features
features copied to clipboard
devcontainers
is there a way to not install feature dependencies?
Hi Team,
I'm using a feature, which has deps but i'd like to not install them as they try to point to the public repos which I don't have access to, and the container fails with exit 1.
[16109 ms] Resolving Feature dependencies for 'internalmirror/joshuanianji/devcontainer-features/aws-cli-persistence:latest'...
[16110 ms] * Processing feature: internalmirror/joshuanianji/devcontainer-features/aws-cli-persistence:latest
[23012 ms] * Processing feature: ghcr.io/devcontainers/features/aws-cli
So the issue with this one is it has a dep of ghcr.io/devcontainers/features/aws-cli , which I can't override the location for, so it will always fail.
There there any way to tell it to ignore feature deps?
Hi 👋
Does internalmirror/joshuanianji/devcontainer-features/aws-cli-persistence:latest have a dependsOn property added to the Feature? Then, it has a hard dependency on the ghcr.io/devcontainers/features/aws-cli Feature. In that case, we don't have a way to ignore hard dependencies as the dev container is ought to fail in such a scenario. Feature authors should only add dependsOn property if their Feature will fail without the dependent Feature. As internalmirror/joshuanianji/devcontainer-features/aws-cli-persistence:latest is a community authored Feature, I'd suggest reaching out to them.
However, if it is something like https://github.com/joshuanianji/devcontainer-features/blob/main/src/aws-cli-persistence/devcontainer-feature.json#L15-L17, the Feature has a soft dependency on the ghcr.io/devcontainers/features/aws-cli Feature. Hence, if you don't add ghcr.io/devcontainers/features/aws-cli to the features property, it won't get installed.
Example 👇
{
"image": "mcr.microsoft.com/devcontainers/base",
"features": {
"ghcr.io/joshuanianji/devcontainer-features/aws-cli-persistence:latest": {}
}
}
If you think the dev containers spec should have an option to ignore dependsOn, then feel free to open a spec issue. However, I don't think that makes sense as the dev container will still fail as a Feature has a hard dependency on another Feature.
Let me know if I have misunderstood your question (as I don't have access to internalmirror/joshuanianji, I could have misinterpreted your question)
Ignore isn't perhaps the right solution/question - the right one would be able to override the container repository in my I modify the the source of the dev container to one that my org can reach, but the InstallsAfter you referenced causes it to fail as that isn't modified - Nor can I without updating the devcontainer-feature.json
However, if it is something like https://github.com/joshuanianji/devcontainer-features/blob/main/src/aws-cli-persistence/devcontainer-feature.json#L15-L17, the Feature has a soft dependency on the ghcr.io/devcontainers/features/aws-cli Feature. Hence, if you don't add ghcr.io/devcontainers/features/aws-cli to the features property, it won't get installed.
You say its a soft feature? it still tried to get the image which is where it fails - when I test it from a place where connectivity works..
[2023-10-12T05:22:38.400Z] Resolving Feature dependencies for 'ghcr.io/joshuanianji/devcontainer-features/aws-cli-persistence:latest'...
[2023-10-12T05:22:38.400Z] * Processing feature: ghcr.io/joshuanianji/devcontainer-features/aws-cli-persistence:latest
[2023-10-12T05:22:38.884Z] Start: Run: docker-credential-desktop get
[2023-10-12T05:22:39.855Z] Stop (971 ms): Run: docker-credential-desktop get
[2023-10-12T05:22:40.653Z] * Processing feature: ghcr.io/devcontainers/features/aws-cli
[2023-10-12T05:22:41.950Z] Soft-dependency 'ghcr.io/devcontainers/features/aws-cli' is not required. Removing from installation order...
And when it doesn't work - if it didn't try to "process the feature" it would be OK.
[2023-10-12T04:18:06.779Z] Resolving Feature dependencies for 'INTERNALREPO/joshuanianji/devcontainer-features/aws-cli-persistence:latest'...
[2023-10-12T04:18:06.780Z] * Processing feature: INTERNALREPO/joshuanianji/devcontainer-features/aws-cli-persistence:latest
[2023-10-12T04:18:13.682Z] * Processing feature: ghcr.io/devcontainers/features/aws-cli
[2023-10-12T04:18:13.868Z] Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1535:34)
at TLSSocket.emit (node:events:513:28)
at TLSSocket._finishInit (node:_tls_wrap:949:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:730:12)
<snip...>
[2023-10-12T04:18:13.872Z] Exit code 1
You say its a soft feature? it still tried to get the image which is where it fails - when I test it from a place where connectivity works..
