|
| 1 | +EPS DEV CONTAINERS |
| 2 | +================== |
| 3 | + |
| 4 | +# Introduction |
| 5 | +This repo contains code to build a vscode devcontainer that is used as a base image for all EPS projects. |
| 6 | +Images are build for amd64 and arm64 and a manifest file created that can be pulled for both architectures. |
| 7 | +Images are based on mcr.microsoft.com/devcontainers/base:ubuntu-22.04 |
| 8 | +Images contain |
| 9 | + - latest os packages |
| 10 | + - asdf |
| 11 | + - aws cli |
| 12 | + - aws sam cli |
| 13 | + |
| 14 | + It installs the following dev container features |
| 15 | + - docker outside of docker |
| 16 | + - github cli |
| 17 | + |
| 18 | +As the vscode user the following also happens |
| 19 | + |
| 20 | +asdf install and setup for these so they are available globally as vscode user |
| 21 | + - shellcheck |
| 22 | + - direnv |
| 23 | + - actionlint |
| 24 | + - ruby (for github pages) |
| 25 | + - trivy |
| 26 | + |
| 27 | +Install asdf plugins for all tools we use |
| 28 | +Install asdf versions of node, python, java, terraform, golang used by all EPS projects to speed up initial build of local dev container |
| 29 | +Install and setup git-secrets |
| 30 | + |
| 31 | +# Project structure |
| 32 | +The dev container is defined in src/base/.devcontainer folder. This folder contains a Dockerfile and a devcontainer.json file which is used to build the container |
| 33 | + |
| 34 | +The dev container is built using https://github.com/devcontainers/cli |
| 35 | + |
| 36 | +The script `scripts/generate_language_version_files.sh` gets the version of node, python, java and terraform from all EPS repositories. It uses the list of repos from https://github.com/NHSDigital/eps-repo-status/blob/main/repos.json to find all EPS repos. |
| 37 | + |
| 38 | +# Build process |
| 39 | +Docker images are built for each pull request, and on merges to main |
| 40 | + |
| 41 | +Docker images are scanned for vulnerabilities using trivy as part of a build step, and the build fails if vulnerabilities are found not in .trivyignore file. |
| 42 | + |
| 43 | +On merges to main, a new release is created and the images are pushed to github. The images are tagged with `latest` and the version of the release. |
| 44 | + |
| 45 | +# Local testing |
| 46 | +For local testing, you can run |
| 47 | +``` |
| 48 | +ARCHITECTURE=amd64 make build-base-image |
| 49 | +``` |
| 50 | +to build a local image, and then |
| 51 | +``` |
| 52 | +make scan-base-image |
| 53 | +``` |
| 54 | +to scan for vulnerabilities |
0 commit comments