotests"
23 | 
24 | # impl
25 | check "impl is installed at correct path" bash -c "which impl | grep /go/bin/impl"
26 | 
27 | # Report result
28 | reportResults


--------------------------------------------------------------------------------
/test/microsoft-git/test.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | source dev-container-features-test-lib
 6 | 
 7 | check "version" bash -c "git --version | grep 'vfs'"
 8 | check "clone" scalar clone --single-branch https://github.com/devcontainers/features /tmp/scalar-clone
 9 | 
10 | # Report results
11 | # If any of the checks above exited with a non-zero exit code, the test will fail.
12 | reportResults


--------------------------------------------------------------------------------