feat(vscode): Container support for extension dependencies

[lambrianmsft]

Commit Type

• feature - New functionality
• fix - Bug fix
• refactor - Code restructuring without behavior change
• perf - Performance improvement
• docs - Documentation update
• test - Test-related changes
• chore - Maintenance/tooling

Risk Level

• Low - Minor changes, limited scope
• Medium - Moderate changes, some user impact
• High - Major changes, significant user/system impact

What & Why

This PR implements container support for the VS Code Logic Apps extension by removing local dependency management and adding containerized runtime support. The changes include:

Removal of binary validation and installation logic for .NET, Node.js, and Azure Functions Core Tools
Addition of Azure Functions Core Tools download in the container Dockerfile
Simplification of project setup by using system-installed binaries instead of managed dependencies
Updated VS Code tasks to use standard commands (dotnet, func) instead of configuration-based paths

Impact of Change

• Users: Simplified setup experience when using containers - no more dependency management
• Developers: Cleaner codebase with reduced complexity around binary management
• System: Container-based workflow with pre-installed runtime dependencies

Test Plan

• Unit tests added/updated
• E2E tests added/updated
• Manual testing completed
• Tested in: Container development environment

Contributors

@ccastrotrejo

Screenshots/Videos

[github-actions]

🤖 AI PR Validation Report

PR Review Results

Thank you for your submission! Here's detailed feedback on your PR title and body compliance:

✅ PR Title

• Current: feat(vscode): Container support for extension dependencies
• Issue: Title is concise, descriptive, and conventional. No issue found.
• Recommendation: None needed. Good job specifying context (vscode) and the nature of the change.

---

✅ Commit Type

• Properly selected (feature)
• Only one selected, which is correct.

---

✅ Risk Level

• Selected as High risk in both PR body and label; label matches (Risk:High). Assessment is accurate given the wide scope: removal of dependency management & refactor to containers for VSCode extension dependencies.

---

✅ What & Why

• Current:

  This PR implements container support for the VS Code Logic Apps extension by removing local dependency management and adding containerized runtime support. The changes include: Removal of binary validation/install, addition of Azure Functions Core Tools in container Dockerfile, project setup simplification, updated VS Code tasks.

• Issue: Meets the requirement; concise and clear what is being changed and why.
• Recommendation: No action needed.

---

✅ Impact of Change

• No issue. All fields present and realistic impact assessment is provided.
  • Users: Simplifies setup
  • Developers: Reduces codebase complexity
  • System: Moves workflow to containers

---

✅ Test Plan

• Manual Testing & container env testing marked. Test coverage for new infra is hard with traditional automated tests. It’s understandable for refactor-type PRs; however, adding some E2E/Unit automation for future would strengthen confidence.

---

⚠️ Contributors

• @ccastrotrejo tagged; no issue, but consider tagging PMs/designers if they provided input to this change.

---

✅ Screenshots/Videos

• Blank is allowed for non-visual changes. No indication this is primarily UI/visual change; no issue here.

---

Summary Table

Section	Status	Recommendation
Title	✅
Commit Type	✅
Risk Level	✅
What & Why	✅
Impact of Change	✅
Test Plan	✅	Consider automation of containers in future
Contributors	⚠️	Tag others who contributed ideas where possible
Screenshots/Videos	✅

---

All required fields are present & correct. No blocking issues were found. Please proceed with your reviews or merge if tests pass and human approval is received. Great attention to body format! If you leveraged PM or design help, give them a shout-out in Contributors. Thanks for maintaining high PR standards!

---

Last updated: Wed, 03 Dec 2025 02:19:51 GMT

[Copilot]

Pull request overview

This PR removes the automatic binary dependency management system and introduces dev container support for Logic Apps extension dependencies. The extension now expects runtime dependencies (Node.js, .NET SDK, Azure Functions Core Tools) to be pre-installed in the environment (either locally or via containers) rather than attempting to manage them programmatically. The PR also consolidates to Azure Functions v4 only, removing support for older runtime versions.

