From 651421ae0dd3c1d30ac434b3202caee4b3486ab6 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 11:50:01 +0000 Subject: [PATCH 01/53] Add base image Add images workflow Add path-filter generator Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 54 +++++++++++++ images/base/Containerfile | 3 + .../base/src/usr/local/bin/devcontainer-utils | 81 +++++++++++++++++++ images/base/test/container-structure-test.yml | 22 +++++ scripts/images/build-and-test.sh | 25 ++++++ .../path-filter/configuration-generator.sh | 53 ++++++++++++ 6 files changed, 238 insertions(+) create mode 100644 .github/workflows/images.yml create mode 100644 images/base/Containerfile create mode 100644 images/base/src/usr/local/bin/devcontainer-utils create mode 100644 images/base/test/container-structure-test.yml create mode 100644 scripts/images/build-and-test.sh create mode 100644 scripts/path-filter/configuration-generator.sh diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml new file mode 100644 index 0000000..d812d85 --- /dev/null +++ b/.github/workflows/images.yml @@ -0,0 +1,54 @@ +--- +name: Images + +on: + pull_request: + branches: + - main + paths: + - images/** + +permissions: {} + +jobs: + detect-changes: + name: Detect Changes + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + images: ${{ steps.detect_changes.outputs.changes }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Build path-filters file + id: build_path_filters + run: bash scripts/path-filter/configuration-generator.sh images + + - name: Detect changes + id: detect_changes + uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + with: + filters: .github/path-filter/images.yml + + build-and-test: + needs: [detect-changes] + if: ${{ needs.detect-changes.outputs.images != '[]' }} + name: Build and Test + runs-on: ubuntu-latest + steps: + strategy: + fail-fast: false + matrix: + image: ${{ fromJson(needs.detect-changes.outputs.images) }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Build and Test + id: build_and_test + run: | + bash scripts/build-and-test.sh ${{ matrix.image }} diff --git a/images/base/Containerfile b/images/base/Containerfile new file mode 100644 index 0000000..7efd54c --- /dev/null +++ b/images/base/Containerfile @@ -0,0 +1,3 @@ +FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04 + +COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils diff --git a/images/base/src/usr/local/bin/devcontainer-utils b/images/base/src/usr/local/bin/devcontainer-utils new file mode 100644 index 0000000..96ee329 --- /dev/null +++ b/images/base/src/usr/local/bin/devcontainer-utils @@ -0,0 +1,81 @@ +#!/usr/bin/env bash + +################################################## +# Environment +################################################## + +export DEBIAN_FRONTEND="noninteractive" + +################################################## +# Function +################################################## + +logger() { + local type="${1}" + local message="${2}" + timestamp=$(date --rfc-3339=seconds) + local timestamp + + case "${type}" in + err | error) + echo "${timestamp} [ERROR] ${message}" + ;; + info | information) + echo "${timestamp} [INFO] ${message}" + ;; + warn | warning) + echo "${timestamp} [WARN] ${message}" + ;; + esac +} + +get_system_architecture() { + systemArchitecture="$(uname -m)" + export systemArchitecture + + case ${systemArchitecture} in + x86_64) + logger "info" "Architecture is x86_64" + export ARCHITECTURE="amd64" + ;; + aarch64 | armv8*) + logger "info" "Architecture is aarch64 or armv8" + export ARCHITECTURE="arm64" + ;; + *) + logger "error" "Architecture ${systemArchitecture} is not supported" + exit 1 + ;; + esac +} + +get_github_latest_tag() { + local repository="${1}" + + repositoryLatestTag="$(curl --silent https://api.github.com/repos/"${repository}"/releases/latest | jq -r '.tag_name')" + export repositoryLatestTag + + repositoryLatestTagStripV=${repositoryLatestTag//v/} + + logger "info" "GitHub latest tag for ${repository} is ${repositoryLatestTag}" + export GITHUB_LATEST_TAG="${repositoryLatestTag}" + export GITHUB_LATEST_TAG_STRIP_V="${repositoryLatestTagStripV}" +} + +apt_install() { + local packages="${1}" + + apt-get update --yes + + apt-get install --yes --no-install-recommends "${packages}" + + apt-get clean + + rm --force --recursive /var/lib/apt/lists/* +} + +pip_install() { + local packages="${1}" + + python3 -m pip install --no-cache-dir --upgrade "${packages}" +} diff --git a/images/base/test/container-structure-test.yml b/images/base/test/container-structure-test.yml new file mode 100644 index 0000000..44cf526 --- /dev/null +++ b/images/base/test/container-structure-test.yml @@ -0,0 +1,22 @@ +--- +schemaVersion: 2.0.0 + +commandTests: + - name: "vscode user" + command: "id" + args: ["--user", "vscode"] + expectedOutput: ["1000"] + + - name: "vscode group" + command: "id" + args: ["--group", "vscode"] + expectedOutput: ["1000"] + +fileExistenceTests: + - name: "devcontainer-utils" + path: "/usr/local/bin/devcontainer-utils" + shouldExist: true + permissions: "-rwxr-xr-x" # 0755 + uid: 65534 + gid: 65534 + isExecutableBy: "any" diff --git a/scripts/images/build-and-test.sh b/scripts/images/build-and-test.sh new file mode 100644 index 0000000..d7b5bad --- /dev/null +++ b/scripts/images/build-and-test.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +# 1. Build image + +# 2. Run GoogleContainerTools/container-structure-test + +IMAGE="${1}" +IMAGE_DIRECTORY="images/${IMAGE}" +IMAGE_TAG="ghcr.io/ministryofjustice/devcontainer-${IMAGE}:local" +CONTAINER_STRUCTURE_TEST_IMAGE="gcr.io/gcp-runtimes/container-structure-test:latest" + +echo "Building [ ${IMAGE} ] as [ ${IMAGE_TAG} ]" + +docker build --file "${IMAGE_DIRECTORY}/Containerfile" --tag "${IMAGE_TAG}" "${IMAGE_DIRECTORY}" + +if [[ -f "${IMAGE_DIRECTORY}/test/container-structure-test.yml" ]]; then + echo "Running container structure test for [ ${IMAGE_TAG} ]" + + docker run --rm \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + --volume "${PWD}:/workspace" \ + --workdir /workspace \ + "${CONTAINER_STRUCTURE_TEST_IMAGE}" \ + test --image "${IMAGE_TAG}" --config "/workspace/${IMAGE_DIRECTORY}/test/container-structure-test.yml" +fi diff --git a/scripts/path-filter/configuration-generator.sh b/scripts/path-filter/configuration-generator.sh new file mode 100644 index 0000000..a30f971 --- /dev/null +++ b/scripts/path-filter/configuration-generator.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash + +MODE="${1}" + +case ${MODE} in +features) + PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/features.yml" + SEARCH_PATTERN="devcontainer-feature.json" + SKIP_FILE=".feature-path-filter-ignore" + ;; +images) + PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/images.yml" + SEARCH_PATTERN="*Containerfile*" + SKIP_FILE=".image-path-filter-ignore" + ;; +*) + echo "Usage: ${0} [features|images]" + exit 1 + ;; +esac + +folders=$(find . -type f -name "${SEARCH_PATTERN}" -exec dirname {} \; | sort -h | uniq | cut -c 3-) +export folders + +echo "=== Folders ===" +echo "${folders}" + +echo "Generating ${PATH_FILTER_CONFIGURATION_FILE}" +cat >"${PATH_FILTER_CONFIGURATION_FILE}" <>"${PATH_FILTER_CONFIGURATION_FILE}" + +done From 88d8d5aaad54d1cb65bd9ddd266e67169cf6e93d Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 11:57:39 +0000 Subject: [PATCH 02/53] Fix broken YAML Signed-off-by: Jacob Woffenden --- .devcontainer/devcontainer.json | 9 +++++++++ .github/workflows/images.yml | 1 - 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 00a0165..fec8117 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -5,5 +5,14 @@ "ghcr.io/devcontainers/features/docker-in-docker:2": {}, "ghcr.io/devcontainers/features/node:1": {} }, + "customizations": { + "vscode": { + "extensions": [ + "EditorConfig.EditorConfig", + "GitHub.vscode-pull-request-github", + "github.vscode-github-actions" + ] + } + }, "postCreateCommand": "npm install --global @devcontainers/cli" } diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index d812d85..76c00b8 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -38,7 +38,6 @@ jobs: if: ${{ needs.detect-changes.outputs.images != '[]' }} name: Build and Test runs-on: ubuntu-latest - steps: strategy: fail-fast: false matrix: From 5baf9d24642b9f05729c251412149326c8240ef8 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 12:10:08 +0000 Subject: [PATCH 03/53] Fix config generator Signed-off-by: Jacob Woffenden --- .gitignore | 1 + scripts/path-filter/configuration-generator.sh | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index aa69ef3..fac58aa 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ env/ *.code-workspace *.sha256 terraform.tfstate +.github/path-filters/ diff --git a/scripts/path-filter/configuration-generator.sh b/scripts/path-filter/configuration-generator.sh index a30f971..fadce58 100644 --- a/scripts/path-filter/configuration-generator.sh +++ b/scripts/path-filter/configuration-generator.sh @@ -5,11 +5,13 @@ MODE="${1}" case ${MODE} in features) PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/features.yml" + SEARCH_BASE="features" SEARCH_PATTERN="devcontainer-feature.json" SKIP_FILE=".feature-path-filter-ignore" ;; images) PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/images.yml" + SEARCH_BASE="images" SEARCH_PATTERN="*Containerfile*" SKIP_FILE=".image-path-filter-ignore" ;; @@ -19,12 +21,16 @@ images) ;; esac -folders=$(find . -type f -name "${SEARCH_PATTERN}" -exec dirname {} \; | sort -h | uniq | cut -c 3-) +folders=$(find "${SEARCH_BASE}" -type f -name "${SEARCH_PATTERN}" -exec dirname {} \; | sort -h | uniq | sed 's#.*/##') export folders echo "=== Folders ===" echo "${folders}" + +mkdir --parents "$(dirname "${PATH_FILTER_CONFIGURATION_FILE}")" +touch "${PATH_FILTER_CONFIGURATION_FILE}" + echo "Generating ${PATH_FILTER_CONFIGURATION_FILE}" cat >"${PATH_FILTER_CONFIGURATION_FILE}" < Date: Thu, 25 Jan 2024 12:11:26 +0000 Subject: [PATCH 04/53] Fix workflow Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 76c00b8..94c3e3c 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -31,7 +31,7 @@ jobs: id: detect_changes uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 with: - filters: .github/path-filter/images.yml + filters: .github/path-filters/images.yml build-and-test: needs: [detect-changes] From 6ca50ae53d7d4abed5eb8f892eefd00bca9b0f66 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 12:18:38 +0000 Subject: [PATCH 05/53] Bump dorny/paths-filter to v3.0.0 Update config generator Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 2 +- scripts/path-filter/configuration-generator.sh | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 94c3e3c..e1bf286 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -29,7 +29,7 @@ jobs: - name: Detect changes id: detect_changes - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 with: filters: .github/path-filters/images.yml diff --git a/scripts/path-filter/configuration-generator.sh b/scripts/path-filter/configuration-generator.sh index fadce58..fd5165a 100644 --- a/scripts/path-filter/configuration-generator.sh +++ b/scripts/path-filter/configuration-generator.sh @@ -21,7 +21,7 @@ images) ;; esac -folders=$(find "${SEARCH_BASE}" -type f -name "${SEARCH_PATTERN}" -exec dirname {} \; | sort -h | uniq | sed 's#.