开发容器启动配置

构建脚本-补充导出
开发容器配置-默认bash
2026-03-01 11:44:26 +00:00 · 2026-03-01 11:23:46 +00:00 · 2026-02-17 14:33:46 +00:00 · 2026-02-16 15:02:44 +08:00 · 2026-02-16 15:02:44 +08:00 · 2026-02-16 15:02:44 +08:00
23 changed files with 215 additions and 176 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1 @@
 COMPOSE_PROJECT_NAME=devcontainers
--- a/26
+++ b/26
@@ -1,26 +0,0 @@
 # 切换到 bash
 SHELL := /bin/bash
 # 定义变量
 REGISTRY ?= crpi-kbfsbvlqwt19zxum-vpc.cn-hongkong.personal.cr.aliyuncs.com/registry-yqxpro
 GIT_SHA := $(shell git rev-parse --short HEAD)
 # 定义所有需要构建的子目录
 SUBDIRS = common-base develop-base universal-base
 all: $(SUBDIRS)
 # 目录构建规则
 $(SUBDIRS):
 	@echo "Building $@..."
 	@pushd $@ && \
 		npx devcontainer build \
 			--platform linux/amd64,linux/arm64 \
 			--image-name $(REGISTRY)/devcontainers-$@ \
 			--cache-to type=local,dest=$(HOME)/docker-buildcache/devcontainers/$@,mode=max \
 			--cache-from type=local,src=$(HOME)/docker-buildcache/devcontainers/$@ && \
 		docker push $(REGISTRY)/devcontainers-$@ &&\
 		popd
 # 伪目标声明
 .PHONY: all $(SUBDIRS)
--- a/1
+++ b/1
@@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXPddCUCbsAShg6+21q/MIvFM27xlqVr+Yg3MoHqUZp
--- a/build.sh
+++ b/build.sh
@@ -1,30 +1,29 @@
 #!/bin/bash
 set -e
 export REGISTRY=registry.yqxpro.com
 pushd common-base
 npx devcontainer build \
 			--platform linux/amd64,linux/arm64 \
-			--image-name ${REGISTRY}/devcontainers/common-base \
+			--image-name ${REGISTRY}/devcontainers/common-base --push \
 			--cache-to type=registry,ref=${REGISTRY}/devcontainers/common-base:buildcache,mode=max \
-			--cache-from type=registry,ref=${REGISTRY}/devcontainers/common-base:buildcache && \
+			--cache-from type=registry,ref=${REGISTRY}/devcontainers/common-base:buildcache
 		docker push ${REGISTRY}/devcontainers/common-base &&\
 popd
 pushd develop-base
 npx devcontainer build \
 			--platform linux/amd64,linux/arm64 \
-			--image-name ${REGISTRY}/devcontainers/develop-base \
+			--image-name ${REGISTRY}/devcontainers/develop-base --push \
-			--cache-to type=local,ref=${REGISTRY}/devcontainers/develop-base,mode=max \
+			--cache-to type=registry,ref=${REGISTRY}/devcontainers/develop-base:buildcache,mode=max \
-			--cache-from type=local,ref=${REGISTRY}/devcontainers/develop-base && \
+			--cache-from type=registry,ref=${REGISTRY}/devcontainers/develop-base:buildcache
 		docker push ${REGISTRY}/devcontainers/develop-base &&\
 popd
 pushd universal-base
 npx devcontainer build \
 			--platform linux/amd64,linux/arm64 \
-			--image-name ${REGISTRY}/devcontainers/universal-base \
+			--image-name ${REGISTRY}/devcontainers/universal-base --push \
-			--cache-to type=local,dest=${HOME}/docker-buildcache/devcontainers/universal-base,mode=max \
+			--cache-to type=registry,ref=${REGISTRY}/devcontainers/universal-base:buildcache,mode=max \
-			--cache-from type=local,src=${HOME}/docker-buildcache/devcontainers/universal-base && \
+			--cache-from type=registry,ref=${REGISTRY}/devcontainers/universal-base:buildcache
 		docker push ${REGISTRY}/devcontainers/universal-base &&\
 popd
--- a/build/build-image.sh
+++ b/build/build-image.sh
@@ -0,0 +1,37 @@
 #!/bin/bash
 set -eux
 export BUILDX_BUILDER=hk-builder
 export REGISTRY="registry.yqxpro.com"
 export S3_ENDPOINT_URL=https://oss-cn-hongkong-internal.aliyuncs.com
 export S3_REGION=cn-hongkong
 export S3_BUCKET=hk-builder-cache-yqxpro
 export S3_ACCESSKEY=LTAI5t8AtjWfsqQWYnyBeCjH
 export S3_SECRETKEY=UPKF20AmcW2zB5BwAMIQeQgZeTkMEs
 export S3_CONFIG=endpoint_url=${S3_ENDPOINT_URL},region=${S3_REGION},bucket=${S3_BUCKET},access_key_id=${S3_ACCESSKEY},secret_access_key=${S3_SECRETKEY}
 build() {
  local target="$1"
  echo "Build $target started"
  pushd $target
  npx devcontainer build \
 			--platform linux/amd64,linux/arm64 \
 			--image-name ${REGISTRY}/devcontainers/$target --push \
 	    --cache-to type=s3,${S3_CONFIG},prefix=$target/,mode=max \
 			--cache-from type=s3,${S3_CONFIG},prefix=$target/
  popd
  echo "Build $target completed"
 }
 main() {
  for target in "$@"; do
    build "$target"
  done
 }
 main "$@"
--- a/build/builder-setup.sh
+++ b/build/builder-setup.sh
@@ -0,0 +1,10 @@
 #!/bin/bash
 set -eux
 export TARGET_USER=ecs-user
 export REGISTRY_IP=172.22.178.82
 curl -fsSL https://raw.githubusercontent.com/docker/docker-install/master/install.sh | sh
 sudo usermod -aG docker $TARGET_USER
 echo "$REGISTRY_IP registry.yqxpro.com" | sudo tee -a /etc/hosts
--- a/build/host-setup.sh
+++ b/build/host-setup.sh
@@ -0,0 +1,19 @@
 #!/bin/bash
 set -eux
 # SSH 配置中先准备好 hk-builder-linux-arm64 和 hk-builder-linux-amd64
 docker buildx create \
  --name hk-builder \
  --driver docker-container \
  --driver-opt network=host \
  --platform linux/amd64 \
  --node hk-builder-linux-amd64 \
  ssh://hk-builder-linux-amd64
 docker buildx create \
  --name hk-builder \
  --driver docker-container \
  --driver-opt network=host \
  --platform linux/arm64 \
  --append \
  --node hk-builder-linux-arm64 \
  ssh://hk-builder-linux-arm64
--- a/build/publish-image.sh
+++ b/build/publish-image.sh
@@ -0,0 +1,36 @@
 #!/bin/bash
 set -eux
 export REGISTRY=registry.yqxpro.com
 export REGISTRY_PUBLISH=crpi-kbfsbvlqwt19zxum-vpc.cn-hongkong.personal.cr.aliyuncs.com/registry-yqxpro
 export TAG=$(git rev-parse --short HEAD)
 sudo apt update
 sudo apt install -y skopeo
 docker login $REGISTRY_PUBLISH
 skopeo copy --all \
  docker://${REGISTRY}/devcontainers/common-base:latest \
  docker://${REGISTRY_PUBLISH}/devcontainers-common-base:latest
 skopeo copy --all \
  docker://${REGISTRY}/devcontainers/common-base:latest \
  docker://${REGISTRY_PUBLISH}/devcontainers-common-base:${TAG}
 skopeo copy --all \
  docker://${REGISTRY}/devcontainers/develop-base:latest \
  docker://${REGISTRY_PUBLISH}/devcontainers-develop-base:latest
 skopeo copy --all \
  docker://${REGISTRY}/devcontainers/develop-base:latest \
  docker://${REGISTRY_PUBLISH}/devcontainers-develop-base:${TAG}
 skopeo copy --all \
  docker://${REGISTRY}/devcontainers/universal-base:latest \
  docker://${REGISTRY_PUBLISH}/devcontainers-universal-base:latest
 skopeo copy --all \
  docker://${REGISTRY}/devcontainers/universal-base:latest \
  docker://${REGISTRY_PUBLISH}/devcontainers-universal-base:${TAG}
 skopeo copy --all \
  docker://${REGISTRY}/devcontainers/universal-base:latest \
  oci-archive:devcontainers-universal-base.tar
--- a/build/registry-setup.sh
+++ b/build/registry-setup.sh
@@ -0,0 +1,13 @@
 #!/bin/bash
 set -eux
 tar xvzf certs.tgz
 docker run -d \
  --restart=always \
  --name registry \
  -v "$(pwd)"/certs:/certs \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.yqxpro.com.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/registry.yqxpro.com.key \
  -p 443:443 \
  registry:3
--- a/combined-init.sh
+++ b/combined-init.sh
@@ -0,0 +1,13 @@
 #!/bin/bash
 set -eux
 /usr/local/share/desktop-init.sh echo "Desktop initialization complete"
 /usr/local/share/docker-init.sh echo "Docker initialization complete"
 /usr/local/share/ssh-init.sh echo "SSH initialization complete"
 # exposed ports
 # 5901 VNC
 # 6080 noVNC
 # 2222 SSH
 exec "$@"
--- a/common-base/.devcontainer/devcontainer.json
+++ b/common-base/.devcontainer/devcontainer.json
@@ -8,7 +8,6 @@
      "username": "codespace",
      "userUid": "1000",
      "userGid": "1000",
