gitpod-io
diff --git a/‎components/gitpod-cli/cmd/rebuild.go
Lines changed: 97 additions & 17 deletions b/‎components/gitpod-cli/cmd/rebuild.go
Lines changed: 97 additions & 17 deletions
diff --git a/‎components/supervisor/cmd/init.go
Lines changed: 9 additions & 0 deletions b/‎components/supervisor/cmd/init.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎components/supervisor/cmd/proxy.go
Lines changed: 56 additions & 0 deletions b/‎components/supervisor/cmd/proxy.go
Lines changed: 56 additions & 0 deletions
diff --git a/‎components/ws-proxy/pkg/proxy/config.go
Lines changed: 6 additions & 4 deletions b/‎components/ws-proxy/pkg/proxy/config.go
Lines changed: 6 additions & 4 deletions
diff --git a/‎components/ws-proxy/pkg/proxy/routes.go
Lines changed: 13 additions & 1 deletion b/‎components/ws-proxy/pkg/proxy/routes.go
Lines changed: 13 additions & 1 deletion
diff --git a/‎components/ws-proxy/pkg/proxy/routes_test.go
Lines changed: 14 additions & 12 deletions b/‎components/ws-proxy/pkg/proxy/routes_test.go
Lines changed: 14 additions & 12 deletions
diff --git a/‎components/ws-proxy/pkg/proxy/workspacerouter.go
Lines changed: 13 additions & 7 deletions b/‎components/ws-proxy/pkg/proxy/workspacerouter.go
Lines changed: 13 additions & 7 deletions
diff --git a/‎install/installer/cmd/testdata/render/aws-setup/output.golden
Lines changed: 2 additions & 1 deletion b/‎install/installer/cmd/testdata/render/aws-setup/output.golden
Lines changed: 2 additions & 1 deletion
diff --git a/‎install/installer/cmd/testdata/render/azure-setup/output.golden
Lines changed: 2 additions & 1 deletion b/‎install/installer/cmd/testdata/render/azure-setup/output.golden
Lines changed: 2 additions & 1 deletion
@@ -6,7 +6,10 @@ package cmd
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"io/ioutil"
+	"net/url"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -141,9 +144,9 @@ func runRebuild(ctx context.Context, supervisorClient *supervisor.SupervisorClie
 		return err
 	}
 
-	tag := "gp-rebuild-temp-build"
+	imageTag := "gp-rebuild-temp-build"
 
-	dockerCmd := exec.Command(dockerPath, "build", "-t", tag, "--progress=tty", ".")
+	dockerCmd := exec.Command(dockerPath, "build", "-t", imageTag, "--progress=tty", ".")
 	dockerCmd.Dir = tmpDir
 	dockerCmd.Stdout = os.Stdout
 	dockerCmd.Stderr = os.Stderr
@@ -168,31 +171,108 @@ func runRebuild(ctx context.Context, supervisorClient *supervisor.SupervisorClie
 		return err
 	}
 
-	messages := []string{
-		"\n\nYou are now connected to the container",
-		"You can inspect the container and make sure the necessary tools & libraries are installed.",
-		"When you are done, just type exit to return to your Gitpod workspace\n",
+	workspaceUrl, err := url.Parse(wsInfo.WorkspaceUrl)
+	if err != nil {
+		return err
 	}
+	workspaceUrl.Host = "debug-" + workspaceUrl.Host
+
+	// TODO what about auto derived by server, i.e. JB for prebuilds? we should move them into the workspace then
+	tasks, err := json.Marshal(gitpodConfig.Tasks)
+	if err != nil {
+		return err
+	}
+
+	var envVars []string
 
