make /work writable by all

Author: anthony-nhs

.github/workflows/build_multi_arch_image.yml

@@ -85,7 +85,7 @@ jobs:
           CONTAINER_NAME: '${{ inputs.container_name }}'
           MULTI_ARCH_TAG: '${{ inputs.docker_tag }}'
           BASE_VERSION_TAG: ${{ inputs.docker_tag}}
-          IMAGE_TAG: ":${{ inputs.docker_tag }}-${{ matrix.arch }}"
+          IMAGE_TAG: "${{ inputs.docker_tag }}-${{ matrix.arch }}"
           BASE_FOLDER: "${{ inputs.base_folder }}"
       - name: Check docker vulnerabilities - json output
         uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284
@@ -131,6 +131,11 @@ jobs:
         run: |
           echo "Pushing image..."
           docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}"
+          BUILD_TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          export BUILD_TIMESTAMP
+          docker buildx imagetools create \
+            --annotation "index:org.opencontainers.image.created=${BUILD_TIMESTAMP}" \
+            "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}"
         env:
           DOCKER_TAG: ${{ inputs.docker_tag }}
           CONTAINER_NAME: '${{ inputs.container_name }}'
@@ -164,10 +169,19 @@ jobs:
 
       - name: Push multi-arch tagged image
         run: |
-          docker buildx imagetools create -t "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" \
+          BUILD_TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          export BUILD_TIMESTAMP
+          docker buildx imagetools create \
+            --annotation "index:org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers" \
+            --annotation "index:org.opencontainers.image.description=EPS devcontainer ${CONTAINER_NAME}:${DOCKER_TAG}" \
+            --annotation "index:org.opencontainers.image.licenses=MIT" \
+            --annotation "index:org.opencontainers.image.version=${DOCKER_TAG}" \
+            --annotation "index:org.opencontainers.image.containerName=${CONTAINER_NAME}" \
+            --annotation "index:org.opencontainers.image.created=${BUILD_TIMESTAMP}" \
+            --tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" \
             "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-amd64" \
             "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-arm64"
-            echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" >> "$GITHUB_STEP_SUMMARY"
+          echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" >> "$GITHUB_STEP_SUMMARY"
         env:
           DOCKER_TAG: ${{ inputs.docker_tag }}
           CONTAINER_NAME: '${{ inputs.container_name }}'

Makefile

@@ -21,13 +21,12 @@ install-node:
 install-hooks: install-python
 	poetry run pre-commit install --install-hooks --overwrite
 
-build-image: guard-CONTAINER_NAME guard-BASE_VERSION_TAG guard-BASE_FOLDER
+build-image: guard-CONTAINER_NAME guard-BASE_VERSION_TAG guard-BASE_FOLDER guard-IMAGE_TAG
 	npx devcontainer build \
 		--workspace-folder ./src/$${BASE_FOLDER}/$${CONTAINER_NAME} \
 		--push false \
 		--cache-from "${CONTAINER_PREFIX}$${CONTAINER_NAME}:latest" \
-		--label "org.opencontainers.image.revision=$$DOCKER_TAG" \
-		--image-name "${CONTAINER_PREFIX}$${CONTAINER_NAME}${IMAGE_TAG}"
+		--image-name "${CONTAINER_PREFIX}$${CONTAINER_NAME}:${IMAGE_TAG}"
 
 scan-image: guard-CONTAINER_NAME guard-BASE_FOLDER
 	@combined="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore_combined.yaml"; \

README.md

@@ -88,6 +88,7 @@ Base image
 CONTAINER_NAME=base \
   BASE_VERSION_TAG=latest \
   BASE_FOLDER=. \
+  IMAGE_TAG=local-build \
   make build-image
 ``` 
 Language images

src/base/.devcontainer/Dockerfile

@@ -15,7 +15,7 @@ ENV IMAGE_TAG=${IMAGE_TAG}
 ENV TARGETARCH=${TARGETARCH}
 
 LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers
-LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}${IMAGE_TAG}"
+LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}"
 LABEL org.opencontainers.image.licenses=MIT
 LABEL org.opencontainers.image.version=${IMAGE_TAG}
 LABEL org.opencontainers.image.containerName=${CONTAINER_NAME}

src/base/.devcontainer/scripts/root_install.sh

@@ -70,3 +70,4 @@ curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-qualit
 chown -R vscode:vscode /home/vscode
 mkdir -p /work
 chown -R vscode:vscode /work
+chmod -R 777 /work

src/common/Dockerfile

@@ -21,7 +21,7 @@ ENV IMAGE_TAG=${IMAGE_TAG}
 ENV TARGETARCH=${TARGETARCH}
 
 LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers
-LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}${IMAGE_TAG}"
+LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}"
 LABEL org.opencontainers.image.licenses=MIT
 LABEL org.opencontainers.image.version=${IMAGE_TAG}
 LABEL org.opencontainers.image.baseImage=${BASE_IMAGE}

src/projects/fhir_facade_api/.devcontainer/Dockerfile

@@ -18,7 +18,7 @@ ENV IMAGE_TAG=${IMAGE_TAG}
 ENV TARGETARCH=${TARGETARCH}
 
 LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers
-LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}${IMAGE_TAG}"
+LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}"
 LABEL org.opencontainers.image.licenses=MIT
 LABEL org.opencontainers.image.version=${IMAGE_TAG}
 LABEL org.opencontainers.image.baseImage=${BASE_IMAGE}