Skip to content

chore: enhance devcontainer with credential mounts and tool updates#67

Merged
sachitv merged 3 commits intomainfrom
devcontainer_opencode
Jan 10, 2026
Merged

chore: enhance devcontainer with credential mounts and tool updates#67
sachitv merged 3 commits intomainfrom
devcontainer_opencode

Conversation

@sachitv
Copy link
Copy Markdown
Owner

@sachitv sachitv commented Jan 10, 2026
edited
Loading

Summary

  • Update tool versions: Deno 2.6.4, OpenCode 1.1.12, Codex 0.80.0
  • Add read-only credential mounts for OpenCode and Codex authentication files
  • Extract postCreateCommand logic into dedicated post-create.sh script for better maintainability
  • Ensure proper directory ownership for .local and .codex directories

Changes

  • .devcontainer/deno-and-tools/devcontainer.json: Version bumps, credential mounts configuration, and postCreateCommand extraction
  • .devcontainer/deno-and-tools/post-create.sh: New script to handle directory creation and permissions
  • .devcontainer/deno-only/devcontainer.json: Deno version bump to 2.6.4

Testing

  • Verified devcontainer builds successfully
  • Confirmed credential mounts are readonly and accessible
  • Validated post-create script executes and sets proper permissions

@sachitv
chore: update devcontainer with credential mounts and version bumps
1c8bab0 
- Mount opencode config directory for persistent settings
- Mount opencode auth.json for authentication credentials
- Mount .codex directory for codex credentials
- Update opencode from 1.1.8 to 1.1.12
- Update codex from v0.79.0 to v0.80.0
- Add postCreateCommand to ensure correct directory permissions
Copilot AI review requested due to automatic review settings January 10, 2026 22:50
@codecov
Copy link
Copy Markdown

codecov bot commented Jan 10, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Copilot AI reviewed Jan 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR claims to enhance security by making devcontainer credential mounts readonly, but the actual implementation is incomplete. The changes add new mount configurations and update some feature versions, but critically fail to include the readonly parameters that are the stated purpose of the PR.

Changes:

  • Added three bind mounts for credential files (.config/opencode, .local/share/opencode/auth.json, .codex)
  • Updated opencode feature version from 1.1.8 to 1.1.12
  • Updated codex release tag from rust-v0.79.0 to rust-v0.80.0
  • Added postCreateCommand to set up .local directory permissions

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 10, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1c8bab00a6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@sachitv
chore: add readonly=true to devcontainer credential mounts
ab8d35e 
- Add readonly=true to .config/opencode mount
- Add readonly=true to .local/share/opencode/auth.json mount
- Add readonly=true to .codex mount

This prevents accidental modifications to sensitive credential files during development.
@sachitv
chore: refactor devcontainer post-create into dedicated script
8564371 
- Extract postCreateCommand into .devcontainer/deno-and-tools/post-create.sh
- Fix codex mount to target specific auth.json file instead of entire directory
- Add /home/vscode/.codex directory creation to post-create script
Copilot AI review requested due to automatic review settings January 10, 2026 23:11
Copilot AI reviewed Jan 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

@sachitv sachitv changed the title chore: make devcontainer credential mounts readonly for enhanced security chore: enhance devcontainer with credential mounts and tool updates Jan 10, 2026
@sachitv sachitv merged commit cf79b32 into main Jan 10, 2026
12 checks passed
@sachitv sachitv deleted the devcontainer_opencode branch January 10, 2026 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sachitv