build base image

anthony-nhs · anthony-nhs · commit 1ff48846c513 · 2026-02-12T07:31:23.000Z
diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml
@@ -63,9 +63,9 @@ jobs:
         run: >
           make build-base-image
 
-          docker tag ghcr.io/nhsdigital/eps-devcontainer-base:latest "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-${ARCHITECTURE}"
+          docker tag ghcr.io/nhsdigital/eps-devcontainer-base:latest "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-${ARCHITECTURE}"
 
-          docker save "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-${ARCHITECTURE}" -o "eps-devcontainer-base-${DOCKER_TAG}-${ARCHITECTURE}.img"
+          docker save "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-${ARCHITECTURE}" -o "eps-devcontainer-base-${DOCKER_TAG}-${ARCHITECTURE}.img"
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
           ARCHITECTURE: '${{ matrix.arch }}'
@@ -81,7 +81,7 @@ jobs:
         uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           scan-type: "image"
-          image-ref:  "ghcr.io/nhsdigital/eps-devcontainers:${{ inputs.docker_tag }}-${{ matrix.arch }}"
+          image-ref:  "ghcr.io/nhsdigital/eps-devcontainers/base:${{ inputs.docker_tag }}-${{ matrix.arch }}"
           severity: "CRITICAL,HIGH"
           scanners: "vuln"
           vuln-type: "os,library"
@@ -99,7 +99,7 @@ jobs:
         uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           scan-type: "image"
-          image-ref:  "ghcr.io/nhsdigital/eps-devcontainers:${{ inputs.docker_tag }}-${{ matrix.arch }}"
+          image-ref:  "ghcr.io/nhsdigital/eps-devcontainers/base:${{ inputs.docker_tag }}-${{ matrix.arch }}"
           severity: "CRITICAL,HIGH"
           scanners: "vuln"
           vuln-type: "os,library"
@@ -111,7 +111,7 @@ jobs:
       - name: Show docker vulnerability output
         if: always()
         run: |
-          echo "Scan output for ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-${ARCHITECTURE}"
+          echo "Scan output for ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-${ARCHITECTURE}"
           if [ -f scan_results_docker.txt ]; then
             cat scan_results_docker.txt
           fi
@@ -166,25 +166,25 @@ jobs:
           docker load -i "eps-devcontainer-base-${DOCKER_TAG}-arm64.img"
 
           echo "Tagging latest images"
-          docker tag "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-amd64" "ghcr.io/nhsdigital/eps-devcontainers:latest-amd64"
-          docker tag "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-arm64" "ghcr.io/nhsdigital/eps-devcontainers:latest-arm64"
+          docker tag "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-amd64" "ghcr.io/nhsdigital/eps-devcontainers/base:latest-amd64"
+          docker tag "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-arm64" "ghcr.io/nhsdigital/eps-devcontainers/base:latest-arm64"
 
           echo "pushing images"
-          docker push "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-amd64"
-          docker push "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-arm64"
-          docker push ghcr.io/nhsdigital/eps-devcontainers:latest-amd64
-          docker push ghcr.io/nhsdigital/eps-devcontainers:latest-arm64
+          docker push "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-amd64"
+          docker push "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-arm64"
+          docker push "ghcr.io/nhsdigital/eps-devcontainers/base:latest-amd64"
+          docker push "ghcr.io/nhsdigital/eps-devcontainers/base:latest-arm64"
 
           echo "creating manifest"
-          docker manifest create "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}" \
-            --amend "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-amd64" \
-            --amend "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}-arm64"
-          docker manifest create "ghcr.io/nhsdigital/eps-devcontainers:latest" \
-            --amend "ghcr.io/nhsdigital/eps-devcontainers:latest-amd64" \
-            --amend "ghcr.io/nhsdigital/eps-devcontainers:latest-arm64"
+          docker manifest create "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}" \
+            --amend "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-amd64" \
+            --amend "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}-arm64"
+          docker manifest create "ghcr.io/nhsdigital/eps-devcontainers/base:latest" \
+            --amend "ghcr.io/nhsdigital/eps-devcontainers/base:latest-amd64" \
+            --amend "ghcr.io/nhsdigital/eps-devcontainers/base:latest-arm64"
 
           echo "pushing manifest"
-          docker manifest push "ghcr.io/nhsdigital/eps-devcontainers:${DOCKER_TAG}"
-          docker manifest push "ghcr.io/nhsdigital/eps-devcontainers:latest"
+          docker manifest push "ghcr.io/nhsdigital/eps-devcontainers/base:${DOCKER_TAG}"
+          docker manifest push "ghcr.io/nhsdigital/eps-devcontainers/base:latest"
         env:
           DOCKER_TAG: ${{ inputs.docker_tag }}
diff --git a/Makefile b/Makefile
@@ -15,17 +15,14 @@ install-hooks: install-python
 	poetry run pre-commit install --install-hooks --overwrite
 
 install-hooks:
-build-base-image: generate-language-version-files
+build-base-image:
 	CONTAINER_NAME=$(CONTAINER_NAME) \
 	npx devcontainer build \
 		--workspace-folder ./src/base/ \
 		--push false \
 		--platform linux/${ARCHITECTURE} \
 		--image-name "${IMAGE_NAME}"
 
-generate-language-version-files:
-	./scripts/generate_language_version_files.sh
-
 scan-base-image:
 	trivy image \
 		--severity HIGH,CRITICAL \
diff --git a/scripts/generate_language_version_files.sh b/scripts/generate_language_version_files.sh
diff --git a/src/base/.devcontainer/.tool-versions b/src/base/.devcontainer/.tool-versions
@@ -2,4 +2,4 @@ shellcheck 0.11.0
 direnv 2.37.1
 actionlint 1.7.10
 ruby 3.3.0
-trivy 0.68.2
+trivy 0.69.1
diff --git a/src/base/.devcontainer/Dockerfile b/src/base/.devcontainer/Dockerfile
@@ -20,10 +20,5 @@ ENV PATH="/home/vscode/.asdf/shims/:$PATH"
 WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
 COPY .tool-versions.asdf /home/vscode/.tool-versions.asdf
 COPY .tool-versions /home/vscode/.tool-versions
-COPY language_versions/nodejs-versions.txt /tmp/nodejs-versions.txt
-COPY language_versions/python-versions.txt /tmp/python-versions.txt
-COPY language_versions/java-versions.txt /tmp/java-versions.txt
-COPY language_versions/terraform-versions.txt /tmp/terraform-versions.txt
-COPY language_versions/golang-versions.txt /tmp/golang-versions.txt
 
 RUN ./vscode_install.sh
diff --git a/src/base/.devcontainer/devcontainer.json b/src/base/.devcontainer/devcontainer.json
@@ -17,7 +17,10 @@
         "moby": "true",
         "installDockerBuildx": "true"
       },
-      "ghcr.io/devcontainers/features/github-cli:1": {}
+      "ghcr.io/devcontainers/features/github-cli:1": {},
+       "ghcr.io/devcontainers/features/aws-cli:1": {
+          "version": "latest"
+       }
     }
   }
   
diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh
@@ -32,16 +32,16 @@ apt-get -y install --no-install-recommends htop vim curl git build-essential \
 
 # install aws stuff
 # Download correct AWS CLI for arch
-echo "Installing aws cli"
-if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then
-      wget -O /tmp/awscliv2.zip --no-verbose "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"
-    else
-      wget -O /tmp/awscliv2.zip --no-verbose "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
-    fi
-    unzip -q /tmp/awscliv2.zip -d /tmp/aws-cli
-    /tmp/aws-cli/aws/install
-    rm /tmp/awscliv2.zip
-    rm -rf /tmp/aws-cli
+# echo "Installing aws cli"
+# if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then
+#       wget -O /tmp/awscliv2.zip --no-verbose "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"
+#     else
+#       wget -O /tmp/awscliv2.zip --no-verbose "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
+#     fi
+#     unzip -q /tmp/awscliv2.zip -d /tmp/aws-cli
+#     /tmp/aws-cli/aws/install
+#     rm /tmp/awscliv2.zip
+#     rm -rf /tmp/aws-cli
 
 # Download correct SAM CLI for arch
 echo "Installing aws-sam cli"
diff --git a/src/base/.devcontainer/scripts/vscode_install.sh b/src/base/.devcontainer/scripts/vscode_install.sh
@@ -31,31 +31,6 @@ asdf plugin add trivy https://github.com/zufardhiyaulhaq/asdf-trivy.git
 cd /home/vscode
 asdf install
 
-# Read Node.js versions from file and install
-while IFS= read -r version; do
-    asdf install nodejs "$version"
-done < /tmp/nodejs-versions.txt
-
-# Read Python versions from file and install
-while IFS= read -r version; do
-    asdf install python "$version"
-done < /tmp/python-versions.txt
-
-# Read Java versions from file and install
-# while IFS= read -r version; do 
-#     asdf install java "$version"
-# done < /tmp/java-versions.txt
-
-# Read Terraform versions from file and install
-while IFS= read -r version; do
-    asdf install terraform "$version"
-done < /tmp/terraform-versions.txt
-
-# Read Golang versions from file and install
-while IFS= read -r version; do
-    asdf install golang "$version"
-done < /tmp/golang-versions.txt
-
 # setup gitsecrets
 git-secrets --register-aws --global
 git-secrets --add-provider --global -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,10 @@`
`17`	`17`	`"moby": "true",`
`18`	`18`	`"installDockerBuildx": "true"`
`19`	`19`	`},`
`20`		`- "ghcr.io/devcontainers/features/github-cli:1": {}`
	`20`	`+ "ghcr.io/devcontainers/features/github-cli:1": {},`
	`21`	`+ "ghcr.io/devcontainers/features/aws-cli:1": {`
	`22`	`+ "version": "latest"`
	`23`	`+ }`
`21`	`24`	`}`
`22`	`25`	`}`
`23`	`26`