Chore: [AEA-0000] - move to common devcontainer

.devcontainer/Dockerfile

@@ -1,80 +1,15 @@
-FROM mcr.microsoft.com/devcontainers/base:ubuntu
-
-ARG TARGETARCH
-ENV TARGETARCH=${TARGETARCH}
-
-ARG ASDF_VERSION
-COPY .tool-versions.asdf /tmp/.tool-versions.asdf
-
-# Add amd64 architecture if on arm64
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then dpkg --add-architecture amd64; fi
-
-RUN apt-get update \
-    && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y dist-upgrade \
-    && apt-get -y install --no-install-recommends htop vim curl git build-essential \
-    libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
-    zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
-    jq apt-transport-https ca-certificates gnupg-agent \
-    software-properties-common bash-completion python3-pip make libbz2-dev \
-    libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev liblzma-dev netcat-traditional ruby-full build-essential zlib1g-dev \
-    && apt remove -y openjdk-8-jdk-headless openjdk-8-jre-headless openjdk-8-jre
-
-# Download correct AWS CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
+ARG IMAGE_NAME=node_24_python_3_14_java_24
+ARG IMAGE_VERSION=latest
+FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION}
+
+USER root
+# specify DOCKER_GID to force container docker group id to match host
+RUN if [ -n "${DOCKER_GID}" ]; then \
+    if ! getent group docker; then \
+    groupadd -g ${DOCKER_GID} docker; \
     else \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
+    groupmod -g ${DOCKER_GID} docker; \
     fi && \
-    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
-    /tmp/aws-cli/aws/install && \
-    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
-
-# Download correct SAM CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip"; \
-    else \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip"; \
-    fi && \
-    unzip /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli && \
-    /tmp/aws-sam-cli/install && \
-    rm /tmp/aws-sam-cli.zip && rm -rf /tmp/aws-sam-cli
-
-# Install ASDF
-RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
-    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz; \
-    else \
-        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \
-    fi && \
-    tar -xvzf /tmp/asdf.tar.gz && \
-    mv asdf /usr/bin
-
-
-USER vscode
-
-ENV PATH="/home/vscode/.asdf/shims/:$PATH"
-RUN \
-    echo 'PATH="/home/vscode/.asdf/shims/:$PATH"' >> ~/.bashrc; \
-    echo '. <(asdf completion bash)' >> ~/.bashrc; \
-    echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \
-    echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \
-    echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
-
-# Install ASDF plugins
-RUN asdf plugin add python && \
-    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git && \
-    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git && \
-    asdf plugin add java && \
-    asdf plugin add maven && \
-    asdf plugin add direnv && \
-    asdf plugin add actionlint && \
-    asdf plugin add nodejs;
-
-WORKDIR /workspaces/validation-service-fhir-r4
-ADD .tool-versions /workspaces/validation-service-fhir-r4/.tool-versions
-ADD .tool-versions /home/vscode/.tool-versions
-
-RUN asdf install python && \
-    asdf install
+    usermod -aG docker vscode; \
+    fi
+

.devcontainer/devcontainer.json

@@ -1,67 +1,70 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the
-// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
 {
-    "name": "Ubuntu",
-    // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
-    "build": {
-      "dockerfile": "Dockerfile",
-      "context": "..",
-      "args": {}
-    },
-    "mounts": [
-      "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind"
-    ],
-    "customizations": {
-      "vscode": {
-        "extensions": [
-          "AmazonWebServices.aws-toolkit-vscode",
-          "redhat.vscode-yaml",
-          "ms-python.python",
-          "ms-python.flake8",
-          "eamodio.gitlens",
-          "github.vscode-pull-request-github",
-          "orta.vscode-jest",
-          "42crunch.vscode-openapi",
-          "mermade.openapi-lint",
-          "rvest.vs-code-prettier-eslint",
-          "christian-kohler.npm-intellisense",
-          "dbaeumer.vscode-eslint",
-          "lfm.vscode-makefile-term",
-          "GrapeCity.gc-excelviewer",
-          "streetsidesoftware.code-spell-checker",
-          "timonwong.shellcheck",
-          "github.vscode-github-actions",
-          "vscjava.vscode-java-pack"
-        ],
-        "settings": {
-          "python.defaultInterpreterPath": "/workspaces/eps-FHIR-validator-lambda/.venv/bin/python",
-          "python.analysis.autoSearchPaths": true,
-          "python.analysis.extraPaths": [],
-          "python.testing.unittestEnabled": false,
-          "python.testing.pytestEnabled": true,
-          "python.linting.pylintEnabled": false,
-          "python.linting.flake8Enabled": true,
-          "python.linting.enabled": true, // required to format on save
-          "editor.defaultFormatter": "rvest.vs-code-prettier-eslint",
-          "editor.formatOnPaste": false, // required
-          "editor.formatOnType": false, // required
-          "editor.formatOnSave": true, // optional
-          "editor.formatOnSaveMode": "file",
-          "cSpell.words": ["fhir", "Formik", "pino", "serialisation"]
-        }
+  "name": "eps-validator-lambda",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "context": "..",
+    "args": {
+      "DOCKER_GID": "${env:DOCKER_GID:}",
+      "IMAGE_NAME": "node_24_python_3_14_java_24",
+      "IMAGE_VERSION": "v1.1.3",
+      "USER_UID": "${localEnv:USER_ID:}",
+      "USER_GID": "${localEnv:GROUP_ID:}"
+    }
+  },
+  "mounts": [
+    "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind"
+  ],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "AmazonWebServices.aws-toolkit-vscode",
+        "redhat.vscode-yaml",
+        "ms-python.python",
+        "ms-python.flake8",
+        "eamodio.gitlens",
+        "github.vscode-pull-request-github",
+        "orta.vscode-jest",
+        "42crunch.vscode-openapi",
+        "mermade.openapi-lint",
+        "rvest.vs-code-prettier-eslint",
+        "christian-kohler.npm-intellisense",
+        "dbaeumer.vscode-eslint",
+        "lfm.vscode-makefile-term",
+        "GrapeCity.gc-excelviewer",
+        "streetsidesoftware.code-spell-checker",
+        "timonwong.shellcheck",
+        "github.vscode-github-actions",
+        "vscjava.vscode-java-pack"
+      ],
+      "settings": {
+        "python.defaultInterpreterPath": "/workspaces/eps-FHIR-validator-lambda/.venv/bin/python",
+        "python.analysis.autoSearchPaths": true,
+        "python.analysis.extraPaths": [],
+        "python.testing.unittestEnabled": false,
+        "python.testing.pytestEnabled": true,
+        "python.linting.pylintEnabled": false,
+        "python.linting.flake8Enabled": true,
+        "python.linting.enabled": true,
+        "editor.defaultFormatter": "rvest.vs-code-prettier-eslint",
+        "editor.formatOnPaste": false,
+        "editor.formatOnType": false,
+        "editor.formatOnSave": true,
+        "editor.formatOnSaveMode": "file",
+        "cSpell.words": [
+          "fhir",
+          "Formik",
+          "pino",
+          "serialisation"
+        ]
       }
-    },
-   "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
-   "postAttachCommand": "docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && poetry run pre-commit install --install-hooks -f",
-   "features": {
-     "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
-       "version": "latest",
-       "moby": "true",
-       "installDockerBuildx": "true"
-     },
-     "ghcr.io/devcontainers/features/github-cli:1": {}
-   }
+    }
+  },
+  "remoteEnv": {
+    "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
+  },
+  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
+  "features": {
   }
-  
+}

