How to set up a devcontainer together with a Docker entrypoint script?

Question

Background

I have a git repository with a Dockerfile inside as well as entrypoint.sh script.
It is set to build a development container with a non-root user, see a (minimal, simplified) example below:

Dockerfile:

FROM bitnami/minideb:bullseye
ENV LANG C.UTF-8
COPY entrypoint.sh /bin/entrypoint.sh
RUN /bin/bash -c "chmod +x /bin/entrypoint.sh"
ENTRYPOINT ["/bin/entrypoint.sh"]
CMD ["/bin/bash"]

Entrypoint:

#!/bin/bash

ID=${HOSTUID:-9001}
useradd --shell /bin/bash -u $ID -o -c "" -m user
export HOME=/home/user
exec /usr/sbin/gosu user "$@"

This works well on my local machine where I can build a container and then docker exec interactively a bash shell to operate/test inside with docker exec -it {NAME} bash,

Question

I have recently noticed a raise of the devcontainer standard which is used by GitHub Codespaces as well as DevPod and I wanted to add a devcontainer.json file to my repository so that I can start an in-browser VS Code instance which runs inside my container (based on the two files above).

My JSON configuration:

{

    "name": "dev",

    "build": {
        "dockerfile": "../Dockerfile"
    },

    "customizations": {
        "codespaces": {
            "openFiles": []
        }
    }

}

However, whenever I start a new instance of the development environment I can check in the terminal inside that I am still root, not user. I checked with cat /etc/passwd that the latter is not even created, which suggests to me that the entrypoint script was not executed.

Could someone please let me know how should I set up the devcontainer.json file so that the terminal inside the development environment is the same as when building the container manually?

PS:

All this is based on a public repo of mine: https://github.com/AngryMaciek/hypercomplex.
Feel free to fork it and test possible solutions yourselves with Codespaces.

Answer 1

I'm using a response from Pascal at loft which I do believe has a good answer for what it seems you're looking for

It looks like the Dockerfiles are only used for the build aspect of the process. If you want to achieve something similar to entrypoint with the devcontainer.json spec, take a look at lifecycle scripts at https://containers.dev/implementors/json_reference/#lifecycle-scripts

In this case I think you're wanting to use the onCreateCommand :)

Adding a bit more context here - as with most things "it depends" but here's a few examples and things to think about

1. for user related items specifically you may want to look at https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user - there's a decent amount of gotchas with volumes and what not to keep in mind

2. for running a script style for the hooks you can try something like

   { "image": "mcr.microsoft.com/devcontainers/base:bullseye", "postCreateCommand": "entrypoint.sh" }

That being said it's going to depend on what's launching the devcontainer and how mature the implementation is. Obviously VSCode is going to be a bit ahead of the rest.