Get rid of Gitpod layer

[csweichel]

fixes #4899

This PR removes the need for the Gitpod layer, by moving the user and group creation to supervisor.

How to test

Start workspaces with as many different images you can think of.
Especially interesting: images that don't have a Gitpod user to begin with, e.g. https://github.com/csweichel/test-repo/tree/image-ubuntu

Open questions:

• do we still need the .bashrc modifications? IMHO that was somewhat of an antipattern to begin with and we should find other ways if need be.
• what about images that don't have git. Can we live with that or should we ship a "fallback Git" as part of supervisor?

[codecov]

Codecov Report

Merging #4923 (e7b942d) into main (453cbeb) will increase coverage by 36.18%.
The diff coverage is 21.84%.

@@            Coverage Diff            @@
##           main    #4923       +/-   ##
=========================================
+ Coverage      0   36.18%   +36.18%     
=========================================
  Files         0       16       +16     
  Lines         0     4068     +4068     
=========================================
+ Hits          0     1472     +1472     
- Misses        0     2473     +2473     
- Partials      0      123      +123     

Flag	Coverage Δ
components-supervisor-app	36.18% <21.84%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
components/supervisor/pkg/supervisor/supervisor.go	0.00% <0.00%> (ø)
components/supervisor/pkg/supervisor/user.go	33.12% <33.12%> (ø)
components/supervisor/pkg/terminal/service.go	29.09% <0.00%> (ø)
components/supervisor/pkg/supervisor/services.go	25.50% <0.00%> (ø)
components/supervisor/pkg/ports/ports.go	60.03% <0.00%> (ø)
...mponents/supervisor/pkg/supervisor/notification.go	83.95% <0.00%> (ø)
components/supervisor/pkg/ports/exposed-ports.go	0.00% <0.00%> (ø)
components/supervisor/pkg/ports/served-ports.go	76.00% <0.00%> (ø)
components/supervisor/pkg/supervisor/config.go	4.51% <0.00%> (ø)
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 453cbeb...e7b942d. Read the comment docs.

[aledbf]

Can we live with that or should we ship a "fallback Git" as part of supervisor?

It would be great if we could use any of the Go libraries available to avoid distribution dependent binaries

[csweichel]

Can we live with that or should we ship a "fallback Git" as part of supervisor?

It would be great if we could use any of the Go libraries available to avoid distribution dependent binaries

I agree. We have used go-git in the past and found incompatibilities at the time regarding the global Git config. It's well possible those have been resolved by now.

Now I reckon the question is if this way we could use the latest --filter optimisations :)

Update after looking at the COMPATIBILITY.md:

• global Git config is still not supported
• git clone --filter=blob:none is not supported

Are there any other comprehensive Git libraries we should be looking at?

[csweichel]

/hold

we really need to test this thoroughly with different images

[aledbf]

/werft run

👍 started the job as gitpod-build-csweichel-image-builder-get-rid-4899.18

[aledbf]

@csweichel I tested all the examples, gitpod, and even your image-ubuntu repository. Everything works.

Just one question, what's the expected behavior in case the gitpod account exists but the UID is different?
example https://github.com/aledbf/gitpod-user-uid/blob/main/.gitpod.Dockerfile

[csweichel]

@csweichel I tested all the examples, gitpod, and even your image-ubuntu repository. Everything works.

Just one question, what's the expected behavior in case the gitpod account exists but the UID is different?
example https://github.com/aledbf/gitpod-user-uid/blob/main/.gitpod.Dockerfile

Excellent question. Two ways come to mind:

1. the cheap and easy way: fail the workspace startup with a sensible, actionable error message
2. the clever way: produce a user with a different name but correct UID. I don't think we actually rely on Gitpod as name but rather use the UID/GID (might have to double check the content-initializer code).

The first one is clearly much easier to implement. WDYT?

[aledbf]

the cheap and easy way: fail the workspace startup with a sensible, actionable error message

👍

(right now stays in Pulling container image …)

[aledbf]

@csweichel awesome.

