Add base image

Add images workflow
Add path-filter generator

Signed-off-by: Jacob Woffenden <[email protected]>

.github/workflows/images.yml

@@ -0,0 +1,54 @@
+---
+name: Images
+
+on:
+ pull_request:
+ branches:
+ - main
+ paths:
+ - images/**
+
+permissions: {}
+
+jobs:
+ detect-changes:
+ name: Detect Changes
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ outputs:
+ images: ${{ steps.detect_changes.outputs.changes }}
+ steps:
+ - name: Checkout
+ id: checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+ - name: Build path-filters file
+ id: build_path_filters
+ run: bash scripts/path-filter/configuration-generator.sh images
+
+ - name: Detect changes
+ id: detect_changes
+ uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+ with:
+ filters: .github/path-filter/images.yml
+
+ build-and-test:
+ needs: [detect-changes]
+ if: ${{ needs.detect-changes.outputs.images != '[]' }}
+ name: Build and Test
+ runs-on: ubuntu-latest
+ steps:
+ strategy:
+ fail-fast: false
+ matrix:
+ image: ${{ fromJson(needs.detect-changes.outputs.images) }}
+ steps:
+ - name: Checkout
+ id: checkout
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+ - name: Build and Test
+ id: build_and_test
+ run: |
+ bash scripts/build-and-test.sh ${{ matrix.image }}

images/base/Containerfile

@@ -0,0 +1,3 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
+
+COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils

images/base/src/usr/local/bin/devcontainer-utils

@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+##################################################
+# Environment
+##################################################
+
+export DEBIAN_FRONTEND="noninteractive"
+
+##################################################
+# Function
+##################################################
+
+logger() {
+ local type="${1}"
+ local message="${2}"
+ timestamp=$(date --rfc-3339=seconds)
+ local timestamp
+
+ case "${type}" in
+ err | error)
+ echo "${timestamp} [ERROR] ${message}"
+ ;;
+ info | information)
+ echo "${timestamp} [INFO] ${message}"
+ ;;
+ warn | warning)
+ echo "${timestamp} [WARN] ${message}"
+ ;;
+ esac
+}
+
+get_system_architecture() {
+ systemArchitecture="$(uname -m)"
+ export systemArchitecture
+
+ case ${systemArchitecture} in
+ x86_64)
+ logger "info" "Architecture is x86_64"
+ export ARCHITECTURE="amd64"
+ ;;
+ aarch64 | armv8*)
+ logger "info" "Architecture is aarch64 or armv8"
+ export ARCHITECTURE="arm64"
+ ;;
+ *)
+ logger "error" "Architecture ${systemArchitecture} is not supported"
+ exit 1
+ ;;
+ esac
+}
+
+get_github_latest_tag() {
+ local repository="${1}"
+
+ repositoryLatestTag="$(curl --silent https://api.github.com/repos/"${repository}"/releases/latest | jq -r '.tag_name')"
+ export repositoryLatestTag
+
+ repositoryLatestTagStripV=${repositoryLatestTag//v/}
+
+ logger "info" "GitHub latest tag for ${repository} is ${repositoryLatestTag}"
+ export GITHUB_LATEST_TAG="${repositoryLatestTag}"
+ export GITHUB_LATEST_TAG_STRIP_V="${repositoryLatestTagStripV}"
+}
+
+apt_install() {
+ local packages="${1}"
+
+ apt-get update --yes
+
+ apt-get install --yes --no-install-recommends "${packages}"
+
+ apt-get clean
+
+ rm --force --recursive /var/lib/apt/lists/*
+}
+
+pip_install() {
+ local packages="${1}"
+
+ python3 -m pip install --no-cache-dir --upgrade "${packages}"
+}

images/base/test/container-structure-test.yml

@@ -0,0 +1,22 @@
+---
+schemaVersion: 2.0.0
+
+commandTests:
+ - name: "vscode user"
+ command: "id"
+ args: ["--user", "vscode"]
+ expectedOutput: ["1000"]
+
+ - name: "vscode group"
+ command: "id"
+ args: ["--group", "vscode"]
+ expectedOutput: ["1000"]
+
+fileExistenceTests:
+ - name: "devcontainer-utils"
+ path: "/usr/local/bin/devcontainer-utils"
+ shouldExist: true
+ permissions: "-rwxr-xr-x" # 0755
+ uid: 65534
+ gid: 65534
+ isExecutableBy: "any"

scripts/images/build-and-test.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+# 1. Build image
+
+# 2. Run GoogleContainerTools/container-structure-test
+
+IMAGE="${1}"
+IMAGE_DIRECTORY="images/${IMAGE}"
+IMAGE_TAG="ghcr.io/ministryofjustice/devcontainer-${IMAGE}:local"
+CONTAINER_STRUCTURE_TEST_IMAGE="gcr.io/gcp-runtimes/container-structure-test:latest"
+
+echo "Building [ ${IMAGE} ] as [ ${IMAGE_TAG} ]"
+
+docker build --file "${IMAGE_DIRECTORY}/Containerfile" --tag "${IMAGE_TAG}" "${IMAGE_DIRECTORY}"
+
+if [[ -f "${IMAGE_DIRECTORY}/test/container-structure-test.yml" ]]; then
+ echo "Running container structure test for [ ${IMAGE_TAG} ]"
+
+ docker run --rm \
+ --volume /var/run/docker.sock:/var/run/docker.sock \
+ --volume "${PWD}:/workspace" \
+ --workdir /workspace \
+ "${CONTAINER_STRUCTURE_TEST_IMAGE}" \
+ test --image "${IMAGE_TAG}" --config "/workspace/${IMAGE_DIRECTORY}/test/container-structure-test.yml"
+fi

scripts/path-filter/configuration-generator.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+MODE="${1}"
+
+case ${MODE} in
+features)
+ PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/features.yml"
+ SEARCH_PATTERN="devcontainer-feature.json"
+ SKIP_FILE=".feature-path-filter-ignore"
+ ;;
+images)
+ PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/images.yml"
+ SEARCH_PATTERN="*Containerfile*"
+ SKIP_FILE=".image-path-filter-ignore"
+ ;;
+*)
+ echo "Usage: ${0} [features|images]"
+ exit 1
+ ;;
+esac
+
+folders=$(find . -type f -name "${SEARCH_PATTERN}" -exec dirname {} \; | sort -h | uniq | cut -c 3-)
+export folders
+
+echo "=== Folders ==="
+echo "${folders}"
+
+echo "Generating ${PATH_FILTER_CONFIGURATION_FILE}"
+cat >"${PATH_FILTER_CONFIGURATION_FILE}" <<EOL
+---
+# This file is auto-generated by running the below command, do not manually amend.
+# bash scripts/path-filter/configuration-generator.sh ${MODE}
+
+EOL
+
+for folder in ${folders}; do
+
+ if [[ -f "${folder}/${SKIP_FILE}" ]]; then
+ echo "Ignoring ${folder}"
+ continue
+ fi
+
+ if [[ "${MODE}" == "terraform" ]]; then
+ baseName=$(echo "${folder}" | sed 's|/|-|g' | sed 's|terraform-||')
+ else
+ baseName=$(basename "${folder}")
+ fi
+
+ {
+ printf "%s: %s/**\n" "${baseName}" "${folder}"
+ } >>"${PATH_FILTER_CONFIGURATION_FILE}"
+
+done