[2023-10-12T05:22:38.400Z] Resolving Feature dependencies for 'ghcr.io/joshuanianji/devcontainer-features/aws-cli-persistence:latest'... [2023-10-12T05:22:38.400Z] * Processing feature: ghcr.io/joshuanianji/devcontainer-features/aws-cli-persistence:latest [2023-10-12T05:22:38.884Z] Start: Run: docker-credential-desktop get [2023-10-12T05:22:39.855Z] Stop (971 ms): Run: docker-credential-desktop get [2023-10-12T05:22:40.653Z] * Processing feature: ghcr.io/devcontainers/features/aws-cli [2023-10-12T05:22:41.950Z] Soft-dependency 'ghcr.io/devcontainers/features/aws-cli' is not required. Removing from installation order...
From the logs ^ I don't see it installing ghcr.io/devcontainers/features/aws-cli, when it's says processing, it's trying to figure out what to do with this Feature. As the CLI does not find it in the features object, it ignores it's installation. This is working as expected. Notice Soft-dependency 'ghcr.io/devcontainers/features/aws-cli' is not required. Removing from installation order...
it still tried to get the image which is where it fails - when I test it from a place where connectivity works..
What happens if you create a container with ? 👇 For me, it does not attempt to install ghcr.io/devcontainers/features/aws-cli
{
"image": "mcr.microsoft.com/devcontainers/base",
"features": {
"ghcr.io/joshuanianji/devcontainer-features/aws-cli-persistence:latest": {}
}
}
INTERNALREPO/joshuanianji/devcontainer-features/aws-cli-persistence:latest
This ^ seems to be different than ghcr.io/joshuanianji/devcontainer-features/aws-cli-persistence:latest, look at the prefix (INTERNALREPO). Is it a local Feature? or a private one? Without looking at the contents of the Feature, I won't be able to find the bug.
For able to reproduce the problem or suggest a solution -
- Can you share your dev container config?
- If it involves using a private/internal Feature, can you tell me if it uses
dependsOnorinstallsAfterproperty? If any (or both), can you share the values?
On my side you have to assume I have zero connectivity to places like ghcr.io, so the above example won't work it will just error out.
If I test in a place where I have connectivity it works fine.
The "INTERNALREPO" is just my way of saying i'm using a private repo, but i'm not showing you what that is for security reasons.
Inside my devcontainers.json this is a simplified version of what i'm trying to achieve
{
"image": "mcr.myinternal.repo/devcontainers/base:ubuntu-22.04",
"features": {
"ghcrio.myinteral.repo/joshuanianji/devcontainer-features/aws-cli-persistence:latest": {}
}
}
it downloads that fine, but then it tries to from the feature, try to lookup ghcr.io/devcontainers/features/aws-cli which you calls is a soft dependency. it looks like its trying to download that container to validate that it is a soft dependency?
Hope that is clear.
Here's a good log output of a failure
[2023-10-16T00:06:51.325Z] Start: Run: docker inspect --type image mcr.private.internal.repo/devcontainers/base:ubuntu-22.04
[2023-10-16T00:06:51.813Z] Stop (488 ms): Run: docker inspect --type image mcr.private.internal.repo/devcontainers/base:ubuntu-22.04
[2023-10-16T00:06:51.817Z] local container features stored at: c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\node_modules\vscode-dev-containers\container-features
[2023-10-16T00:06:51.822Z] Start: Run: tar --no-same-owner -x -f -
[2023-10-16T00:06:52.059Z] Stop (237 ms): Run: tar --no-same-owner -x -f -
[2023-10-16T00:06:52.145Z] Resolving Feature dependencies for 'ghcrio.private.internal.repo/joshuanianji/devcontainer-features/aws-cli-persistence:latest'...
