fix: devcontainer setup failures (Copilot home permissions + migration 0039)#518
Merged
Conversation
The devcontainer setup (onCreateCommand) was failing on a fresh machine. The cause was a Docker volume ownership problem, not architecture or login. docker-compose.yml mounts a named volume (copilot_home) at /home/vscode/.copilot so the Copilot CLI login and plugins survive container rebuilds. The Dockerfile never created that directory, so when Docker first created the volume it made it owned by root. The vscode user could not write to it, so the very first "copilot plugin ..." command in on-create.sh failed silently with exit code 1. Because the script uses "set -e", that one silent failure aborted the entire devcontainer setup, so Python environments, Playwright, and other tooling never installed. Two changes: 1. Dockerfile now pre-creates /home/vscode/.copilot owned by the vscode user. Docker copies that ownership when it first creates the named volume, so the vscode user can write to it. Verified by building the image and mounting a fresh volume: the directory is owned by vscode and is writable. 2. on-create.sh no longer lets a Copilot plugin hiccup take down the whole setup. The marketplace and plugin steps now warn and continue instead of aborting, matching how the Firecrawl step already behaves. Note: anyone who already has the old root-owned copilot_home volume must delete that volume once so a correctly owned one is recreated. A plain container rebuild reuses the existing volume and will not fix it. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ar is unset Migration 0038 treats POSTGRES_VERIFICATION_FUNCTIONS_ROLE as optional and skips the grant when unset. Migration 0039 does the same grant but was written to crash if the env var is missing. This breaks fresh devcontainer setups where the role does not exist. Changed 0039 to match 0038: return None and skip when the env var is not set. Production already ran this migration so it will never execute there again. Only fresh dev databases are affected. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
madebygps
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Two issues were breaking fresh devcontainer builds:
Copilot home directory permissions: The Docker volume
copilot_homemounted at/home/vscode/.copilotwas created owned by root because the directory did not exist in the image. The vscode user could not write to it, socopilot plugincommands failed, and becauseon-create.shusesset -e, the entire setup aborted.Migration 0039 crash: Migration 0039 requires
POSTGRES_VERIFICATION_FUNCTIONS_ROLEto be set, but this env var only exists in production (Azure). Migration 0038 handles this gracefully by returningNoneand skipping the grant, but 0039 was written to crash with aRuntimeError. This brokealembic upgrade headduringpostCreateCommand.Fix
Copilot home (Dockerfile + on-create.sh):
/home/vscode/.copilotowned by vscode, so Docker copies that ownership when creating the named volume.on-create.shplugin install steps now warn and continue instead of aborting the entire setup.Migration 0039:
Noneand skip the grant when the env var is not set. Production already ran this migration (it is stamped as applied and will never execute again). Only fresh dev databases are affected.How to verify
Rebuild the devcontainer from scratch. All migrations should run to completion and the setup should finish without errors.
Note: If you have an existing
copilot_homevolume owned by root, you need to delete it once so a correctly owned one is recreated.