.github/workflows/ci.yml

@@ -8,31 +8,17 @@ env:
   BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }}
 
 jobs:
-  get_asdf_version:
-    runs-on: ubuntu-22.04
-    outputs:
-      asdf_version: ${{ steps.asdf-version.outputs.version }}
-      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - name: Get asdf version
-        id: asdf-version
-        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
-      - name: Load config value
-        id: load-config
-        run: |
-          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
-          echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
+  get_config_values:
+    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
+    with:
+      verify_published_from_main_image: true
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
-    needs: [get_asdf_version]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
+    needs: [get_config_values]
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
     with:
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
-      install_java: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   get_commit_id:
     runs-on: ubuntu-22.04
@@ -45,23 +31,26 @@ jobs:
           echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
 
   tag_release:
-    needs: [quality_checks, get_commit_id, get_asdf_version]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
+    needs: [quality_checks, get_commit_id, get_config_values]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
     with:
       dry_run: true
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       branch_name: main
-      tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
+      tag_format: ${{ needs.get_config_values.outputs.tag_format }}
     secrets: inherit
 
   package_code:
-    needs: tag_release
+    needs: [tag_release, get_config_values]
     uses: ./.github/workflows/sam_package_code.yml
+    with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   release_dev:
-    needs: [tag_release, package_code, get_commit_id]
+    needs: [tag_release, package_code, get_commit_id, get_config_values]
     uses: ./.github/workflows/sam_release_code.yml
     with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
       STACK_NAME: fhir-validator
       TARGET_ENVIRONMENT: dev
@@ -81,9 +70,10 @@ jobs:
       DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }}
 
   release_qa:
-    needs: [tag_release, release_dev, package_code, get_commit_id]
+    needs: [tag_release, release_dev, package_code, get_commit_id, get_config_values]
     uses: ./.github/workflows/sam_release_code.yml
     with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
       STACK_NAME: fhir-validator
       TARGET_ENVIRONMENT: qa

.github/workflows/pull_request.yml

@@ -14,29 +14,15 @@ jobs:
     secrets:
       AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
       AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
-  get_asdf_version:
-    runs-on: ubuntu-22.04
-    outputs:
-      asdf_version: ${{ steps.asdf-version.outputs.version }}
-      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - name: Get asdf version
-        id: asdf-version
-        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
-      - name: Load config value
-        id: load-config
-        run: |
-          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
-          echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
+  get_config_values:
+    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
+    with:
+      verify_published_from_main_image: false
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
-    needs: [get_asdf_version]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
+    needs: [get_config_values]
     with:
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
-      install_java: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
@@ -71,13 +57,13 @@ jobs:
           result-encoding: string
 
   tag_release:
-    needs: [get_asdf_version]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
+    needs: [get_config_values]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
     with:
       dry_run: true
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       branch_name: ${{ github.event.pull_request.head.ref }}
-      tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
+      tag_format: ${{ needs.get_config_values.outputs.tag_format }}
     secrets: inherit
 
   get_commit_id:
@@ -91,13 +77,16 @@ jobs:
           echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
 
   package_code:
-    needs: get_issue_number
+    needs: [get_issue_number, get_config_values]
     uses: ./.github/workflows/sam_package_code.yml
+    with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   release_code:
-    needs: [get_issue_number, package_code, get_commit_id]
+    needs: [get_issue_number, package_code, get_commit_id, get_config_values]
     uses: ./.github/workflows/sam_release_code.yml
     with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       STACK_NAME: fhir-validator-pr-${{needs.get_issue_number.outputs.issue_number}}
       ARTIFACT_BUCKET_PREFIX: fhir-validator-PR-${{needs.get_issue_number.outputs.issue_number}}
       TARGET_ENVIRONMENT: dev-pr