Chore: [AEA-0000] - move to devcontainer (#415)

## Summary

- Routine Change

### Details

- move to common devcontainer

Author: anthony-nhs

.devcontainer/Dockerfile

@@ -1,95 +1,15 @@
-FROM mcr.microsoft.com/devcontainers/base:ubuntu
-
-# provide DOCKER_GID via build args if you need to force group id to match host
-ARG DOCKER_GID
-ARG TARGETARCH
-ENV TARGETARCH=${TARGETARCH}
-
-ARG ASDF_VERSION
-COPY .tool-versions.asdf /tmp/.tool-versions.asdf
-
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then dpkg --add-architecture arm64; fi
-
-# Anticipate and resolve potential permission issues with apt
-RUN mkdir -p /tmp && chmod 1777 /tmp
-# Install system dependencies
-RUN apt-get update \
-    && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y dist-upgrade \
-    && apt-get -y install --no-install-recommends htop vim curl git build-essential \
-    libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
-    zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
-    jq apt-transport-https ca-certificates gnupg-agent \
-    software-properties-common bash-completion python3-pip make \
-    libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev
-
-# Install aws stuff
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
-    else \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
-    fi && \
-    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
-    /tmp/aws-cli/aws/install && \
-    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
-
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip"; \
-    else \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip"; \
-    fi && \
-    unzip /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli && \
-    /tmp/aws-sam-cli/install && \
-    rm /tmp/aws-sam-cli.zip && rm -rf /tmp/aws-sam-cli
-
-# Install ASDF
-RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
-    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
-      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \
-    else \
-      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \
-    fi && \
-    tar -xzf /tmp/asdf.tar.gz -C /tmp && \
-    mkdir -p /usr/bin && \
-    mv /tmp/asdf /usr/bin/asdf && \
-    chmod +x /usr/bin/asdf && \
-    rm -rf /tmp/asdf.tar.gz 
+ARG IMAGE_NAME=node_24_python_3_14
+ARG IMAGE_VERSION=latest
+FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION}
 
+USER root
 # specify DOCKER_GID to force container docker group id to match host
 RUN if [ -n "${DOCKER_GID}" ]; then \
-      if ! getent group docker; then \
-        groupadd -g ${DOCKER_GID} docker; \
-      else \
-        groupmod -g ${DOCKER_GID} docker; \
-      fi && \
-      usermod -aG docker vscode; \
+    if ! getent group docker; then \
+    groupadd -g ${DOCKER_GID} docker; \
+    else \
+    groupmod -g ${DOCKER_GID} docker; \
+    fi && \
+    usermod -aG docker vscode; \
     fi
-
-USER vscode
-
-ENV PATH="/home/vscode/.asdf/shims/:$PATH"
-RUN \
-    echo 'PATH="/home/vscode/.asdf/shims/:$PATH"' >> ~/.bashrc; \
-    echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \
-    echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \
-    echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
-
-ENV PATH="$PATH:/workspaces/eps-assist-me/node_modules/.bin"
-
-# Install ASDF plugins
-RUN asdf plugin add python && \
-    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git && \
-    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git && \
-    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git && \
-    asdf plugin add direnv && \
-    asdf plugin add actionlint && \
-    asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git
-
-WORKDIR /workspaces/eps-assist-me
-ADD .tool-versions /workspaces/eps-assist-me/.tool-versions
-ADD .tool-versions /home/vscode/.tool-versions
-
-# install python before poetry to ensure correct python version is used
-RUN asdf install python && \
-    asdf install
+  

.devcontainer/devcontainer.json

@@ -1,12 +1,14 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the
-// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
 {
   "name": "Ubuntu",
   "build": {
     "dockerfile": "Dockerfile",
     "context": "..",
     "args": {
-      "DOCKER_GID": "${env:DOCKER_GID:}"
+      "DOCKER_GID": "${env:DOCKER_GID:}",
+      "IMAGE_NAME": "node_24_python_3_14",
+      "IMAGE_VERSION": "v1.0.7",
+      "USER_UID": "${localEnv:USER_ID:}",
+      "USER_GID": "${localEnv:GROUP_ID:}"
     }
   },
   "mounts": [
@@ -16,14 +18,11 @@
     "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind",
     "source=${env:HOME}${env:USERPROFILE}/.gitconfig,target=/home/vscode/.gitconfig,type=bind"
   ],
-  "features": {
-    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
-      "version": "latest",
-      "moby": "true",
-      "installDockerBuildx": "true"
-    }
+  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
+  "features": {},
+  "remoteEnv": {
+    "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}/"
   },
-  "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}/" },
   "customizations": {
     "vscode": {
       "extensions": [
@@ -55,31 +54,28 @@
         "python.testing.pytestEnabled": false,
         "python.linting.pylintEnabled": false,
         "python.linting.flake8Enabled": true,
-        "python.linting.enabled": true, // required to format on save
+        "python.linting.enabled": true,
         "python.formatting.provider": "black",
-        "black-formatter.args": ["--line-length=120"],
+        "black-formatter.args": [
+          "--line-length=120"
+        ],
         "[python]": {
           "editor.defaultFormatter": "ms-python.black-formatter"
         },
         "editor.defaultFormatter": "dbaeumer.vscode-eslint",
-        "editor.formatOnPaste": false, // required
-        "editor.formatOnType": false, // required
-        "editor.formatOnSave": true, // optional
+        "editor.formatOnPaste": false,
+        "editor.formatOnType": false,
+        "editor.formatOnSave": true,
         "editor.formatOnSaveMode": "file",
-        "cSpell.words": ["fhir", "Formik", "pino", "serialisation"],
+        "cSpell.words": [
+          "fhir",
+          "Formik",
+          "pino",
+          "serialisation"
+        ],
         "eslint.useFlatConfig": true,
         "eslint.format.enable": true
       }
     }
-  },
-  "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-assist-me; make install; direnv allow ."
-  // "features": {},
-  // Use 'forwardPorts' to make a list of ports inside the container available locally.
-  // "forwardPorts": [],
-  // Use 'postCreateCommand' to run commands after the container is created.
-  // "postCreateCommand": ""
-  // Configure tool-specific properties.
-  // "customizations": {},
-  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-  // "remoteUser": "root"
+  }
 }