*/##') +folders=$(find "${SEARCH_BASE}" -type f -name "${SEARCH_PATTERN}" -exec dirname {} \; | sort -h | uniq) export folders echo "=== Folders ===" @@ -46,11 +46,7 @@ for folder in ${folders}; do continue fi - if [[ "${MODE}" == "terraform" ]]; then - baseName=$(echo "${folder}" | sed 's|/|-|g' | sed 's|terraform-||') - else - baseName=$(basename "${folder}") - fi + baseName=$(basename "${folder}") { printf "%s: %s/**\n" "${baseName}" "${folder}" From ccef921535ad6b06386310e961bb06f11baacef8 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 12:19:57 +0000 Subject: [PATCH 06/53] Update script path in workflow Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index e1bf286..eba67a0 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -50,4 +50,4 @@ jobs: - name: Build and Test id: build_and_test run: | - bash scripts/build-and-test.sh ${{ matrix.image }} + bash scripts/images/build-and-test.sh ${{ matrix.image }} From c747b973432a3ad7afba3f247309173f93217fa0 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 12:33:02 +0000 Subject: [PATCH 07/53] Update EditorConfig Signed-off-by: Jacob Woffenden --- .editorconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.editorconfig b/.editorconfig index 589f816..6ccfa91 100644 --- a/.editorconfig +++ b/.editorconfig @@ -4,3 +4,7 @@ root = true end_of_line = lf insert_final_newline = true trim_trailing_whitespace = true + +[{**/*.sh,**/src/usr/local/bin/**}] +indent_style = space +indent_size = 2 From b7d1102e543040f6e023686927991a4dd6fe20c7 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 12:39:00 +0000 Subject: [PATCH 08/53] Rename to Dockerfile for Dependabot Signed-off-by: Jacob Woffenden --- images/base/{Containerfile => Dockerfile} | 0 scripts/images/build-and-test.sh | 2 +- scripts/path-filter/configuration-generator.sh | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename images/base/{Containerfile => Dockerfile} (100%) diff --git a/images/base/Containerfile b/images/base/Dockerfile similarity index 100% rename from images/base/Containerfile rename to images/base/Dockerfile diff --git a/scripts/images/build-and-test.sh b/scripts/images/build-and-test.sh index d7b5bad..24dbab0 100644 --- a/scripts/images/build-and-test.sh +++ b/scripts/images/build-and-test.sh @@ -11,7 +11,7 @@ CONTAINER_STRUCTURE_TEST_IMAGE="gcr.io/gcp-runtimes/container-structure-test:lat echo "Building [ ${IMAGE} ] as [ ${IMAGE_TAG} ]" -docker build --file "${IMAGE_DIRECTORY}/Containerfile" --tag "${IMAGE_TAG}" "${IMAGE_DIRECTORY}" +docker build --file "${IMAGE_DIRECTORY}/Dockerfile" --tag "${IMAGE_TAG}" "${IMAGE_DIRECTORY}" if [[ -f "${IMAGE_DIRECTORY}/test/container-structure-test.yml" ]]; then echo "Running container structure test for [ ${IMAGE_TAG} ]" diff --git a/scripts/path-filter/configuration-generator.sh b/scripts/path-filter/configuration-generator.sh index fd5165a..2f02289 100644 --- a/scripts/path-filter/configuration-generator.sh +++ b/scripts/path-filter/configuration-generator.sh @@ -12,7 +12,7 @@ features) images) PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/images.yml" SEARCH_BASE="images" - SEARCH_PATTERN="*Containerfile*" + SEARCH_PATTERN="*Dockerfile*" SKIP_FILE=".image-path-filter-ignore" ;; *) From 00f2e65d9afd7f98c41d968fb8fd1e3508bde479 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 12:40:49 +0000 Subject: [PATCH 09/53] Update configuration generator Signed-off-by: Jacob Woffenden --- scripts/path-filter/configuration-generator.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/path-filter/configuration-generator.sh b/scripts/path-filter/configuration-generator.sh index 2f02289..0305fac 100644 --- a/scripts/path-filter/configuration-generator.sh +++ b/scripts/path-filter/configuration-generator.sh @@ -27,8 +27,8 @@ export folders echo "=== Folders ===" echo "${folders}" - mkdir --parents "$(dirname "${PATH_FILTER_CONFIGURATION_FILE}")" + touch "${PATH_FILTER_CONFIGURATION_FILE}" echo "Generating ${PATH_FILTER_CONFIGURATION_FILE}" From 0a9c667bd58abe85e3a8250bd53d189b7552fff4 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 14:16:44 +0000 Subject: [PATCH 10/53] Add multi-arch matrix to build-and-test Tidy script Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 21 +++++++++++++++++---- scripts/images/build-and-test.sh | 4 ---- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index eba67a0..2c2744b 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -42,12 +42,25 @@ jobs: fail-fast: false matrix: image: ${{ fromJson(needs.detect-changes.outputs.images) }} + platform: [linux/amd64, linux/arm64] steps: - name: Checkout id: checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Build and Test - id: build_and_test - run: | - bash scripts/images/build-and-test.sh ${{ matrix.image }} + - name: Set Up QEMU + id: setup_qemu + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Set Up Docker Buildx + id: setup_docker_buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + - name: Build Image + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + with: + file: images/${{ matrix.image }}/Dockerfile + context: images/${{ matrix.image }} + platforms: ${{ matrix.platform }} + load: true + tags: ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ github.sha }} diff --git a/scripts/images/build-and-test.sh b/scripts/images/build-and-test.sh index 24dbab0..8475bb7 100644 --- a/scripts/images/build-and-test.sh +++ b/scripts/images/build-and-test.sh @@ -1,9 +1,5 @@ #!/usr/bin/env bash -# 1. Build image - -# 2. Run GoogleContainerTools/container-structure-test - IMAGE="${1}" IMAGE_DIRECTORY="images/${IMAGE}" IMAGE_TAG="ghcr.io/ministryofjustice/devcontainer-${IMAGE}:local" From ec7e375ae0833c0c3ea3f4b07ee57095aa4e6a25 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 17:08:55 +0000 Subject: [PATCH 11/53] Add action Signed-off-by: Jacob Woffenden --- .../setup-container-structure-test/action.yml | 39 +++++++++++++++++++ .github/workflows/images.yml | 4 ++ 2 files changed, 43 insertions(+) create mode 100644 .github/actions/setup-container-structure-test/action.yml diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml new file mode 100644 index 0000000..6230eee --- /dev/null +++ b/.github/actions/setup-container-structure-test/action.yml @@ -0,0 +1,39 @@ +--- +name: Set Up Google Container Structure Test +description: This action installs Google's Container Structure Test tool. + +inputs: + version: + description: The version of Container Structure Test to install. + required: false + default: "latest" + +runs: + using: "composite" + steps: + - name: Set Up Google Container Structure Test + run: + if [[ "$(uname -m)" == "x86_64" ]]; then + architecture="amd64" + elif [[ "$(uname -m)" == "aarch64" ]]; then + architecture="arm64" + else + echo "Unsupported architecture: $(uname -m)" + exit 1 + fi + + if [[ "${{ inputs.version" == "latest"]]; then + version="$(curl --silent https://api.github.com/repos/GoogleContainerTools/container-structure-test/releases/latest | jq -r '.tag_name')" + else + version="${{ inputs.version }}" + fi + + mkdir --parents "${{ github.workspace }}/.google-container-structure-test" + + curl --location --silent --show-error --fail --output "${{ github.workspace }}/.google-container-structure-test/container-structure-test" "https://storage.googleapis.com/container-structure-test/v${version}/container-structure-test-linux-${architecture}" + + chmod +x "${{ github.workspace }}/.google-container-structure-test/container-structure-test" + + echo "${{ github.workspace }}/.google-container-structure-test" >>"${{ GITHUB_PATH }}" + + container-structure-test version diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 2c2744b..68864f6 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -48,6 +48,10 @@ jobs: id: checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Set Up Google Container Structure Test + id: setup_container_structure_test + uses: ./github/actions/setup-container-structure-test + - name: Set Up QEMU id: setup_qemu uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 From dd44344c7dcca67454d3fafa9047d59ecdf27167 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 17:10:10 +0000 Subject: [PATCH 12/53] Update uses Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 68864f6..9a68e4f 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -50,7 +50,7 @@ jobs: - name: Set Up Google Container Structure Test id: setup_container_structure_test - uses: ./github/actions/setup-container-structure-test + uses: ./.github/actions/setup-container-structure-test - name: Set Up QEMU id: setup_qemu From e6524a7b24a56a94877a6e01f5689360a5898e0a Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 17:51:51 +0000 Subject: [PATCH 13/53] Add devcontainer lockfile Add devcontainers ecosystem to Dependabot Update action Signed-off-by: Jacob Woffenden --- .devcontainer/devcontainer-lock.json | 14 ++++++++++++++ .devcontainer/devcontainer.json | 4 ++-- .../setup-container-structure-test/action.yml | 2 +- .github/dependabot.yml | 18 +----------------- 4 files changed, 18 insertions(+), 20 deletions(-) create mode 100644 .devcontainer/devcontainer-lock.json diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json new file mode 100644 index 0000000..9728f1c --- /dev/null +++ b/.devcontainer/devcontainer-lock.json @@ -0,0 +1,14 @@ +{ + "features": { + "ghcr.io/devcontainers/features/docker-in-docker:2": { + "version": "2.7.1", + "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:f6a73ee06601d703db7d95d03e415cab229e78df92bb5002e8559bcfc047fec6", + "integrity": "sha256:f6a73ee06601d703db7d95d03e415cab229e78df92bb5002e8559bcfc047fec6" + }, + "ghcr.io/devcontainers/features/node:1": { + "version": "1.3.1", + "resolved": "ghcr.io/devcontainers/features/node@sha256:7d31b83459dd5110c37e7f5acb2920335cb1e5ebf014326d7eb6a0b290cc820a", + "integrity": "sha256:7d31b83459dd5110c37e7f5acb2920335cb1e5ebf014326d7eb6a0b290cc820a" + } + } +} \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index fec8117..5f35a74 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -9,8 +9,8 @@ "vscode": { "extensions": [ "EditorConfig.EditorConfig", - "GitHub.vscode-pull-request-github", - "github.vscode-github-actions" + "GitHub.vscode-github-actions", + "GitHub.vscode-pull-request-github" ] } }, diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index 6230eee..a6d8161 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -12,7 +12,7 @@ runs: using: "composite" steps: - name: Set Up Google Container Structure Test - run: + run: | if [[ "$(uname -m)" == "x86_64" ]]; then architecture="amd64" elif [[ "$(uname -m)" == "aarch64" ]]; then diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 65a4778..37b6438 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,27 +2,11 @@ version: 2 updates: - - package-ecosystem: "bundler" - directory: "/" - schedule: - interval: "daily" - - package-ecosystem: "terraform" - directory: "/terraform" - schedule: - interval: "daily" - package-ecosystem: "github-actions" directory: "/" schedule: interval: "daily" - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "daily" - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "daily" - - package-ecosystem: "gomod" + - package-ecosystem: "devcontainers" directory: "/" schedule: interval: "daily" From e9ffa96eba1905ae8968eb3b93318c67fde980e2 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 17:53:08 +0000 Subject: [PATCH 14/53] Fix template Signed-off-by: Jacob Woffenden --- .github/actions/setup-container-structure-test/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index a6d8161..a571403 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -22,7 +22,7 @@ runs: exit 1 fi - if [[ "${{ inputs.version" == "latest"]]; then + if [[ "${{ inputs.version }}" == "latest"]]; then version="$(curl --silent https://api.github.com/repos/GoogleContainerTools/container-structure-test/releases/latest | jq -r '.tag_name')" else version="${{ inputs.version }}" From 0192464dee0b74c293782d858034c9b1f648a8e6 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 17:55:07 +0000 Subject: [PATCH 15/53] Add shell Update PATH Signed-off-by: Jacob Woffenden --- .github/actions/setup-container-structure-test/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index a571403..c8cc2a7 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -12,6 +12,7 @@ runs: using: "composite" steps: - name: Set Up Google Container Structure Test + shell: bash run: | if [[ "$(uname -m)" == "x86_64" ]]; then architecture="amd64" @@ -34,6 +35,6 @@ runs: chmod +x "${{ github.workspace }}/.google-container-structure-test/container-structure-test" - echo "${{ github.workspace }}/.google-container-structure-test" >>"${{ GITHUB_PATH }}" + echo "${{ github.workspace }}/.google-container-structure-test" >>"${GITHUB_PATH}" container-structure-test version From 666312d0662a4972f801ec9bc7ec726f5d837ad6 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 17:57:06 +0000 Subject: [PATCH 16/53] Fix if Signed-off-by: Jacob Woffenden --- .github/actions/setup-container-structure-test/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index c8cc2a7..e996873 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -23,7 +23,7 @@ runs: exit 1 fi - if [[ "${{ inputs.version }}" == "latest"]]; then + if [[ "${{ inputs.version }}" == "latest" ]]; then version="$(curl --silent https://api.github.com/repos/GoogleContainerTools/container-structure-test/releases/latest | jq -r '.tag_name')" else version="${{ inputs.version }}" From e5f6a344319832b0341cb1e806624a9870549c00 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:01:43 +0000 Subject: [PATCH 17/53] update run Signed-off-by: Jacob Woffenden --- .../setup-container-structure-test/action.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index e996873..8ebb578 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -15,26 +15,27 @@ runs: shell: bash run: | if [[ "$(uname -m)" == "x86_64" ]]; then - architecture="amd64" + export architecture="amd64" elif [[ "$(uname -m)" == "aarch64" ]]; then - architecture="arm64" + export architecture="arm64" else echo "Unsupported architecture: $(uname -m)" exit 1 fi if [[ "${{ inputs.version }}" == "latest" ]]; then - version="$(curl --silent https://api.github.com/repos/GoogleContainerTools/container-structure-test/releases/latest | jq -r '.tag_name')" + export version="$(curl --silent https://api.github.com/repos/GoogleContainerTools/container-structure-test/releases/latest | jq -r '.tag_name')" else - version="${{ inputs.version }}" + export version="${{ inputs.version }}" fi - mkdir --parents "${{ github.workspace }}/.google-container-structure-test" + mkdir --parents "${GITHUB_WORKSPACE}/.google-container-structure-test" - curl --location --silent --show-error --fail --output "${{ github.workspace }}/.google-container-structure-test/container-structure-test" "https://storage.googleapis.com/container-structure-test/v${version}/container-structure-test-linux-${architecture}" + curl --location --silent --show-error --fail "https://storage.googleapis.com/container-structure-test/v${version}/container-structure-test-linux-${architecture}" \ + --output "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" - chmod +x "${{ github.workspace }}/.google-container-structure-test/container-structure-test" + chmod +x "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" - echo "${{ github.workspace }}/.google-container-structure-test" >>"${GITHUB_PATH}" + echo "${GITHUB_WORKSPACE}/.google-container-structure-test" >>"${GITHUB_PATH}" container-structure-test version From ca00cffa7533eb67925f177abbe49e86eadfaa14 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:05:30 +0000 Subject: [PATCH 18/53] pinning at 1.16.0, 1.16.1 has no binaries Signed-off-by: Jacob Woffenden --- .github/actions/setup-container-structure-test/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index 8ebb578..87b4983 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -6,7 +6,7 @@ inputs: version: description: The version of Container Structure Test to install. required: false - default: "latest" + default: "1.16.0" runs: using: "composite" @@ -31,6 +31,7 @@ runs: mkdir --parents "${GITHUB_WORKSPACE}/.google-container-structure-test" + https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 curl --location --silent --show-error --fail "https://storage.googleapis.com/container-structure-test/v${version}/container-structure-test-linux-${architecture}" \ --output "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" From 64efdced7a5b5ec2396f65aa8e9dc7e9d652d29d Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:07:39 +0000 Subject: [PATCH 19/53] forgot to delete this Signed-off-by: Jacob Woffenden --- .github/actions/setup-container-structure-test/action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index 87b4983..ed87e6d 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -31,7 +31,6 @@ runs: mkdir --parents "${GITHUB_WORKSPACE}/.google-container-structure-test" - https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 curl --location --silent --show-error --fail "https://storage.googleapis.com/container-structure-test/v${version}/container-structure-test-linux-${architecture}" \ --output "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" From 8009b37aafe6213b17e61260e22f338943575a1e Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:20:18 +0000 Subject: [PATCH 20/53] debug Signed-off-by: Jacob Woffenden --- .../setup-container-structure-test/action.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index ed87e6d..638cede 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -11,8 +11,7 @@ inputs: runs: using: "composite" steps: - - name: Set Up Google Container Structure Test - shell: bash + - shell: bash run: | if [[ "$(uname -m)" == "x86_64" ]]; then export architecture="amd64" @@ -29,13 +28,18 @@ runs: export version="${{ inputs.version }}" fi - mkdir --parents "${GITHUB_WORKSPACE}/.google-container-structure-test" + mkdir --parents "${HOME}/.google-container-structure-test" curl --location --silent --show-error --fail "https://storage.googleapis.com/container-structure-test/v${version}/container-structure-test-linux-${architecture}" \ - --output "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" + --output "${HOME}/.google-container-structure-test/container-structure-test" - chmod +x "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" + chmod +x "${HOME}/.google-container-structure-test/container-structure-test" - echo "${GITHUB_WORKSPACE}/.google-container-structure-test" >>"${GITHUB_PATH}" + echo "${HOME}/.google-container-structure-test" >>"${GITHUB_PATH}" - container-structure-test version + ## DEBUG + ls -lrt "${HOME}/.google-container-structure-test" + echo "${PATH}" + "${HOME}/.google-container-structure-test/container-structure-test" version + + # container-structure-test version From f3a5ff88335619bc2d0e2b01928f36c74d998db7 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:29:14 +0000 Subject: [PATCH 21/53] im tired now Signed-off-by: Jacob Woffenden --- .../setup-container-structure-test/action.yml | 15 ++++----------- .github/workflows/images.yml | 5 +++++ 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/actions/setup-container-structure-test/action.yml b/.github/actions/setup-container-structure-test/action.yml index 638cede..2058984 100644 --- a/.github/actions/setup-container-structure-test/action.yml +++ b/.github/actions/setup-container-structure-test/action.yml @@ -28,18 +28,11 @@ runs: export version="${{ inputs.version }}" fi - mkdir --parents "${HOME}/.google-container-structure-test" + mkdir --parents "${GITHUB_WORKSPACE}/.google-container-structure-test" curl --location --silent --show-error --fail "https://storage.googleapis.com/container-structure-test/v${version}/container-structure-test-linux-${architecture}" \ - --output "${HOME}/.google-container-structure-test/container-structure-test" + --output "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" - chmod +x "${HOME}/.google-container-structure-test/container-structure-test" + chmod +x "${GITHUB_WORKSPACE}/.google-container-structure-test/container-structure-test" - echo "${HOME}/.google-container-structure-test" >>"${GITHUB_PATH}" - - ## DEBUG - ls -lrt "${HOME}/.google-container-structure-test" - echo "${PATH}" - "${HOME}/.google-container-structure-test/container-structure-test" version - - # container-structure-test version + echo "${GITHUB_WORKSPACE}/.google-container-structure-test" >>"${GITHUB_PATH}" diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 9a68e4f..5ac4b9e 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -52,6 +52,11 @@ jobs: id: setup_container_structure_test uses: ./.github/actions/setup-container-structure-test + - name: DEBUG + id: debug + run: | + container-structure-test version + - name: Set Up QEMU id: setup_qemu uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 From 04844ec6696d2e83c023d8e9cc170989aceffdf2 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:38:47 +0000 Subject: [PATCH 22/53] Add structure test Add LABELs Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 13 ++++++++----- images/base/Dockerfile | 6 ++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 5ac4b9e..aabd9c6 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -52,11 +52,6 @@ jobs: id: setup_container_structure_test uses: ./.github/actions/setup-container-structure-test - - name: DEBUG - id: debug - run: | - container-structure-test version - - name: Set Up QEMU id: setup_qemu uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 @@ -73,3 +68,11 @@ jobs: platforms: ${{ matrix.platform }} load: true tags: ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ github.sha }} + + - name: Container Structure Test + id: container_structure_test + run: | + container-structure-test test \ + --platform ${{ matrix.platform }} \ + --config images/${{ matrix.image }}/test/container-structure-test.yml \ + --image ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ github.sha }} diff --git a/images/base/Dockerfile b/images/base/Dockerfile index 7efd54c..0df6533 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -1,3 +1,9 @@ FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04 +LABEL org.opencontainers.image.vendor="Ministry of Justice" \ + org.opencontainers.image.authors="Dev Container Community" \ + org.opencontainers.image.title="Base Image" \ + org.opencontainers.image.description="Extended version of Microsoft's image" \ + org.opencontainers.image.url="https://github.com/ministryofjustice/data-platform/tree/main/containers/actions-runner" + COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils From d3d1a019267133bf4228813b8d159df7e7e5a2e3 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:45:45 +0000 Subject: [PATCH 23/53] Add image scanning Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index aabd9c6..78ff8ae 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -33,7 +33,7 @@ jobs: with: filters: .github/path-filters/images.yml - build-and-test: + build-test-scan: needs: [detect-changes] if: ${{ needs.detect-changes.outputs.images != '[]' }} name: Build and Test @@ -76,3 +76,12 @@ jobs: --platform ${{ matrix.platform }} \ --config images/${{ matrix.image }}/test/container-structure-test.yml \ --image ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ github.sha }} + + - name: Scan Image + id: scan_image + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1 + with: + scan-type: image + image-ref: ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ github.sha }} + exit-code: 1 + severity: HIGH,CRITICAL From 4ee5f61839259226c49c5a4158c3ae8e732dca99 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:49:27 +0000 Subject: [PATCH 24/53] Remove platform flag Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 78ff8ae..782322a 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -73,7 +73,6 @@ jobs: id: container_structure_test run: | container-structure-test test \ - --platform ${{ matrix.platform }} \ --config images/${{ matrix.image }}/test/container-structure-test.yml \ --image ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ github.sha }} From 0bf4bfa81c5435d1726fc3175cbc3c4ed28aa245 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:51:58 +0000 Subject: [PATCH 25/53] Add newline to devcontainer lockfile Signed-off-by: Jacob Woffenden --- .devcontainer/devcontainer-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json index 9728f1c..b2d0937 100644 --- a/.devcontainer/devcontainer-lock.json +++ b/.devcontainer/devcontainer-lock.json @@ -11,4 +11,4 @@ "integrity": "sha256:7d31b83459dd5110c37e7f5acb2920335cb1e5ebf014326d7eb6a0b290cc820a" } } -} \ No newline at end of file +} From e7a5fbea74ea28146aed8b077299217f6cb29eb4 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 18:55:25 +0000 Subject: [PATCH 26/53] hide progress, it's noisy Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 782322a..b0eca80 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -84,3 +84,4 @@ jobs: image-ref: ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ github.sha }} exit-code: 1 severity: HIGH,CRITICAL + hide-progress: true From b02042edb014cdf30827300d31f309b5f38127fc Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 19:12:34 +0000 Subject: [PATCH 27/53] add initial pre-flight check Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 55 +++++++++++++++++++++++++++++++++++- images/base/config.json | 4 +++ 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 images/base/config.json diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index b0eca80..84d2057 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -7,6 +7,11 @@ on: - main paths: - images/** + push: + branches: + - main + paths: + - images/** permissions: {} @@ -33,11 +38,59 @@ jobs: with: filters: .github/path-filters/images.yml + preflight-checks: + needs: [detect-changes] + if: ${{ needs.detect-changes.outputs.images != '[]' && github.ref == 'refs/heads/main' }} + name: Preflight Checks + runs-on: ubuntu-latest + permissions: + contents: read + id-token: read + packages: read + strategy: + fail-fast: false + matrix: + image: ${{ fromJson(needs.detect-changes.outputs.images) }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Check Version (GitHub Container Registry) + id: check_version + env: + GH_TOKEN: ${{ github.token }} + run: | + echo "${{ env.GH_TOKEN }}" | skopeo login ghcr.io --username ${{ github.actor }} --password-stdin + + version=$(jq -r '.version' images/${{ inputs.image }}/config.json) + export version + + if skopeo list-tags docker://ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}; then + image_exists=true + else + echo "image_exists=false" >>"${GITHUB_ENV}" + echo "tag_exists=false" >>"${GITHUB_ENV}" + fi + + if [[ "${image_exists}" == "true" ]]; then + checkTag=$(skopeo list-tags docker://ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }} | jq -r --arg version "${version}" '.Tags | index($version)') + export checkTag + + if [[ -z "${imageTag}" ]]; then + echo "tag_exists=false" >>"${GITHUB_ENV}" + else + echo "tag_exists=true" >>"${GITHUB_ENV}" + fi + + build-test-scan: needs: [detect-changes] - if: ${{ needs.detect-changes.outputs.images != '[]' }} + if: ${{ needs.detect-changes.outputs.images != '[]' && github.ref != 'refs/heads/main' }} name: Build and Test runs-on: ubuntu-latest + permissions: + contents: read strategy: fail-fast: false matrix: diff --git a/images/base/config.json b/images/base/config.json new file mode 100644 index 0000000..9436c9a --- /dev/null +++ b/images/base/config.json @@ -0,0 +1,4 @@ +{ + "name": "base", + "version": "2024.01.0" +} From 37876a77f38c04cf8e227111ced7e8a18e59cf9f Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 19:14:30 +0000 Subject: [PATCH 28/53] fix id-token Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 84d2057..801bcca 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - id-token: read + id-token: write packages: read strategy: fail-fast: false From 12f3464aa98d261041303517eb9d75edd7cd259e Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 19:21:00 +0000 Subject: [PATCH 29/53] Update preflight if statement Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 801bcca..d55c525 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -40,7 +40,7 @@ jobs: preflight-checks: needs: [detect-changes] - if: ${{ needs.detect-changes.outputs.images != '[]' && github.ref == 'refs/heads/main' }} + if: ${{ needs.detect-changes.outputs.images != '[]' && github.ref != 'refs/heads/main' }} name: Preflight Checks runs-on: ubuntu-latest permissions: From a8a405d764a06540f3212be49aed4198a2656eaf Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 19:22:58 +0000 Subject: [PATCH 30/53] fix variable Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index d55c525..3b0a91a 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -63,7 +63,7 @@ jobs: run: | echo "${{ env.GH_TOKEN }}" | skopeo login ghcr.io --username ${{ github.actor }} --password-stdin - version=$(jq -r '.version' images/${{ inputs.image }}/config.json) + version=$(jq -r '.version' images/${{ matrix.image }}/config.json) export version if skopeo list-tags docker://ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}; then From b6ee10b2e5028ab331880a98506145b062826156 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 19:25:13 +0000 Subject: [PATCH 31/53] fix if Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 3b0a91a..5370c4c 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -82,6 +82,7 @@ jobs: else echo "tag_exists=true" >>"${GITHUB_ENV}" fi + fi build-test-scan: From 7d63af5b5e14612e900d007edc5a3ef2052e7e1e Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 19:55:48 +0000 Subject: [PATCH 32/53] Add newline Add README checking ADD ONBUILD Signed-off-by: Jacob Woffenden --- .devcontainer/devcontainer-lock.json | 2 +- .github/workflows/images.yml | 47 +++++++++++++++++++++++++++- images/base/Dockerfile | 5 +++ images/base/README.md | 15 +++++++++ 4 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 images/base/README.md diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json index b2d0937..9728f1c 100644 --- a/.devcontainer/devcontainer-lock.json +++ b/.devcontainer/devcontainer-lock.json @@ -11,4 +11,4 @@ "integrity": "sha256:7d31b83459dd5110c37e7f5acb2920335cb1e5ebf014326d7eb6a0b290cc820a" } } -} +} \ No newline at end of file diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 5370c4c..3a2400c 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -56,7 +56,7 @@ jobs: id: checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Check Version (GitHub Container Registry) + - name: Check Version id: check_version env: GH_TOKEN: ${{ github.token }} @@ -84,6 +84,51 @@ jobs: fi fi + - name: Check CHANGELOG Updates + id: check_changelog_updates + env: + GH_TOKEN: ${{ github.token }} + run: | + mainSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/containers/${{ inputs.image }}/CHANGELOG.md --field ref="main" | jq -r '.sha') + branchSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/containers/${{ inputs.image }}/CHANGELOG.md --field ref="${GITHUB_HEAD_REF}" | jq -r '.sha') + + if [[ -z "${mainSha}" ]]; then + SHA not found for main branch, assuming CHANGELOG.md does not exist + elif [[ -z "${branchSha}" ]]; then + SHA not found for "${GITHUB_HEAD_REF}" branch, assuming CHANGELOG.md does not exist + "changelog_updated=false" >>"${GITHUB_ENV}" + elif [[ "${mainSha}" == "${branchSha}" ]]; then + echo "CHANGELOG.md matches main branch, needs to be updated" + echo "changelog_updated=false" >>"${GITHUB_ENV}" + elif [[ "${mainSha}" != "${branchSha}" ]]; then + echo "CHANGELOG.md does not match main branch, does not need to be updated" + echo "changelog_updated=true" >>"${GITHUB_ENV}" + fi + + - name: Evaluate Checks + id: evaluate_checks + run: | + echo "::notice::# Preflight Checks" + + if [[ "${{ env.tag_exists }}" == "true" ]]; then + echo "::error::FAIL: Container tag already exists" + export failBuild="true" + else + echo "::notice::OK: Container tag does not exist" + export failBuild="false" + fi + + if [[ "${{ env.changelog_updated }}" == "true" ]]; then + echo "::notice::OK: CHANGELOG.md has been updated" + export failBuild="false" + elif [[ "${{ env.changelog_updated }}" == "false" ]]; then + echo "::error::FAIL: CHANGELOG.md needs to be updated" + export failBuild="true" + fi + + if [[ "${failBuild}" == "true" ]]; then + exit 1 + fi build-test-scan: needs: [detect-changes] diff --git a/images/base/Dockerfile b/images/base/Dockerfile index 0df6533..43af222 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -7,3 +7,8 @@ LABEL org.opencontainers.image.vendor="Ministry of Justice" \ org.opencontainers.image.url="https://github.com/ministryofjustice/data-platform/tree/main/containers/actions-runner" COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils + +ONBUILD RUN apt-get update --yes \ + && apt-get upgrade --yes \ + && apt-get clean --yes \ + && rm -rf /var/lib/apt/lists/* diff --git a/images/base/README.md b/images/base/README.md new file mode 100644 index 0000000..cc0e113 --- /dev/null +++ b/images/base/README.md @@ -0,0 +1,15 @@ + +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [2024.1.0] - 2024-25-01 + +### Added + +- Initial release of image From f72e91e1d2400a27bb2499e1c8c24f5788b54bd8 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 19:57:42 +0000 Subject: [PATCH 33/53] Fix workflow AGAIN Signed-off-by: Jacob Woffenden --- .github/workflows/images.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 3a2400c..d85a1de 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -89,8 +89,8 @@ jobs: env: GH_TOKEN: ${{ github.token }} run: | - mainSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/containers/${{ inputs.image }}/CHANGELOG.md --field ref="main" | jq -r '.sha') - branchSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/containers/${{ inputs.image }}/CHANGELOG.md --field ref="${GITHUB_HEAD_REF}" | jq -r '.sha') + mainSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/images/${{ matrix.image }}/CHANGELOG.md --field ref="main" | jq -r '.sha') + branchSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/images/${{ matrix.image }}/CHANGELOG.md --field ref="${GITHUB_HEAD_REF}" | jq -r '.sha') if [[ -z "${mainSha}" ]]; then SHA not found for main branch, assuming CHANGELOG.md does not exist From 2dc89ff0d7cf2a4c5ee0605acff403dc9988d909 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 20:05:30 +0000 Subject: [PATCH 34/53] it's not README it's CHANGELOG Signed-off-by: Jacob Woffenden --- images/base/{README.md => CHANGELOG.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename images/base/{README.md => CHANGELOG.md} (100%) diff --git a/images/base/README.md b/images/base/CHANGELOG.md similarity index 100% rename from images/base/README.md rename to images/base/CHANGELOG.md From 58af84e5443ffc3125aac50ffd98dbbcfc5c3349 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 20:21:11 +0000 Subject: [PATCH 35/53] Update .editorconfig file Signed-off-by: Jacob Woffenden --- .editorconfig | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.editorconfig b/.editorconfig index 6ccfa91..11df73b 100644 --- a/.editorconfig +++ b/.editorconfig @@ -8,3 +8,8 @@ trim_trailing_whitespace = true [{**/*.sh,**/src/usr/local/bin/**}] indent_style = space indent_size = 2 + +# This file is autogenerated +[.devcontainer/devcontainer-lock.json] +end_of_line = unset +insert_final_newline = unset From da03c2dc0cf8746112b4639234ebe8623803b0fd Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 21:24:58 +0000 Subject: [PATCH 36/53] SemVer for now Signed-off-by: Jacob Woffenden --- images/base/CHANGELOG.md | 2 +- images/base/config.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/images/base/CHANGELOG.md b/images/base/CHANGELOG.md index cc0e113..1a3ee6f 100644 --- a/images/base/CHANGELOG.md +++ b/images/base/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [2024.1.0] - 2024-25-01 +## [1.0.0] - 2024-25-01 ### Added diff --git a/images/base/config.json b/images/base/config.json index 9436c9a..ec488c4 100644 --- a/images/base/config.json +++ b/images/base/config.json @@ -1,4 +1,4 @@ { "name": "base", - "version": "2024.01.0" + "version": "1.0.0" } From 298d82f760c87a37533fa84c567944d1f7be5656 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 23:40:01 +0000 Subject: [PATCH 37/53] Add JSON and YAML to EditorConfig Add feature testing workflow Add AWS feature Update base Dockerfile Add first-run-notice Update CST Add feature test and debug scripts Signed-off-by: Jacob Woffenden --- .editorconfig | 8 ++ .github/workflows/features.yml | 88 +++++++++++++++++++ features/src/aws/devcontainer-feature.json | 18 ++++ features/src/aws/install-aws-cli.sh | 28 ++++++ features/src/aws/install-aws-sso-cli.sh | 37 ++++++++ features/src/aws/install.sh | 11 +++ .../aws/src/home/vscode/.aws-sso/config.yaml | 13 +++ .../.devcontainer/featurerc.d/aws-sso.sh | 3 + .../vscode/.devcontainer/featurerc.d/aws.sh | 3 + features/test/aws/test.sh | 17 ++++ images/base/Dockerfile | 13 +++ .../first-run-notice.txt | 5 ++ images/base/test/container-structure-test.yml | 24 +++++ scripts/features/debug.sh | 12 +++ scripts/features/test.sh | 15 ++++ 15 files changed, 295 insertions(+) create mode 100644 .github/workflows/features.yml create mode 100644 features/src/aws/devcontainer-feature.json create mode 100644 features/src/aws/install-aws-cli.sh create mode 100644 features/src/aws/install-aws-sso-cli.sh create mode 100644 features/src/aws/install.sh create mode 100644 features/src/aws/src/home/vscode/.aws-sso/config.yaml create mode 100644 features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws-sso.sh create mode 100644 features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws.sh create mode 100644 features/test/aws/test.sh create mode 100644 images/base/src/usr/local/etc/vscode-dev-containers/first-run-notice.txt create mode 100644 scripts/features/debug.sh create mode 100644 scripts/features/test.sh diff --git a/.editorconfig b/.editorconfig index 11df73b..3d58302 100644 --- a/.editorconfig +++ b/.editorconfig @@ -5,6 +5,14 @@ end_of_line = lf insert_final_newline = true trim_trailing_whitespace = true +[**/*.json] +indent_style = space +indent_size = 2 + +[{**/*.yml,**/*.yaml}] +indent_style = space +indent_size = 2 + [{**/*.sh,**/src/usr/local/bin/**}] indent_style = space indent_size = 2 diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml new file mode 100644 index 0000000..91896f8 --- /dev/null +++ b/.github/workflows/features.yml @@ -0,0 +1,88 @@ +--- +name: Features + +on: + pull_request: + branches: + - main + paths: + - features/** + push: + branches: + - main + paths: + - features/** + +permissions: {} + +jobs: + detect-changes: + name: Detect Changes + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + features: ${{ steps.detect_changes.outputs.changes }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Build path-filters file + id: build_path_filters + run: bash scripts/path-filter/configuration-generator.sh features + + - name: Detect changes + id: detect_changes + uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 + with: + filters: .github/path-filters/features.yml + + test: + needs: [detect-changes] + if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref != 'refs/heads/main' }} + name: Test + runs-on: ubuntu-latest + permissions: + contents: read + strategy: + fail-fast: false + matrix: + features: ${{ fromJson(needs.detect-changes.outputs.features) }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Install @devcontainers/cli + id: install_devcontainers_cli + run: npm install --global @devcontainers/cli@latest + + - name: Build Image + id: build_image + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + with: + file: images/base/Dockerfile + context: images/base + load: true + tags: ghcr.io/ministryofjustice/devcontainer-base:local-feature-test-${{ github.sha }} + + - name: Testing ${{ matrix.feature }} + id: test_feature + run: | + devcontainer features test \ + --skip-duplicated \ + --skip-scenarios \ + --project-folder features \ + --features ${{ matrix.feature }} \ + --base-image ghcr.io/ministryofjustice/devcontainer-base:local-feature-test-${{ github.sha }} + + - name: Testing ${{ matrix.feature }} scenarios + id: test_feature_scenarios + run: | + devcontainer features test \ + --project-folder .devcontainer/features \ + --features ${{ matrix.feature }} \ + --skip-autogenerated \ + --skip-duplicated \ + --base-image ghcr.io/ministryofjustice/devcontainer-base:local-feature-test-${{ github.sha }} diff --git a/features/src/aws/devcontainer-feature.json b/features/src/aws/devcontainer-feature.json new file mode 100644 index 0000000..5aa1981 --- /dev/null +++ b/features/src/aws/devcontainer-feature.json @@ -0,0 +1,18 @@ +{ + "id": "aws", + "version": "1.0.0", + "name": "AWS", + "description": "AWS functionality: CLI, SSO CLI", + "options": { + "awsCliVersion": { + "type": "string", + "description": "Version of the AWS CLI to install", + "default": "latest" + }, + "awsSsoCliVersion": { + "type": "string", + "description": "Version of AWS SSO CLI to install", + "default": "latest" + } + } +} diff --git a/features/src/aws/install-aws-cli.sh b/features/src/aws/install-aws-cli.sh new file mode 100644 index 0000000..795430d --- /dev/null +++ b/features/src/aws/install-aws-cli.