revert

Author: anthony-nhs

.devcontainer/Dockerfile

@@ -1,14 +1,98 @@
-ARG IMAGE_NAME=node_24_python_3_14
-ARG IMAGE_VERSION=latest
-FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION}
-
-USER root
-# specify DOCKER_GID to force container docker group id to match host
-RUN if [ -n "${DOCKER_GID}" ]; then \
-    if ! getent group docker; then \
-    groupadd -g ${DOCKER_GID} docker; \
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
+ARG TARGETARCH
+ENV TARGETARCH=${TARGETARCH}
+
+# Install essential packages first
+RUN apt-get update && apt-get install -y \
+    curl \
+    wget \
+    git \
+    sudo \
+    unzip \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy ASDF version file
+ARG ASDF_VERSION
+COPY .tool-versions.asdf /tmp/.tool-versions.asdf
+
+# Add amd64 architecture if on arm64
+RUN if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then dpkg --add-architecture amd64; fi
+
+RUN apt-get update \
+    && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y dist-upgrade \
+    && apt-get -y install --no-install-recommends htop vim curl git build-essential \
+    libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
+    zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
+    jq apt-transport-https ca-certificates gnupg-agent \
+    software-properties-common bash-completion python3-pip make libbz2-dev \
+    libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
+    xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev uuid-runtime xxd unzip
+
+# install aws stuff
+# Download correct AWS CLI for arch
+RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
+    else \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
+    fi && \
+    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
+    /tmp/aws-cli/aws/install && \
+    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
+
+# Install ASDF
+RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
+    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \
     else \
-    groupmod -g ${DOCKER_GID} docker; \
+      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \
     fi && \
-    usermod -aG docker vscode; \
-    fi
+    tar -xzf /tmp/asdf.tar.gz -C /tmp && \
+    mkdir -p /usr/bin && \
+    mv /tmp/asdf /usr/bin/asdf && \
+    chmod +x /usr/bin/asdf && \
+    rm -rf /tmp/asdf.tar.gz 
+
+# install gitsecrets
+RUN git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets && \
+    cd /tmp/git-secrets && \
+    make install && \
+    cd && \
+    rm -rf /tmp/git-secrets && \
+    mkdir -p /usr/share/secrets-scanner && \
+    chmod 755 /usr/share/secrets-scanner && \
+    curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
+
+USER vscode
+
+ENV PATH="/home/vscode/.asdf/shims/:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"
+RUN \
+    echo 'PATH="/home/vscode/.asdf/shims/:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"' >> ~/.bashrc; \
+    echo '. <(asdf completion bash)' >> ~/.bashrc; \
+    echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \
+    echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \
+    echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
+
+# Install ASDF plugins
+RUN asdf plugin add python; \
+    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
+    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
+    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
+    asdf plugin add direnv; \
+    asdf plugin add actionlint; \
+    asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git; \
+    asdf plugin add trivy https://github.com/zufardhiyaulhaq/asdf-trivy.git; \
+    asdf plugin add yq https://github.com/sudermanjr/asdf-yq.git
+
+
+WORKDIR /workspaces/eps-devcontainers
+COPY .tool-versions /workspaces/eps-devcontainers/.tool-versions
+COPY .tool-versions /home/vscode/.tool-versions
+
+# install python before poetry to ensure correct python version is used
+RUN asdf install python; \
+    asdf install
+
+RUN git-secrets --register-aws --global && \
+  git-secrets --add-provider --global -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt

.devcontainer/devcontainer.json

@@ -1,79 +1,86 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
 {
-  "name": "eps-devcontainers",
-  "build": {
-    "dockerfile": "Dockerfile",
-    "context": "..",
-    "args": {
-      "DOCKER_GID": "${env:DOCKER_GID:}",
-      "IMAGE_NAME": "node_24_python_3_14",
-      "IMAGE_VERSION": "v1.0.4",
-      "USER_UID": "${localEnv:USER_ID:}",
-      "USER_GID": "${localEnv:GROUP_ID:}"
+    "name": "eps-devcontainers",
+    // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+    "build": {
+      "dockerfile": "Dockerfile",
+      "context": "..",
+      "args": {}
     },
-    "updateRemoteUserUID": false
-  },
-  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
-  "mounts": [
-    "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
-    "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
-    "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
-    "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
-  ],
-  "runArgs": [
-    "--network=host"
-  ],
-  "remoteEnv": {
-    "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
-  },
-  "features": {},
-  "customizations": {
-    "vscode": {
-      "extensions": [
-        "AmazonWebServices.aws-toolkit-vscode",
-        "redhat.vscode-yaml",
-        "ms-python.python",
-        "ms-python.flake8",
-        "eamodio.gitlens",
-        "github.vscode-pull-request-github",
-        "orta.vscode-jest",
-        "42crunch.vscode-openapi",
-        "mermade.openapi-lint",
-        "christian-kohler.npm-intellisense",
-        "dbaeumer.vscode-eslint",
-        "lfm.vscode-makefile-term",
-        "GrapeCity.gc-excelviewer",
-        "redhat.vscode-xml",
-        "streetsidesoftware.code-spell-checker",
-        "timonwong.shellcheck",
-        "mkhl.direnv",
-        "github.vscode-github-actions",
-        "Gruntfuggly.todo-tree",
-        "ms-vscode.makefile-tools"
-      ],
-      "settings": {
-        "python.defaultInterpreterPath": "/workspaces/eps-devcontainers/.venv/bin/python",
-        "python.analysis.autoSearchPaths": true,
-        "python.analysis.extraPaths": [],
-        "python.testing.unittestEnabled": false,
-        "python.testing.pytestEnabled": true,
-        "pylint.enabled": false,
-        "python.linting.flake8Enabled": true,
-        "python.linting.enabled": true,
-        "editor.formatOnPaste": false,
-        "editor.formatOnType": false,
-        "editor.formatOnSave": true,
-        "editor.formatOnSaveMode": "file",
-        "cSpell.words": [
-          "fhir",
-          "Formik",
-          "pino",
-          "serialisation"
-        ],
-        "editor.defaultFormatter": "dbaeumer.vscode-eslint"
+    "mounts": [
+      "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
+      "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
+      "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
+      "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
+    ],
+    "runArgs": [
+      "--network=host"
+    ],
+    "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
+    "postAttachCommand": "docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && poetry run pre-commit install --install-hooks -f",
+    "features": {
+      "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
+        "version": "latest",
+        "moby": "true",
+        "installDockerBuildx": "true"
       },
-      "eslint.useFlatConfig": true,
-      "eslint.format.enable": true
-    }
-  },
-  "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-devcontainers; make install; direnv allow ."
-}
+      "ghcr.io/devcontainers/features/github-cli:1": {}
+    },
+    "customizations": {
+      "vscode": {
+        "extensions": [
+            "AmazonWebServices.aws-toolkit-vscode",
+            "redhat.vscode-yaml",
+            "ms-python.python",
+            "ms-python.flake8",
+            "eamodio.gitlens",
+            "github.vscode-pull-request-github",
+            "orta.vscode-jest",
+            "42crunch.vscode-openapi",
+            "mermade.openapi-lint",
+            "christian-kohler.npm-intellisense",
+            "dbaeumer.vscode-eslint",
+            "lfm.vscode-makefile-term",
+            "GrapeCity.gc-excelviewer",
+            "redhat.vscode-xml",
+            "streetsidesoftware.code-spell-checker",
+            "timonwong.shellcheck",
+            "mkhl.direnv",
+            "github.vscode-github-actions",
+            "Gruntfuggly.todo-tree",
+            "ms-vscode.makefile-tools"
+        ],
+        "settings": {
+          "python.defaultInterpreterPath": "/workspaces/eps-devcontainers/.venv/bin/python",
+          "python.analysis.autoSearchPaths": true,
+          "python.analysis.extraPaths": [],
+          "python.testing.unittestEnabled": false,
+          "python.testing.pytestEnabled": true,
+          "pylint.enabled": false,
+          "python.linting.flake8Enabled": true,
+          "python.linting.enabled": true, // required to format on save
+          "editor.formatOnPaste": false, // required
+          "editor.formatOnType": false, // required
+          "editor.formatOnSave": true, // optional
+          "editor.formatOnSaveMode": "file",
+          "cSpell.words": ["fhir", "Formik", "pino", "serialisation"],
+          "editor.defaultFormatter": "dbaeumer.vscode-eslint"
+  
+        },
+        "eslint.useFlatConfig": true,
+        "eslint.format.enable": true
+      }
+    },
+    "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-devcontainers; make install; direnv allow ."
+    // "features": {},
+    // Use 'forwardPorts' to make a list of ports inside the container available locally.
+    // "forwardPorts": [],
+    // Use 'postCreateCommand' to run commands after the container is created.
+    // "postCreateCommand": ""
+    // Configure tool-specific properties.
+    // "customizations": {},
+    // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+    // "remoteUser": "root"
+  }
+  

