diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index d12e767..99d4bc6 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -82,13 +82,11 @@ jobs: env: ARCHITECTURE: '${{ matrix.arch }}' - DOCKER_TAG: '${{ inputs.docker_tag }}' CONTAINER_NAME: '${{ inputs.container_name }}' - BASE_VERSION: ${{ inputs.docker_tag}} - IMAGE_TAG: ":${{ inputs.docker_tag }}-${{ matrix.arch }}" + MULTI_ARCH_TAG: '${{ inputs.docker_tag }}' + BASE_VERSION_TAG: ${{ inputs.docker_tag}} + IMAGE_TAG: "${{ inputs.docker_tag }}-${{ matrix.arch }}" BASE_FOLDER: "${{ inputs.base_folder }}" - VSCODE_UID: "1001" - VSCODE_GID: "1001" - name: Check docker vulnerabilities - json output uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: @@ -133,6 +131,7 @@ jobs: run: | echo "Pushing image..." docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}" + echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}" >> "$GITHUB_STEP_SUMMARY" env: DOCKER_TAG: ${{ inputs.docker_tag }} CONTAINER_NAME: '${{ inputs.container_name }}' @@ -143,6 +142,7 @@ jobs: docker tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}" "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}" echo "Pushing image..." docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}" + echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}" >> "$GITHUB_STEP_SUMMARY" env: DOCKER_TAG: ${{ inputs.docker_tag }} CONTAINER_NAME: '${{ inputs.container_name }}' @@ -166,10 +166,20 @@ jobs: - name: Push multi-arch tagged image run: | - docker buildx imagetools create -t "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" \ + BUILD_TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + export BUILD_TIMESTAMP + docker buildx imagetools create \ + --annotation "index:org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers" \ + --annotation "index:org.opencontainers.image.description=EPS devcontainer ${CONTAINER_NAME}:${DOCKER_TAG}" \ + --annotation "index:org.opencontainers.image.licenses=MIT" \ + --annotation "index:org.opencontainers.image.version=${DOCKER_TAG}" \ + --annotation "index:org.opencontainers.image.containerName=${CONTAINER_NAME}" \ + --annotation "index:org.opencontainers.image.created=${BUILD_TIMESTAMP}" \ + --annotation "index:org.opencontainers.image.authors=NHS England EPS Team" \ + --tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" \ "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-amd64" \ "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-arm64" - echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" >> "$GITHUB_STEP_SUMMARY" + echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" >> "$GITHUB_STEP_SUMMARY" env: DOCKER_TAG: ${{ inputs.docker_tag }} CONTAINER_NAME: '${{ inputs.container_name }}' diff --git a/Makefile b/Makefile index 00443cc..8d9c358 100644 --- a/Makefile +++ b/Makefile @@ -21,13 +21,12 @@ install-node: install-hooks: install-python poetry run pre-commit install --install-hooks --overwrite -build-image: guard-CONTAINER_NAME guard-BASE_VERSION guard-BASE_FOLDER +build-image: guard-CONTAINER_NAME guard-BASE_VERSION_TAG guard-BASE_FOLDER guard-IMAGE_TAG npx devcontainer build \ --workspace-folder ./src/$${BASE_FOLDER}/$${CONTAINER_NAME} \ --push false \ --cache-from "${CONTAINER_PREFIX}$${CONTAINER_NAME}:latest" \ - --label "org.opencontainers.image.revision=$$DOCKER_TAG" \ - --image-name "${CONTAINER_PREFIX}$${CONTAINER_NAME}${IMAGE_TAG}" + --image-name "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}" scan-image: guard-CONTAINER_NAME guard-BASE_FOLDER @combined="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore_combined.yaml"; \ @@ -41,9 +40,9 @@ scan-image: guard-CONTAINER_NAME guard-BASE_FOLDER --config src/${BASE_FOLDER}/${CONTAINER_NAME}/trivy.yaml \ --scanners vuln \ --exit-code 1 \ - --format table "${CONTAINER_PREFIX}$${CONTAINER_NAME}" + --format table "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}" -scan-image-json: guard-CONTAINER_NAME guard-BASE_FOLDER +scan-image-json: guard-CONTAINER_NAME guard-BASE_FOLDER guard-IMAGE_TAG @combined="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore_combined.yaml"; \ common="src/common/.trivyignore.yaml"; \ specific="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore.yaml"; \ @@ -57,11 +56,11 @@ scan-image-json: guard-CONTAINER_NAME guard-BASE_FOLDER --scanners vuln \ --exit-code 1 \ --format json \ - --output .out/scan_results_docker.json "${CONTAINER_PREFIX}$${CONTAINER_NAME}" + --output .out/scan_results_docker.json "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}" -shell-image: guard-CONTAINER_NAME +shell-image: guard-CONTAINER_NAME guard-IMAGE_TAG docker run -it \ - "${CONTAINER_PREFIX}$${CONTAINER_NAME}${IMAGE_TAG}" \ + "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}" \ bash lint: lint-githubactions diff --git a/README.md b/README.md index 5d5e41a..b5ba50d 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ Images are built using using https://github.com/devcontainers/cli. We build a base image based on mcr.microsoft.com/devcontainers/base:ubuntu-22.04 that other images are then based on +The images have vsocde user setup as user 1001 so that they can be used in github actions + The base image contains - latest os packages - asdf @@ -31,24 +33,80 @@ asdf install and setup for these so they are available globally as vscode user Install and setup git-secrets # Using the images -In each eps project, you can put this in the devcontainer Dockerfile. You should not need to add any features. +In each eps project, this should be the contents of .devcontainer/Dockerfile. + ``` -FROM ghcr.io/nhsdigital/eps-devcontainers/node_24_python_3_13: +ARG IMAGE_NAME=node_24_python_3_14 +ARG IMAGE_VERSION=latest +FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION} USER root # specify DOCKER_GID to force container docker group id to match host RUN if [ -n "${DOCKER_GID}" ]; then \ - if ! getent group docker; then \ - groupadd -g ${DOCKER_GID} docker; \ - else \ - groupmod -g ${DOCKER_GID} docker; \ - fi && \ - usermod -aG docker vscode; \ + if ! getent group docker; then \ + groupadd -g ${DOCKER_GID} docker; \ + else \ + groupmod -g ${DOCKER_GID} docker; \ + fi && \ + usermod -aG docker vscode; \ fi - -USER vscode +``` +And this should be the contents of .devcontainer/devcontainer.json. +This file will be used in github workflows to calculate the version of container to use in builds, so it must be valid JSON (no comments). +The name should be changed to match the name of the project. +IMAGE_NAME and IMAGE_VERSION should be changed as appropriate. +You should not need to add any features as these are already baked into the image +``` +{ + "name": "eps-common-workflows", + "build": { + "dockerfile": "Dockerfile", + "args": { + "DOCKER_GID": "${env:DOCKER_GID:}", + "IMAGE_NAME": "node_24_python_3_14", + "IMAGE_VERSION": "v1.0.1", + "USER_UID": "${localEnv:USER_ID:}", + "USER_GID": "${localEnv:GROUP_ID:}" + }, + "updateRemoteUserUID": false, + "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt", + "mounts": [ + "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind", + "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind", + "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind", + "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind" + ], + "containerUser": "vscode", + "remoteEnv": { + "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" + }, + "features": {}, + "customizations": { + ... add any customisations you want here + } + } +} ``` +This job should be used in github actions wherever you need to get the dev container name or tag + +``` + get_config_values: + runs-on: ubuntu-22.04 + outputs: + devcontainer_image_name: ${{ steps.load-config.outputs.DEVCONTAINER_IMAGE_NAME }} + devcontainer_image_version: ${{ steps.load-config.outputs.DEVCONTAINER_VERSION }} + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - name: Load config value + id: load-config + run: | + DEVCONTAINER_IMAGE_NAME=$(jq -r '.build.args.IMAGE_NAME' .devcontainer/devcontainer.json) + DEVCONTAINER_IMAGE_VERSION=$(jq -r '.build.args.IMAGE_VERSION' .devcontainer/devcontainer.json) + echo "DEVCONTAINER_IMAGE_NAME=$DEVCONTAINER_IMAGE_NAME" >> "$GITHUB_OUTPUT" + echo "DEVCONTAINER_IMAGE_VERSION=$DEVCONTAINER_VERSION" >> "$GITHUB_OUTPUT" +``` # Project structure We have 3 types of dev container. These are defined under src @@ -58,9 +116,9 @@ We have 3 types of dev container. These are defined under src Each image to be built contains a .devcontainer folder that defines how the devcontainer should be built. At a minimum, this should contain a devcontainer.json file. See https://containers.dev/implementors/json_reference/ for options for this -Images under languages should point to a dockerfile under src/common that is based off the base image. This also runs `.devcontainer/scripts/root_install.sh` and `.devcontainer/scripts/vscode_install.sh` as vscode user as part of the build +Images under languages should point to a dockerfile under src/common that is based off the base image. This also runs `.devcontainer/scripts/root_install.sh` and `.devcontainer/scripts/vscode_install.sh` as vscode user as part of the build. These files should be in the language specific folder. -We use trivy to scan for vulnerabilities in the built docker images. Known vulnerabilities in the base image are in `src/common/.trivyignore.yaml`. Vulnerabilities in specific images are in `.trivyignore.yaml` file in each images folder. These are combined before running a scan to exclude know vulnerabilities +We use trivy to scan for vulnerabilities in the built docker images. Known vulnerabilities in the base image are in `src/common/.trivyignore.yaml`. Vulnerabilities in specific images are in `.trivyignore.yaml` file in each images folder. These are combined before running a scan to exclude all known vulnerabilities # Pull requests and merge to main process For each pull request, and merge to main, images are built and scanned using trivy, but the images are not pushed to github container registry @@ -72,7 +130,9 @@ The base image is built first, and then language images, and finally project ima Docker images are scanned for vulnerabilities using trivy as part of a build step, and the build fails if vulnerabilities are found not in .trivyignore file. For pull requests, images are tagged with the pr--. -For merges to main, images are tagged with the +For merges to main, images are tagged with the . + +When a pull request is merged to main or closed, all associated images are deleted from the registry using the github workflow delete_old_images # Release workflow There is a release workflow that runs weekly at 18:00 on Thursday and on demand. @@ -86,22 +146,25 @@ You can use these commands to build images Base image ``` CONTAINER_NAME=base \ - BASE_VERSION=latest \ + BASE_VERSION_TAG=latest \ BASE_FOLDER=. \ + IMAGE_TAG=local-build \ make build-image ``` Language images ``` CONTAINER_NAME=node_24_python_3_12 \ - BASE_VERSION=latest \ + BASE_VERSION_TAG=local-build \ BASE_FOLDER=languages \ + IMAGE_TAG=local-build \ make build-image ``` Project images ``` CONTAINER_NAME=fhir_facade_api \ - BASE_VERSION=latest \ + BASE_VERSION_TAG=local-build \ BASE_FOLDER=projects \ + IMAGE_TAG=local-build \ make build-image ``` @@ -111,18 +174,21 @@ Base image ``` CONTAINER_NAME=base \ BASE_FOLDER=. \ + IMAGE_TAG=local-build \ make scan-image ``` Language images ``` CONTAINER_NAME=node_24_python_3_12 \ BASE_FOLDER=languages \ + IMAGE_TAG=local-build \ make scan-image ``` Project images ``` CONTAINER_NAME=fhir_facade_api \ BASE_FOLDER=projects \ + IMAGE_TAG=local-build \ make scan-image ``` @@ -131,19 +197,24 @@ You can use this to