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +set -e + +# shellcheck source=/dev/null +# file not accessible until being built +source /usr/local/bin/devcontainer-utils + +get_system_architecture + +VERSION="${AWSCLIVERSION:-"latest"}" + +if [[ "${VERSION}" == "latest" ]]; then + ARTEFACT="awscli-exe-linux-$(uname -m).zip" +else + ARTEFACT="awscli-exe-linux-$(uname -m)-${VERSION}.zip" +fi + +curl --fail-with-body --location "https://awscli.amazonaws.com/${ARTEFACT}" \ + --output "${ARTEFACT}" + +unzip "${ARTEFACT}" + +bash ./aws/install + +rm --recursive --force aws "${ARTEFACT}" + +install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/featurerc.d/aws.sh /home/vscode/.devcontainer/featurerc.d/aws.sh diff --git a/features/src/aws/install-aws-sso-cli.sh b/features/src/aws/install-aws-sso-cli.sh new file mode 100644 index 0000000..280f50a --- /dev/null +++ b/features/src/aws/install-aws-sso-cli.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +set -e + +# shellcheck source=/dev/null +# file not accessible until being built +source /usr/local/bin/devcontainer-utils + +get_system_architecture + +GITHUB_REPOSITORY="synfinatic/aws-sso-cli" +VERSION="${AWSVAULTVERSION:-"latest"}" + +if [[ "${VERSION}" == "latest" ]]; then + get_github_latest_tag "${GITHUB_REPOSITORY}" + VERSION="${GITHUB_LATEST_TAG}" + VERSION_STRIP_V="${GITHUB_LATEST_TAG_STRIP_V}" +else + # shellcheck disable=SC2034 + VERSION_STRIP_V="${VERSION#v}" +fi + +curl --fail-with-body --location "https://github.com/${GITHUB_REPOSITORY}/releases/download/${VERSION}/aws-sso-${VERSION_STRIP_V}-linux-${ARCHITECTURE}" \ + --output "aws-sso" + +install --owner=vscode --group=vscode --mode=775 aws-sso /usr/local/bin/aws-sso + +install --directory --owner=vscode --group=vscode /home/vscode/.aws-sso + +install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.aws-sso/config.yaml /home/vscode/.aws-sso/config.yaml + +install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/featurerc.d/aws-sso.sh /home/vscode/.devcontainer/featurerc.d/aws-sso.sh + +awsSsoFilePassword=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | cut -c -32) +export awsSsoFilePassword + +sed --in-place "s/REPLACE_ME/${awsSsoFilePassword}/g" /home/vscode/.devcontainer/featurerc.d/aws-sso.sh diff --git a/features/src/aws/install.sh b/features/src/aws/install.sh new file mode 100644 index 0000000..1cc8c78 --- /dev/null +++ b/features/src/aws/install.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +# shellcheck source=/dev/null +# file not accessible until being built +source /usr/local/bin/devcontainer-utils + +logger "info" "Installing AWS CLI (version: ${AWSCLIVERSION})" +bash "$(dirname "${0}")"/install-aws-cli.sh + +logger "info" "Installing AWS SSO CLI (version: ${AWSSSOCLIVERSION})" +bash "$(dirname "${0}")"/install-aws-sso-cli.sh diff --git a/features/src/aws/src/home/vscode/.aws-sso/config.yaml b/features/src/aws/src/home/vscode/.aws-sso/config.yaml new file mode 100644 index 0000000..ad9138c --- /dev/null +++ b/features/src/aws/src/home/vscode/.aws-sso/config.yaml @@ -0,0 +1,13 @@ +SSOConfig: + Default: + StartUrl: https://moj.awsapps.com/start + SSORegion: eu-west-2 +DefaultRegion: eu-west-2 +ConsoleDuration: 720 +CacheRefresh: 168 +UrlAction: print +LogLevel: error +HistoryLimit: 10 +HistoryMinutes: 1440 +ProfileFormat: "{{ FirstItem .AccountName (.AccountAlias | nospace) }}:{{ .RoleName }}" +FullTextSearch: true diff --git a/features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws-sso.sh b/features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws-sso.sh new file mode 100644 index 0000000..a28cc14 --- /dev/null +++ b/features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws-sso.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +export AWS_SSO_FILE_PASSWORD="REPLACE_ME" # gitleaks-ignore diff --git a/features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws.sh b/features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws.sh new file mode 100644 index 0000000..95a7245 --- /dev/null +++ b/features/src/aws/src/home/vscode/.devcontainer/featurerc.d/aws.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +complete -C '/usr/local/bin/aws_completer' aws diff --git a/features/test/aws/test.sh b/features/test/aws/test.sh new file mode 100644 index 0000000..391f9aa --- /dev/null +++ b/features/test/aws/test.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -e + +# shellcheck source=/dev/null +# file only accessible when using devcontainer CLI +source dev-container-features-test-lib + +check "aws version" aws --version +check "aws featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws.sh + +check "aws-sso version" aws-sso version +check "aws-sso featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws-sso.sh +check "aws-sso featurerc password" source /home/vscode/.devcontainer/featurerc.d/aws-sso.sh && [[ "${AWS_SSO_FILE_PASSWORD}" == "REPLACE_ME" ]] && exit 1 || true +check "aws-sso configuration existence" stat /home/vscode/.aws-sso/config.yaml + +reportResults diff --git a/images/base/Dockerfile b/images/base/Dockerfile index 43af222..632ba45 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -7,6 +7,19 @@ LABEL org.opencontainers.image.vendor="Ministry of Justice" \ org.opencontainers.image.url="https://github.com/ministryofjustice/data-platform/tree/main/containers/actions-runner" COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils +COPY --chown=nobody:nobody --chmod=0444 src/usr/local/etc/vscode-dev-containers/first-run-notice.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt + +RUN chsh --shell $(which zsh) vscode +RUN install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer +RUN install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/featurerc.d +RUN cat <> /home/vscode/.zshrc + +# dev container feature completion scripts +for file in "\${HOME}"/.devcontainer/featurerc.d/*.sh; do + source "\${file}" +done + +EOF ONBUILD RUN apt-get update --yes \ && apt-get upgrade --yes \ diff --git a/images/base/src/usr/local/etc/vscode-dev-containers/first-run-notice.txt b/images/base/src/usr/local/etc/vscode-dev-containers/first-run-notice.txt new file mode 100644 index 0000000..a77bcd8 --- /dev/null +++ b/images/base/src/usr/local/etc/vscode-dev-containers/first-run-notice.txt @@ -0,0 +1,5 @@ +👋 Welcome! You are using the Ministry of Justice dev container image. + +🆘 If you need help or assistance, please post in #devcontainer-community (https://moj.enterprise.slack.com/archives/C06DZ4F04JZ) + +🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1) diff --git a/images/base/test/container-structure-test.yml b/images/base/test/container-structure-test.yml index 44cf526..185fdd1 100644 --- a/images/base/test/container-structure-test.yml +++ b/images/base/test/container-structure-test.yml @@ -12,6 +12,11 @@ commandTests: args: ["--group", "vscode"] expectedOutput: ["1000"] + - name: "vscode user getent" + command: "getent" + args: ["passwd", "vscode" ] + expectedOutput: ["vscode:x:1000:1000::/home/vscode:/usr/bin/zsh"] + fileExistenceTests: - name: "devcontainer-utils" path: "/usr/local/bin/devcontainer-utils" @@ -20,3 +25,22 @@ fileExistenceTests: uid: 65534 gid: 65534 isExecutableBy: "any" + + - name: "first-run-notice.txt" + path: "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" + shouldExist: true + permissions: "-r--r--r--" # 0444 + uid: 65534 + gid: 65534 + + - name: "featurerc.d" + path: "/home/vscode/.devcontainer/featurerc.d" + shouldExist: true + permissions: "drwxr-xr-x" # 0755 + uid: 1000 + gid: 1000 + +fileContentTests: + - name: "zshrc featurerc.d" + path: "/home/vscode/.zshrc" + expectedContents: ["# dev container feature completion scripts"] diff --git a/scripts/features/debug.sh b/scripts/features/debug.sh new file mode 100644 index 0000000..b2c51e2 --- /dev/null +++ b/scripts/features/debug.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +docker build \ + --file images/base/Dockerfile \ + --tag ghcr.io/ministryofjustice/devcontainer-base:local-feature-debug \ + images/base + +docker run -it --rm \ + --volume "${PWD}":/workspace \ + --volume "${PWD}"/images/base/src/usr/local/bin/devcontainer-utils:/usr/local/bin/devcontainer-utils \ + --name local-feature-debug \ + ghcr.io/ministryofjustice/devcontainer-base:local-feature-debug diff --git a/scripts/features/test.sh b/scripts/features/test.sh new file mode 100644 index 0000000..97c8951 --- /dev/null +++ b/scripts/features/test.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +FEATURE_TO_TEST="${1}" + +docker build \ + --file images/base/Dockerfile \ + --tag ghcr.io/ministryofjustice/devcontainer-base:local-feature-test \ + images/base + +devcontainer features test \ + --project-folder features \ + --features "${FEATURE_TO_TEST}" \ + --skip-scenarios \ + --skip-duplicated \ + --base-image ghcr.io/ministryofjustice/devcontainer-base:local-feature-test From e6b0e80f53e874fa8815822f81c7410d69a77490 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 23:45:24 +0000 Subject: [PATCH 38/53] Fix workflow Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index 91896f8..deb1ab0 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -48,7 +48,7 @@ jobs: strategy: fail-fast: false matrix: - features: ${{ fromJson(needs.detect-changes.outputs.features) }} + feature: ${{ fromJson(needs.detect-changes.outputs.features) }} steps: - name: Checkout id: checkout @@ -81,7 +81,7 @@ jobs: id: test_feature_scenarios run: | devcontainer features test \ - --project-folder .devcontainer/features \ + --project-folder features \ --features ${{ matrix.feature }} \ --skip-autogenerated \ --skip-duplicated \ From a5a74fe9fde2055309f29b624d3e88e15fec07bd Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 25 Jan 2024 23:57:49 +0000 Subject: [PATCH 39/53] Fix some linting stuff Signed-off-by: Jacob Woffenden --- .github/linters/.gitleaks.toml | 9 +++++++++ features/test/aws/test.sh | 1 + images/base/Dockerfile | 16 +++++++++------- 3 files changed, 19 insertions(+), 7 deletions(-) create mode 100644 .github/linters/.gitleaks.toml diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml new file mode 100644 index 0000000..a08bfea --- /dev/null +++ b/.github/linters/.gitleaks.toml @@ -0,0 +1,9 @@ +title = "Gitleaks Configuration" + +[extend] +useDefault = true + +[allowlist] + description = "Ignore # gitleaks-ignore lines" + regexTarget = "line" + regexes = ['''# gitleaks-ignore'''] diff --git a/features/test/aws/test.sh b/features/test/aws/test.sh index 391f9aa..109fc3b 100644 --- a/features/test/aws/test.sh +++ b/features/test/aws/test.sh @@ -11,6 +11,7 @@ check "aws featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws. check "aws-sso version" aws-sso version check "aws-sso featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws-sso.sh +# shellcheck disable=SC2034 exit status should always evaluate as expected check "aws-sso featurerc password" source /home/vscode/.devcontainer/featurerc.d/aws-sso.sh && [[ "${AWS_SSO_FILE_PASSWORD}" == "REPLACE_ME" ]] && exit 1 || true check "aws-sso configuration existence" stat /home/vscode/.aws-sso/config.yaml diff --git a/images/base/Dockerfile b/images/base/Dockerfile index 632ba45..901c390 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -9,15 +9,17 @@ LABEL org.opencontainers.image.vendor="Ministry of Justice" \ COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils COPY --chown=nobody:nobody --chmod=0444 src/usr/local/etc/vscode-dev-containers/first-run-notice.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt -RUN chsh --shell $(which zsh) vscode -RUN install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer -RUN install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/featurerc.d -RUN cat <> /home/vscode/.zshrc +RUN chsh --shell "$(which zsh)" vscode \ + && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer \ + && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/featurerc.d \ + && cat <> /home/vscode/.zshrc # dev container feature completion scripts -for file in "\${HOME}"/.devcontainer/featurerc.d/*.sh; do - source "\${file}" -done +if [ "\$(ls -A /home/vscode/.devcontainer/featurerc.d)" ]; then + for file in /home/vscode/.devcontainer/featurerc.d/*.sh; do + source "\${file}" + done +fi EOF From 144551c1df343b7623c14e9c4d345d756a5eac69 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 10:47:28 +0000 Subject: [PATCH 40/53] Testing validation Add prompt theming Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 22 ++++++++++++ features/src/aws/NOTES.md | 0 features/src/aws/devcontainer-feature.json | 2 +- features/src/aws/install-aws-sso-cli.sh | 2 ++ .../.devcontainer/promptrc.d/aws-sso.sh | 13 +++++++ features/test/aws/test.sh | 3 +- images/base/Dockerfile | 2 ++ .../custom/themes/devcontainers.zsh-theme | 36 +++++++++++++++++++ images/base/test/container-structure-test.yml | 14 ++++++++ 9 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 features/src/aws/NOTES.md create mode 100644 features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh create mode 100644 images/base/src/home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index deb1ab0..c235828 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -86,3 +86,25 @@ jobs: --skip-autogenerated \ --skip-duplicated \ --base-image ghcr.io/ministryofjustice/devcontainer-base:local-feature-test-${{ github.sha }} + + validate: + needs: [detect-changes] + if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref == 'refs/heads/main' }} + name: Validate + runs-on: ubuntu-latest + permissions: + contents: read + strategy: + fail-fast: false + matrix: + feature: ${{ fromJson(needs.detect-changes.outputs.features) }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Validate ${{ matrix.feature }} + uses: devcontainers/action@2858bb873d82d653b033bfe0977fb8a16708b0c3 # v1.4.1 + with: + validate-only: true + base-path-to-features: features/src/${{ matrix.feature }} diff --git a/features/src/aws/NOTES.md b/features/src/aws/NOTES.md new file mode 100644 index 0000000..e69de29 diff --git a/features/src/aws/devcontainer-feature.json b/features/src/aws/devcontainer-feature.json index 5aa1981..763e4b2 100644 --- a/features/src/aws/devcontainer-feature.json +++ b/features/src/aws/devcontainer-feature.json @@ -2,7 +2,7 @@ "id": "aws", "version": "1.0.0", "name": "AWS", - "description": "AWS functionality: CLI, SSO CLI", + "description": "Installs the AWS CLI and AWS SSO CLI", "options": { "awsCliVersion": { "type": "string", diff --git a/features/src/aws/install-aws-sso-cli.sh b/features/src/aws/install-aws-sso-cli.sh index 280f50a..87f8b84 100644 --- a/features/src/aws/install-aws-sso-cli.sh +++ b/features/src/aws/install-aws-sso-cli.sh @@ -31,6 +31,8 @@ install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vs install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/featurerc.d/aws-sso.sh /home/vscode/.devcontainer/featurerc.d/aws-sso.sh +install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh /home/vscode/.devcontainer/promptrc.d/aws-sso.sh + awsSsoFilePassword=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | cut -c -32) export awsSsoFilePassword diff --git a/features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh b/features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh new file mode 100644 index 0000000..29f716e --- /dev/null +++ b/features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +PROMPT+='`\ + if [[ ${AWS_SSO_PROFILE} == *"development"* || ${AWS_SSO_PROFILE} == *"test"* ]]; then \ + echo -n "[ aws: %{$fg[green]%}${AWS_SSO_PROFILE}@${AWS_DEFAULT_REGION}%{$reset_color%} ] "; \ + elif [[ ${AWS_SSO_PROFILE} == *"preproduction"* ]]; then \ + echo -n "[ aws: %{$fg[yellow]%}${AWS_SSO_PROFILE}@${AWS_DEFAULT_REGION}%{$reset_color%} ] "; \ + elif [[ ${AWS_SSO_PROFILE} == *"production"* ]]; then \ + echo -n "[ aws: %{$fg[red]%}${AWS_SSO_PROFILE}@${AWS_DEFAULT_REGION}%{$reset_color%} ] "; \ + elif [[ ! -z ${AWS_SSO_PROFILE} ]]; then \ + echo -n "[ aws: %{$fg[blue]%}${AWS_SSO_PROFILE}@${AWS_DEFAULT_REGION}%{$reset_color%} ] "; \ + fi \ +`' diff --git a/features/test/aws/test.sh b/features/test/aws/test.sh index 109fc3b..aa19296 100644 --- a/features/test/aws/test.sh +++ b/features/test/aws/test.sh @@ -10,9 +10,10 @@ check "aws version" aws --version check "aws featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws.sh check "aws-sso version" aws-sso version +check "aws-sso configuration existence" stat /home/vscode/.aws-sso/config.yaml check "aws-sso featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws-sso.sh # shellcheck disable=SC2034 exit status should always evaluate as expected check "aws-sso featurerc password" source /home/vscode/.devcontainer/featurerc.d/aws-sso.sh && [[ "${AWS_SSO_FILE_PASSWORD}" == "REPLACE_ME" ]] && exit 1 || true -check "aws-sso configuration existence" stat /home/vscode/.aws-sso/config.yaml +check "aws-sso promptrc existence" stat /home/vscode/.devcontainer/promptrc.d/aws-sso.sh reportResults diff --git a/images/base/Dockerfile b/images/base/Dockerfile index 901c390..adc44b1 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -8,10 +8,12 @@ LABEL org.opencontainers.image.vendor="Ministry of Justice" \ COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils COPY --chown=nobody:nobody --chmod=0444 src/usr/local/etc/vscode-dev-containers/first-run-notice.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt +COPY --chown=vscode:vscode --chmod=0755 src/home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme /home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme RUN chsh --shell "$(which zsh)" vscode \ && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer \ && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/featurerc.d \ + && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/promptrc.d \ && cat <> /home/vscode/.zshrc # dev container feature completion scripts diff --git a/images/base/src/home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme b/images/base/src/home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme new file mode 100644 index 0000000..e599c31 --- /dev/null +++ b/images/base/src/home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme @@ -0,0 +1,36 @@ +# Oh My Zsh! theme - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme +# Source: https://github.com/devcontainers/features/blob/main/src/common-utils/scripts/devcontainers.zsh-theme + +__zsh_prompt() { + local prompt_username + if [ ! -z "${GITHUB_USER}" ]; then + prompt_username="@${GITHUB_USER}" + else + prompt_username="%n" + fi + PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow + PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd + PROMPT+='`\ + if [ "$(git config --get devcontainers-theme.hide-status 2>/dev/null)" != 1 ] && [ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ]; then \ + export BRANCH=$(git --no-optional-locks symbolic-ref --short HEAD 2>/dev/null || git --no-optional-locks rev-parse --short HEAD 2>/dev/null); \ + if [ "${BRANCH}" != "" ]; then \ + echo -n "%{$fg_bold[cyan]%}(%{$fg_bold[red]%}${BRANCH}" \ + && if [ "$(git config --get devcontainers-theme.show-dirty 2>/dev/null)" = 1 ] && \ + git --no-optional-locks ls-files --error-unmatch -m --directory --no-empty-directory -o --exclude-standard ":/*" > /dev/null 2>&1; then \ + echo -n " %{$fg_bold[yellow]%}✗"; \ + fi \ + && echo -n "%{$fg_bold[cyan]%})%{$reset_color%} "; \ + fi; \ + fi`' + + # dev container prompt scripts + if [ "$(ls -A /home/vscode/.devcontainer/promptrc.d)" ]; then + for file in /home/vscode/.devcontainer/promptrc.d/*; do + source "${file}" + done + fi + + PROMPT+='%{$fg[white]%}$ %{$reset_color%}' + unset -f __zsh_prompt +} +__zsh_prompt diff --git a/images/base/test/container-structure-test.yml b/images/base/test/container-structure-test.yml index 185fdd1..5ccb276 100644 --- a/images/base/test/container-structure-test.yml +++ b/images/base/test/container-structure-test.yml @@ -33,6 +33,13 @@ fileExistenceTests: uid: 65534 gid: 65534 + - name: "devcontainers.zsh-theme" + path: "/home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme" + shouldExist: true + permissions: "-rwxr-xr-x" # 0755 + uid: 1000 + gid: 1000 + - name: "featurerc.d" path: "/home/vscode/.devcontainer/featurerc.d" shouldExist: true @@ -40,6 +47,13 @@ fileExistenceTests: uid: 1000 gid: 1000 + - name: "promptrc.d" + path: "/home/vscode/.devcontainer/promptrc.d" + shouldExist: true + permissions: "drwxr-xr-x" # 0755 + uid: 1000 + gid: 1000 + fileContentTests: - name: "zshrc featurerc.d" path: "/home/vscode/.zshrc" From da7eac020b7af67fdf12074df5edcfa23d910da8 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 10:51:47 +0000 Subject: [PATCH 41/53] Validate not on main Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index c235828..315b4ce 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -89,7 +89,7 @@ jobs: validate: needs: [detect-changes] - if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref == 'refs/heads/main' }} + if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref != 'refs/heads/main' }} name: Validate runs-on: ubuntu-latest permissions: From 8010979e71c73f620eecf99dc53d82f3372540ca Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 10:57:19 +0000 Subject: [PATCH 42/53] Update base path to features Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index 315b4ce..81840f0 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -107,4 +107,4 @@ jobs: uses: devcontainers/action@2858bb873d82d653b033bfe0977fb8a16708b0c3 # v1.4.1 with: validate-only: true - base-path-to-features: features/src/${{ matrix.feature }} + base-path-to-features: features From 1f6707f3524c977d0f9f1537a4fa9794faf38c57 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 10:59:13 +0000 Subject: [PATCH 43/53] Update base path to features/src Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index 81840f0..101e594 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -107,4 +107,4 @@ jobs: uses: devcontainers/action@2858bb873d82d653b033bfe0977fb8a16708b0c3 # v1.4.1 with: validate-only: true - base-path-to-features: features + base-path-to-features: features/src From 908396fd5cca2544c8ed56752e79518002809717 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 11:03:07 +0000 Subject: [PATCH 44/53] Remove strategy Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index 101e594..46aeedd 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -94,16 +94,12 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - strategy: - fail-fast: false - matrix: - feature: ${{ fromJson(needs.detect-changes.outputs.features) }} steps: - name: Checkout id: checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Validate ${{ matrix.feature }} + - name: Validate uses: devcontainers/action@2858bb873d82d653b033bfe0977fb8a16708b0c3 # v1.4.1 with: validate-only: true From b5dda2bb4d4489d7e66111624748bb045738f299 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 11:09:16 +0000 Subject: [PATCH 45/53] Fix Dockerfile and hopefully shellcheck Signed-off-by: Jacob Woffenden --- features/test/aws/test.sh | 2 +- images/base/Dockerfile | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/features/test/aws/test.sh b/features/test/aws/test.sh index aa19296..7397a56 100644 --- a/features/test/aws/test.sh +++ b/features/test/aws/test.sh @@ -12,7 +12,7 @@ check "aws featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws. check "aws-sso version" aws-sso version check "aws-sso configuration existence" stat /home/vscode/.aws-sso/config.yaml check "aws-sso featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws-sso.sh -# shellcheck disable=SC2034 exit status should always evaluate as expected +# shellcheck disable=SC2034 check "aws-sso featurerc password" source /home/vscode/.devcontainer/featurerc.d/aws-sso.sh && [[ "${AWS_SSO_FILE_PASSWORD}" == "REPLACE_ME" ]] && exit 1 || true check "aws-sso promptrc existence" stat /home/vscode/.devcontainer/promptrc.d/aws-sso.sh diff --git a/images/base/Dockerfile b/images/base/Dockerfile index adc44b1..02ae414 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -13,8 +13,9 @@ COPY --chown=vscode:vscode --chmod=0755 src/home/vscode/.oh-my-zsh/custom/themes RUN chsh --shell "$(which zsh)" vscode \ && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer \ && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/featurerc.d \ - && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/promptrc.d \ - && cat <> /home/vscode/.zshrc + && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/promptrc.d + +RUN cat <> /home/vscode/.zshrc # dev container feature completion scripts if [ "\$(ls -A /home/vscode/.devcontainer/featurerc.d)" ]; then From fa57952e48b34d9bc429bf7ba5ed9e39eeda1da6 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 11:26:10 +0000 Subject: [PATCH 46/53] Disable shellchecks Signed-off-by: Jacob Woffenden --- .../src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh | 1 + features/test/aws/test.