Skip to content

Fix: [AEE-0000] -move to common dev container #892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
anthony-nhs wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix: [AEE-0000] -move to common dev container #892

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e362a23
move to common dev container
anthony-nhs Feb 21, 2026
c0d4bb4
fix json
anthony-nhs Feb 22, 2026
4c2d1e3
fix it
anthony-nhs Feb 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 13 additions & 65 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,67 +1,15 @@
FROM mcr.microsoft.com/devcontainers/base:ubuntu

ARG TARGETARCH
ENV TARGETARCH=${TARGETARCH}

ARG ASDF_VERSION
COPY .tool-versions.asdf /tmp/.tool-versions.asdf

# Add amd64 architecture if on arm64
RUN if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then dpkg --add-architecture amd64; fi

RUN apt-get update \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get -y dist-upgrade \
&& apt-get -y install --no-install-recommends htop vim curl git build-essential \
libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
jq apt-transport-https ca-certificates gnupg-agent \
software-properties-common bash-completion python3-pip make libbz2-dev \
libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev

# Download correct AWS CLI for arch
RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
else \
wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
fi && \
unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
/tmp/aws-cli/aws/install && \
rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli

# Install ASDF
RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \
ARG IMAGE_NAME=node_24_python_3_14
ARG IMAGE_VERSION=latest
FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION}

USER root
# specify DOCKER_GID to force container docker group id to match host
RUN if [ -n "${DOCKER_GID}" ]; then \
if ! getent group docker; then \
groupadd -g ${DOCKER_GID} docker; \
else \
wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \
groupmod -g ${DOCKER_GID} docker; \
fi && \
tar -xzf /tmp/asdf.tar.gz -C /tmp && \
mkdir -p /usr/bin && \
mv /tmp/asdf /usr/bin/asdf && \
chmod +x /usr/bin/asdf && \
rm -rf /tmp/asdf.tar.gz

USER vscode


ENV PATH="$PATH:/home/vscode/.asdf/shims/:/workspaces/eps-vpc-resources/node_modules/.bin"


# Install ASDF plugins
RUN asdf plugin add python; \
asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
asdf plugin add direnv; \
asdf plugin add actionlint; \
asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git


WORKDIR /workspaces/eps-vpc-resources
ADD .tool-versions /workspaces/eps-resources/.tool-versions
ADD .tool-versions /home/vscode/.tool-versions

RUN asdf install python; \
asdf install
usermod -aG docker vscode; \
fi

48 changes: 22 additions & 26 deletions .devcontainer/devcontainer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,24 @@
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
{
"name": "Ubuntu",
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
"name": "eps-vpc-resources",
"build": {
"dockerfile": "Dockerfile",
"context": "..",
"args": {}
"args": {
"DOCKER_GID": "${env:DOCKER_GID:}",
"IMAGE_NAME": "node_24_python_3_14",
"IMAGE_VERSION": "v1.0.7",
"USER_UID": "${localEnv:USER_ID:}",
"USER_GID": "${localEnv:GROUP_ID:}"
}
},
"postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
"mounts": [
"source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
"source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
"source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
"source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
],
"features": {
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
"version": "latest",
"moby": "true",
"installDockerBuildx": "true"
}
},
"customizations": {
"vscode": {
Expand Down Expand Up @@ -51,12 +50,17 @@
"python.testing.pytestEnabled": true,
"pylint.enabled": false,
"python.linting.flake8Enabled": true,
"python.linting.enabled": true, // required to format on save
"editor.formatOnPaste": false, // required
"editor.formatOnType": false, // required
"editor.formatOnSave": true, // optional
"python.linting.enabled": true,
"editor.formatOnPaste": false,
"editor.formatOnType": false,
"editor.formatOnSave": true,
"editor.formatOnSaveMode": "file",
"cSpell.words": ["fhir", "Formik", "pino", "serialisation"],
"cSpell.words": [
"fhir",
"Formik",
"pino",
"serialisation"
],
"editor.defaultFormatter": "dbaeumer.vscode-eslint",
"[typescript]": {
"editor.defaultFormatter": "dbaeumer.vscode-eslint"
Expand All @@ -67,15 +71,7 @@
}
}
},
"remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
"postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-vpc-resources; make install; direnv allow ."
// "features": {},
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
// Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": ""
// Configure tool-specific properties.
// "customizations": {},
// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
// "remoteUser": "root"
"remoteEnv": {
"LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
}
}
1 change: 0 additions & 1 deletion .github/scripts/fix_cdk_json.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ if [[ "$STACK_NAME" =~ -pr-[0-9]+$ ]]; then
fi

# go through all the key values we need to set
fix_string_key accountId "${ACCOUNT_ID}"
fix_string_key stackName "vpc-resources"
fix_string_key versionNumber "${VERSION_NUMBER}"
fix_string_key commitId "${COMMIT_ID}"
Expand Down
48 changes: 21 additions & 27 deletions .github/workflows/cdk_package_code.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,46 +9,41 @@ on:
COMMIT_ID:
required: true
type: string
runtime_docker_image:
type: string
required: true
verify_published_from_main_image:
type: boolean
required: true

jobs:
verify_attestation:
uses: NHSDigital/eps-common-workflows/.github/workflows/verify-attestation.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
with:
runtime_docker_image: "${{ inputs.runtime_docker_image }}"
verify_published_from_main_image: ${{ inputs.verify_published_from_main_image }}
package_code:
needs: verify_attestation
runs-on: ubuntu-22.04
container:
image: ${{ needs.verify_attestation.outputs.pinned_image }}
options: --user 1001:1001 --group-add 128
defaults:
run:
shell: bash
permissions:
id-token: write
contents: read
packages: read
steps:
- name: copy .tool-versions
run: |
cp /home/vscode/.tool-versions "$HOME/.tool-versions"
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
ref: ${{ env.BRANCH_NAME }}