      "configureZshAsDefaultShell": true,
    },
    "ghcr.io/devcontainers/features/sshd:1": {
      "gatewayPorts": "yes",
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,33 @@
 services:
  dev-server:
    image: registry.yqxpro.com/devcontainers/universal-base:latest
    privileged: true
    restart: always
    ports:
      - 2222:2222
      - 6080:6080
    volumes:
      # environment
      - ${PWD}/authorized_keys:/home/codespace/.ssh/authorized_keys
      - ${PWD}/combined-init.sh:/usr/local/share/combined-init.sh
      - ${PWD}/once-init.sh:/usr/local/share/once-init.sh
      # workspace
      - workspace:/workspace
      # cache
      - dev-server-maven-cache:/home/codespace/.m2/repository
      - dev-server-docker-cache:/var/lib/docker
      - dev-server-apt-cache:/var/cache/apt
      - dev-server-vscode-cache:/home/codespace/.vscode-server
      - dev-server-zed-cache:/home/codespace/.zed_server
    entrypoint: /usr/local/share/combined-init.sh
    command: sleep infinity
 volumes:
  workspace:
    name: dev-server-workspace
    external: true
  dev-server-maven-cache:
  dev-server-docker-cache:
  dev-server-apt-cache:
  dev-server-vscode-cache:
  dev-server-zed-cache:
--- a/once-init.sh
+++ b/once-init.sh
@@ -0,0 +1,36 @@
 #!/bin/bash
 set -eux
 # use VNC DISPLAY by default
 echo "export DISPLAY=:1.0" >> /etc/profile.d/00-restore-env.sh
 mkdir -pv /home/codespace/.cargo
 cat > /home/codespace/.cargo/config.toml << EOF
 [source.crates-io]
 replace-with = 'aliyun'
 [source.mirror]
 registry = "sparse+https://mirrors.tuna.tsinghua.edu.cn/crates.io-index/"
 [source.aliyun]
 registry = "sparse+https://mirrors.aliyun.com/crates.io-index/"
 #[registries.mirror]
 #index = "sparse+https://mirrors.tuna.tsinghua.edu.cn/crates.io-index/"
 EOF
 # fix permissions
 chown -R codespace:codespace /workspace
 chown -R codespace:codespace /home/codespace/
 chmod 700 /home/codespace/.ssh
 chmod 600 /home/codespace/.ssh/authorized_keys
 # configuration
 sudo -u codespace git config --global user.email "me@yqxpro.com"
 sudo -u codespace git config --global user.name "QXYang686"
 sudo -u codespace npm config set registry https://registry.npmmirror.com
 sudo -u codespace ln -snf /workspace/dev-server /home/codespace/Projects
--- a/system-setup.sh
+++ b/system-setup.sh
@@ -4,8 +4,10 @@ sudo apt update
 sudo apt install -y npm git
 curl -fsSL https://raw.githubusercontent.com/docker/docker-install/master/install.sh | sh
 sudo usermod -aG docker $USER
-docker buildx create --use --name multiarch-builder
+docker buildx create --use --bootstrap --name multiarch-builder --driver-opt network=host
 echo "127.0.0.1 registry.yqxpro.com" | sudo tee -a /etc/hosts
 tar xvzf certs.tgz
 docker run -d \
  --restart=always \
  --name registry \
--- a/universal-base/.devcontaiener/Dockerfile
+++ b/universal-base/.devcontaiener/Dockerfile
@@ -1 +0,0 @@
 FROM registry.yqxpro.com/devcontainers/develop-base
--- a/universal-base/.devcontainer/devcontainer.json
+++ b/universal-base/.devcontainer/devcontainer.json
@@ -11,14 +11,10 @@
    "./local-features/nvs": "latest",
    "ghcr.io/devcontainers/features/python:1": {
      "version": "3.12.1",
      "additionalVersions": "3.11.9",
      "installJupyterlab": "true",
      "configureJupyterlabAllowOrigin": "*",
      "useOryxIfAvailable": "false",
    },
    "./local-features/patch-python": {},
    "ghcr.io/devcontainers/features/anaconda:1": {},
    "./local-features/patch-conda": {},
    "ghcr.io/devcontainers/features/java:1": {
      "jdkDistro": "tem",
      "version": "21",
--- a/universal-base/.devcontainer/local-features/nvs/install.sh
+++ b/universal-base/.devcontainer/local-features/nvs/install.sh
