create github actions image

Author: anthony-nhs

.github/workflows/build_multi_arch_image.yml

@@ -131,11 +131,17 @@ jobs:
         env:
           ARCHITECTURE: '${{ matrix.arch }}'
           DOCKER_TAG: '${{ inputs.docker_tag }}'
-      - name: Push tagged image
+      - name: Push tagged image and rebuild for github actions
         run: |
           echo "Pushing image..."
           docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}"
           echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}" >> "$GITHUB_STEP_SUMMARY"
+
+          echo "Rebuilding image for github actions with tag githubactions-${DOCKER_TAG}-${ARCHITECTURE}"
+          make build-githubactions-image BASE_IMAGE_NAME="${CONTAINER_NAME}" BASE_IMAGE_TAG="${DOCKER_TAG}-${ARCHITECTURE}" IMAGE_TAG="${DOCKER_TAG}-${ARCHITECTURE}" NO_CACHE="${{ inputs.NO_CACHE }}"
+          echo "Pushing github actions image..."
+          docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-${DOCKER_TAG}-${ARCHITECTURE}"
+          echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-${DOCKER_TAG}-${ARCHITECTURE}" >> "$GITHUB_STEP_SUMMARY"
         env:
           DOCKER_TAG: ${{ inputs.docker_tag }}
           CONTAINER_NAME: '${{ inputs.container_name }}'
@@ -144,9 +150,14 @@ jobs:
         if: ${{ inputs.tag_latest }}
         run: |
           docker tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}" "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}"
-          echo "Pushing image..."
+          echo "Pushing latest image..."
           docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}"
           echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}" >> "$GITHUB_STEP_SUMMARY"
+
+          docker tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-${DOCKER_TAG}-${ARCHITECTURE}" "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-latest-${ARCHITECTURE}"
+          echo "Pushing github actions latest image..."
+          docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-latest-${ARCHITECTURE}"
+          echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-latest-${ARCHITECTURE}" >> "$GITHUB_STEP_SUMMARY"
         env:
           DOCKER_TAG: ${{ inputs.docker_tag }}
           CONTAINER_NAME: '${{ inputs.container_name }}'
@@ -172,6 +183,7 @@ jobs:
         run: |
           BUILD_TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
           export BUILD_TIMESTAMP
+          echo "Creating combined image for tag ${DOCKER_TAG}"
           docker buildx imagetools create \
             --annotation "index:org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers" \
             --annotation "index:org.opencontainers.image.description=EPS devcontainer ${CONTAINER_NAME}:${DOCKER_TAG}" \
@@ -184,17 +196,39 @@ jobs:
             "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-amd64" \
             "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-arm64"
           echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" >> "$GITHUB_STEP_SUMMARY"
+
+          echo "Creating combined image for tag githubactions-${DOCKER_TAG}"
+          docker buildx imagetools create \
+            --annotation "index:org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers" \
+            --annotation "index:org.opencontainers.image.description=EPS devcontainer ${CONTAINER_NAME}:${DOCKER_TAG}" \
+            --annotation "index:org.opencontainers.image.licenses=MIT" \
+            --annotation "index:org.opencontainers.image.version=${DOCKER_TAG}" \
+            --annotation "index:org.opencontainers.image.containerName=${CONTAINER_NAME}" \
+            --annotation "index:org.opencontainers.image.created=${BUILD_TIMESTAMP}" \
+            --annotation "index:org.opencontainers.image.authors=NHS England EPS Team" \
+            --tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-${DOCKER_TAG}" \
+            "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-${DOCKER_TAG}-amd64" \
+            "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-${DOCKER_TAG}-arm64"
+          echo "## PUSHED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-${DOCKER_TAG}" >> "$GITHUB_STEP_SUMMARY"
         env:
           DOCKER_TAG: ${{ inputs.docker_tag }}
           CONTAINER_NAME: '${{ inputs.container_name }}'
 
       - name: Push multi-arch latest image
         if: ${{ inputs.tag_latest }}
         run: |
+          echo "Creating combined image for tag latest"
           docker buildx imagetools create -t "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest" \
             "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-amd64" \
             "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-arm64"
           echo "## PUSHED COMBINED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest" >> "$GITHUB_STEP_SUMMARY"
+
+          echo "Creating combined image for tag githubactions-latest"
+          docker buildx imagetools create -t "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-latest" \
+            "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-latest-amd64" \
+            "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-latest-arm64"
+          echo "## PUSHED COMBINED IMAGE : ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:githubactions-latest" >> "$GITHUB_STEP_SUMMARY"
+
         env:
           DOCKER_TAG: ${{ inputs.docker_tag }}
           CONTAINER_NAME: '${{ inputs.container_name }}'