- name: Get asdf version
id: asdf-version
run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"

# using git commit sha for version of action to ensure we have stable version
- name: Install asdf
uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47
with:
asdf_version: ${{ steps.asdf-version.outputs.version }}

- name: Cache asdf
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
with:
path: |
~/.asdf
key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}-${{ steps.asdf-version.outputs.version }}
restore-keys: |
${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}-${{ steps.asdf-version.outputs.version }}

- name: Install asdf dependencies in .tool-versions
uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47
with:
asdf_version: ${{ steps.asdf-version.outputs.version }}
env:
PYTHON_CONFIGURE_OPTS: --enable-shared

- name: make install
run: |
make install
Expand All @@ -57,7 +52,6 @@ jobs:
- name: "Tar files"
run: |
tar -rf artifact.tar \
.tool-versions \
packages \
node_modules \
package.json \
Expand Down
81 changes: 27 additions & 54 deletions .github/workflows/cdk_release_code.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,42 @@ on:
FORWARD_CSOC_LOGS:
type: boolean
default: false
runtime_docker_image:
type: string
required: true
verify_published_from_main_image:
type: boolean
required: true
secrets:
CLOUD_FORMATION_DEPLOY_ROLE:
required: true
CDK_PULL_IMAGE_ROLE:
required: true
jobs:
verify_attestation:
uses: NHSDigital/eps-common-workflows/.github/workflows/verify-attestation.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
with:
runtime_docker_image: "${{ inputs.runtime_docker_image }}"
verify_published_from_main_image: ${{ inputs.verify_published_from_main_image }}
release_code:
needs: verify_attestation
runs-on: ubuntu-22.04
container:
image: ${{ needs.verify_attestation.outputs.pinned_image }}
options: --user 1001:1001 --group-add 128
defaults:
run:
shell: bash
environment: ${{ inputs.TARGET_ENVIRONMENT }}
name: deploy cdk app
permissions:
id-token: write
contents: write

steps:
- name: copy .tool-versions
run: |
cp /home/vscode/.tool-versions "$HOME/.tool-versions"
- name: Checkout local github actions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
with:
Expand All @@ -44,14 +65,6 @@ jobs:
sparse-checkout: |
.github

- name: Configure AWS Credentials
id: connect-aws-pull-image
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.CDK_PULL_IMAGE_ROLE }}
role-session-name: eps-vpc-resources-pull-image

- name: build_artifact download
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
with:
Expand All @@ -62,29 +75,6 @@ jobs:
mkdir -p .build
tar -xf artifact.tar -C .build

- name: Retrieve AWS Account ID
id: retrieve-account-id
run: echo "ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_ENV"

- name: Login to Amazon ECR
id: login-ecr
run: |
aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com

- name: Pull cdk-utils-build from Amazon ECR
run: |
docker pull "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest"
docker tag "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest" cdk-utils-build-repo:latest

- name: Configure AWS Credentials
id: connect-aws
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
with:
aws-region: eu-west-2
role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
role-session-name: eps-vpc-resources-deployment
output-credentials: true

- name: fix cdk.json for deployment
run: |
./.github/scripts/fix_cdk_json.sh
Expand All @@ -94,33 +84,16 @@ jobs:
LOG_RETENTION_IN_DAYS: "${{ inputs.LOG_RETENTION_IN_DAYS }}"
FORWARD_CSOC_LOGS: "${{ inputs.FORWARD_CSOC_LOGS }}"

- name: Show diff
run: |
docker run \
-v "$(pwd)/.build":/home/cdkuser/workspace/ \
-e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
-e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
-e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
-e AWS_REGION="eu-west-2" \
-e SHOW_DIFF="true" \
-e DEPLOY_CODE="false" \
-e CDK_APP_PATH="packages/cdk/bin/VpcResourcesApp.ts" \
cdk-utils-build-repo:latest
shell: bash

- name: Deploy code
if: ${{ inputs.DEPLOY_CHANGE == true}}
run: |
docker run \
-v "$(pwd)/.build":/home/cdkuser/workspace/ \
-e AWS_ACCESS_KEY_ID=${{ steps.connect-aws.outputs.aws-access-key-id }} \
-e AWS_SECRET_ACCESS_KEY=${{ steps.connect-aws.outputs.aws-secret-access-key }} \
-e AWS_SESSION_TOKEN=${{ steps.connect-aws.outputs.aws-session-token }} \
-e AWS_REGION="eu-west-2" \
-e SHOW_DIFF="false" \
-e DEPLOY_CODE="true" \
-e CDK_APP_PATH="packages/cdk/bin/VpcResourcesApp.ts" \
cdk-utils-build-repo:latest
cd .build
npx cdk deploy \
--app "npx ts-node --prefer-ts-exts packages/cdk/bin/VpcResourcesApp.ts" \
--all \
--require-approval=never \
--ci true
shell: bash

update_github_pages:
Expand Down
Loading