start an interactive shell on built images base image ``` CONTAINER_NAME=base \ + IMAGE_TAG=local-build \ make shell-image ``` Language images ``` CONTAINER_NAME=node_24_python_3_12 \ + IMAGE_TAG=local-build \ make shell-image ``` Project images ``` CONTAINER_NAME=fhir_facade_api \ + IMAGE_TAG=local-build \ make shell-image ``` +## Using local or pull request images +You can use local or pull request images by changing IMAGE_VERSION in devcontainer.json ## Generating a .trivyignore file You can generate a .trivyignore file for known vulnerabilities by either downloading the json scan output generated by the build, or by generating it locally using the scanning images commands above with a make target of scan-image-json diff --git a/src/base/.devcontainer/Dockerfile b/src/base/.devcontainer/Dockerfile index ee1a55c..b9cbafb 100644 --- a/src/base/.devcontainer/Dockerfile +++ b/src/base/.devcontainer/Dockerfile @@ -1,17 +1,26 @@ FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04 -ARG BASE_VERSION=latest -ARG TARGETARCH ARG SCRIPTS_DIR=/usr/local/share/eps ARG CONTAINER_NAME -ENV TARGETARCH=${TARGETARCH} -ENV CONTAINER_NAME=${CONTAINER_NAME} +ARG MULTI_ARCH_TAG +ARG BASE_VERSION_TAG +ARG IMAGE_TAG +ARG TARGETARCH + ENV SCRIPTS_DIR=${SCRIPTS_DIR} -ENV BASE_VERSION=${BASE_VERSION} +ENV CONTAINER_NAME=${CONTAINER_NAME} +ENV MULTI_ARCH_TAG=${MULTI_ARCH_TAG} +ENV BASE_VERSION_TAG=${BASE_VERSION_TAG} +ENV IMAGE_TAG=${IMAGE_TAG} +ENV TARGETARCH=${TARGETARCH} LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers -LABEL org.opencontainers.image.description="EPS base devcontainer" +LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}" LABEL org.opencontainers.image.licenses=MIT +LABEL org.opencontainers.image.version=${IMAGE_TAG} +LABEL org.opencontainers.image.containerName=${CONTAINER_NAME} +LABEL org.opencontainers.image.authors="NHS England EPS Team" +LABEL org.opencontainers.image.base.image="mcr.microsoft.com/devcontainers/base:ubuntu-22.04" COPY .tool-versions.asdf ${SCRIPTS_DIR}/${CONTAINER_NAME}/.tool-versions.asdf COPY --chmod=755 scripts ${SCRIPTS_DIR}/${CONTAINER_NAME} @@ -26,3 +35,6 @@ COPY --chown=vscode:vscode .tool-versions /home/vscode/.tool-versions ENV PATH="/home/vscode/.asdf/shims/:$PATH" WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME} RUN ./vscode_install.sh + +# Switch back to root to install the devcontainer CLI globally +USER root diff --git a/src/base/.devcontainer/devcontainer.json b/src/base/.devcontainer/devcontainer.json index 27c98ce..7faa350 100644 --- a/src/base/.devcontainer/devcontainer.json +++ b/src/base/.devcontainer/devcontainer.json @@ -6,9 +6,10 @@ "build": { "dockerfile": "Dockerfile", "args": { - "CONTAINER_NAME": "eps_devcontainer_base", - "VSCODE_UID": "${localEnv:VSCODE_UID}", - "VSCODE_GID": "${localEnv:VSCODE_GID}" + "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}", + "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}", + "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}", + "IMAGE_TAG": "${localEnv:IMAGE_TAG}" } }, "runArgs": [ diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index d8720d0..e0014fb 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -67,14 +67,12 @@ mkdir -p /usr/share/secrets-scanner chmod 755 /usr/share/secrets-scanner curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt -# fix user and group ids for vscode user to match host, and ensure vscode owns their home directory -requested_uid="${VSCODE_UID:-1000}" -requested_gid="${VSCODE_GID:-1000}" +# fix user and group ids for vscode user to be 1001 so it can be used by github actions +requested_uid=1001 +requested_gid=1001 current_uid="$(id -u vscode)" current_gid="$(id -g vscode)" if [ "${current_gid}" != "${requested_gid}" ]; then groupmod -g "${requested_gid}" vscode; fi if [ "${current_uid}" != "${requested_uid}" ]; then usermod -u "${requested_uid}" -g "${requested_gid}" vscode; fi -chown -R vscode:vscode /home/vscode -# store base version in VERSION.txt for reference -echo "VERSION=${BASE_VERSION}" > "${SCRIPTS_DIR}/VERSION.txt" +chown -R vscode:vscode /home/vscode diff --git a/src/base/.devcontainer/scripts/vscode_install.sh b/src/base/.devcontainer/scripts/vscode_install.sh index 8c118d9..5f1a123 100755 --- a/src/base/.devcontainer/scripts/vscode_install.sh +++ b/src/base/.devcontainer/scripts/vscode_install.sh @@ -24,7 +24,3 @@ asdf plugin add yq https://github.com/sudermanjr/asdf-yq.git # install base asdf versions of common tools cd /home/vscode asdf install - -# setup gitsecrets -git-secrets --register-aws --global -git-secrets --add-provider --global -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt diff --git a/src/common/Dockerfile b/src/common/Dockerfile index 7b2cc33..fdf7afd 100644 --- a/src/common/Dockerfile +++ b/src/common/Dockerfile @@ -1,13 +1,29 @@ -ARG BASE_VERSION=latest +ARG BASE_VERSION_TAG=latest +ARG BASE_IMAGE=ghcr.io/nhsdigital/eps-devcontainers/base:${BASE_VERSION_TAG} -FROM ghcr.io/nhsdigital/eps-devcontainers/base:${BASE_VERSION} +FROM ${BASE_IMAGE} +ARG BASE_VERSION_TAG=latest +ARG BASE_IMAGE=ghcr.io/nhsdigital/eps-devcontainers/base:${BASE_VERSION_TAG} +ARG SCRIPTS_DIR=/usr/local/share/eps ARG CONTAINER_NAME +ARG MULTI_ARCH_TAG +ARG BASE_VERSION_TAG +ARG IMAGE_TAG +ARG TARGETARCH + +ENV BASE_IMAGE=${BASE_IMAGE} +ENV SCRIPTS_DIR=${SCRIPTS_DIR} ENV CONTAINER_NAME=${CONTAINER_NAME} +ENV MULTI_ARCH_TAG=${MULTI_ARCH_TAG} +ENV BASE_VERSION_TAG=${BASE_VERSION_TAG} +ENV IMAGE_TAG=${IMAGE_TAG} +ENV TARGETARCH=${TARGETARCH} -LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers -LABEL org.opencontainers.image.description="EPS ${CONTAINER_NAME} devcontainer" -LABEL org.opencontainers.image.licenses=MIT +LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}" +LABEL org.opencontainers.image.version=${IMAGE_TAG} +LABEL org.opencontainers.image.base.name=${BASE_IMAGE} +LABEL org.opencontainers.image.containerName=${CONTAINER_NAME} USER root COPY --chmod=755 scripts ${SCRIPTS_DIR}/${CONTAINER_NAME} @@ -21,4 +37,6 @@ COPY .tool-versions /tmp/.tool-versions RUN cat /tmp/.tool-versions >> /home/vscode/.tool-versions RUN ./vscode_install.sh -WORKDIR /home/vscode + +# Switch back to root to install the devcontainer CLI globally +USER root diff --git a/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json b/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json index fe1b068..3c8fb35 100644 --- a/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json +++ b/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json @@ -6,8 +6,10 @@ "build": { "dockerfile": "../../../common/Dockerfile", "args": { - "BASE_VERSION": "${localEnv:BASE_VERSION}", - "CONTAINER_NAME": "eps_devcontainer_node_24_python_3_13" + "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}", + "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}", + "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}", + "IMAGE_TAG": "${localEnv:IMAGE_TAG}" }, "context": "." }, diff --git a/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json b/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json index fe1b068..3c8fb35 100644 --- a/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json +++ b/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json @@ -6,8 +6,10 @@ "build": { "dockerfile": "../../../common/Dockerfile", "args": { - "BASE_VERSION": "${localEnv:BASE_VERSION}", - "CONTAINER_NAME": "eps_devcontainer_node_24_python_3_13" + "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}", + "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}", + "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}", + "IMAGE_TAG": "${localEnv:IMAGE_TAG}" }, "context": "." }, diff --git a/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json b/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json index afbfe61..7d1b3e9 100644 --- a/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json +++ b/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json @@ -6,8 +6,10 @@ "build": { "dockerfile": "../../../common/Dockerfile", "args": { - "BASE_VERSION": "${localEnv:BASE_VERSION}", - "CONTAINER_NAME": "eps_devcontainer_node_24_python_3_14" + "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}", + "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}", + "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}", + "IMAGE_TAG": "${localEnv:IMAGE_TAG}" }, "context": "." }, diff --git a/src/languages/python_3_10/.devcontainer/devcontainer.json b/src/languages/python_3_10/.devcontainer/devcontainer.json index fe1b068..aa03d36 100644 --- a/src/languages/python_3_10/.devcontainer/devcontainer.json +++ b/src/languages/python_3_10/.devcontainer/devcontainer.json @@ -1,13 +1,15 @@ // For format details, see https://aka.ms/devcontainer.json. For config options, see the // README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu { - "name": "EPS Devcontainer node_24 python_3.13", + "name": "EPS Devcontainer node_24 python_3.10", // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile "build": { "dockerfile": "../../../common/Dockerfile", "args": { - "BASE_VERSION": "${localEnv:BASE_VERSION}", - "CONTAINER_NAME": "eps_devcontainer_node_24_python_3_13" + "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}", + "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}", + "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}", + "IMAGE_TAG": "${localEnv:IMAGE_TAG}" }, "context": "." }, diff --git a/src/projects/fhir_facade_api/.devcontainer/Dockerfile b/src/projects/fhir_facade_api/.devcontainer/Dockerfile index a24639d..8226af2 100644 --- a/src/projects/fhir_facade_api/.devcontainer/Dockerfile +++ b/src/projects/fhir_facade_api/.devcontainer/Dockerfile @@ -1,10 +1,26 @@ -ARG BASE_VERSION=latest +ARG BASE_VERSION_TAG=latest +ARG BASE_IMAGE=ghcr.io/nhsdigital/eps-devcontainers/node_24_python_3_13:${BASE_VERSION_TAG} -FROM ghcr.io/nhsdigital/eps-devcontainers/node_24_python_3_13:${BASE_VERSION} +FROM ${BASE_IMAGE} -LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers -LABEL org.opencontainers.image.description="EPS fhir facade devcontainer" -LABEL org.opencontainers.image.licenses=MIT +ARG SCRIPTS_DIR=/usr/local/share/eps +ARG CONTAINER_NAME +ARG MULTI_ARCH_TAG +ARG BASE_VERSION_TAG +ARG IMAGE_TAG +ARG TARGETARCH + +ENV SCRIPTS_DIR=${SCRIPTS_DIR} +ENV CONTAINER_NAME=${CONTAINER_NAME} +ENV MULTI_ARCH_TAG=${MULTI_ARCH_TAG} +ENV BASE_VERSION_TAG=${BASE_VERSION_TAG} +ENV IMAGE_TAG=${IMAGE_TAG} +ENV TARGETARCH=${TARGETARCH} + +LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}" +LABEL org.opencontainers.image.version=${IMAGE_TAG} +LABEL org.opencontainers.image.base.name=${BASE_IMAGE} +LABEL org.opencontainers.image.containerName=${CONTAINER_NAME} USER root COPY --chmod=755 scripts ${SCRIPTS_DIR}/${CONTAINER_NAME} @@ -18,3 +34,6 @@ COPY .tool-versions /tmp/.tool-versions RUN cat /tmp/.tool-versions >> /home/vscode/.tool-versions RUN ./vscode_install.sh + +# Switch back to root to install the devcontainer CLI globally +USER root diff --git a/src/projects/fhir_facade_api/.devcontainer/devcontainer.json b/src/projects/fhir_facade_api/.devcontainer/devcontainer.json index da3a820..6b10ee8 100644 --- a/src/projects/fhir_facade_api/.devcontainer/devcontainer.json +++ b/src/projects/fhir_facade_api/.devcontainer/devcontainer.json @@ -6,8 +6,10 @@ "build": { "dockerfile": "Dockerfile", "args": { - "BASE_VERSION": "${localEnv:BASE_VERSION}", - "CONTAINER_NAME": "fhir_facade_api" + "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}", + "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}", + "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}", + "IMAGE_TAG": "${localEnv:IMAGE_TAG}" }, "context": "." },