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh b/features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh index 29f716e..6a9618f 100644 --- a/features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh +++ b/features/src/aws/src/home/vscode/.devcontainer/promptrc.d/aws-sso.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +# shellcheck disable=SC2016 PROMPT+='`\ if [[ ${AWS_SSO_PROFILE} == *"development"* || ${AWS_SSO_PROFILE} == *"test"* ]]; then \ diff --git a/features/test/aws/test.sh b/features/test/aws/test.sh index 7397a56..5dd7c40 100644 --- a/features/test/aws/test.sh +++ b/features/test/aws/test.sh @@ -12,7 +12,7 @@ check "aws featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws. check "aws-sso version" aws-sso version check "aws-sso configuration existence" stat /home/vscode/.aws-sso/config.yaml check "aws-sso featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/aws-sso.sh -# shellcheck disable=SC2034 +# shellcheck disable=SC2015 check "aws-sso featurerc password" source /home/vscode/.devcontainer/featurerc.d/aws-sso.sh && [[ "${AWS_SSO_FILE_PASSWORD}" == "REPLACE_ME" ]] && exit 1 || true check "aws-sso promptrc existence" stat /home/vscode/.devcontainer/promptrc.d/aws-sso.sh From 2b79bbdc040bd0324cdf4d314b942b7955ec00c3 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 13:14:03 +0000 Subject: [PATCH 47/53] Add Kubernetes and Terraform features Signed-off-by: Jacob Woffenden --- features/src/aws/NOTES.md | 0 .../src/kubernetes/devcontainer-feature.json | 13 ++++++++ .../src/kubernetes/install-kubernetes-cli.sh | 26 +++++++++++++++ features/src/kubernetes/install.sh | 8 +++++ .../.devcontainer/featurerc.d/kubectl.sh | 3 ++ .../src/terraform/devcontainer-feature.json | 13 ++++++++ .../src/terraform/install-terraform-cli.sh | 32 +++++++++++++++++++ features/src/terraform/install.sh | 8 +++++ .../.devcontainer/featurerc.d/terraform.sh | 3 ++ features/test/kubernetes/test.sh | 10 ++++++ features/test/terraform/test.sh | 12 +++++++ 11 files changed, 128 insertions(+) delete mode 100644 features/src/aws/NOTES.md create mode 100644 features/src/kubernetes/devcontainer-feature.json create mode 100644 features/src/kubernetes/install-kubernetes-cli.sh create mode 100644 features/src/kubernetes/install.sh create mode 100644 features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh create mode 100644 features/src/terraform/devcontainer-feature.json create mode 100644 features/src/terraform/install-terraform-cli.sh create mode 100644 features/src/terraform/install.sh create mode 100644 features/src/terraform/src/home/vscode/.devcontainer/featurerc.d/terraform.sh create mode 100644 features/test/kubernetes/test.sh create mode 100644 features/test/terraform/test.sh diff --git a/features/src/aws/NOTES.md b/features/src/aws/NOTES.md deleted file mode 100644 index e69de29..0000000 diff --git a/features/src/kubernetes/devcontainer-feature.json b/features/src/kubernetes/devcontainer-feature.json new file mode 100644 index 0000000..4976f87 --- /dev/null +++ b/features/src/kubernetes/devcontainer-feature.json @@ -0,0 +1,13 @@ +{ + "id": "kubernetes", + "version": "1.0.0", + "name": "Kubernetes", + "description": "Installs the Kubernetes CLI", + "options": { + "kubernetesCliVersion": { + "type": "string", + "description": "Version of the Kubernetes CLI to install", + "default": "latest" + } + } +} diff --git a/features/src/kubernetes/install-kubernetes-cli.sh b/features/src/kubernetes/install-kubernetes-cli.sh new file mode 100644 index 0000000..3d459c0 --- /dev/null +++ b/features/src/kubernetes/install-kubernetes-cli.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -e + +source /usr/local/bin/devcontainer-utils + +get_system_architecture + +GITHUB_REPOSITORY="ministryofjustice/cloud-platform-cli" +VERSION=${KUBERNETESCLIVERSION:-"latest"} + +if [[ "${VERSION}" == "latest" ]]; then + VERSION=$( curl --location --silent https://dl.k8s.io/release/stable.txt ) + VERSION_STRIP_V="${VERSION#v}" +else + VERSION_STRIP_V="${VERSION#v}" +fi + +curl --fail-with-body --location "https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCHITECTURE}/kubectl" \ + --output "kubectl" + +install --owner=vscode --group=vscode --mode=775 kubectl /usr/local/bin/kubectl + +install --directory --owner=vscode --group=vscode /home/vscode/.kube + +install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh /home/vscode/.devcontainer/featurerc.d/kubectl.sh diff --git a/features/src/kubernetes/install.sh b/features/src/kubernetes/install.sh new file mode 100644 index 0000000..3704bd9 --- /dev/null +++ b/features/src/kubernetes/install.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# shellcheck source=/dev/null +# file not accessible until being built +source /usr/local/bin/devcontainer-utils + +logger "info" "Installing Kubernetes CLI (version: ${KUBERNETESCLIVERSION})" +bash "$(dirname "${0}")"/install-kubernetes-cli.sh diff --git a/features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh b/features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh new file mode 100644 index 0000000..da070bf --- /dev/null +++ b/features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +source <(kubectl completion zsh) diff --git a/features/src/terraform/devcontainer-feature.json b/features/src/terraform/devcontainer-feature.json new file mode 100644 index 0000000..bdce97f --- /dev/null +++ b/features/src/terraform/devcontainer-feature.json @@ -0,0 +1,13 @@ +{ + "id": "terraform", + "version": "1.0.0", + "name": "Terraform", + "description": "Installs the Terraform CLI", + "options": { + "terraformCliVersion": { + "type": "string", + "description": "Version of the Terraform CLI to install", + "default": "latest" + } + } +} diff --git a/features/src/terraform/install-terraform-cli.sh b/features/src/terraform/install-terraform-cli.sh new file mode 100644 index 0000000..d97adf7 --- /dev/null +++ b/features/src/terraform/install-terraform-cli.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +set -e + +# shellcheck source=/dev/null +# file not accessible until being built +source /usr/local/bin/devcontainer-utils + +get_system_architecture + +GITHUB_REPOSITORY="hashicorp/terraform" +VERSION="${TERRAFORMCLIVERSION:-"latest"}" + +if [[ "${VERSION}" == "latest" ]]; then + get_github_latest_tag "${GITHUB_REPOSITORY}" + VERSION="${GITHUB_LATEST_TAG}" + VERSION_STRIP_V="${GITHUB_LATEST_TAG_STRIP_V}" +else + # shellcheck disable=SC2034 + VERSION_STRIP_V="${VERSION#v}" +fi + +curl --fail-with-body --location "https://releases.hashicorp.com/terraform/${VERSION_STRIP_V}/terraform_${VERSION_STRIP_V}_linux_${ARCHITECTURE}.zip" \ + --output "terraform_${VERSION_STRIP_V}_linux_${ARCHITECTURE}.zip" + +unzip "terraform_${VERSION_STRIP_V}_linux_${ARCHITECTURE}.zip" + +install --owner=vscode --group=vscode --mode=775 terraform /usr/local/bin/terraform + +rm --recursive --force terraform "terraform_${VERSION_STRIP_V}_linux_${ARCHITECTURE}.zip" + +install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/featurerc.d/terraform.sh /home/vscode/.devcontainer/featurerc.d/terraform.sh diff --git a/features/src/terraform/install.sh b/features/src/terraform/install.sh new file mode 100644 index 0000000..3da3a03 --- /dev/null +++ b/features/src/terraform/install.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# shellcheck source=/dev/null +# file not accessible until being built +source /usr/local/bin/devcontainer-utils + +logger "info" "Installing Terraform CLI (version: ${TERRAFORMCLIVERSION})" +bash "$(dirname "${0}")"/install-terraform-cli.sh diff --git a/features/src/terraform/src/home/vscode/.devcontainer/featurerc.d/terraform.sh b/features/src/terraform/src/home/vscode/.devcontainer/featurerc.d/terraform.sh new file mode 100644 index 0000000..dee5f7b --- /dev/null +++ b/features/src/terraform/src/home/vscode/.devcontainer/featurerc.d/terraform.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +complete -o nospace -C /usr/local/bin/terraform terraform diff --git a/features/test/kubernetes/test.sh b/features/test/kubernetes/test.sh new file mode 100644 index 0000000..3526820 --- /dev/null +++ b/features/test/kubernetes/test.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +set -e + +source dev-container-features-test-lib + +check "kubectl version" kubectl version --client=true --output yaml +check "kubectl featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/kubectl.sh + +reportResults diff --git a/features/test/terraform/test.sh b/features/test/terraform/test.sh new file mode 100644 index 0000000..83d718c --- /dev/null +++ b/features/test/terraform/test.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -e + +# shellcheck source=/dev/null +# file only accessible when using devcontainer CLI +source dev-container-features-test-lib + +check "terraform version" terraform version +check "terraform featurerc existence" stat /home/vscode/.devcontainer/featurerc.d/terraform.sh + +reportResults From 7be42ffdc5c66e64faf06ef543eb8b4929ab1262 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 13:53:20 +0000 Subject: [PATCH 48/53] linters Signed-off-by: Jacob Woffenden --- features/src/kubernetes/install-kubernetes-cli.sh | 6 +----- .../src/home/vscode/.devcontainer/featurerc.d/kubectl.sh | 1 + features/test/kubernetes/test.sh | 2 ++ 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/features/src/kubernetes/install-kubernetes-cli.sh b/features/src/kubernetes/install-kubernetes-cli.sh index 3d459c0..277a4b6 100644 --- a/features/src/kubernetes/install-kubernetes-cli.sh +++ b/features/src/kubernetes/install-kubernetes-cli.sh @@ -6,14 +6,10 @@ source /usr/local/bin/devcontainer-utils get_system_architecture -GITHUB_REPOSITORY="ministryofjustice/cloud-platform-cli" VERSION=${KUBERNETESCLIVERSION:-"latest"} if [[ "${VERSION}" == "latest" ]]; then - VERSION=$( curl --location --silent https://dl.k8s.io/release/stable.txt ) - VERSION_STRIP_V="${VERSION#v}" -else - VERSION_STRIP_V="${VERSION#v}" + VERSION=$(curl --location --silent https://dl.k8s.io/release/stable.txt) fi curl --fail-with-body --location "https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCHITECTURE}/kubectl" \ diff --git a/features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh b/features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh index da070bf..104295b 100644 --- a/features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh +++ b/features/src/kubernetes/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh @@ -1,3 +1,4 @@ #!/usr/bin/env bash +# shellcheck disable=SC1090 source <(kubectl completion zsh) diff --git a/features/test/kubernetes/test.sh b/features/test/kubernetes/test.sh index 3526820..fb503dd 100644 --- a/features/test/kubernetes/test.sh +++ b/features/test/kubernetes/test.sh @@ -2,6 +2,8 @@ set -e +# shellcheck source=/dev/null +# file only accessible when using devcontainer CLI source dev-container-features-test-lib check "kubectl version" kubectl version --client=true --output yaml From a6cf7026c88163042829d97a363e668f3dffd00f Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 15:22:30 +0000 Subject: [PATCH 49/53] Add shellcheck exclusion Signed-off-by: Jacob Woffenden --- features/src/kubernetes/install-kubernetes-cli.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/features/src/kubernetes/install-kubernetes-cli.sh b/features/src/kubernetes/install-kubernetes-cli.sh index 277a4b6..2955520 100644 --- a/features/src/kubernetes/install-kubernetes-cli.sh +++ b/features/src/kubernetes/install-kubernetes-cli.sh @@ -2,6 +2,8 @@ set -e +# shellcheck source=/dev/null +# file not accessible until being built source /usr/local/bin/devcontainer-utils get_system_architecture From 6509cf318102d1318c0d17dd95cca1bca3228b71 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 15:23:57 +0000 Subject: [PATCH 50/53] Add system upgrade to base Signed-off-by: Jacob Woffenden --- images/base/Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/images/base/Dockerfile b/images/base/Dockerfile index 02ae414..42912ee 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile @@ -10,7 +10,11 @@ COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /us COPY --chown=nobody:nobody --chmod=0444 src/usr/local/etc/vscode-dev-containers/first-run-notice.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt COPY --chown=vscode:vscode --chmod=0755 src/home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme /home/vscode/.oh-my-zsh/custom/themes/devcontainers.zsh-theme -RUN chsh --shell "$(which zsh)" vscode \ +RUN apt-get update --yes \ + && apt-get upgrade --yes \ + && apt-get clean --yes \ + && rm -rf /var/lib/apt/lists/* \ + && chsh --shell "$(which zsh)" vscode \ && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer \ && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/featurerc.d \ && install --directory --owner=vscode --group=vscode /home/vscode/.devcontainer/promptrc.d From d17f6b39ec082c9ecb7a75ba2bc1a311cc96a677 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 16:12:20 +0000 Subject: [PATCH 51/53] Add pre-flight to features Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 92 ++++++++++++++++++++++++++++ features/src/aws/CHANGELOG.md | 15 +++++ features/src/kubernetes/CHANGELOG.md | 15 +++++ features/src/terraform/CHANGELOG.md | 15 +++++ 4 files changed, 137 insertions(+) create mode 100644 features/src/aws/CHANGELOG.md create mode 100644 features/src/kubernetes/CHANGELOG.md create mode 100644 features/src/terraform/CHANGELOG.md diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index 46aeedd..bcb3dc5 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -38,6 +38,98 @@ jobs: with: filters: .github/path-filters/features.yml + preflight-checks: + needs: [detect-changes] + if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref != 'refs/heads/main' }} + name: Preflight Checks + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: read + strategy: + fail-fast: false + matrix: + feature: ${{ fromJson(needs.detect-changes.outputs.features) }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Check Version + id: check_version + env: + GH_TOKEN: ${{ github.token }} + run: | + echo "${{ env.GH_TOKEN }}" | skopeo login ghcr.io --username ${{ github.actor }} --password-stdin + + version=$(jq -r '.version' features/src/${{ matrix.feature }}/devcontainer-feature.json) + export version + + if skopeo list-tags docker://ghcr.io/ministryofjustice/devcontainer-feature/${{ matrix.feature }}; then + feature_exists=true + else + echo "feature_exists=false" >>"${GITHUB_ENV}" + echo "tag_exists=false" >>"${GITHUB_ENV}" + fi + + if [[ "${feature_exists}" == "true" ]]; then + checkTag=$(skopeo list-tags docker://ghcr.io/ministryofjustice/devcontainer-feature/${{ matrix.feature }} | jq -r --arg version "${version}" '.Tags | index($version)') + export checkTag + + if [[ -z "${imageTag}" ]]; then + echo "tag_exists=false" >>"${GITHUB_ENV}" + else + echo "tag_exists=true" >>"${GITHUB_ENV}" + fi + fi + + - name: Check CHANGELOG Updates + id: check_changelog_updates + env: + GH_TOKEN: ${{ github.token }} + run: | + mainSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/features/src/${{ matrix.feature }}/CHANGELOG.md --field ref="main" | jq -r '.sha') + branchSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/features/src/${{ matrix.feature }}/CHANGELOG.md --field ref="${GITHUB_HEAD_REF}" | jq -r '.sha') + + if [[ -z "${mainSha}" ]]; then + SHA not found for main branch, assuming CHANGELOG.md does not exist + elif [[ -z "${branchSha}" ]]; then + SHA not found for "${GITHUB_HEAD_REF}" branch, assuming CHANGELOG.md does not exist + "changelog_updated=false" >>"${GITHUB_ENV}" + elif [[ "${mainSha}" == "${branchSha}" ]]; then + echo "CHANGELOG.md matches main branch, needs to be updated" + echo "changelog_updated=false" >>"${GITHUB_ENV}" + elif [[ "${mainSha}" != "${branchSha}" ]]; then + echo "CHANGELOG.md does not match main branch, does not need to be updated" + echo "changelog_updated=true" >>"${GITHUB_ENV}" + fi + + - name: Evaluate Checks + id: evaluate_checks + run: | + echo "::notice::# Preflight Checks" + + if [[ "${{ env.tag_exists }}" == "true" ]]; then + echo "::error::FAIL: Feature tag already exists" + export failBuild="true" + else + echo "::notice::OK: Feature tag does not exist" + export failBuild="false" + fi + + if [[ "${{ env.changelog_updated }}" == "true" ]]; then + echo "::notice::OK: CHANGELOG.md has been updated" + export failBuild="false" + elif [[ "${{ env.changelog_updated }}" == "false" ]]; then + echo "::error::FAIL: CHANGELOG.md needs to be updated" + export failBuild="true" + fi + + if [[ "${failBuild}" == "true" ]]; then + exit 1 + fi + test: needs: [detect-changes] if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref != 'refs/heads/main' }} diff --git a/features/src/aws/CHANGELOG.md b/features/src/aws/CHANGELOG.md new file mode 100644 index 0000000..068a1c4 --- /dev/null +++ b/features/src/aws/CHANGELOG.md @@ -0,0 +1,15 @@ + +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [1.0.0] - 2024-25-01 + +### Added + +- Initial release of feature diff --git a/features/src/kubernetes/CHANGELOG.md b/features/src/kubernetes/CHANGELOG.md new file mode 100644 index 0000000..068a1c4 --- /dev/null +++ b/features/src/kubernetes/CHANGELOG.md @@ -0,0 +1,15 @@ + +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [1.0.0] - 2024-25-01 + +### Added + +- Initial release of feature diff --git a/features/src/terraform/CHANGELOG.md b/features/src/terraform/CHANGELOG.md new file mode 100644 index 0000000..068a1c4 --- /dev/null +++ b/features/src/terraform/CHANGELOG.md @@ -0,0 +1,15 @@ + +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [1.0.0] - 2024-25-01 + +### Added + +- Initial release of feature From cc2fef87258a9b73dcf0a56bbb287e0db3dd6e5f Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Fri, 26 Jan 2024 16:42:50 +0000 Subject: [PATCH 52/53] Adds feature publishing Drops versions to 0.0.1 Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 32 ++++++++++++- .github/workflows/images.yml | 45 ++++++++++++++++++- features/src/aws/CHANGELOG.md | 2 +- features/src/aws/devcontainer-feature.json | 2 +- features/src/kubernetes/CHANGELOG.md | 2 +- .../src/kubernetes/devcontainer-feature.json | 2 +- features/src/terraform/CHANGELOG.md | 2 +- .../src/terraform/devcontainer-feature.json | 2 +- images/base/CHANGELOG.md | 2 +- images/base/config.json | 2 +- 10 files changed, 81 insertions(+), 12 deletions(-) diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index bcb3dc5..c51ec7b 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -108,8 +108,6 @@ jobs: - name: Evaluate Checks id: evaluate_checks run: | - echo "::notice::# Preflight Checks" - if [[ "${{ env.tag_exists }}" == "true" ]]; then echo "::error::FAIL: Feature tag already exists" export failBuild="true" @@ -196,3 +194,33 @@ jobs: with: validate-only: true base-path-to-features: features/src + + publish: + needs: [detect-changes] + if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref == 'refs/heads/main' }} + name: Publish + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write + strategy: + fail-fast: false + matrix: + feature: ${{ fromJson(needs.detect-changes.outputs.features) }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Install @devcontainers/cli + id: install_devcontainers_cli + run: npm install --global @devcontainers/cli@latest + + - name: Publish + id: publish + run: | + devcontainer features publish \ + --registry ghcr.io \ + --namespace ministryofjustice/devcontainer-feature \ + ./features/src/aws/ diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index d85a1de..a21e4a3 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -108,8 +108,6 @@ jobs: - name: Evaluate Checks id: evaluate_checks run: | - echo "::notice::# Preflight Checks" - if [[ "${{ env.tag_exists }}" == "true" ]]; then echo "::error::FAIL: Container tag already exists" export failBuild="true" @@ -184,3 +182,46 @@ jobs: exit-code: 1 severity: HIGH,CRITICAL hide-progress: true + + publish: + needs: [detect-changes] + if: ${{ needs.detect-changes.outputs.images != '[]' && github.ref == 'refs/heads/main' }} + name: Publish + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write + strategy: + fail-fast: false + matrix: + image: ${{ fromJson(needs.detect-changes.outputs.images) }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Set Up QEMU + id: setup_qemu + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Set Up Docker Buildx + id: setup_docker_buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + - name: Prepare Environment + id: prepare_environment + run: | + version=$(jq -r '.version' images/${{ matrix.image }}/config.json) + echo "version=${version}" >>"${GITHUB_ENV}" + + - name: Publish Image + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + with: + file: images/${{ matrix.image }}/Dockerfile + context: images/${{ matrix.image }} + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:${{ env.version }} + ghcr.io/ministryofjustice/devcontainer-${{ matrix.image }}:latest diff --git a/features/src/aws/CHANGELOG.md b/features/src/aws/CHANGELOG.md index 068a1c4..c590d50 100644 --- a/features/src/aws/CHANGELOG.md +++ b/features/src/aws/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [1.0.0] - 2024-25-01 +## [0.0.1] - 2024-25-01 ### Added diff --git a/features/src/aws/devcontainer-feature.json b/features/src/aws/devcontainer-feature.json index 763e4b2..44421a8 100644 --- a/features/src/aws/devcontainer-feature.json +++ b/features/src/aws/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "aws", - "version": "1.0.0", + "version": "0.0.1", "name": "AWS", "description": "Installs the AWS CLI and AWS SSO CLI", "options": { diff --git a/features/src/kubernetes/CHANGELOG.md b/features/src/kubernetes/CHANGELOG.md index 068a1c4..c590d50 100644 --- a/features/src/kubernetes/CHANGELOG.md +++ b/features/src/kubernetes/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [1.0.0] - 2024-25-01 +## [0.0.1] - 2024-25-01 ### Added diff --git a/features/src/kubernetes/devcontainer-feature.json b/features/src/kubernetes/devcontainer-feature.json index 4976f87..b0d8c84 100644 --- a/features/src/kubernetes/devcontainer-feature.json +++ b/features/src/kubernetes/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "kubernetes", - "version": "1.0.0", + "version": "0.0.1", "name": "Kubernetes", "description": "Installs the Kubernetes CLI", "options": { diff --git a/features/src/terraform/CHANGELOG.md b/features/src/terraform/CHANGELOG.md index 068a1c4..c590d50 100644 --- a/features/src/terraform/CHANGELOG.md +++ b/features/src/terraform/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [1.0.0] - 2024-25-01 +## [0.0.1] - 2024-25-01 ### Added diff --git a/features/src/terraform/devcontainer-feature.json b/features/src/terraform/devcontainer-feature.json index bdce97f..6f13bbd 100644 --- a/features/src/terraform/devcontainer-feature.json +++ b/features/src/terraform/devcontainer-feature.json @@ -1,6 +1,6 @@ { "id": "terraform", - "version": "1.0.0", + "version": "0.0.1", "name": "Terraform", "description": "Installs the Terraform CLI", "options": { diff --git a/images/base/CHANGELOG.md b/images/base/CHANGELOG.md index 1a3ee6f..0256d14 100644 --- a/images/base/CHANGELOG.md +++ b/images/base/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [1.0.0] - 2024-25-01 +## [0.0.1] - 2024-25-01 ### Added diff --git a/images/base/config.json b/images/base/config.json index ec488c4..9ae7e6e 100644 --- a/images/base/config.json +++ b/images/base/config.json @@ -1,4 +1,4 @@ { "name": "base", - "version": "1.0.0" + "version": "0.0.1" } From 8feb5a554a3a5290d0008ed0252af2de3521024d Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Tue, 30 Jan 2024 14:52:24 +0000 Subject: [PATCH 53/53] Update devcontainer feature path Signed-off-by: Jacob Woffenden --- .github/workflows/features.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index c51ec7b..b2e6da7 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -223,4 +223,4 @@ jobs: devcontainer features publish \ --registry ghcr.io \ --namespace ministryofjustice/devcontainer-feature \ - ./features/src/aws/ + ./features/src/${{ matrix.feature }}