[wip] Additional devcontainer improvements

[stbenjam]

Summary by CodeRabbit

• Chores
  • Expanded devcontainer configuration to support Claude Code plugins and MCP server setup, including Playwright and Atlassian integrations.
  • Added new devcontainer-up and devcontainer-claude make targets for simplified devcontainer management and command execution.
  • Enhanced credential file initialization to ensure proper setup within the devcontainer environment.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: stbenjam

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [stbenjam]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

This PR adds Claude Code development environment integration to the devcontainer by mounting credentials, initializing configuration files, and registering Claude plugins and MCP servers (Playwright, marketplace plugins, sippy-dev) alongside build tooling targets.

Changes

Claude Code Development Environment Setup

Layer / File(s)	Summary
Container Configuration .devcontainer/devcontainer.json	Bind-mount Claude credentials from host ${localEnv:HOME}/.claude/.credentials.json into container at /home/vscode/.claude/.credentials.json as a writable mount.
Host Initialization .devcontainer/init-services.sh	Create $HOME/.claude directory and initialize $HOME/.claude/.credentials.json with an empty JSON object if the file does not exist, ensuring bind-mount prerequisites are satisfied before container startup.
Container Post-Creation Setup .devcontainer/post-create.sh	Install and configure Claude Code plugins and MCP servers: Playwright, marketplace plugins (openshift-eng/ai-helpers, anthropics/claude-plugins-official), specific plugin versions (golang, typescript-lsp), sippy-dev MCP pointing to mcp/run.sh, and HTTP transport MCP for Atlassian.
Build & Ignore Configuration Makefile, .gitignore	Add devcontainer-up and devcontainer-claude make targets; conditionally skip prerequisite checks (npm, go) for devcontainer targets; ignore generated .playwright-mcp/ directory.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 17

✅ Passed checks (17 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Additional devcontainer improvements' accurately reflects the main changes, which are comprehensive updates to devcontainer configuration files, initialization scripts, and build targets.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Go Error Handling	✅ Passed	The custom check requires Go error handling patterns. This PR only modifies configuration and shell script files, not Go source code. The check is not applicable.
Sql Injection Prevention	✅ Passed	PR only modifies infrastructure files. No SQL query code is modified. Database credentials passed as env variables, not in SQL construction.
Excessive Css In React Should Use Styles	✅ Passed	Check not applicable. PR only modifies devcontainer config, shell scripts, .gitignore, and Makefile. No React components with CSS present.
Test Coverage For New Features	✅ Passed	PR modifies only infrastructure config files and scripts. No new Go functions, bug fixes, or frontend components. Configuration-only changes are exempted from test coverage.
Single Responsibility And Clear Naming	✅ Passed	Custom check for single responsibility and clear naming in packages/structs/methods is not applicable. PR only modifies configuration and build files with no code packages, structs, or methods.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo tests present in this PR. Changes only modify devcontainer configuration, shell scripts, gitignore, and Makefile files.
Test Structure And Quality	✅ Passed	The custom check is not applicable to this PR. The PR contains no Ginkgo test code changes (only devcontainer and Makefile changes), so the test quality requirements cannot apply.
Microshift Test Compatibility	✅ Passed	This PR adds no Ginkgo e2e tests. All changes are dev container configuration and build files. The MicroShift test compatibility check does not apply.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add new Ginkgo e2e tests. Changes are limited to devcontainer config, shell scripts, .gitignore, and Makefile. The SNO test compatibility check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only dev container config, .gitignore, and Makefile—not deployment manifests, operator code, or controllers. No Kubernetes scheduling constraints introduced.
Ote Binary Stdout Contract	✅ Passed	PR modifies only infrastructure/configuration files (.devcontainer config, .gitignore, Makefile). No OTE binary code or test infrastructure is modified. Custom check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR contains no Ginkgo e2e tests. It only modifies devcontainer config, shell scripts, and build files. The IPv6/disconnected network test compatibility check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

Makefile (1)

81-82: ⚡ Quick win

Add a container state check or document the prerequisite.

The target assumes the sippy-dev container is running. If it's not, podman exec will fail with a potentially unclear error message.

🛡️ Recommended fix to add container state check

 devcontainer-claude:
+	`@podman` inspect sippy-dev --format '{{.State.Running}}' 2>/dev/null | grep -q true || \
+	  (echo "ERROR: sippy-dev container is not running. Run 'make devcontainer-up' first." && exit 1)
 	podman exec -it -w /workspace sippy-dev claude $(CLAUDE_ARGS)

Alternatively, document in a comment that devcontainer-up must be run first:

+# Requires devcontainer-up to be run first
 devcontainer-claude:
 	podman exec -it -w /workspace sippy-dev claude $(CLAUDE_ARGS)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` around lines 81 - 82, The devcontainer-claude Makefile target
assumes the sippy-dev container is running; add a runtime check or document the
prerequisite. Update the devcontainer-claude target to first verify container
state (e.g., check podman/containers for a running sippy-dev) and fail with a
clear message advising to run devcontainer-up if not running, or simply add a
comment above the target stating that devcontainer-up must be executed before
devcontainer-claude; reference the Makefile target name devcontainer-claude and
the podman exec invocation to locate where to add the check or comment.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.devcontainer/devcontainer.json:
- Line 12: Replace the bind mount of the single credentials file with a bind
mount of the parent .claude directory so inode-swapping updates won’t break the
container (i.e., change the mount entry that currently binds the specific
credentials.json to bind the .claude directory instead, keeping the target
directory under the container user). Also update the init script
(init-services.sh) to create the .claude directory if missing rather than
creating the credentials file so the container can accept file replacements
performed by the Claude CLI.

In @.devcontainer/post-create.sh:
- Around line 20-27: post-create.sh runs multiple "claude" CLI commands without
verifying the CLI exists; add a defensive check at the top of the script (before
the claude mcp / plugin commands) that uses command availability (e.g., command
-v claude or which claude) and, if missing, prints a clear error message and
exits non-zero so the configuration commands (the lines invoking claude mcp add,
claude plugin marketplace add, claude plugin install, etc.) are not executed;
ensure the check is present before the block that starts with "echo '==>
Configuring Claude Code plugins...'" so all referenced invocations are
protected.

---

Nitpick comments:
In `@Makefile`:
- Around line 81-82: The devcontainer-claude Makefile target assumes the
sippy-dev container is running; add a runtime check or document the
prerequisite. Update the devcontainer-claude target to first verify container
state (e.g., check podman/containers for a running sippy-dev) and fail with a
clear message advising to run devcontainer-up if not running, or simply add a
comment above the target stating that devcontainer-up must be executed before
devcontainer-claude; reference the Makefile target name devcontainer-claude and
the podman exec invocation to locate where to add the check or comment.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: cd5e254b-654d-45c1-9b7c-9ecc8800a8c8

📥 Commits

Reviewing files that changed from the base of the PR and between d088bde and bf81aa2.

⛔ Files ignored due to path filters (1)

• .claude/settings.json is excluded by !.claude/**

📒 Files selected for processing (5)

• .devcontainer/devcontainer.json
• .devcontainer/init-services.sh
• .devcontainer/post-create.sh
• .gitignore
• Makefile

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Consider mounting the .claude directory instead of the specific credentials file.

File-level bind mounts are fragile when the application performs atomic file updates (write to temporary file + rename). If the Claude CLI updates credentials by replacing the file rather than modifying it in-place, the bind mount will break and the container will still see the old inode.

Mounting the parent directory is more robust:

📁 Recommended fix to mount the directory

-    "source=${localEnv:HOME}/.claude/.credentials.json,target=/home/vscode/.claude/.credentials.json,type=bind"
+    "source=${localEnv:HOME}/.claude,target=/home/vscode/.claude,type=bind"

This also requires updating .devcontainer/init-services.sh accordingly (it currently creates the file, but would only need to create the directory).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.devcontainer/devcontainer.json at line 12, Replace the bind mount of the
single credentials file with a bind mount of the parent .claude directory so
inode-swapping updates won’t break the container (i.e., change the mount entry
that currently binds the specific credentials.json to bind the .claude directory
instead, keeping the target directory under the container user). Also update the
init script (init-services.sh) to create the .claude directory if missing rather
than creating the credentials file so the container can accept file replacements
performed by the Claude CLI.

[openshift-merge-bot]

Scheduling required tests:
/test e2e

[openshift-ci]

@stbenjam: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.