-	welcomeMessage := strings.Join(messages, "\n")
+	// TODO run under sudo - a hack to get tokens properly
+	// supervisor - hardcode for now, but how to separate from workspace envs?
+	// are there any other env vars which are not picked up by supervisor, but has to propagated from ws-manager to support docker or something?
+	initEnvs, err := ioutil.ReadFile("/proc/1/environ")
+	if err != nil {
+		return err
+	}
+	initEnviron := strings.Split(string(initEnvs), "\x00")
+	for _, env := range initEnviron {
+		if env == "" {
+			continue
+		}
+		parts := strings.SplitN(env, "=", 2)
+		key := parts[0]
+		if key == "THEIA_SUPERVISOR_TOKENS" || strings.HasPrefix(key, "GITPOD_") {
+			envVars = append(envVars, env)
+		}
+	}
+
+	envVars = append(envVars, "SUPERVISOR_DEBUG_WORKSPACE=true")
+	envVars = append(envVars, fmt.Sprintf("GITPOD_TASKS=%s", string(tasks)))
+	// TODO pass prebuild option or gp rebuild prebuild?
+	envVars = append(envVars, fmt.Sprintf("GITPOD_HEADLESS=%s", "false"))
+	envVars = append(envVars, fmt.Sprintf("GITPOD_PREVENT_METADATA_ACCESS=%s", "false"))
+	envVars = append(envVars, fmt.Sprintf("GITPOD_WORKSPACE_URL=%s", workspaceUrl))
+
+	// TODO IDE - get rid of env vars in images, use supervisor api as a mediator to support many IDEs running in the same worksapce
+	// TODO PATH - use well defined locations to pick up binaries, i.e. /ide/bin or /ide-desktop/bin in supervisor
+	envVars = append(envVars, fmt.Sprintf("VSX_REGISTRY_URL=%s", os.Getenv("VSX_REGISTRY_URL")))
+	envVars = append(envVars, fmt.Sprintf("EDITOR=%s", os.Getenv("EDITOR")))
+	envVars = append(envVars, fmt.Sprintf("VISUAL=%s", os.Getenv("VISUAL")))
+	envVars = append(envVars, fmt.Sprintf("GP_OPEN_EDITOR=%s", os.Getenv("GP_OPEN_EDITOR")))
+	envVars = append(envVars, fmt.Sprintf("GIT_EDITOR=%s", os.Getenv("GIT_EDITOR")))
+	envVars = append(envVars, fmt.Sprintf("GP_PREVIEW_BROWSER=%s", os.Getenv("GP_PREVIEW_BROWSER")))
+	envVars = append(envVars, fmt.Sprintf("GP_EXTERNAL_BROWSER=%s", os.Getenv("GP_EXTERNAL_BROWSER")))
+
+	userEnvs, err := exec.CommandContext(ctx, "gp", "env").CombinedOutput()
+	if err != nil {
+		return err
+	}
+
+	// TODO project? - should not it be covered by gp env
+
+	var envs string
+	for _, env := range envVars {
+		envs += env + "\n"
+	}
+	envs += string(userEnvs)
+
+	envFile := filepath.Join(tmpDir, ".env")
+	err = os.WriteFile(envFile, []byte(envs), 0644)
+	if err != nil {
+		return err
+	}
 
-	dockerRunCmd := exec.Command(
+	runCmd := exec.Command(
 		dockerPath,
 		"run",
 		"--rm",
+		"--user", "root",
+		"--privileged",
 		"--label", "gp-rebuild=true",
-		"-it",
-		tag,
-		"bash",
-		"-c",
-		fmt.Sprintf("echo '%s'; bash", welcomeMessage),
+		"--env-file", envFile,
+
+		// ports
+		"-p", "24999:22999", // supervisor
+		"-p", "25000:23000", // Web IDE
+		"-p", "25001:23001", // SSH
+		// 23002 dekstop IDE port, but it is covered by debug workspace proxy
+		"-p", "25003:23003", // debug workspace proxy
+
+		// volumes
+		"-v", "/workspace:/workspace",
+		"-v", "/.supervisor:/.supervisor",
+		"-v", "/var/run/docker.sock:/var/run/docker.sock",
+		"-v", "/ide:/ide",
+		"-v", "/ide-desktop:/ide-desktop",
+		"-v", "/ide-desktop-plugins:/ide-desktop-plugins", // TODO refactor to keep all IDE deps under ide or ide-desktop
+
+		imageTag,
+		"/.supervisor/supervisor", "init",
 	)
 
-	dockerRunCmd.Stdout = os.Stdout
-	dockerRunCmd.Stderr = os.Stderr
-	dockerRunCmd.Stdin = os.Stdin
+	runCmd.Stdout = os.Stdout
+	runCmd.Stderr = os.Stderr
+	runCmd.Stdin = os.Stdin
 
-	err = dockerRunCmd.Run()
+	err = runCmd.Run()
 	if _, ok := err.(*exec.ExitError); ok {
 		fmt.Println("Docker Run Command Failed")
 		event.Set("ErrorCode", utils.RebuildErrorCode_DockerRunFailed)
 
@@ -63,9 +63,18 @@ var initCmd = &cobra.Command{
 			return
 		}
 
+		debugProxyCtx, stopDebugProxy := context.WithCancel(context.Background())
+		if os.Getenv("SUPERVISOR_DEBUG_WORKSPACE") == "true" {
+			err = exec.CommandContext(debugProxyCtx, supervisorPath, "proxy").Start()
+			if err != nil {
+				log.WithError(err).Error("cannot run debug workspace proxy")
+			}
+		}
+
 		supervisorDone := make(chan struct{})
 		go func() {
 			defer close(supervisorDone)
+			defer stopDebugProxy()
 
 			err := runCommand.Wait()
 			if err != nil && !(strings.Contains(err.Error(), "signal: ") || strings.Contains(err.Error(), "no child processes")) {
 
@@ -0,0 +1,56 @@
+// Copyright (c) 2023 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License.AGPL.txt in the project root for license information.
+
+package cmd
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strconv"
+
+	"github.com/gitpod-io/gitpod/common-go/log"
+	"github.com/spf13/cobra"
+)
+
+func NewSingleHostReverseProxy(target *url.URL) *httputil.ReverseProxy {
+	director := func(req *http.Request) {
+		req.URL.Scheme = target.Scheme
+		req.URL.Host = target.Host
+		if _, ok := req.Header["User-Agent"]; !ok {
+			// explicitly disable User-Agent so it's not set to default value
+			req.Header.Set("User-Agent", "")
+		}
+		req.Header.Del("X-WS-Proxy-Debug-Port")
+	}
+	return &httputil.ReverseProxy{Director: director}
+}
+
+var proxyCmd = &cobra.Command{
+	Use:   "proxy",
+	Short: "forward request to debug workspace",
+	Run: func(cmd *cobra.Command, args []string) {
+		log.Fatal(http.ListenAndServe(":23003", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			portStr := r.Header.Get("X-WS-Proxy-Debug-Port")
+			port, err := strconv.Atoi(portStr)
+			if err != nil || port < 1 || port > 65535 {
+				w.WriteHeader(502)
+				return
+			}
+			dst, err := url.Parse("http://10.0.6.2:" + portStr)
+			if err != nil {
+				w.WriteHeader(502)
+				return
+			}
+			fmt.Printf("%+v\n", dst)
+			proxy := NewSingleHostReverseProxy(dst)
+			proxy.ServeHTTP(w, r)
+		})))
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(proxyCmd)
+}
@@ -71,10 +71,11 @@ func (c *HostBasedIngressConfig) Validate() error {
 
 // WorkspacePodConfig contains config around the workspace pod.
 type WorkspacePodConfig struct {
-	TheiaPort           uint16 `json:"theiaPort"`
-	IDEDebugPort        uint16 `json:"ideDebugPort"`
-	SupervisorPort      uint16 `json:"supervisorPort"`
-	SupervisorDebugPort uint16 `json:"supervisorDebugPort"`
+	TheiaPort               uint16 `json:"theiaPort"`
+	IDEDebugPort            uint16 `json:"ideDebugPort"`
+	SupervisorPort          uint16 `json:"supervisorPort"`
+	SupervisorDebugPort     uint16 `json:"supervisorDebugPort"`
+	DebugWorkspaceProxyPort uint16 `json:"debugWorkspaceProxyPort"`
 	// SupervisorImage is deprecated
 	SupervisorImage string `json:"supervisorImage"`
 }
@@ -90,6 +91,7 @@ func (c *WorkspacePodConfig) Validate() error {
 		validation.Field(&c.IDEDebugPort, validation.Required),
 		validation.Field(&c.SupervisorPort, validation.Required),
 		validation.Field(&c.SupervisorDebugPort, validation.Required),
+		validation.Field(&c.DebugWorkspaceProxyPort, validation.Required),
 	)
 	if len(c.SupervisorImage) > 0 {
 		log.Warn("config value 'workspacePodConfig.supervisorImage' is deprected, use it only to be backwards compatible")
 
@@ -419,6 +419,12 @@ func installWorkspacePortRoutes(r *mux.Router, config *RouteHandlerConfig, infoP
 			r.Header.Add("X-Forwarded-Proto", "https")
 			r.Header.Add("X-Forwarded-Host", r.Host)
 			r.Header.Add("X-Forwarded-Port", "443")
+
+			coords := getWorkspaceCoords(r)
+			if coords.Debug {
+				r.Header.Add("X-WS-Proxy-Debug-Port", coords.Port)
+			}
+
 			proxyPass(
 				config,
 				infoProvider,
@@ -449,7 +455,13 @@ func workspacePodResolver(config *Config, infoProvider WorkspaceInfoProvider, re
 func workspacePodPortResolver(config *Config, infoProvider WorkspaceInfoProvider, req *http.Request) (url *url.URL, err error) {
 	coords := getWorkspaceCoords(req)
 	workspaceInfo := infoProvider.WorkspaceInfo(coords.ID)
-	return buildWorkspacePodURL(workspaceInfo.IPAddress, coords.Port)
+	var port string
+	if coords.Debug {
+		port = fmt.Sprint(config.WorkspacePodConfig.DebugWorkspaceProxyPort)
+	} else {
+		port = coords.Port
+	}
+	return buildWorkspacePodURL(workspaceInfo.IPAddress, port)
 }
 
 // workspacePodSupervisorResolver resolves to the workspace pods Supervisor url from the given request.
 
@@ -56,14 +56,15 @@ var (
 		},
 	}
 
-	ideServerHost       = "localhost:20000"
-	workspacePort       = uint16(20001)
-	supervisorPort      = uint16(20002)
-	workspaceDebugPort  = uint16(20004)
-	supervisorDebugPort = uint16(20005)
-	workspaceHost       = fmt.Sprintf("localhost:%d", workspacePort)
-	portServeHost       = fmt.Sprintf("localhost:%d", workspaces[0].Ports[0].Port)
-	blobServeHost       = "localhost:20003"
+	ideServerHost           = "localhost:20000"
+	workspacePort           = uint16(20001)
+	supervisorPort          = uint16(20002)
+	workspaceDebugPort      = uint16(20004)
+	supervisorDebugPort     = uint16(20005)
+	debugWorkspaceProxyPort = uint16(20006)
+	workspaceHost           = fmt.Sprintf("localhost:%d", workspacePort)
+	portServeHost           = fmt.Sprintf("localhost:%d", workspaces[0].Ports[0].Port)
+	blobServeHost           = "localhost:20003"
 
 	config = Config{
 		TransportConfig: &TransportConfig{
@@ -82,10 +83,11 @@ var (
 			Scheme: "http",
 		},
 		WorkspacePodConfig: &WorkspacePodConfig{
-			TheiaPort:           workspacePort,
-			SupervisorPort:      supervisorPort,
-			IDEDebugPort:        workspaceDebugPort,
-			SupervisorDebugPort: supervisorDebugPort,
+			TheiaPort:               workspacePort,
+			SupervisorPort:          supervisorPort,
+			IDEDebugPort:            workspaceDebugPort,
+			SupervisorDebugPort:     supervisorDebugPort,
+			DebugWorkspaceProxyPort: debugWorkspaceProxyPort,
 		},
 		BuiltinPages: BuiltinPagesConfig{
 			Location: "../../public",
 
@@ -80,7 +80,7 @@ type hostHeaderProvider func(req *http.Request) string
 func matchWorkspaceHostHeader(wsHostSuffix string, headerProvider hostHeaderProvider, matchPort bool) mux.MatcherFunc {
 	var regexPrefix string
 	if matchPort {
-		regexPrefix = workspacePortRegex + workspaceIDRegex
+		regexPrefix = workspacePortRegex + debugWorkspaceRegex + workspaceIDRegex
 	} else {
 		regexPrefix = debugWorkspaceRegex + workspaceIDRegex
 	}
@@ -95,17 +95,23 @@ func matchWorkspaceHostHeader(wsHostSuffix string, headerProvider hostHeaderProv
 
 		var workspaceID, workspacePort, debugWorkspace string
 		matches := r.FindStringSubmatch(hostname)
-		if len(matches) < 3 {
-			return false
-		}
 		if matchPort {
-			// https://3000-coral-dragon-ilr0r6eq.ws-eu10.gitpod.io/index.html
-			// debugWorkspace:
+			if len(matches) < 4 {
+				return false
+			}
+			if matches[2] != "" {
+				debugWorkspace = "true"
+			}
+			// https://3000-debug-coral-dragon-ilr0r6eq.ws-eu10.gitpod.io/index.html
+			// debugWorkspace: true
 			// workspaceID: coral-dragon-ilr0r6eq
 			// workspacePort: 3000
-			workspaceID = matches[2]
+			workspaceID = matches[3]
 			workspacePort = matches[1]
 		} else {
+			if len(matches) < 3 {
+				return false
+			}
 			// https://debug-coral-dragon-ilr0r6eq.ws-eu10.gitpod.io/index.html
 			// debugWorkspace: true
 			// workspaceID: coral-dragon-ilr0r6eq