[robomc]

We are an agency where you might flip between working on several completely different projects in a week, and for us it's extremely useful.

We'd had all our sites set up to run fairly easily via docker compose prior, but I'd still find myself debugging people's setups fairly frequently. And giving developers data and secrets was often either insecure or complicated, depending on the codebase.

With codespaces, people can just jump straight into a working project, without pulling any client code or secrets or data onto their machine. It still requires maintenance sometimes but at least when I fix the codespace config I know everyone will definitely benefit from the changes.

The main downside is it's pretty expensive (if you have, say, 10 devs using it all day every day) compared to "free".

If you work on just a few projects, and/or you have very sophisticated systems across the board (like every site has an on-rails setup script with useful sanitized dev data, and secure SSO'd secrets management), I doubt it's worth it.

But in our case, a relatively junior dev being able to spin up a working dev version of a site they've never worked on in 5 minutes with no issues, so they can knock out a 3 hour change and maybe never work on it again, is a big money saver.

It's also meant that we can more easily standardize everyone's laptops without having to consider how well they work as bare metal dev machines (which has meant we can move everyone to fairly cheap macbook airs without people moaning about their tooling or storage size etc.)

I also like that access to a lot of stuff becomes directly mediated moment to moment by someone's github access (which for us also runs through our sso, cloudflare zt etc).

We're doing it in a slightly clunky way though - we use docker compose still, inside the codespace. I like this approach personally bc it feels like we're less locked in to the platform. For us it also made the initial migration easier. I think it also makes debugging the environment a bit easier because you don't need to keep rebuilding constantly on changes, you can just dcb dcup...

[jwhitlark]

Since devcontainer.json works fine on docker desktop, I usually use that, but I do use codespaces frequently for review and small patches, as well as exploring new libraries. I'm slowly adding devcontainers to the open source projects I work on. It's much nicer to have a docker compose file and several docker files in this setup than maintaining instructions on setting up test environments.

I've run k8s/k3s with docker-in-docker this way too. Really easy once you get it setup, and great for playing with architecture ideas.

[mgbmtl]

Any suggestions for a small agency that handles sites with a lot of personal information?

I work in a small shop and things are messy. Similar to having hundreds of WordPress sites, but we managed to standardize the main set of plugins we use on all clients (this has its own git repo), and clients will have their custom theme and some custom plugins (in another repo).

Ideally we would have a tool that lets us spin up a dev site for any client, fetch the production database from the last backup, anonymize the data, connect an IDE and have git commit access.

[robomc]

I mean, in codespaces you have scripts that run as the codespace is built. So we basically have s3 buckets with appropriately-sanitized (hopefully) data dumps that the repos copy down and then import into the database.

You can tell codespaces to include the AWS commandline tooling automatically via the devcontainer "features" attributes. And you can tell it to run a script once the codespace has initially been created using the postCreateCommand (which imo is a lot easier to debug than beforeCreate...

For us the s3 credentials live in the github repo as codespace secrets (although I think you could set up a much better auth approach via the vscode aws plugins possibly).

[mgbmtl]

Cool, thanks for the hints. I'll dig more in that direction :)

[chx]

> which has meant we can move everyone to fairly cheap macbook airs

> fairly cheap macbook airs

what did I just read

[robomc]

dunno what to tell you, they're a hell of a lot cheaper than the macbook pros and system76 laptops staff used to get.

[chx]

and I dunno what to tell you, it's insanity that any Mac laptop is considered cheap in any way or form when you are not even running anything locally. It's reckless excess ? dunno how to say this.