Move workspace file contents from heredoc to files
Issue: Refactorings to workspace container/script logic (#511503 - closed)
What does this MR do and why?
- Move file contents from inline constants to separate files read at runtime.
- Cleans up and creates some constants
It's primarily just a cleanup refactor to prepare for more work and reorganization on these scripts as part of Refactorings to workspace container/script logic (#511503 - closed), and allow some shellcheck linting coverage of the files (via IDE plugins, but we could add to CI in the future too).
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
- Refactorings to workspace container/script logic (#511503 - closed)
- Startup scripts for Remote Development workspac... (&15602)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
This is a pure refactoring, no UI or functionality changes.
Here is an ssh session to a workspace showing that ssh and git auth still works:
gitlab-workspaces@workspace-4-1-hesumv-866785d69c-xgknt:~$ cd /.workspace-data/variables/file
gitlab-workspaces@workspace-4-1-hesumv-866785d69c-xgknt:/.workspace-data/variables/file$ ls -al
total 4
drwxrwsrwt 3 root root 120 Feb 4 20:04 .
drwxr-xr-x 3 root root 4096 Feb 4 20:05 ..
drwxr-sr-x 2 root root 80 Feb 4 20:04 ..2025_02_04_20_04_53.835287448
lrwxrwxrwx 1 root root 31 Feb 4 20:04 ..data -> ..2025_02_04_20_04_53.835287448
lrwxrwxrwx 1 root root 33 Feb 4 20:04 gl_git_credential_store.sh -> ..data/gl_git_credential_store.sh
lrwxrwxrwx 1 root root 15 Feb 4 20:04 gl_token -> ..data/gl_token
gitlab-workspaces@workspace-4-1-hesumv-866785d69c-xgknt:/.workspace-data/variables/file$ cat gl_git_credential_store.sh
#!/bin/sh
# This is a readonly store so we can exit cleanly when git attempts a store or erase action
if [ "$1" != "get" ];
then
exit 0
fi
if [ -z "${GL_TOKEN_FILE_PATH}" ];
then
echo "We could not find the GL_TOKEN_FILE_PATH variable"
exit 1
fi
password=$(cat "${GL_TOKEN_FILE_PATH}")
# The username is derived from the "user.email" configuration item. Ensure it is set.
echo "username=does-not-matter"
echo "password=${password}"
exit 0
gitlab-workspaces@workspace-4-1-hesumv-866785d69c-xgknt:/.workspace-data/variables/file$ cd /projects/workspaces-testing-sshd-amd-only/
gitlab-workspaces@workspace-4-1-hesumv-866785d69c-xgknt:/projects/workspaces-testing-sshd-amd-only$ git fetch -v --all
POST git-upload-pack (186 bytes)
From http://gdk.test:3000/gitlab-org/workspaces-testing-sshd-amd-only
= [up to date] main -> origin/mainHere is a screenshot of the working VS Code in the workspace, with source control integration and ssh from terminal working:
How to set up and validate locally
- All tests should pass, and all Workspaces functionality should have no regressions.
- Use this devfile and image to test on MacOS/Rancher with working SSH support (see https://docs.gitlab.com/ee/user/workspace/configuration.html#connect-to-a-workspace-with-ssh):
schemaVersion: 2.2.0
components:
- name: tooling-container
attributes:
gl/inject-editor: true
container:
image: registry.gitlab.com/gitlab-org/remote-development/gitlab-remote-development-docs/ubuntu:24.04- NOTE: Local SSH may have issues on latest MacOS, and you may need to run it on a nonstandard port - see Fix workspaces SSH port on MacOS (!180009 - merged)
- SSH example command with nonstandard port:
ssh workspace-4-1-hesumv-866785d69c-xgknt@localhost -p 30022(use a local PAT as the password)