Makefile

@@ -1,9 +1,5 @@
 CONTAINER_PREFIX=ghcr.io/nhsdigital/eps-devcontainers/
 
-ifneq ($(strip $(PLATFORM)),)
-PLATFORM_FLAG=--platform $(PLATFORM)
-endif
-
 ifeq ($(strip $(NO_CACHE)),true)
 NO_CACHE_FLAG=--no-cache
 endif
@@ -33,6 +29,16 @@ build-image: guard-CONTAINER_NAME guard-BASE_VERSION_TAG guard-BASE_FOLDER guard
 		--cache-from "${CONTAINER_PREFIX}$${CONTAINER_NAME}:latest" \
 		--image-name "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}"
 
+build-githubactions-image: guard-BASE_IMAGE_NAME guard-BASE_IMAGE_TAG guard-IMAGE_TAG
+	docker buildx build \
+		-f src/githubactions/Dockerfile \
+		$(NO_CACHE_FLAG) \
+		--build-arg BASE_IMAGE_NAME="$${BASE_IMAGE_NAME}" \
+		--build-arg BASE_IMAGE_TAG="$${BASE_IMAGE_TAG}" \
+		--load \
+		-t "${CONTAINER_PREFIX}$${BASE_IMAGE_NAME}:githubactions-$${IMAGE_TAG}" \
+		.
+
 scan-image: guard-CONTAINER_NAME guard-BASE_FOLDER
 	@combined="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore_combined.yaml"; \
 	common="src/common/.trivyignore.yaml"; \

README.md

@@ -169,6 +169,13 @@ CONTAINER_NAME=fhir_facade_api \
   make build-image
 ``` 
 
+Github actions image
+```
+BASE_IMAGE_NAME=base \
+  BASE_IMAGE_TAG=local-build \
+  IMAGE_TAG=local-build \
+  make build-githubactions-image
+```
 ## Scanning images
 You can use these commands to scan images
 Base image

src/base/.devcontainer/makefiles/common.mk

@@ -1,3 +1,3 @@
-include build.mk
-include check.mk
-include trivy.mk
+include ./build.mk
+include ./check.mk
+include ./trivy.mk

src/base/.devcontainer/scripts/root_install.sh

@@ -71,13 +71,3 @@ curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-qualit
 wget -O /tmp/ruleset.zip https://github.com/aws-cloudformation/aws-guard-rules-registry/releases/download/1.0.2/ruleset-build-v1.0.2.zip >/dev/null 2>&1
 mkdir -p "${SCRIPTS_DIR}/cfnguard_rulesets"
 unzip /tmp/ruleset.zip -d "${SCRIPTS_DIR}/cfnguard_rulesets" >/dev/null 2>&1
-
-# fix user and group ids for vscode user to be 1001 so it can be used by github actions
-requested_uid=1001
-requested_gid=1001
-current_uid="$(id -u vscode)"
-current_gid="$(id -g vscode)"
-if [ "${current_gid}" != "${requested_gid}" ]; then groupmod -g "${requested_gid}" vscode; fi
-if [ "${current_uid}" != "${requested_uid}" ]; then usermod -u "${requested_uid}" -g "${requested_gid}" vscode; fi
-
-chown -R vscode:vscode /home/vscode

src/githubactions/Dockerfile

@@ -0,0 +1,11 @@
+ARG BASE_IMAGE_NAME=base
+ARG BASE_IMAGE_TAG=latest
+FROM ghcr.io/nhsdigital/eps-devcontainers/${BASE_IMAGE_NAME}:${BASE_IMAGE_TAG}
+
+RUN requested_uid=1001 \
+	&& requested_gid=1001 \
+	&& current_uid="$(id -u vscode)" \
+	&& current_gid="$(id -g vscode)" \
+	&& if [ "${current_gid}" != "${requested_gid}" ]; then groupmod -g "${requested_gid}" vscode; fi \
+	&& if [ "${current_uid}" != "${requested_uid}" ]; then usermod -u "${requested_uid}" -g "${requested_gid}" vscode; fi \
+	&& chown -R vscode:vscode /home/vscode