.github/workflows/cdk_package_code.yml

@@ -12,46 +12,32 @@ on:
       COMMIT_ID:
         required: true
         type: string
+      pinned_image:
+        type: string
+        required: true
 
 jobs:
   package_code:
     runs-on: ubuntu-22.04
+    container:
+      image: ${{ inputs.pinned_image }}
+      options: --user 1001:1001 --group-add 128
+    defaults:
+      run:
+        shell: bash
     permissions:
       id-token: write
       contents: read
       packages: read
     steps:
+      - name: copy .tool-versions
+        run: |
+          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           ref: ${{ env.BRANCH_NAME }}
 
-      - name: Get asdf version
-        id: asdf-version
-        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
-
-      # using git commit sha for version of action to ensure we have stable version
-      - name: Install asdf
-        uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47
-        with:
-          asdf_version: ${{ steps.asdf-version.outputs.version }}
-
-      - name: Cache asdf
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
-        with:
-          path: |
-            ~/.asdf
-          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}-${{ steps.asdf-version.outputs.version }}
-          restore-keys: |
-            ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}-${{ steps.asdf-version.outputs.version }}
-
-      - name: Install asdf dependencies in .tool-versions
-        uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47
-        with:
-          asdf_version: ${{ steps.asdf-version.outputs.version }}
-        env:
-          PYTHON_CONFIGURE_OPTS: --enable-shared
-
       - name: Setting up .npmrc
         env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -114,7 +100,6 @@ jobs:
       - name: "Tar files"
         run: |
           tar -rf artifact.tar \
-            .tool-versions \
             packages \
             node_modules \
             package.json \

.github/workflows/ci.yml

@@ -8,55 +8,43 @@ env:
   BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }}
 
 jobs:
-  get_asdf_version:
-    runs-on: ubuntu-22.04
-    outputs:
-      asdf_version: ${{ steps.asdf-version.outputs.version }}
-      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - name: Get asdf version
-        id: asdf-version
-        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
-
-      - name: Load config value
-        id: load-config
-        run: |
-          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
-          echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
+  get_config_values:
+    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
+    with:
+      verify_published_from_main_image: true
 
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@d215f841eb18b803e339e4ed597ed1f30e086e17
-    needs: [get_asdf_version]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
+    needs: [get_config_values]
     with:
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   tag_release:
-    needs: [quality_checks, get_asdf_version]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@997a1946c83bb2a9eda418847ed640738af949ff
+    needs: [quality_checks, get_config_values]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
     with:
       dry_run: true
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       branch_name: main
-      tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
+      tag_format: ${{ needs.get_config_values.outputs.tag_format }}
     secrets: inherit
 
   package_code:
-    needs: [tag_release]
+    needs: [tag_release, get_config_values]
     uses: ./.github/workflows/cdk_package_code.yml
     with:
       STACK_NAME: epsam
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
       COMMIT_ID: ${{ github.sha }}
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   release_dev:
-    needs: [tag_release, package_code]
+    needs: [tag_release, package_code, get_config_values]
     uses: ./.github/workflows/release_all_stacks.yml
     with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       STACK_NAME: epsam
       TARGET_ENVIRONMENT: dev
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}
@@ -85,9 +73,10 @@ jobs:
       SLACK_SIGNING_SECRET: ${{ secrets.DEV_SLACK_SIGNING_SECRET }}
 
   release_qa:
-    needs: [tag_release, package_code, release_dev]
+    needs: [tag_release, package_code, release_dev, get_config_values]
     uses: ./.github/workflows/release_all_stacks.yml
     with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       STACK_NAME: epsam
       TARGET_ENVIRONMENT: qa
       VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }}