set correct user

Author: anthony-nhs

.github/workflows/build_multi_arch_image.yml

@@ -82,13 +82,11 @@ jobs:
 
         env:
           ARCHITECTURE: '${{ matrix.arch }}'
-          DOCKER_TAG: '${{ inputs.docker_tag }}'
           CONTAINER_NAME: '${{ inputs.container_name }}'
+          DOCKER_TAG: '${{ inputs.docker_tag }}'
           BASE_VERSION: ${{ inputs.docker_tag}}
           IMAGE_TAG: ":${{ inputs.docker_tag }}-${{ matrix.arch }}"
           BASE_FOLDER: "${{ inputs.base_folder }}"
-          VSCODE_UID: "1001"
-          VSCODE_GID: "1001"
       - name: Check docker vulnerabilities - json output
         uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284
         with:

src/base/.devcontainer/Dockerfile

@@ -4,10 +4,17 @@ ARG BASE_VERSION=latest
 ARG TARGETARCH
 ARG SCRIPTS_DIR=/usr/local/share/eps
 ARG CONTAINER_NAME
+ARG DOCKER_TAG
+ARG BASE_VERSION
+ARG IMAGE_TAG
+
+ENV BASE_VERSION=${BASE_VERSION}
 ENV TARGETARCH=${TARGETARCH}
-ENV CONTAINER_NAME=${CONTAINER_NAME}
 ENV SCRIPTS_DIR=${SCRIPTS_DIR}
+ENV CONTAINER_NAME=${CONTAINER_NAME}
+ENV DOCKER_TAG=${DOCKER_TAG}
 ENV BASE_VERSION=${BASE_VERSION}
+ENV IMAGE_TAG=${IMAGE_TAG}
 
 LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers
 LABEL org.opencontainers.image.description="EPS base devcontainer"
@@ -26,3 +33,14 @@ COPY --chown=vscode:vscode .tool-versions /home/vscode/.tool-versions
 ENV PATH="/home/vscode/.asdf/shims/:$PATH"
 WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
 RUN ./vscode_install.sh
+
+USER root
+# store version info in VERSION.txt for reference
+RUN echo "[[ ${CONTAINER_NAME} ]]" > "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "BASE_VERSION=${BASE_VERSION}" >> "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "DOCKER_TAG=${DOCKER_TAG}" >> "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "IMAGE_TAG=${IMAGE_TAG}" >> "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "" >> "${SCRIPTS_DIR}/VERSION.txt"
+
+USER vscode
+WORKDIR /home/vscode

src/base/.devcontainer/devcontainer.json

@@ -6,9 +6,10 @@
     "build": {
       "dockerfile": "Dockerfile",
       "args": {
-        "CONTAINER_NAME": "eps_devcontainer_base",
-        "VSCODE_UID": "${localEnv:VSCODE_UID}",
-        "VSCODE_GID": "${localEnv:VSCODE_GID}"
+        "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}",
+        "DOCKER_TAG": "${localEnv:DOCKER_TAG}",
+        "BASE_VERSION": "${localEnv:BASE_VERSION}",
+        "IMAGE_TAG": "${localEnv:IMAGE_TAG}"
       }
     },
     "runArgs": [

src/base/.devcontainer/scripts/root_install.sh

@@ -67,14 +67,11 @@ mkdir -p /usr/share/secrets-scanner
 chmod 755 /usr/share/secrets-scanner
 curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
 
-# fix user and group ids for vscode user to match host, and ensure vscode owns their home directory
-requested_uid="${VSCODE_UID:-1000}"
-requested_gid="${VSCODE_GID:-1000}"
+# fix user and group ids for vscode user to be 1001 so it can be used by github actions
+requested_uid=1001
+requested_gid=1001
 current_uid="$(id -u vscode)"
 current_gid="$(id -g vscode)"
 if [ "${current_gid}" != "${requested_gid}" ]; then groupmod -g "${requested_gid}" vscode; fi
 if [ "${current_uid}" != "${requested_uid}" ]; then usermod -u "${requested_uid}" -g "${requested_gid}" vscode; fi
 chown -R vscode:vscode /home/vscode
-
-# store base version in VERSION.txt for reference
-echo "VERSION=${BASE_VERSION}" > "${SCRIPTS_DIR}/VERSION.txt"

