feat: bake mise tools into a shared dir on dogfood image#25387
Merged
Conversation
The upstream `devcontainers-cli` coder module runs `npm install -g @devcontainers/cli` and then verifies the binary is on PATH. With mise-managed Node, npm-global binaries land under `$MISE_DATA_DIR/installs/node/<ver>/bin/` which is not directly on PATH and which `mise reshim` does not surface as a shim. The module's post-install PATH check fails and the workspace start log shows a red error even though nothing the user does is broken. Installing through `mise:npm:` puts the binary at a shim under `$MISE_DATA_DIR/shims` (which IS on PATH). The module's run.sh short-circuits on its very first `command -v devcontainer` check and exits 0 without ever running the broken npm-install path. Pin to 0.87.0 (current latest) so Renovate/Dependabot can bump deliberately, matching the policy applied to other floating tools during the mise migration (lazygit, doctl, jj, typos, watchexec). Change-Id: Ic99a1a776d7aefbe24567448f6fbd91901ce99ca Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Thomas Kosiewski <tk@coder.com>
ThomasK33
changed the title
ThomasK33
changed the title
ThomasK33
changed the title
ThomasK33
changed the title
ThomasK33
force-pushed
the
thomas/dogfood-devcontainer-cli-mise
branch
from
378475c to
b3cd70c
Compare
ThomasK33
changed the title
Direct `npm i -g` installs land in mise's version-specific node bin dir, which is not on the static PATH and gets orphaned on every node version bump. Set NPM_CONFIG_PREFIX=/home/coder/.npm-global and put the matching bin dir first on PATH so globals like prettier resolve without `mise reshim` and survive node version bumps. Change-Id: I30680ec64c99e1348a0b22408c4c125b10c2d7df Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Thomas Kosiewski <tk@coder.com>
ThomasK33
force-pushed
the
thomas/dogfood-devcontainer-cli-mise
branch
from
b3cd70c to
2ca5303
Compare
johnstcn
reviewed
May 15, 2026
| /usr/local/bin/mise install --yes && \ | ||
| PATH="$MISE_DATA_DIR/shims:$PATH" pnpm dlx playwright@1.47.0 install --with-deps chromium && \ | ||
| PATH="/opt/mise/data/shims:$PATH" MISE_DATA_DIR=/opt/mise/data pnpm dlx playwright@1.47.0 install --with-deps chromium && \ | ||
| sudo --user=coder rm -rf /opt/mise/data/cache /opt/mise/data/downloads && \ |
Member
Author
There was a problem hiding this comment.
Good catch, it was unnecessary.
|
|
||
| # Pre-installs the binary so the upstream devcontainers-cli coder | ||
| # module's `command -v devcontainer` short-circuit fires | ||
| "npm:@devcontainers/cli" = "0.87.0" |
Member
There was a problem hiding this comment.
Do we still need the devcontainers-cli module if we pre-bake it?
Member
Author
There was a problem hiding this comment.
Nope, I don’t need the module anymore. Since the module short-circuits if the CLI already exists or is already installed, I wanted to remove it in a separate PR in a week to make sure I’m not breaking anyone’s existing workflow.
Install image tools into /opt/mise/data at build time (owned by coder) and expose them at runtime via MISE_SHARED_INSTALL_DIRS, while keeping MISE_DATA_DIR on the home volume for user installs. This decouples baked tool versions from the home volume's copy-on-first-mount: existing workspaces immediately see image tool bumps on next start without a `mise install` step, and the user's own `mise install <tool>` still lands on the home volume. Change-Id: I41781822ab01babeef5466f8303b8b6493b6ca14 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Thomas Kosiewski <tk@coder.com>
ThomasK33
force-pushed
the
thomas/dogfood-devcontainer-cli-mise
branch
from
2ca5303 to
0b0b3bc
Compare
johnstcn
approved these changes
May 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three changes to make mise-managed tooling reach every dogfood workspace cleanly, with the upstream
devcontainers-climodule fix as the original trigger.Why the module breaks
The upstream
devcontainers-clicoder module doesnpm install -g @devcontainers/cliand then verifies the binary is onPATH. With mise-managed Node (introduced in #25282),npm install -glands the binary at$MISE_DATA_DIR/installs/node/<ver>/bin/, which is not onPATHand whichmise reshimdoes not surface as a shim. The post-install check fails:Even though nothing the user does is actually broken.
What this PR does
mise.toml— pre-install@devcontainers/clivia mise'snpm:backend (npm:@devcontainers/cli = "0.87.0"). The mise shim lands at$MISE_DATA_DIR/shims/devcontainer, onPATH. The upstream module'srun.shshort-circuits on itscommand -v devcontainercheck and exits 0 without ever running the broken npm-install path. Strictly redundant after fix the second point makesnpm i -gwork natively, but kept for build-time pre-install and pinned-version reasons matching the other mise-pinned CLIs.dogfood/coder/ubuntu-*.04/Dockerfile— setNPM_CONFIG_PREFIX=/home/coder/.npm-globaland prepend/home/coder/.npm-global/bintoPATH. With this, genericnpm install -g <pkg>(prettier, biome, anything frontend folks reach for) lands in a stable home-volume dir that is already onPATH, survives node version bumps, and needs nomise reshim. The misenpm:backend keeps using its own--prefixinternally so thenpm:@devcontainers/clipin still installs under$MISE_DATA_DIRas before.dogfood/coder/ubuntu-*.04/Dockerfile— install image tools into/opt/mise/dataat build time (owned bycoder) and expose them at runtime viaMISE_SHARED_INSTALL_DIRS=/opt/mise/data/installs, keepingMISE_DATA_DIR=/home/coder/.local/share/misefor the user's own installs. This decouples baked tool versions from the home volume's copy-on-first-mount: fresh and existing workspaces both immediately see the image's tool set without amise installstep, and the user's ownmise install <tool>/mise use --globalstill lands on the home volume. The/opt/mise/data/shimsdir trails the user shim dir onPATHso a user-installed version wins when both exist.Pinned to
0.87.0(current latest) so Renovate/Dependabot can bump deliberately, matching the policy applied to the other floating tools during the mise migration (lazygit,doctl,jj,typos,watchexec).