Understanding the DevContainer Specification

Introduction

The DevContainer specification v1.0+ defines a standardized JSON schema for declaring containerized development environments. This section explores the complete specification, schema structure, configuration validation, and compliance requirements across VS Code, GitHub Codespaces, and CLI tools.

Sections

1. Specification Overview & Schema Structure

The devcontainer specification defines a JSON schema that declares containerized development environments. The specification enforces exactly three mandatory root-level properties: either image or dockerFile (but not both), plus additional optional declarations for tooling, IDE extensions, and lifecycle management.

Specification versions are tracked through the schema registry. Use schemaVersion to declare target version. Version mismatches between tools can cause surprising behavior—always document.

2. Core Configuration Properties

Every devcontainer.json must declare a base execution context: either image (OCI image reference) or dockerFile (build context). The remoteUser property explicitly defines the non-root user for all container operations.

The features array enables modular post-build tooling injection. Features execute in declarative order and can depend on each other. The customizations namespace isolates IDE-specific configuration (VS Code settings, extensions, etc.).

3. Lifecycle Hook Execution & Ordering

Lifecycle hooks execute in strict order: onCreateCommand (once, before image build completes) → updateContentCommand (dependency/package updates) → postCreateCommand (workspace-ready initialization) → postStartCommand (every container start).

Understanding hook ordering is critical for deterministic initialization. Hooks execute in sequence—later hooks cannot proceed if earlier hooks fail. Use explicit exit codes and logging to debug initialization failures.

4. Validation & Error Handling

The devcontainer validate CLI command validates configurations against the spec schema. Integration into pre-commit hooks catches configuration errors before merging.

Common validation errors include: missing required fields, conflicting properties (e.g., both image and dockerFile), and invalid property types. CLI tools provide detailed error messages to guide corrections.

Code Blocks

Minimal devcontainer.json (valid)

{
  "name": "My DevContainer",
  "image": "mcr.microsoft.com/devcontainers/base:ubuntu@sha256:example"
}

Complete devcontainer.json with all specifications

{
  "name": "Full-Featured Dev Environment",
  "image": "mcr.microsoft.com/devcontainers/base:ubuntu-22.04@sha256:example",
  "remoteUser": "vscode",
  "features": {
    "ghcr.io/devcontainers/features/node:1": {
      "version": "18.17.0"
    }
  },
  "customizations": {
    "vscode": {
      "extensions": [
        "ms-python.python@2023.2.10221011"
      ],
      "settings": {
        "editor.formatOnSave": true,
        "python.linting.enabled": true
      }
    }
  },
  "onCreateCommand": "echo 'Container created'",
  "postCreateCommand": "npm ci",
  "postStartCommand": "echo 'Container started'",
  "forwardPorts": [3000, 5432],
  "portsAttributes": {
    "3000": {
      "label": "Application",
      "onAutoForward": "notify"
    }
  }
}

Specification validation in GitHub Actions

name: Validate DevContainer Config

on: [push, pull_request]

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: devcontainers/action@v1
        with:
          path: ${{ github.workspace }}
          push: false

Common Pitfalls

  • Missing remoteUser: Omitting remoteUser defaults to root, causing permission conflicts. Explicitly declare non-root users.
  • Conflicting image/dockerFile: Declaring both triggers validation errors. Choose one approach and document rationale.
  • Hook execution assumptions: PostCreateCommand running before volume mounts complete causes workspace hydration failures. Understand strict ordering.
  • Floating image tags: Using latest or stable breaks determinism. Always pin exact SHA digests.
  • Schema version mismatch: Older tooling may not recognize newer spec features. Document minimum tooling versions required.

FAQ

How do I validate devcontainer.json locally? Use devcontainer validate CLI or VS Code’s built-in schema validation. Enable VS Code’s JSON schema validation for instant feedback during editing.

What does the spec guarantee about reproducibility? The spec guarantees configuration syntax validation and ordered feature execution. It does not guarantee byte-perfect reproducibility across builds—external factors (network, timestamps, host environment) still apply.