Skip to content

Dev #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Siddharth2207 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Dev #77

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"image": "ghcr.io/zombiezen/codespaces-nix",
Copy link

@coderabbitai coderabbitai bot Jul 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

❓ Verification inconclusive

Pin the container image to a digest for deterministic builds

Referencing the image without a digest means every rebuild could silently pull a newer, potentially incompatible layer set. Pinning to a sha256 digest guarantees reproducibility and guards against supply-chain surprises.

-  "image": "ghcr.io/zombiezen/codespaces-nix",
+  "image": "ghcr.io/zombiezen/codespaces-nix@sha256:<replace-with-published-digest>",

Pin the devcontainer image to a specific digest for deterministic builds
Referencing the image without a digest means every rebuild could pull a newer, incompatible layer set. Pinning to a sha256 digest guarantees reproducible, supply-chain hardened builds.

• File: .devcontainer.json (line 2)
• Replace:

-  "image": "ghcr.io/zombiezen/codespaces-nix",
+  "image": "ghcr.io/zombiezen/codespaces-nix@sha256:<replace-with-published-digest>",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"image": "ghcr.io/zombiezen/codespaces-nix",
"image": "ghcr.io/zombiezen/codespaces-nix@sha256:<replace-with-published-digest>",
🤖 Prompt for AI Agents 
In .devcontainer.json at line 2, the image reference should be pinned to a
specific sha256 digest to ensure deterministic builds. Replace the current image
tag with the full image reference including the sha256 digest to guarantee
reproducible and secure builds.

"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}
}
}
Comment on lines +1 to +6
Copy link

@coderabbitai coderabbitai bot Jul 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Consider adding remoteUser and workspaceFolder for better DX

By default the container runs as root in /workspaces/<repo>, which may lead to permission quirks and verbose paths. A minimal augmentation could be:

   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2": {}
-  }
+  },
+  "remoteUser": "vscode",
+  "workspaceFolder": "/workspace"

This follows Dev Container best-practices and prevents accidental root-owned artefacts on the host.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
{
"image": "ghcr.io/zombiezen/codespaces-nix",
"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}
}
}
{
"image": "ghcr.io/zombiezen/codespaces-nix",
"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}
},
"remoteUser": "vscode",
"workspaceFolder": "/workspace"
}
🤖 Prompt for AI Agents 
In .devcontainer.json lines 1 to 6, the configuration lacks the remoteUser and
workspaceFolder settings, causing the container to run as root in
/workspaces/<repo>, which can lead to permission issues and verbose paths. Add a
"remoteUser" property with a non-root user (e.g., "vscode") and set
"workspaceFolder" to a simpler path like "/workspace" to improve developer
experience and follow best practices.