Skip to content

devcontainer: run the NEAR git-storage sandbox as a process inside the container#138

Open
petersalomonsen wants to merge 1 commit into
masterfrom
devcontainer-sandbox-in-process
Open

devcontainer: run the NEAR git-storage sandbox as a process inside the container#138
petersalomonsen wants to merge 1 commit into
masterfrom
devcontainer-sandbox-in-process

Conversation

@petersalomonsen

@petersalomonsen petersalomonsen commented May 25, 2026

Copy link
Copy Markdown
Owner

Summary

Reproducing CI's Playwright e2e flow locally previously meant starting the sandbox as a sibling docker run from outside the dev environment. Fine on Linux hosts but broken on macOS — Docker Desktop / colima route container networking through a VM, so --network host doesn't share the host's localhost:3030 and the workaround (shared bridge network + named alias) requires rewriting helpers that hard-code localhost:3030.

This PR makes the devcontainer self-sufficient: the sandbox runs as a regular process inside the container, the e2e suite talks to it over localhost, and there's no docker access needed at runtime. That last bit is important for GitHub Codespaces, where docker-outside-of-docker isn't available.

How

.devcontainer/Dockerfile (new) is a multi-stage build:

  • FROM ghcr.io/petersalomonsen/near-git-storage/sandbox:main AS sandbox — pulled purely to COPY --from=….
  • FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04 — the actual base. Installs pulseaudio, copies the sandbox's git-server binary, /app (which contains res/*.wasm), and /root/.near (the prepopulated sandbox state) in via multi-stage COPY.
  • Drops a near-git-sandbox launcher on PATH that chdirs into /opt/near-sandbox and runs git-server on localhost:3030.

The COPY --from= happens at image build time, so neither the running devcontainer nor Codespaces need access to docker.

.devcontainer/devcontainer.json points at the Dockerfile via "build": { "dockerfile": "Dockerfile" }.

.devcontainer/post-create.sh is now just the node side: pulseaudio -D, yarn install + yarn playwright install chromium, and npm install in tools/faust2as/ + tools/claude-bridge/.

.devcontainer/README.md walks through the design and documents the macOS-docker-networking + Playwright-image-version pitfalls for the next agent reproducing the e2e flow.

Test plan

  • Repro'd PR wasm-git: fix commitpullpush staging — lg2 only accepts long-form add flags #137's flake investigation in a single Linux container via the equivalent artifact-extraction approach. Hot-save test passed in this setup — confirming the failure was specific to the GitHub-hosted runner's hardware, not Linux in general.
  • All 23 non-skipped e2e specs green in this environment shape.
  • No CI workflow / test code changes — purely dev-env ergonomics, works for both local devcontainer and Codespaces.

Follow-ups (out of scope here)

  • Revisit test.skip(!!process.env.CI) on broadcast-signal > hot-save. It passes in the dev container, so the issue is narrower than "anything CI". Could be re-scoped to GITHUB_ACTIONS only.
  • Fix the C-backend SIG-class field regex in tools/faust2as/faust2as.js (mirror PR faust transpiler: recognise StaticArray<T> SIG-class fields #134's ASC-backend fix). That'd unskip faust2as-compilation.spec.js > clarinet.

🤖 Generated with Claude Code

Reproducing CI's Playwright e2e flow locally previously meant starting
the sandbox as a sibling `docker run` from outside the dev environment.
Works on Linux hosts but breaks on macOS — Docker Desktop / colima route
container networking through a VM, so `--network host` doesn't share
the host's localhost:3030 and the workaround (shared bridge network +
named alias) requires rewriting helpers that hard-code localhost:3030.

Sidestep all of it by running the sandbox as a regular process inside
the devcontainer. The trick: a multi-stage Dockerfile that
`COPY --from=ghcr.io/petersalomonsen/near-git-storage/sandbox:main`s the
artifacts (near-sandbox binary, git-server wrapper, the compiled wasm
contracts, the pre-populated .near state) into the dev image at build
time. No docker access needed at runtime — important for GitHub
Codespaces, where docker-outside-of-docker isn't available.

A `near-git-sandbox` launcher on PATH chdirs into /opt/near-sandbox so
git-server finds its res/*.wasm, defaults the listen address to the
port the e2e helpers expect, and the rest is just node side:

  post-create.sh:
    - pulseaudio (Web Audio sink; without it the audio-worklet code
      never starts and the broadcast / audio-comparison specs hang)
    - yarn install + playwright install chromium in wasmaudioworklet/
    - npm install in tools/faust2as (Faust → AS source generator used
      by faust2as-compilation.spec.js) and tools/claude-bridge (relay
      spawned by claude-bridge.spec.js)

.devcontainer/README.md walks through the design and captures the
macOS-docker-networking + Playwright-image-version pitfalls for the
next agent reproducing the e2e flow from a different angle.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@petersalomonsen petersalomonsen force-pushed the devcontainer-sandbox-in-process branch from 5c8491d to f9903f9 Compare May 25, 2026 09:40
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying webassemblymusic with  Cloudflare Pages  Cloudflare Pages

Latest commit: f9903f9
Status: ✅  Deploy successful!
Preview URL: https://29e8be01.webassemblymusic.pages.dev
Branch Preview URL: https://devcontainer-sandbox-in-proc.webassemblymusic.pages.dev

View logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant