Make devcontainer work in WSL and proxy environments

README.md

@@ -106,7 +106,7 @@ It is very simple to develop the development container.
 You can change files related to the container and then simply run the `scripts/*`.
 They are used by the CI, but especially the build and test scripts can be run also locally out of the box:
 ````console
-$ ./scripts/build.sh
+$ ./scripts/build.sh [labels]
 [... build output..]
 {"outcome":"success","imageName":["ghcr.io/eclipse-score/devcontainer"]}
 

scripts/create_builder.sh

@@ -1,8 +1,82 @@
 #!/usr/bin/env bash
 set -euxo pipefail
 
-if ! docker buildx inspect multiarch &>/dev/null; then
-  docker buildx create --name multiarch --driver docker-container --use
-else
-  docker buildx use multiarch
+# Function to check if builder has correct proxy configuration
+check_proxy_config() {
+  local builder_info
+  builder_info=$(docker buildx inspect multiarch 2>/dev/null || echo "")
+
+  # Check if HTTP_PROXY is set in environment but not in builder
+  if [ -n "${HTTP_PROXY:-}" ]; then
+    if ! echo "$builder_info" | grep -q "HTTP_PROXY=${HTTP_PROXY}"; then
+      return 1
+    fi
+  fi
+
+  # Check if HTTPS_PROXY is set in environment but not in builder
+  if [ -n "${HTTPS_PROXY:-}" ]; then
+    if ! echo "$builder_info" | grep -q "HTTPS_PROXY=${HTTPS_PROXY}"; then
+      return 1
+    fi
+  fi
+
+  return 0
+}
+
+# Check if builder exists and has correct proxy configuration
+if docker buildx inspect multiarch &>/dev/null; then
+  if ! check_proxy_config; then
+    echo "Builder 'multiarch' exists but has incorrect proxy configuration. Recreating..."
+    docker buildx rm multiarch
+  else
+    echo "Builder 'multiarch' already exists with correct configuration."
+    docker buildx use multiarch
+    exit 0
+  fi
+fi
+
+# Create BuildKit configuration file with proxy settings
+BUILDKIT_CONFIG=""
+if [ -n "${HTTP_PROXY:-}" ] || [ -n "${HTTPS_PROXY:-}" ]; then
+  BUILDKIT_CONFIG="${HOME}/.config/buildkit/buildkitd.toml"
+  mkdir -p "$(dirname "${BUILDKIT_CONFIG}")"
+  cat > "${BUILDKIT_CONFIG}" <<EOF
+[worker.oci]
+  enabled = true
+
+[worker.containerd]
+  enabled = false
+
+# Default build arg values for all builds (includes proxy settings)
+[worker.oci.proxy]
+  http = "${HTTP_PROXY:-}"
+  https = "${HTTPS_PROXY:-}"
+  noProxy = "${NO_PROXY:-}"
+EOF
 fi
+
+# Build driver options for proxy configuration
+DRIVER_OPTS=()
+
+if [ -n "${HTTP_PROXY:-}" ]; then
+  DRIVER_OPTS+=("--driver-opt" "env.HTTP_PROXY=${HTTP_PROXY}")
+fi
+
+if [ -n "${HTTPS_PROXY:-}" ]; then
+  DRIVER_OPTS+=("--driver-opt" "env.HTTPS_PROXY=${HTTPS_PROXY}")
+fi
+
+if [ -n "${NO_PROXY:-}" ]; then
+  DRIVER_OPTS+=("--driver-opt" "env.NO_PROXY=${NO_PROXY}")
+fi
+
+# Add network mode to use host DNS resolution
+DRIVER_OPTS+=("--driver-opt" "network=host")
+
+# Add BuildKit config file if proxy is configured
+if [ -n "${BUILDKIT_CONFIG}" ]; then
+  DRIVER_OPTS+=("--config" "${BUILDKIT_CONFIG}")
+fi
+
+# Create builder with driver options
+docker buildx create --name multiarch --driver docker-container "${DRIVER_OPTS[@]}" --use

src/s-core-devcontainer/.devcontainer/Dockerfile

@@ -1,6 +1,23 @@
 ARG VARIANT="noble"
+
+# Proxy arguments for build-time network access
+ARG HTTP_PROXY
+ARG HTTPS_PROXY
+ARG http_proxy
+ARG https_proxy
+ARG NO_PROXY
+ARG no_proxy
+
 FROM buildpack-deps:${VARIANT}-curl
 
+# Set proxy environment variables for the build process
+ENV HTTP_PROXY=${HTTP_PROXY}
+ENV HTTPS_PROXY=${HTTPS_PROXY}
+ENV http_proxy=${http_proxy}
+ENV https_proxy=${https_proxy}
+ENV NO_PROXY=${NO_PROXY}
+ENV no_proxy=${no_proxy}
+
 LABEL dev.containers.features="common"
 
 ARG VARIANT

src/s-core-devcontainer/.devcontainer/devcontainer.json

@@ -2,7 +2,15 @@
     "build": {
         // Installs latest version from the Distribution
         "dockerfile": "./Dockerfile",
-        "context": "."
+        "context": ".",
+        "args": {
+            "HTTP_PROXY": "${localEnv:HTTP_PROXY}",
+            "HTTPS_PROXY": "${localEnv:HTTPS_PROXY}",
+            "http_proxy": "${localEnv:http_proxy}",
+            "https_proxy": "${localEnv:https_proxy}",
+            "NO_PROXY": "${localEnv:NO_PROXY}",
+            "no_proxy": "${localEnv:no_proxy}"
+        }
     },
     "features": {
         "ghcr.io/devcontainers/features/common-utils": {
@@ -40,6 +48,7 @@
         "./s-core-local"
     ],
     "remoteUser": "vscode",
+    "postStartCommand": "bash -c 'for var in HTTP_PROXY HTTPS_PROXY http_proxy https_proxy NO_PROXY no_proxy; do [ -z \"${!var}\" ] && unset $var || true; done'",
     "customizations": {
         "vscode": {
             "extensions": [

src/s-core-devcontainer/.devcontainer/s-core-local/install.sh

@@ -40,6 +40,10 @@ apt-get install -y python${python_version} python3-pip python3-venv
 # devcontainer feature "python" (cf. https://github.com/devcontainers/features/tree/main/src/python )
 apt-get install -y flake8 python3-autopep8 black python3-yapf mypy pydocstyle pycodestyle bandit pipenv virtualenv python3-pytest pylint
 
+# OpenJDK JRE and CA certificates, via APT
+# Required for Bazel to work with corporate proxy/CA certificates
+apt-get install -y --no-install-recommends ca-certificates-java openjdk-${openjdk_version}-jre-headless
+
 # Bazelisk, directly from GitHub
 # Using the existing devcontainer feature is not optimal:
 # - it does not check the SHA256 checksum of the downloaded file
@@ -63,6 +67,10 @@ mkdir -p /etc/bash_completion.d
 mv /tmp/bazel-complete.bash /etc/bash_completion.d/bazel-complete.bash
 sh -c "echo 'export USE_BAZEL_VERSION=${bazel_version}' >> /etc/profile.d/bazel.sh"
 
+# Configure Bazel to use system trust store for SSL/TLS connections
+# This is required for corporate environments with custom CA certificates
+echo 'startup --host_jvm_args=-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts --host_jvm_args=-Djavax.net.ssl.trustStorePassword=changeit' >> /etc/bazel.bazelrc
+
 # Buildifier, directly from GitHub (apparently no APT repository available)
 # The version is pinned to a specific release, and the SHA256 checksum is provided by the devcontainer-features.json file.
 BUILDIFIER_VARIANT="amd64"
@@ -105,6 +113,9 @@ apt-get install -y --no-install-recommends --fix-broken qemu-system-arm="${qemu_
 # sshpass
 apt-get install -y sshpass="${sshpass_version}*"
 
+# gdb (GNU Debugger)
+apt-get install -y gdb="${gdb_version}*"
+
 # Cleanup
 # REMOVE CONTAINER BUILD DEPENDENCIES
 apt-get remove --purge -y apt-transport-https

src/s-core-devcontainer/.devcontainer/s-core-local/versions.yaml

@@ -10,6 +10,9 @@ qemu_system_arm:
 sshpass:
   version: 1.09
 
+gdb:
+  version: "15.0"
+
 git:
   version: "2.43.0"
 
@@ -19,6 +22,9 @@ git_lfs:
 python:
   version: "3.12"
 
+openjdk:
+  version: "17"
+
 bazel:
   # https://github.com/bazelbuild/bazel/releases -- latest version as of 2025-09-24
   version: 8.4.1