diff --git a/src/code-server/README.md b/src/code-server/README.md index 46b06ea..28cc698 100644 --- a/src/code-server/README.md +++ b/src/code-server/README.md @@ -16,6 +16,13 @@ VS Code in the browser | Options Id | Description | Type | Default Value | |-----|-----|-----|-----| | auth | The type of authentication to use. When 'password' is selected, code-server will auto-generate a password. 'none' disables authentication entirely. | string | password | +| disableFileDownloads | Disable file downloads from Code. When enabled, users will not be able to download files from the editor. | boolean | false | +| disableFileUploads | Disable file uploads to Code. When enabled, users will not be able to upload files to the editor. | boolean | false | +| disableGettingStartedOverride | Disable the coder/coder override in the Help: Getting Started page. | boolean | false | +| disableProxy | Disable domain and path proxy routes. | boolean | false | +| disableTelemetry | Disable telemetry reporting. | boolean | false | +| disableUpdateCheck | Disable update check. Without this flag, code-server checks every 6 hours against the latest GitHub release and notifies once a week when updates are available. | boolean | false | +| disableWorkspaceTrust | Disable Workspace Trust feature. This only affects the current session. | boolean | false | | extensions | Comma-separated list of VS Code extensions to install. Format: 'publisher.extension[@version]' (e.g., 'ms-python.python,ms-azuretools.vscode-docker'). | string | - | | host | The address to bind to for the code-server. Use '0.0.0.0' to listen on all interfaces. | string | 127.0.0.1 | | port | The port to bind to for the code-server. | string | 8080 | diff --git a/src/code-server/devcontainer-feature.json b/src/code-server/devcontainer-feature.json index aa1f1d7..509bcc4 100644 --- a/src/code-server/devcontainer-feature.json +++ b/src/code-server/devcontainer-feature.json @@ -10,6 +10,41 @@ "default": "password", "description": "The type of authentication to use. When 'password' is selected, code-server will auto-generate a password. 'none' disables authentication entirely." }, + "disableFileDownloads": { + "type": "boolean", + "default": false, + "description": "Disable file downloads from Code. When enabled, users will not be able to download files from the editor." + }, + "disableFileUploads": { + "type": "boolean", + "default": false, + "description": "Disable file uploads to Code. When enabled, users will not be able to upload files to the editor." + }, + "disableGettingStartedOverride": { + "type": "boolean", + "default": false, + "description": "Disable the coder/coder override in the Help: Getting Started page." + }, + "disableProxy": { + "type": "boolean", + "default": false, + "description": "Disable domain and path proxy routes." + }, + "disableTelemetry": { + "type": "boolean", + "default": false, + "description": "Disable telemetry reporting." + }, + "disableUpdateCheck": { + "type": "boolean", + "default": false, + "description": "Disable update check. Without this flag, code-server checks every 6 hours against the latest GitHub release and notifies once a week when updates are available." + }, + "disableWorkspaceTrust": { + "type": "boolean", + "default": false, + "description": "Disable Workspace Trust feature. This only affects the current session." + }, "extensions": { "type": "string", "default": "", diff --git a/src/code-server/install.sh b/src/code-server/install.sh index 2224b9c..8a453a8 100644 --- a/src/code-server/install.sh +++ b/src/code-server/install.sh @@ -23,12 +23,44 @@ if [[ -n $WORKSPACE ]]; then CODE_SERVER_WORKSPACE="$WORKSPACE" fi +DISABLE_FLAGS=() + +if [[ "$DISABLEFILEDOWNLOADS" == "true" ]]; then + DISABLE_FLAGS+=(--disable-file-downloads) +fi + +if [[ "$DISABLEFILEUPLOADS" == "true" ]]; then + DISABLE_FLAGS+=(--disable-file-uploads) +fi + +if [[ "$DISABLEGETTINGSTARTEDOVERRIDE" == "true" ]]; then + DISABLE_FLAGS+=(--disable-getting-started-override) +fi + +if [[ "$DISABLEPROXY" == "true" ]]; then + DISABLE_FLAGS+=(--disable-proxy) +fi + +if [[ "$DISABLETELEMETRY" == "true" ]]; then + DISABLE_FLAGS+=(--disable-telemetry) +fi + +if [[ "$DISABLEUPDATECHECK" == "true" ]]; then + DISABLE_FLAGS+=(--disable-update-check) +fi + +if [[ "$DISABLEWORKSPACETRUST" == "true" ]]; then + DISABLE_FLAGS+=(--disable-workspace-trust) +fi + cat > /usr/local/bin/code-server-entrypoint \ << EOF #!/usr/bin/env bash set -e -su $_REMOTE_USER -c 'code-server --auth "$AUTH" --bind-addr "$HOST:$PORT" "$CODE_SERVER_WORKSPACE"' +$(declare -p DISABLE_FLAGS) + +su $_REMOTE_USER -c 'code-server --auth "$AUTH" --bind-addr "$HOST:$PORT" "\${DISABLE_FLAGS[@]}" "$CODE_SERVER_WORKSPACE"' EOF chmod +x /usr/local/bin/code-server-entrypoint diff --git a/test/code-server/code-server-disable-file-downloads.sh b/test/code-server/code-server-disable-file-downloads.sh new file mode 100644 index 0000000..d534585 --- /dev/null +++ b/test/code-server/code-server-disable-file-downloads.