|
| 1 | +# This can be used to bootstrap devcontainer when no images have been pushed |
| 2 | +FROM alpine:3.23.3 AS build |
| 3 | +ARG TARGETARCH |
| 4 | +RUN apk add --no-cache cosign bash curl jq |
| 5 | +COPY src/base/.devcontainer/scripts/install_trivy.sh /tmp/install_trivy.sh |
| 6 | +RUN case "${TARGETARCH}" in \ |
| 7 | + x86_64|amd64) TRIVY_ARCH=64bit ;; \ |
| 8 | + aarch64|arm64) TRIVY_ARCH=ARM64 ;; \ |
| 9 | + *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \ |
| 10 | + esac \ |
| 11 | + && INSTALL_DIR=/tmp/trivy/ ARCH="${TRIVY_ARCH}" /tmp/install_trivy.sh |
| 12 | + |
| 13 | + |
| 14 | +FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04 |
| 15 | +ARG TARGETARCH |
| 16 | +ENV TARGETARCH=${TARGETARCH} |
| 17 | + |
| 18 | +# Install essential packages first |
| 19 | +RUN apt-get update && apt-get install -y \ |
| 20 | + curl \ |
| 21 | + wget \ |
| 22 | + git \ |
| 23 | + sudo \ |
| 24 | + unzip \ |
| 25 | + && apt-get clean \ |
| 26 | + && rm -rf /var/lib/apt/lists/* |
| 27 | + |
| 28 | +# Copy ASDF version file |
| 29 | +ENV ASDF_VERSION=0.18.1 |
| 30 | + |
| 31 | +# Add amd64 architecture if on arm64 |
| 32 | +RUN if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then dpkg --add-architecture amd64; fi |
| 33 | + |
| 34 | +RUN apt-get update \ |
| 35 | + && export DEBIAN_FRONTEND=noninteractive \ |
| 36 | + && apt-get -y dist-upgrade \ |
| 37 | + && apt-get -y install --no-install-recommends htop vim curl git build-essential \ |
| 38 | + libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \ |
| 39 | + zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \ |
| 40 | + jq apt-transport-https ca-certificates gnupg-agent \ |
| 41 | + software-properties-common bash-completion python3-pip make libbz2-dev \ |
| 42 | + libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \ |
| 43 | + xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev uuid-runtime xxd unzip |
| 44 | + |
| 45 | +# install aws stuff |
| 46 | +# Download correct AWS CLI for arch |
| 47 | +RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \ |
| 48 | + wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \ |
| 49 | + else \ |
| 50 | + wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \ |
| 51 | + fi && \ |
| 52 | + unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \ |
| 53 | + /tmp/aws-cli/aws/install && \ |
| 54 | + rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli |
| 55 | + |
| 56 | +# Install ASDF |
| 57 | +RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \ |
| 58 | + wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \ |
| 59 | + else \ |
| 60 | + wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \ |
| 61 | + fi && \ |
| 62 | + tar -xzf /tmp/asdf.tar.gz -C /tmp && \ |
| 63 | + mkdir -p /usr/bin && \ |
| 64 | + mv /tmp/asdf /usr/bin/asdf && \ |
| 65 | + chmod +x /usr/bin/asdf && \ |
| 66 | + rm -rf /tmp/asdf.tar.gz |
| 67 | + |
| 68 | +# install gitsecrets |
| 69 | +RUN git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets && \ |
| 70 | + cd /tmp/git-secrets && \ |
| 71 | + make install && \ |
| 72 | + cd && \ |
| 73 | + rm -rf /tmp/git-secrets && \ |
| 74 | + mkdir -p /usr/share/secrets-scanner && \ |
| 75 | + chmod 755 /usr/share/secrets-scanner && \ |
| 76 | + curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt |
| 77 | + |
| 78 | +COPY --from=build /tmp/trivy/trivy /usr/local/bin/trivy |
| 79 | + |
| 80 | +USER vscode |
| 81 | + |
| 82 | +ENV PATH="/home/vscode/.asdf/shims:/home/vscode/.local/bin:$PATH:/workspaces/eps-devcontainers/node_modules/.bin" |
| 83 | +RUN \ |
| 84 | + echo 'PATH="/home/vscode/.asdf/shims:/home/vscode/.local/bin:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"' >> ~/.bashrc; \ |
| 85 | + echo '. <(asdf completion bash)' >> ~/.bashrc; \ |
| 86 | + echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \ |
| 87 | + echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \ |
| 88 | + echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc; |
| 89 | + |
| 90 | +# Install ASDF plugins |
| 91 | +RUN asdf plugin add python; \ |
| 92 | + asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \ |
| 93 | + asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \ |
| 94 | + asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \ |
| 95 | + asdf plugin add direnv; \ |
| 96 | + asdf plugin add actionlint; \ |
| 97 | + asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git; \ |
| 98 | + asdf plugin add yq https://github.com/sudermanjr/asdf-yq.git; |
| 99 | + |
| 100 | +WORKDIR /workspaces/eps-devcontainers |
| 101 | +COPY .devcontainer/.tool-versions.bootstrap /workspaces/eps-devcontainers/.tool-versions |
| 102 | +COPY .devcontainer/.tool-versions.bootstrap /home/vscode/.tool-versions |
| 103 | + |
| 104 | +# install python before poetry to ensure correct python version is used |
| 105 | +RUN asdf install python; \ |
| 106 | + asdf install |
| 107 | + |
| 108 | +RUN git-secrets --register-aws --global && \ |
| 109 | + git-secrets --add-provider --global -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt |
0 commit comments