.github/workflows/build_all_images.yml

@@ -11,9 +11,6 @@ name: build_all_images
       NO_CACHE:
         required: true
         type: boolean
-      runtime_docker_image:
-        type: string
-        required: true
 env:
   BRANCH_NAME: '${{ github.event.pull_request.head.ref }}'
 jobs:
@@ -44,7 +41,6 @@ jobs:
       container_name: base
       base_folder: "."
       NO_CACHE: ${{ inputs.NO_CACHE }}
-      runtime_docker_image: ${{ inputs.runtime_docker_image }}
   package_base_node_images:
     needs:
       - package_base_docker_image
@@ -60,7 +56,6 @@ jobs:
       container_name: ${{ matrix.container_name }}
       base_folder: "base_node"
       NO_CACHE: ${{ inputs.NO_CACHE }}
-      runtime_docker_image: ${{ inputs.runtime_docker_image }}
   package_node_24_language_docker_images:
     needs:
       - package_base_docker_image
@@ -78,7 +73,6 @@ jobs:
       base_folder: "languages"
       NO_CACHE: ${{ inputs.NO_CACHE }}
       EXTRA_COMMON: "common_node_24"
-      runtime_docker_image: ${{ inputs.runtime_docker_image }}
   package_project_docker_images:
     needs:
       - package_node_24_language_docker_images
@@ -94,4 +88,3 @@ jobs:
       container_name: ${{ matrix.container_name }}
       base_folder: "projects"
       NO_CACHE: ${{ inputs.NO_CACHE }}
-      runtime_docker_image: ${{ inputs.runtime_docker_image }}

.github/workflows/build_multi_arch_image.yml

@@ -20,9 +20,6 @@ name: Build and push docker image
       EXTRA_COMMON:
         required: false
         type: string
-      runtime_docker_image:
-        type: string
-        required: true
 
 jobs:
   build_and_push_image:
@@ -33,12 +30,6 @@ jobs:
       attestations: write
       id-token: write
     runs-on: '${{ matrix.runner }}'
-    container:
-      image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-      options: --user 1001:1001 --group-add 128
-    defaults:
-      run:
-        shell: bash
 
     strategy:
       fail-fast: false
@@ -49,9 +40,6 @@ jobs:
           - arch: arm64
             runner: ubuntu-22.04-arm
     steps:
-      - name: copy .tool-versions
-        run: |
-          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
       - name: Free Disk Space for Docker
         uses: endersonmenezes/free-disk-space@e6ed9b02e683a3b55ed0252f1ee469ce3b39a885
         with:

.github/workflows/ci.yml

@@ -4,21 +4,6 @@ on:
     branches: [main]
 
 jobs:
-  get_config_values:
-    runs-on: ubuntu-22.04
-    outputs:
-      devcontainer_image_name: ${{ steps.load-config.outputs.DEVCONTAINER_IMAGE_NAME }}
-      devcontainer_image_version: ${{ steps.load-config.outputs.DEVCONTAINER_IMAGE_VERSION }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      - name: Load config value
-        id: load-config
-        run: |
-          DEVCONTAINER_IMAGE_NAME=$(jq -r '.build.args.IMAGE_NAME' .devcontainer/devcontainer.json)
-          DEVCONTAINER_IMAGE_VERSION=$(jq -r '.build.args.IMAGE_VERSION' .devcontainer/devcontainer.json)
-          echo "DEVCONTAINER_IMAGE_NAME=$DEVCONTAINER_IMAGE_NAME" >> "$GITHUB_OUTPUT"
-          echo "DEVCONTAINER_IMAGE_VERSION=$DEVCONTAINER_IMAGE_VERSION" >> "$GITHUB_OUTPUT"
   get_asdf_version:
     runs-on: ubuntu-22.04
     outputs:
@@ -57,10 +42,8 @@ jobs:
   build_all_images:
     needs: 
       - tag_release
-      - get_config_values
     uses: ./.github/workflows/build_all_images.yml 
     with: 
       docker_tag: 'ci-${{ needs.tag_release.outputs.version_tag }}'
       tag_latest: false
       NO_CACHE: false
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image_name }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_image_version }}"

.github/workflows/pull_request.yml

@@ -109,4 +109,3 @@ jobs:
       docker_tag: 'pr-${{ needs.get_issue_number.outputs.issue_number }}-${{ needs.get_commit_id.outputs.sha_short }}'
       tag_latest: false
       NO_CACHE: false
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image_name }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_image_version }}"