Key changes:

• Adds complete dev container configuration with multi-platform Docker image support (amd64/arm64)
• Removes ~5000 lines of binary download/installation/validation code
• Introduces getPublicUrl utility to map localhost URLs to external URLs for container environments
• Hardcodes extension bundle version to 1.131.9 and removes dynamic version resolution
• Updates API paths by adding missing leading slashes to managementApiPrefix usage

Reviewed changes

Copilot reviewed 91 out of 91 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
libs/vscode-extension/src/lib/services/httpClient.ts	Fixed Authorization header to only include when needed (avoiding empty string)
libs/vscode-extension/src/lib/models/project.ts	Removed unused OpenBehavior options
libs/vscode-extension/src/lib/models/host.ts	Removed IHostJsonV1 interface (v1 no longer supported)
libs/vscode-extension/src/lib/models/functions.ts	Removed FuncVersion v1-v3 (only v4 supported)
apps/vs-code-designer/src/constants.ts	Added EXTENSION_BUNDLE_VERSION constant, removed dependency settings/paths
apps/vs-code-designer/src/main.ts	Removed onboarding flow, simplified activation
apps/vs-code-designer/src/onboarding.ts	Deleted entire onboarding module
apps/vs-code-designer/src/app/utils/extension.ts	Added getPublicUrl utility for container URL mapping
apps/vs-code-designer/src/app/utils/binaries.ts	Deleted entire binary management module (~441 lines)
apps/vs-code-designer/src/app/utils/bundleFeed.ts	Removed dynamic bundle download, kept only path resolution
apps/vs-code-designer/src/app/utils/startRuntimeApi.ts	Updated to use getPublicUrl for container support
apps/vs-code-designer/src/assets/container/*	Added Dockerfile, devcontainer.json, build script, and documentation
apps/vs-code-designer/src/package.json	Removed 50+ dependency-related settings and 3 commands
Multiple task/settings files	Hardcoded tool commands ('dotnet', 'func') instead of config variables
Multiple test files	Updated/removed tests for deleted functionality

[Copilot]

The extension bundle is downloaded via wget from functionscdn.azureedge.net and unzipped without any checksum or signature verification. If the CDN or connection is compromised, a tampered bundle could be injected, leading to execution of malicious code during development. Add integrity checks (e.g., pinned SHA256 for the specific EXTENSION_BUNDLE_VERSION, or a signed manifest) and verify before unzipping:

wget "$EXTENSION_BUNDLE_CDN_URL/.../$EXTENSION_BUNDLE_FILENAME" -O "/tmp/$EXTENSION_BUNDLE_FILENAME"
echo "<expected-sha256>  /tmp/$EXTENSION_BUNDLE_FILENAME" | sha256sum -c -
unzip -q "/tmp/$EXTENSION_BUNDLE_FILENAME" -d "/$EXTENSION_BUNDLE_FOLDER_PATH/.../$EXTENSION_BUNDLE_VERSION"

[Copilot]

Azure Functions Core Tools are downloaded from GitHub releases via wget and extracted without verifying authenticity (no checksum/signature). This enables supply-chain attacks where a compromised release or MITM injects malicious binaries. Pin and verify checksums (e.g., SHA256 of Azure.Functions.Cli...zip) or use signed packages; verify before unzip:

wget "https://github.com/Azure/azure-functions-core-tools/releases/download/${FUNCTIONS_CORE_TOOLS_VERSION}/${FILENAME}" -O "/tmp/${FILENAME}"
echo "<expected-sha256>  /tmp/${FILENAME}" | sha256sum -c -
unzip -q "/tmp/${FILENAME}" -d "/${FUNCTIONS_CORE_TOOLS_FOLDER_PATH}"

[Copilot]

curl is piped directly to bash for installing .NET (curl -sSL https://dot.net/v1/dotnet-install.sh | bash /dev/stdin ...) without any integrity verification. An attacker controlling the network or CDN could supply a malicious script leading to arbitrary code execution at build time. Download the script first and verify its checksum/signature (e.g., SHA256 pinned hash or GPG) before execution, or vendor the installer and verify it; example:

curl -sSL https://dot.net/v1/dotnet-install.sh -o /tmp/dotnet-install.sh
sha256sum -c /tmp/dotnet-install.sh.sha256  # or pin a known hash
bash /tmp/dotnet-install.sh --channel 8.0 --install-dir /usr/share/dotnet

[ccastrotrejo]

typo?

[ccastrotrejo]

Lests change the name

[ccastrotrejo]

NIT: Comment

[ccastrotrejo]

NIT: lets just use ParsedHostJsonV2 directly