[roboquat]

LGTM label has been added.

Git tree hash: 3d4baa050cf30fbe095186e76fc63c5cc0ba9365

[JohannesLandgraf]

This looks like Italy 🇮🇹 🍕 cc @fntlnz @leodido

[jankeromnes]

Whoa, many thanks @csweichel for taking this on! 💯 🎖️

Epic!! 🎸 (Although I'd have preferred fewer lines of new Go code 🙈 looks a bit scary to my untrained eye, as each new line of code has a non-zero risk-of-new-bug -- regardless of how excellent the developer is!)

Added a few comments on the code. Will now test. 😇

[jankeromnes]

This PR removes the need for the Gitpod layer, by moving the user and group creation to supervisor.

What about the gp CLI? Surely we want to continue installing it as well. (Should at least test that it's still there.)

[jankeromnes]

Yes! 😍

[jankeromnes]

Burn it, burn it all with fire! 🔥🔥🔥

TODO:

• PS1 prompt gets re-defined anyway so line had no effect
• Test that making a new commit from the console is still okay (EDITOR vars)
• Test that JAVA_TOOL_OPTIONS is still defined so that the JVM won't eat up all Gitpod's precious RAM
• Test gp and its auto-completion
• Test open and code aliases (nice to haves / but not mandatory)
• GEM_HOME=/workspace/.rvm gets overwritten by nearly all Ruby projects anyway
• We want a less crazy-custom Python setup so fine by me
• Test cargo install persistence across restarts
• I've never liked the BROWSER automatic behavior (i.e. "automatically open IDE preview when some specific web servers start") (also did that even work in Code?)

I guess most of these changes are fine, because we want fewer non-standard customizations:

• except for gp and JAVA_TOOL_OPTIONS, which look dangerous and really should be tested
• also, big question: is Full Workspace Backup enabled everywhere now? (If yes, it's fine to remove all /workspace hacks -- if not, this PR breaks Rust, Python and maybe Ruby package persistence)

[jankeromnes]

Hmm, I can't seem to open any repository in the current deployment 😕

I tried:

• Clicking New Workspace and picking the first template (template-typescript-node)
• Opening an empty repository
• Opening https://github.com/csweichel/test-repo/tree/image-ubuntu

[AlexTugarev]

/werft run

👍 started the job as gitpod-build-csweichel-image-builder-get-rid-4899.20

[AlexTugarev]

Notes and Questions

• new failure mode: cannot ensure Gitpod user exists: user: unknown user
• this will break persistence of packages/modules installed outside of /workspace by default. looking forward to see FWB in action, which would equalize this issue. I'm sure you are aware of this. do we need to track this in an issue?
• does this have any impact on snapshots/prebuilds?

[csweichel]

Thanks @jankeromnes and @AlexTugarev for testing this - and sorry for the obvious blunder.

I've fixed the "unknown user" issue, added gp to the path and set JAVA_TOOL_OPTIONS.
I have yet to test the code and editor behaviour, but those should be superseded by registry-facade's behaviour at this point.

[AlexTugarev]

New workspaces starting just fine.

The one that failed previously doesn't start. How can that issue be permanent?

Visiting https://csweichel-image-builder-get-rid-4899.staging.gitpod-dev.com/start/#apricot-dove-rz8cloog
let you visit a loop of Preparing...

[csweichel]

@AlexTugarev I reckon that's because the "reconciliation loop" of ws-manager-bridge hasn't "stopped" the old workspace yet. It's still stuck in the stopping state from the last attempt

[csweichel]

/hold cancel

[aledbf]

/lgtm

[roboquat]

LGTM label has been added.

Git tree hash: 029093ef5eda27ecc17d9e17c08f7eafd83f4445

[roboquat]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf

Associated issue: #4899

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [aledbf]
• components/supervisor/OWNERS [aledbf]
• components/workspacekit/OWNERS [aledbf]
• components/ws-manager/OWNERS [aledbf]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment