platformsh · akalipetis · Nov 18, 2025 · Copilot · Nov 18, 2025 · Copilot
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -0,0 +1,29 @@
+FROM php:7.4-cli
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    zip \
+    unzip \
+    git \
-    git \
+    git \
+    wget \
+    openssh-client \
-    git \
+    git \
+    wget \
+    openssh-client \
+    && rm -rf /var/lib/apt/lists/*
+
-
+
+# Install pcntl extension (required for CLI)
+RUN docker-php-ext-install -j$(nproc) pcntl
-
+
+# Install pcntl extension (required for CLI)
+RUN docker-php-ext-install -j$(nproc) pcntl
+# Install Composer
+RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
+    && php composer-setup.php \
+    && mv composer.phar /usr/local/bin/composer \
+    && php -r "unlink('composer-setup.php');" \
+    && chmod +x /usr/local/bin/composer
-# Install Composer
-RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
-    && php composer-setup.php \
-    && mv composer.phar /usr/local/bin/composer \
-    && php -r "unlink('composer-setup.php');" \
-    && chmod +x /usr/local/bin/composer
+# Install Composer (with signature verification)
+RUN set -eux; \
+    EXPECTED_SIGNATURE="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')" ; \
+    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" ; \
+    ACTUAL_SIGNATURE="$(php -r "echo hash_file('SHA384', 'composer-setup.php');")" ; \
+    if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then \
+        echo 'ERROR: Invalid installer signature' >&2; \
+        rm -f composer-setup.php; \
+        exit 1; \
+    fi; \
+    php composer-setup.php; \
+    mv composer.phar /usr/local/bin/composer; \
+    php -r "unlink('composer-setup.php');"; \
+    chmod +x /usr/local/bin/composer
-# Install Composer
-RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
-    && php composer-setup.php \
-    && mv composer.phar /usr/local/bin/composer \
-    && php -r "unlink('composer-setup.php');" \
-    && chmod +x /usr/local/bin/composer
+# Install Composer (with signature verification)
+RUN set -eux; \
+    EXPECTED_SIGNATURE="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')" ; \
+    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" ; \
+    ACTUAL_SIGNATURE="$(php -r "echo hash_file('SHA384', 'composer-setup.php');")" ; \
+    if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then \
+        echo 'ERROR: Invalid installer signature' >&2; \
+        rm -f composer-setup.php; \
+        exit 1; \
+    fi; \
+    php composer-setup.php; \
+    mv composer.phar /usr/local/bin/composer; \
+    php -r "unlink('composer-setup.php');"; \
+    chmod +x /usr/local/bin/composer
+
+# Create a non-root user
+ARG USERNAME=upsun
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+RUN groupadd --gid $USER_GID $USERNAME \
+    && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    && apt-get update \
+    && apt-get install -y sudo \
+    && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    && chmod 0440 /etc/sudoers.d/$USERNAME
+
+USER $USERNAME
-USER $USERNAME
+USER $USERNAME
+
+# Set the working directory
+WORKDIR /home/upsun/workspace
+
+# Ensure the workspace directory exists
+RUN mkdir -p /home/upsun/workspace
-USER $USERNAME
+USER $USERNAME
+
+# Set the working directory
+WORKDIR /home/upsun/workspace
+
+# Ensure the workspace directory exists
+RUN mkdir -p /home/upsun/workspace
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,8 @@
+{
+    "name": "Upsun CLI",
+    "build": {
+        "dockerfile": "Dockerfile"
+    },
+    "remoteUser": "upsun",
+    "postCreateCommand": "composer install"
+}