devcontainer: Ubuntu 24.04 (GCC 13) に上げて CI と compiler を一致させる#45
Merged
Conversation
CI runs on ubuntu-latest (24.04, GCC 13) but the devcontainer was pinned to ubuntu:22.04 (GCC 11). The two compilers disagreed on flow- sensitive warnings — most visibly -Wmaybe-uninitialized in #44, where GCC 11 let three false-negative sites through that GCC 13 caught, costing three CI round-trips before the gap was closed. Bumping the devcontainer image to 24.04 makes `g++` resolve to 13.x, matching CI. Anything that builds locally now also builds in CI. Side effects of the bump: - Ubuntu 24.04 images ship a default `ubuntu` user at uid=1000, which collided with the existing `useradd --uid 1000 vscode`. The Dockerfile now deletes the stock user first; `|| true` keeps it tolerant of older bases that lack one. - `--platform=linux/amd64` is retained, so Apple Silicon QEMU emulation still works (still: build/edit/test only, not for benchmarking). - ubuntu.deps package names (libboost-filesystem-dev, libgflags-dev, libgoogle-glog-dev, cmake, g++) are unchanged on 24.04. Verified locally with gcc-13 (13.4.0 from ubuntu-toolchain-r PPA): all 34 binaries build clean under -DCMAKE_BUILD_TYPE=Release with the Werror=maybe-uninitialized that #44 turned on. CLAUDE.md's "Compiler-version mismatch with CI" section, added in #44 as a workaround, collapses into a one-line "both ship GCC 13" note now that there's no mismatch to work around.
3 tasks
…e :latest The previous single-stage image bundled zsh / clang-format / sudo / openssh-client / curl — fine for the human-facing devcontainer, but dead weight in CI where `actions/checkout` and the cmake build are the only consumers. Container init in PR #46 paid for those layers on every CI run. Split the Dockerfile into two stages and publish them as two tags from the same workflow: - `base` stage -> :ci (minimum apt deps + vscode user, root by default) - `dev` stage -> :latest (`base` + zsh, clang-format, sudo, openssh-client, curl, USER vscode) `.github/workflows/devcontainer-image.yml` now invokes `docker/build-push-action` twice, each with a different `target:`, sharing the same `:cache` so layers are deduplicated. Devcontainer users keep using :latest with no change. CI's build.yml will be flipped to :ci in a follow-up PR once this lands and the new tag is published.
This was referenced May 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
背景
#44 で
-Werror=maybe-uninitializedを有効化した際、CI (GCC 13) でだけ落ちる箇所が 3 ラウンド 出て、毎回 push して CI 待ち → fix のループに陥った(cicadapre_ver、moccthreshold、siloLogRecordpadding)。原因は devcontainer が ubuntu:22.04 = GCC 11 で、CI のubuntu-latest= GCC 13 と flow-sensitive 警告の挙動が一致していなかったこと。ついでに、#46 で「CI を devcontainer image の中で走らせれば apt install が消えて高速化できる」と試したところ、image に dev 専用ツール (zsh / clang-format / sudo / openssh-client / curl) が乗っていて container init で +15s 食われ、ネットでは逆に遅くなっていた。
この PR でその両方を根本対応する:
g++が GCC 13.x に解決され、CI と一致:latest(= dev stage) ← devcontainer 用、zsh/clang-format/sudo/openssh-client/curl 入り (今まで通り):ci(= base stage) ← CI 用、上記 dev ツールなしの slim 版変更
.devcontainer/Dockerfile:ubuntu:22.04→ubuntu:24.04、Multi-stage (base+dev) に分割。base stage でuserdel -r ubuntu 2>/dev/null || trueを入れて 24.04 のデフォルト ubuntu ユーザー (uid=1000) と vscode の衝突を回避。--platform=linux/amd64維持で Apple Silicon QEMU 動作は変わらず。.github/workflows/devcontainer-image.yml:docker/build-push-actionを 2 回呼び、target: devを:latestに、target: baseを:ciに push。layer cache は:cachetag で共有。CLAUDE.md: oze: 未初期化 ScanRange union を修正 + -Werror=maybe-uninitialized を有効化 #44 で追加した "Compiler-version mismatch with CI" workaround セクションを 1 行 ("both ship GCC 13") に縮約。認証
ghcr image は public (anonymous bearer-token pull で manifest 取得可能、HTTP 200)。CI 側でも
credentials:不要。検証
gcc-13/g++-13インストール、oze: 未初期化 ScanRange union を修正 + -Werror=maybe-uninitialized を有効化 #44 の-Werror=maybe-uninitialized込みで全 34 バイナリ成功):latestと:ci両方が ghcr に publish される:citag が publish されたら、CI: ghcr の devcontainer image でビルドして apt install を省く #46 を rebase + container.image を:ciに切り替える follow-up PR を出すトレードオフ
:latest):ci(slim) —:latestの重い layers を pull せずに済むRelated
:ci切り替え