Add newline

Add README checking
ADD ONBUILD

Signed-off-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>

.devcontainer/devcontainer-lock.json

@@ -11,4 +11,4 @@
       "integrity": "sha256:7d31b83459dd5110c37e7f5acb2920335cb1e5ebf014326d7eb6a0b290cc820a"
     }
   }
-}
+}

.github/workflows/images.yml

@@ -56,7 +56,7 @@ jobs:
         id: checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Check Version (GitHub Container Registry)
+      - name: Check Version
         id: check_version
         env:
           GH_TOKEN: ${{ github.token }}
@@ -84,6 +84,51 @@ jobs:
             fi
           fi
 
+      - name: Check CHANGELOG Updates
+        id: check_changelog_updates
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          mainSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/containers/${{ inputs.image }}/CHANGELOG.md --field ref="main" | jq -r '.sha')
+          branchSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/containers/${{ inputs.image }}/CHANGELOG.md --field ref="${GITHUB_HEAD_REF}" | jq -r '.sha')
+
+          if [[ -z "${mainSha}" ]]; then
+            SHA not found for main branch, assuming CHANGELOG.md does not exist
+          elif [[ -z "${branchSha}" ]]; then
+            SHA not found for "${GITHUB_HEAD_REF}" branch, assuming CHANGELOG.md does not exist
+            "changelog_updated=false" >>"${GITHUB_ENV}"
+          elif [[ "${mainSha}" == "${branchSha}" ]]; then
+            echo "CHANGELOG.md matches main branch, needs to be updated"
+            echo "changelog_updated=false" >>"${GITHUB_ENV}"
+          elif [[ "${mainSha}" != "${branchSha}" ]]; then
+            echo "CHANGELOG.md does not match main branch, does not need to be updated"
+            echo "changelog_updated=true" >>"${GITHUB_ENV}"
+          fi
+
+      - name: Evaluate Checks
+        id: evaluate_checks
+        run: |
+          echo "::notice::# Preflight Checks"
+
+          if [[ "${{ env.tag_exists }}" == "true" ]]; then
+            echo "::error::FAIL: Container tag already exists"
+            export failBuild="true"
+          else
+            echo "::notice::OK: Container tag does not exist"
+            export failBuild="false"
+          fi
+
+          if [[ "${{ env.changelog_updated }}" == "true" ]]; then
+            echo "::notice::OK: CHANGELOG.md has been updated"
+            export failBuild="false"
+          elif [[ "${{ env.changelog_updated }}" == "false" ]]; then
+            echo "::error::FAIL: CHANGELOG.md needs to be updated"
+            export failBuild="true"
+          fi
+
+          if [[ "${failBuild}" == "true" ]]; then
+            exit 1
+          fi
 
   build-test-scan:
     needs: [detect-changes]

images/base/Dockerfile

@@ -7,3 +7,8 @@ LABEL org.opencontainers.image.vendor="Ministry of Justice" \
       org.opencontainers.image.url="https://github.com/ministryofjustice/data-platform/tree/main/containers/actions-runner"
 
 COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils
+
+ONBUILD RUN apt-get update --yes \
+            && apt-get upgrade --yes \
+            && apt-get clean --yes \
+            && rm -rf /var/lib/apt/lists/*

images/base/README.md

@@ -0,0 +1,15 @@
+<!-- markdownlint-disable MD003 -->
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [2024.1.0] - 2024-25-01
+
+### Added
+
+- Initial release of image