Refine devcontainer setup and docker tests

2025-12-06 17:15:38 -08:00 · 2025-10-22 19:48:58 -04:00
parent 5636a159b8
commit ce8bb53bc8
6 changed files with 182 additions and 19 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-dockerfile.sh
+# DO NOT MODIFY THIS FILE DIRECTLY. IT IS AUTO-GENERATED BY .devcontainer/scripts/generate-configs.sh

 # ---/Dockerfile---
 # The NetAlertX Dockerfile has 3 stages:
@@ -103,7 +103,6 @@ ENV PORT=20211
 ENV NETALERTX_DEBUG=0
 ENV VENDORSPATH=/app/back/ieee-oui.txt
 ENV VENDORSPATH_NEWEST=/services/run/tmp/ieee-oui.txt
-ENV PYTHONPATHPATH="${NETALERTX_APP}:${VIRTUAL_ENV}/bin:${PATH}"
 ENV ENVIRONMENT=alpine
 ENV READ_ONLY_USER=readonly READ_ONLY_GROUP=readonly
 ENV NETALERTX_USER=netalertx NETALERTX_GROUP=netalertx
@@ -146,13 +145,14 @@ RUN apk add libcap && \
    setcap cap_net_raw,cap_net_admin+eip /usr/bin/arp-scan && \
    setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nbtscan && \
    setcap cap_net_raw,cap_net_admin+eip /usr/bin/traceroute && \
-    setcap cap_net_raw,cap_net_admin+eip ${VIRTUAL_ENV_BIN}/scapy && \
+    setcap cap_net_raw,cap_net_admin+eip $(readlink -f ${VIRTUAL_ENV_BIN}/python) && \
    /bin/sh /build/init-nginx.sh && \
    /bin/sh /build/init-php-fpm.sh && \
    /bin/sh /build/init-crond.sh && \
    /bin/sh /build/init-backend.sh && \
    rm -rf /build && \
-    apk del libcap
+    apk del libcap && \
+    date +%s > ${NETALERTX_FRONT}/buildtimestamp.txt


 ENTRYPOINT ["/bin/sh","/entrypoint.sh"]
@@ -218,19 +218,17 @@ ENV PORT=20211
 ENV NETALERTX_DEBUG=1
 ENV PYDEVD_DISABLE_FILE_VALIDATION=1
 COPY .devcontainer/resources/devcontainer-overlay/ /
-
+USER root
 # Install common tools, create user, and set up sudo
-RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov fish shfmt sudo
+RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov fish shfmt github-cli py3-yaml py3-docker-py 
+

 RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \
    cp -a /usr/lib/php83/modules/. /services/php/modules/ && \
    echo "${NETALERTX_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
-# Install debugpy in the virtualenv if present, otherwise into system python3
-RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true' && \
-    mkdir /workspaces && \
+RUN mkdir /workspaces && \
    install -d -o netalertx -g netalertx -m 777 /services/run/logs && \
    install -d -o netalertx -g netalertx -m 777 /app/run/tmp/client_body && \
-    sed -i -e 's|:/app:|:/workspaces:|' /etc/passwd && \
-    python -m pip install -U pytest pytest-cov
-
+    sed -i -e 's|:/app:|:/workspaces:|' /etc/passwd
+USER netalertx
 ENTRYPOINT ["/bin/sh","-c","sleep infinity"]
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -23,6 +23,9 @@
    // even within this container and connect to them as needed.
    // "--network=host",
  ],
+  "mounts": [ 
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" //used for testing various conditions in docker
+  ],
  // ATTENTION: If running with --network=host, COMMENT `forwardPorts` OR ELSE THERE WILL BE NO WEBUI!
  "forwardPorts": [20211, 20212, 5678],
  "portsAttributes": { // the ports we care about
--- a/.devcontainer/resources/devcontainer-Dockerfile
+++ b/.devcontainer/resources/devcontainer-Dockerfile
@@ -15,19 +15,19 @@ ENV PORT=20211
 ENV NETALERTX_DEBUG=1
 ENV PYDEVD_DISABLE_FILE_VALIDATION=1
 COPY .devcontainer/resources/devcontainer-overlay/ /
-
+USER root
 # Install common tools, create user, and set up sudo
-RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov fish shfmt github-cli
+RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest pytest-cov fish shfmt github-cli py3-yaml py3-docker-py 
+

 RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \
    cp -a /usr/lib/php83/modules/. /services/php/modules/ && \
    echo "${NETALERTX_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
-# Install debugpy in the virtualenv if present, otherwise into system python3
-RUN /bin/sh -c '(/opt/venv/bin/python3 -m pip install --no-cache-dir debugpy) || (python3 -m pip install --no-cache-dir debugpy) || true' && \
-    mkdir /workspaces && \
+RUN mkdir /workspaces && \
    install -d -o netalertx -g netalertx -m 777 /services/run/logs && \
    install -d -o netalertx -g netalertx -m 777 /app/run/tmp/client_body && \
    sed -i -e 's|:/app:|:/workspaces:|' /etc/passwd && \
-    python -m pip install -U pytest pytest-cov
-
+    find /opt/venv -type d -exec chmod o+rw {} + && \
+    pip install pytest docker
+USER netalertx
 ENTRYPOINT ["/bin/sh","-c","sleep infinity"]
--- a/.devcontainer/scripts/setup.sh
+++ b/.devcontainer/scripts/setup.sh
@@ -25,11 +25,52 @@ export PORT=20211
 export SOURCE_DIR="/workspaces/NetAlertX"


+ensure_docker_socket_access() {
+  local socket="/var/run/docker.sock"
+  if [ ! -S "${socket}" ]; then
+    echo "docker socket not present; skipping docker group configuration"
+    return
+  fi
+
+  local sock_gid
+  sock_gid=$(stat -c '%g' "${socket}" 2>/dev/null || true)
+  if [ -z "${sock_gid}" ]; then
+    echo "unable to determine docker socket gid; skipping docker group configuration"
+    return
+  fi
+
+  local group_entry=""
+  if command -v getent >/dev/null 2>&1; then
+    group_entry=$(getent group "${sock_gid}" 2>/dev/null || true)
+  else
+    group_entry=$(grep -E ":${sock_gid}:" /etc/group 2>/dev/null || true)
+  fi
+
+  local group_name=""
+  if [ -n "${group_entry}" ]; then
+    group_name=$(echo "${group_entry}" | cut -d: -f1)
+  else
+    group_name="docker-host"
+    sudo addgroup -g "${sock_gid}" "${group_name}" 2>/dev/null || group_name=$(grep -E ":${sock_gid}:" /etc/group | head -n1 | cut -d: -f1)
+  fi
+
+  if [ -z "${group_name}" ]; then
+    echo "failed to resolve group for docker socket gid ${sock_gid}; skipping docker group configuration"
+    return
+  fi
+
+  if ! id -nG netalertx | tr ' ' '\n' | grep -qx "${group_name}"; then
+    sudo addgroup netalertx "${group_name}" 2>/dev/null || true
+  fi
+}
+
+
 main() {
    echo "=== NetAlertX Development Container Setup ==="
    killall php-fpm83 nginx crond python3 2>/dev/null
    sleep 1
    echo "Setting up ${SOURCE_DIR}..."
+    ensure_docker_socket_access
    sudo chown $(id -u):$(id -g) /workspaces
    sudo chmod 755 /workspaces
    configure_source
@@ -102,6 +143,12 @@ configure_source() {
        killall python3 &>/dev/null
        sleep 0.2
    done
+	sudo chmod 777 /opt/venv/lib/python3.12/site-packages/ && \
+    pip install --no-cache-dir debugpy docker && \
+    sudo chmod 005 /opt/venv/lib/python3.12/site-packages/
+	sudo chmod 666 /var/run/docker.sock
+
+	echo "      -> Updating build timestamp"
 	date +%s > ${NETALERTX_FRONT}/buildtimestamp.txt
    
 }