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server disable-file-downloads" grep '"--disable-file-downloads"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-disable-file-uploads.sh b/test/code-server/code-server-disable-file-uploads.sh new file mode 100644 index 0000000..8a165fd --- /dev/null +++ b/test/code-server/code-server-disable-file-uploads.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server disable-file-uploads" grep '"--disable-file-uploads"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-disable-getting-started-override.sh b/test/code-server/code-server-disable-getting-started-override.sh new file mode 100644 index 0000000..422a24e --- /dev/null +++ b/test/code-server/code-server-disable-getting-started-override.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server disable-getting-started-override" grep '"--disable-getting-started-override"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-disable-multiple-options.sh b/test/code-server/code-server-disable-multiple-options.sh new file mode 100644 index 0000000..b81f6f1 --- /dev/null +++ b/test/code-server/code-server-disable-multiple-options.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +# Check for all flags we enabled in this scenario +check "code-server disable-file-downloads" grep '"--disable-file-downloads"' < /usr/local/bin/code-server-entrypoint +check "code-server disable-file-uploads" grep '"--disable-file-uploads"' < /usr/local/bin/code-server-entrypoint +check "code-server disable-getting-started-override" grep '"--disable-getting-started-override"' < /usr/local/bin/code-server-entrypoint +check "code-server disable-proxy" grep '"--disable-proxy"' < /usr/local/bin/code-server-entrypoint +check "code-server disable-telemetry" grep '"--disable-telemetry"' < /usr/local/bin/code-server-entrypoint +check "code-server disable-update-check" grep '"--disable-update-check"' < /usr/local/bin/code-server-entrypoint +check "code-server disable-workspace-trust" grep '"--disable-workspace-trust"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-disable-proxy.sh b/test/code-server/code-server-disable-proxy.sh new file mode 100644 index 0000000..b481702 --- /dev/null +++ b/test/code-server/code-server-disable-proxy.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server disable-proxy" grep '"--disable-proxy"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-disable-telemetry.sh b/test/code-server/code-server-disable-telemetry.sh new file mode 100644 index 0000000..45acdc2 --- /dev/null +++ b/test/code-server/code-server-disable-telemetry.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server disable-telemetry" grep '"--disable-telemetry"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-disable-update-check.sh b/test/code-server/code-server-disable-update-check.sh new file mode 100644 index 0000000..4f7408f --- /dev/null +++ b/test/code-server/code-server-disable-update-check.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server disable-update-check" grep '"--disable-update-check"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/code-server-disable-workspace-trust.sh b/test/code-server/code-server-disable-workspace-trust.sh new file mode 100644 index 0000000..3872bd4 --- /dev/null +++ b/test/code-server/code-server-disable-workspace-trust.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +# Optional: Import test library bundled with the devcontainer CLI +source dev-container-features-test-lib + +# Feature-specific tests +check "code-server version" code-server --version +check "code-server running" pgrep -f 'code-server/lib/node.*/code-server' +check "code-server listening" lsof -i "@127.0.0.1:8080" + +check "code-server disable-workspace-trust" grep '"--disable-workspace-trust"' < /usr/local/bin/code-server-entrypoint + +# Report results +reportResults diff --git a/test/code-server/scenarios.json b/test/code-server/scenarios.json index 26fb59b..493b770 100644 --- a/test/code-server/scenarios.json +++ b/test/code-server/scenarios.json @@ -54,5 +54,75 @@ "auth": "password" } } + }, + "code-server-disable-file-downloads": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableFileDownloads": true + } + } + }, + "code-server-disable-file-uploads": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableFileUploads": true + } + } + }, + "code-server-disable-getting-started-override": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableGettingStartedOverride": true + } + } + }, + "code-server-disable-proxy": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableProxy": true + } + } + }, + "code-server-disable-telemetry": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableTelemetry": true + } + } + }, + "code-server-disable-update-check": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableUpdateCheck": true + } + } + }, + "code-server-disable-workspace-trust": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableWorkspaceTrust": true + } + } + }, + "code-server-disable-multiple-options": { + "image": "mcr.microsoft.com/devcontainers/base:ubuntu", + "features": { + "code-server": { + "disableFileDownloads": true, + "disableFileUploads": true, + "disableGettingStartedOverride": true, + "disableProxy": true, + "disableTelemetry": true, + "disableUpdateCheck": true, + "disableWorkspaceTrust": true + } + } } }