src/base/.devcontainer/scripts/vscode_install.sh

@@ -24,7 +24,3 @@ asdf plugin add yq https://github.com/sudermanjr/asdf-yq.git
 # install base asdf versions of common tools
 cd /home/vscode
 asdf install
-
-# setup gitsecrets
-git-secrets --register-aws --global
-git-secrets --add-provider --global -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt

src/common/Dockerfile

@@ -2,8 +2,21 @@ ARG BASE_VERSION=latest
 
 FROM ghcr.io/nhsdigital/eps-devcontainers/base:${BASE_VERSION}
 
+ARG BASE_VERSION=latest
+ARG TARGETARCH
+ARG SCRIPTS_DIR=/usr/local/share/eps
 ARG CONTAINER_NAME
+ARG DOCKER_TAG
+ARG BASE_VERSION
+ARG IMAGE_TAG
+
+ENV BASE_VERSION=${BASE_VERSION}
+ENV TARGETARCH=${TARGETARCH}
+ENV SCRIPTS_DIR=${SCRIPTS_DIR}
 ENV CONTAINER_NAME=${CONTAINER_NAME}
+ENV DOCKER_TAG=${DOCKER_TAG}
+ENV BASE_VERSION=${BASE_VERSION}
+ENV IMAGE_TAG=${IMAGE_TAG}
 
 LABEL org.opencontainers.image.source=https://github.com/NHSDigital/eps-devcontainers
 LABEL org.opencontainers.image.description="EPS ${CONTAINER_NAME} devcontainer"
@@ -19,6 +32,17 @@ USER vscode
 WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
 COPY .tool-versions /tmp/.tool-versions
 RUN cat /tmp/.tool-versions >> /home/vscode/.tool-versions
+ENV PATH="/home/vscode/.asdf/shims/:$PATH"
 
 RUN ./vscode_install.sh
+
+USER root
+# store version info in VERSION.txt for reference
+RUN echo "[[ ${CONTAINER_NAME} ]]" >> "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "BASE_VERSION=${BASE_VERSION}" >> "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "DOCKER_TAG=${DOCKER_TAG}" >> "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "IMAGE_TAG=${IMAGE_TAG}" >> "${SCRIPTS_DIR}/VERSION.txt" && \
+    echo "" >> "${SCRIPTS_DIR}/VERSION.txt"
+
+USER vscode
 WORKDIR /home/vscode

src/languages/node_24_python_3_12/.devcontainer/devcontainer.json

@@ -6,8 +6,10 @@
     "build": {
       "dockerfile": "../../../common/Dockerfile",
       "args": {
+        "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}",
+        "DOCKER_TAG": "${localEnv:DOCKER_TAG}",
         "BASE_VERSION": "${localEnv:BASE_VERSION}",
-        "CONTAINER_NAME": "eps_devcontainer_node_24_python_3_13"
+        "IMAGE_TAG": "${localEnv:IMAGE_TAG}"
       },
       "context": "."
     },

src/languages/node_24_python_3_13/.devcontainer/devcontainer.json

@@ -6,8 +6,10 @@
     "build": {
       "dockerfile": "../../../common/Dockerfile",
       "args": {
+        "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}",
+        "DOCKER_TAG": "${localEnv:DOCKER_TAG}",
         "BASE_VERSION": "${localEnv:BASE_VERSION}",
-        "CONTAINER_NAME": "eps_devcontainer_node_24_python_3_13"
+        "IMAGE_TAG": "${localEnv:IMAGE_TAG}"
       },
       "context": "."
     },

src/languages/node_24_python_3_14/.devcontainer/devcontainer.json

@@ -6,8 +6,10 @@
     "build": {
       "dockerfile": "../../../common/Dockerfile",
       "args": {
+        "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}",
+        "DOCKER_TAG": "${localEnv:DOCKER_TAG}",
         "BASE_VERSION": "${localEnv:BASE_VERSION}",
-        "CONTAINER_NAME": "eps_devcontainer_node_24_python_3_14"
+        "IMAGE_TAG": "${localEnv:IMAGE_TAG}"
       },
       "context": "."
     },

src/languages/node_24_python_3_14/.devcontainer/scripts/root_install.sh

@@ -1,2 +1,6 @@
 #!/usr/bin/env bash
 set -e
+
+# store version info in VERSION.txt for reference
+echo "VERSION=${BASE_VERSION}" > "${SCRIPTS_DIR}/VERSION.txt"
+echo "CONTAINER_NAME=${CONTAINER_NAME}" >> "${SCRIPTS_DIR}/VERSION.txt"