[2023-10-16T00:06:52.145Z] * Processing feature: ghcrio.private.internal.repo/joshuanianji/devcontainer-features/aws-cli-persistence:latest
[2023-10-16T00:06:52.517Z] Start: Run: docker-credential-desktop get
[2023-10-16T00:06:53.620Z] Stop (1103 ms): Run: docker-credential-desktop get
[2023-10-16T00:06:55.357Z] * Processing feature: ghcr.io/devcontainers/features/aws-cli
[2023-10-16T00:06:55.811Z] Start: Run: docker-credential-desktop get
[2023-10-16T00:06:56.640Z] Stop (829 ms): Run: docker-credential-desktop get
[2023-10-16T00:06:58.291Z] Error getting blob: Error: read ECONNRESET
[2023-10-16T00:06:58.292Z] Error: Failed to download package for ghcr.io/devcontainers/features/aws-cli
[2023-10-16T00:06:58.292Z] at cC (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:285:18414)
[2023-10-16T00:06:58.293Z] at process.processTicksAndRejections (node:internal/process/task_queues:96:5)
[2023-10-16T00:06:58.293Z] at async bJ (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:285:25869)
[2023-10-16T00:06:58.294Z] at async C$ (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:285:25409)
[2023-10-16T00:06:58.294Z] at async DC (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:285:26623)
[2023-10-16T00:06:58.294Z] at async $u (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:285:26849)
[2023-10-16T00:06:58.294Z] at async sc (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:390:2361)
[2023-10-16T00:06:58.295Z] at async kC (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:392:1883)
[2023-10-16T00:06:58.295Z] at async Tw (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:409:4814)
[2023-10-16T00:06:58.295Z] at async tAA (c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js:427:2378)
[2023-10-16T00:06:58.321Z] Stop (24709 ms): Run: C:\Users\username\AppData\Local\Programs\Microsoft VS Code\Code.exe --ms-enable-electron-run-as-node c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js up --user-data-folder c:\Users\username\AppData\Roaming\Code\User\globalStorage\ms-vscode-remote.remote-containers\data --container-session-data-folder /tmp/devcontainers-d1760ed3-4066-4ce5-bbf1-a6cb44e8c66e1697414777092 --workspace-folder c:\git_repos\icaf.platform --workspace-mount-consistency cached --id-label devcontainer.local_folder=c:\git_repos\icaf.platform --id-label devcontainer.config_file=c:\git_repos\icaf.platform\.devcontainer\devcontainer.json --log-level debug --log-format json --config c:\git_repos\icaf.platform\.devcontainer\devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true
[2023-10-16T00:06:58.322Z] Exit code 1
[2023-10-16T00:06:58.331Z] Command failed: C:\Users\username\AppData\Local\Programs\Microsoft VS Code\Code.exe --ms-enable-electron-run-as-node c:\Users\username\.vscode\extensions\ms-vscode-remote.remote-containers-0.309.0\dist\spec-node\devContainersSpecCLI.js up --user-data-folder c:\Users\username\AppData\Roaming\Code\User\globalStorage\ms-vscode-remote.remote-containers\data --container-session-data-folder /tmp/devcontainers-d1760ed3-4066-4ce5-bbf1-a6cb44e8c66e1697414777092 --workspace-folder c:\git_repos\icaf.platform --workspace-mount-consistency cached --id-label devcontainer.local_folder=c:\git_repos\icaf.platform --id-label devcontainer.config_file=c:\git_repos\icaf.platform\.devcontainer\devcontainer.json --log-level debug --log-format json --config c:\git_repos\icaf.platform\.devcontainer\devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true
[2023-10-16T00:06:58.332Z] Exit code 1
Took a look at this problem and I'm pretty sure the Devcontainer CLI makes network requests to soft dependencies even if they are ultimately removed. I think this is mainly for metadata retrieval, though.
@davidcba1 if you want a more detailed log of the error, you can set the dev.containers.logLevel setting to trace. It won't print out every single network request but might give some more info.
I took a look at the devcontainer/cli code to confirm my suspicion - I'm not familiar with the codebase so here are some relevant files/functions to keep track (and some possibly incorrect explanations):
featuresResolveDependencies: the "top-level" resolve function - specifically when we callbuildDependencyGraphprocessFeaturefunction: fetches feature metadata
buildDependencyGraph: creates the dependency graph but the actual work is done by:_buildDependencyGraph: traversesdependsOnandinstallsAfterattributes recursively with DFS (skips recursing soft dependencies)
The culprit probably lies in _buildDependencyGraph calling processFeature. The processFeature call chain is quite long but it eventually ends up fetching a manifest URL for oci (normal) features (processFeature > processFeatureIdentifier > getFeatureIdType > fetchOCIFeatureManifestIfExistsFromUserIdentifier > fetchOCIManifestIfExists).
No idea how on a fix, though. Maybe one solution would be to have an "overrideRegistry" attribute in the devcontainer spec that replaces all instances of ghcr.io, although this seems very hacky. The code supports different types of features (direct tarball, file path and "regular" oci) so there are a few cases to consider.
Thanks for the input @joshuanianji, the issue is that we just can't talk out to public sites we need to use internal mirrors - so while I've told it to use an internal mirror for your feature, it tries to talk to ghcr.io for the dep and fails.
[7321 ms] * Processing feature: ghcr.io/devcontainers/features/aws-cli
[7479 ms] Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1543:34)
at TLSSocket.emit (node:events:513:28)
at TLSSocket._finishInit (node:_tls_wrap:962:8)
at ssl.onhandshakedone (node:_tls_wrap:746:12)
[7482 ms] Exit code 1
[10065 ms] Error: read ECONNRESET
at TLSWrap.onStreamRead (node:internal/stream_base_commons:217:20)
I think my only option at this point is to clone your code internally and just modify the deps to point to our internal repos.
No worries @davidcba1. There doesn't seem to be a way to prevent the devcontainers cli to talk to ghcr.io so forking/cloning is probably the only way.