Add base image

Add images workflow
Add path-filter generator

Signed-off-by: Jacob Woffenden <[email protected]>

Author: Jacob Woffenden

.github/workflows/images.yml

@@ -0,0 +1,54 @@
+---
+name: Images
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - images/**
+
+permissions: {}
+
+jobs:
+  detect-changes:
+    name: Detect Changes
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      images: ${{ steps.detect_changes.outputs.changes }}
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Build path-filters file
+        id: build_path_filters
+        run: bash scripts/path-filter/configuration-generator.sh images
+
+      - name: Detect changes
+        id: detect_changes
+        uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+        with:
+          filters: .github/path-filter/images.yml
+
+  build-and-test:
+    needs: [detect-changes]
+    if: ${{ needs.detect-changes.outputs.images != '[]' }}
+    name: Build and Test
+    runs-on: ubuntu-latest
+    steps:
+    strategy:
+      fail-fast: false
+      matrix:
+        image: ${{ fromJson(needs.detect-changes.outputs.images) }}
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Build and Test
+        id: build_and_test
+        run: |
+          bash scripts/build-and-test.sh ${{ matrix.image }}

images/base/Containerfile

@@ -0,0 +1,3 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
+
+COPY --chown=nobody:nobody --chmod=0755 src/usr/local/bin/devcontainer-utils /usr/local/bin/devcontainer-utils

images/base/src/usr/local/bin/devcontainer-utils

@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+##################################################
+# Environment
+##################################################
+
+export DEBIAN_FRONTEND="noninteractive"
+
+##################################################
+# Function
+##################################################
+
+logger() {
+  local type="${1}"
+  local message="${2}"
+  timestamp=$(date --rfc-3339=seconds)
+  local timestamp
+
+  case "${type}" in
+  err | error)
+    echo "${timestamp} [ERROR] ${message}"
+    ;;
+  info | information)
+    echo "${timestamp} [INFO] ${message}"
+    ;;
+  warn | warning)
+    echo "${timestamp} [WARN] ${message}"
+    ;;
+  esac
+}
+
+get_system_architecture() {
+  systemArchitecture="$(uname -m)"
+  export systemArchitecture
+
+  case ${systemArchitecture} in
+  x86_64)
+    logger "info" "Architecture is x86_64"
+    export ARCHITECTURE="amd64"
+    ;;
+  aarch64 | armv8*)
+    logger "info" "Architecture is aarch64 or armv8"
+    export ARCHITECTURE="arm64"
+    ;;
+  *)
+    logger "error" "Architecture ${systemArchitecture} is not supported"
+    exit 1
+    ;;
+  esac
+}
+
+get_github_latest_tag() {
+  local repository="${1}"
+
+  repositoryLatestTag="$(curl --silent https://api.github.com/repos/"${repository}"/releases/latest | jq -r '.tag_name')"
+  export repositoryLatestTag
+
+  repositoryLatestTagStripV=${repositoryLatestTag//v/}
+
+  logger "info" "GitHub latest tag for ${repository} is ${repositoryLatestTag}"
+  export GITHUB_LATEST_TAG="${repositoryLatestTag}"
+  export GITHUB_LATEST_TAG_STRIP_V="${repositoryLatestTagStripV}"
+}
+
+apt_install() {
+  local packages="${1}"
+
+  apt-get update --yes
+
+  apt-get install --yes --no-install-recommends "${packages}"
+
+  apt-get clean
+
+  rm --force --recursive /var/lib/apt/lists/*
+}
+
+pip_install() {
+  local packages="${1}"
+
+  python3 -m pip install --no-cache-dir --upgrade "${packages}"
+}

images/base/test/container-structure-test.yml

@@ -0,0 +1,22 @@
+---
+schemaVersion: 2.0.0
+
+commandTests:
+  - name: "vscode user"
+    command: "id"
+    args: ["--user", "vscode"]
+    expectedOutput: ["1000"]
+
+  - name: "vscode group"
+    command: "id"
+    args: ["--group", "vscode"]
+    expectedOutput: ["1000"]
+
+fileExistenceTests:
+  - name: "devcontainer-utils"
+    path: "/usr/local/bin/devcontainer-utils"
+    shouldExist: true
+    permissions: "-rwxr-xr-x" # 0755
+    uid: 65534
+    gid: 65534
+    isExecutableBy: "any"

scripts/images/build-and-test.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+# 1. Build image
+
+# 2. Run GoogleContainerTools/container-structure-test
+
+IMAGE="${1}"
+IMAGE_DIRECTORY="images/${IMAGE}"
+IMAGE_TAG="ghcr.io/ministryofjustice/devcontainer-${IMAGE}:local"
+CONTAINER_STRUCTURE_TEST_IMAGE="gcr.io/gcp-runtimes/container-structure-test:latest"
+
+echo "Building [ ${IMAGE} ] as [ ${IMAGE_TAG} ]"
+
+docker build --file "${IMAGE_DIRECTORY}/Containerfile" --tag "${IMAGE_TAG}" "${IMAGE_DIRECTORY}"
+
+if [[ -f "${IMAGE_DIRECTORY}/test/container-structure-test.yml" ]]; then
+  echo "Running container structure test for [ ${IMAGE_TAG} ]"
+
+  docker run --rm \
+    --volume /var/run/docker.sock:/var/run/docker.sock \
+    --volume "${PWD}:/workspace" \
+    --workdir /workspace \
+    "${CONTAINER_STRUCTURE_TEST_IMAGE}" \
+    test --image "${IMAGE_TAG}" --config "/workspace/${IMAGE_DIRECTORY}/test/container-structure-test.yml"
+fi

scripts/path-filter/configuration-generator.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+MODE="${1}"
+
+case ${MODE} in
+features)
+  PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/features.yml"
+  SEARCH_PATTERN="devcontainer-feature.json"
+  SKIP_FILE=".feature-path-filter-ignore"
+  ;;
+images)
+  PATH_FILTER_CONFIGURATION_FILE=".github/path-filters/images.yml"
+  SEARCH_PATTERN="*Containerfile*"
+  SKIP_FILE=".image-path-filter-ignore"
+  ;;
+*)
+  echo "Usage: ${0} [features|images]"
+  exit 1
+  ;;
+esac
+
+folders=$(find . -type f -name "${SEARCH_PATTERN}" -exec dirname {} \; | sort -h | uniq | cut -c 3-)
+export folders
+
+echo "=== Folders ==="
+echo "${folders}"
+
+echo "Generating ${PATH_FILTER_CONFIGURATION_FILE}"
+cat >"${PATH_FILTER_CONFIGURATION_FILE}" <<EOL
+---
+# This file is auto-generated by running the below command, do not manually amend.
+# bash scripts/path-filter/configuration-generator.sh ${MODE}
+
+EOL
+
+for folder in ${folders}; do
+
+  if [[ -f "${folder}/${SKIP_FILE}" ]]; then
+    echo "Ignoring ${folder}"
+    continue
+  fi
+
+  if [[ "${MODE}" == "terraform" ]]; then
+    baseName=$(echo "${folder}" | sed 's|/|-|g' | sed 's|terraform-||')
+  else
+    baseName=$(basename "${folder}")
+  fi
+
+  {
+    printf "%s: %s/**\n" "${baseName}" "${folder}"
+  } >>"${PATH_FILTER_CONFIGURATION_FILE}"
+
+done