@@ -56,7 +56,7 @@ fi
 usermod -a -G nvs "${USERNAME}"
 git config --global --add safe.directory ${NVS_HOME}
-mkdir -p ${NVS_HOME} 
+mkdir -p ${NVS_HOME}
 git clone -c advice.detachedHead=false --depth 1 https://github.com/jasongin/nvs ${NVS_HOME} 2>&1
 (cd ${NVS_HOME} && git remote get-url origin && echo $(git log -n 1 --pretty=format:%H -- .)) > ${NVS_HOME}/.git-remote-and-commit
--- a/universal-base/.devcontainer/local-features/patch-conda/devcontainer-feature.json
+++ b/universal-base/.devcontainer/local-features/patch-conda/devcontainer-feature.json
@@ -1,5 +0,0 @@
 {
  "id": "patch-conda",
  "name": "Patch Conda Packages",
  "installsAfter": ["ghcr.io/devcontainers/features/anaconda"]
 }
--- a/universal-base/.devcontainer/local-features/patch-conda/install.sh
+++ b/universal-base/.devcontainer/local-features/patch-conda/install.sh
@@ -1,72 +0,0 @@
 #!/usr/bin/env bash
 #-------------------------------------------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
 #-------------------------------------------------------------------------------------------------------------
 USERNAME=${USERNAME:-"codespace"}
 set -eux
 if [ "$(id -u)" -ne 0 ]; then
    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
    exit 1
 fi
 # Ensure that login shells get the correct path if the user updated the PATH using ENV.
 rm -f /etc/profile.d/00-restore-env.sh
 echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
 chmod +x /etc/profile.d/00-restore-env.sh
 export DEBIAN_FRONTEND=noninteractive
 sudo_if() {
    COMMAND="$*"
    if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then
        su - "$USERNAME" -c "$COMMAND"
    else
        "$COMMAND"
    fi
 }
 update_python_package() {
    PYTHON_PATH=$1
    PACKAGE=$2
    VERSION=$3
    sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE"
    sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION"
    sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE"
 }
 update_conda_package() {
    PACKAGE=$1
    VERSION=$2
    sudo_if "conda install -y -c defaults $PACKAGE=$VERSION"
 }
 sudo_if /opt/conda/bin/python3 -m pip install --upgrade pip
 # Temporary: Upgrade python packages due to security vulnerabilities
 # They are installed by the conda feature and Conda distribution does not have the patches
 # https://github.com/advisories/GHSA-79v4-65xg-pq4g
 update_python_package /opt/conda/bin/python3 cryptography "44.0.1"
 update_conda_package pyopenssl "25.0.0"
 # https://github.com/advisories/GHSA-9hjg-9r4m-mvj7
 update_conda_package requests "2.32.4"
 # https://github.com/advisories/GHSA-5rjg-fvgr-3xxf
 update_conda_package setuptools "78.1.1"
 # https://github.com/advisories/GHSA-g7vv-2v7x-gj9p
 update_python_package /opt/conda/bin/python3 tqdm "4.66.3"
 # https://github.com/advisories/GHSA-38jv-5279-wg99
 update_conda_package urllib3 "2.6.3"
 # https://nvd.nist.gov/vuln/detail/CVE-2025-6176
 update_conda_package brotli "1.2.0"
--- a/universal-base/.devcontainer/local-features/patch-python/devcontainer-feature.json
+++ b/universal-base/.devcontainer/local-features/patch-python/devcontainer-feature.json
@@ -1,5 +0,0 @@
 {
  "id": "patch-python",
  "name": "Patch Python Packages",
  "installsAfter": ["ghcr.io/devcontainers/features/python"]
 }
--- a/universal-base/.devcontainer/local-features/patch-python/install.sh
+++ b/universal-base/.devcontainer/local-features/patch-python/install.sh
@@ -1,46 +0,0 @@
 #!/usr/bin/env bash
 #-------------------------------------------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
 #-------------------------------------------------------------------------------------------------------------
 USERNAME=${USERNAME:-"codespace"}
 set -eux
 if [ "$(id -u)" -ne 0 ]; then
    echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
    exit 1
 fi
 # Ensure that login shells get the correct path if the user updated the PATH using ENV.
 rm -f /etc/profile.d/00-restore-env.sh
 echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
 chmod +x /etc/profile.d/00-restore-env.sh
 export DEBIAN_FRONTEND=noninteractive
 sudo_if() {
    COMMAND="$*"
    if [ "$(id -u)" -eq 0 ] && [ "$USERNAME" != "root" ]; then
        su - "$USERNAME" -c "$COMMAND"
    else
        "$COMMAND"
    fi
 }
 update_package() {
    PYTHON_PATH=$1
    PACKAGE=$2
    VERSION=$3
    sudo_if "$PYTHON_PATH -m pip uninstall --yes $PACKAGE"
    sudo_if "$PYTHON_PATH -m pip install --upgrade --no-cache-dir $PACKAGE==$VERSION"
    sudo_if "$PYTHON_PATH -m pip show --no-python-version-warning $PACKAGE"
 }
 # Updating pip version for python 3.11. Must be removed when pinned version 3.11 is updated to a different python version.
 sudo_if /usr/local/python/3.11.*/bin/python -m pip install --upgrade pip
 # https://github.com/advisories/GHSA-5rjg-fvgr-3xxf
 # Updating setuptools version for python 3.11. Must be removed when pinned version 3.11 is updated to a different python version.
 update_package /usr/local/python/3.11.*/bin/python setuptools "78.1.1"
--- a/universal-base/.devcontainer/local-features/setup-user/devcontainer-feature.json
+++ b/universal-base/.devcontainer/local-features/setup-user/devcontainer-feature.json
@@ -21,9 +21,7 @@
    "ghcr.io/devcontainers/features/node:1",
    "./local-features/nvs",
    "ghcr.io/devcontainers/features/python:1",
    "./local-features/patch-python",
    "ghcr.io/devcontainers/features/anaconda:1",
    "./local-features/patch-conda",
    "ghcr.io/devcontainers/features/java:1",
    "ghcr.io/devcontainers/features/go:1",
    "ghcr.io/devcontainers/features/rust:1"
--- a/universal-base/.devcontainer/local-features/setup-user/install.sh
+++ b/universal-base/.devcontainer/local-features/setup-user/install.sh
@@ -9,7 +9,8 @@ fi
 # Ensure that login shells get the correct path if the user updated the PATH using ENV.
 rm -f /etc/profile.d/00-restore-env.sh
-echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
+touch /etc/profile.d/00-restore-env.sh # 暂时把有问题的替换忽略
 # echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh
 chmod +x /etc/profile.d/00-restore-env.sh
 export DEBIAN_FRONTEND=noninteractive
Author	SHA1	Message	Date
QXYang686	14fc15807a	开发容器启动配置	2026-03-01 11:44:26 +00:00
QXYang686	e123799495	构建脚本-补充导出	2026-03-01 11:23:46 +00:00
QXYang686	200a08e816	开发容器配置-默认bash	2026-02-17 14:33:46 +00:00
QXYang686	c06c1f3404	发布脚本准备	2026-02-16 15:02:44 +08:00
QXYang686	3e4c54e29a	构建脚本准备	2026-02-16 15:02:44 +08:00
QXYang686	41ad420c72	开发容器配置-初版	2026-02-16 15:02:44 +08:00
		`@@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXPddCUCbsAShg6+21q/MIvFM27xlqVr+Yg3MoHqUZp`
		`@@ -1 +0,0 @@`
			`FROM registry.yqxpro.com/devcontainers/develop-base`