Chore: [AEA-0000] - move to common dev container#1885
Open
anthony-nhs wants to merge 10 commits intomainfrom
Open
Chore: [AEA-0000] - move to common dev container#1885anthony-nhs wants to merge 10 commits intomainfrom
anthony-nhs wants to merge 10 commits intomainfrom
Conversation
Contributor
|
This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: AEA-0000 |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR migrates the repo to use a shared “common” devcontainer/CI container image and removes locally-maintained tooling/scripts that are now expected to be provided by the shared environment.
Changes:
- Switch GitHub Actions workflows to run inside a pinned container image (
pinned_image) and remove asdf-based tool installation. - Update devcontainer to build from
ghcr.io/nhsdigital/eps-devcontainers/...and delegate unknownmaketargets to a sharedcommon.mk. - Remove repo-local scripts/tools no longer needed (cfn-guard runner, python license checker, asdf tool version files) and update Poetry dependencies/lockfile accordingly.
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
.devcontainer/devcontainer.json |
Repoints devcontainer build to common base image and adjusts post-attach setup. |
.devcontainer/Dockerfile |
Now FROM a shared devcontainer image; adds docker group remapping logic. |
.github/workflows/ci.yml |
Moves CI to common workflow + pinned container image approach. |
.github/workflows/pull_request.yml |
Moves PR pipeline to common workflow + pinned container image approach. |
.github/workflows/release.yml |
Switches to devcontainer-based common workflows and Jira update path. |
.github/workflows/release_all_stacks.yml |
Runs release steps inside pinned container; removes nested docker usage in deploy steps. |
.github/workflows/cdk_package_code.yml |
Runs packaging job in pinned container; removes asdf setup and .tool-versions from artifact. |
.github/workflows/run_regression_tests.yml |
Runs regression tests in pinned container; adds .tool-versions copy step. |
.pre-commit-config.yaml |
Runs git-secrets directly instead of via docker. |
Makefile |
Removes several local targets and forwards unknown targets to shared common.mk. |
pyproject.toml / poetry.lock |
Drops pip-licenses and updates lockfile generation metadata. |
scripts/run_cfn_guard.sh / scripts/check_python_licenses.sh |
Removed (tooling expected to come from shared environment). |
.tool-versions / .tool-versions.asdf |
Removed (no longer using asdf pinning here). |
.github/scripts/*.sh (removed ones) |
Removes repo-local Jira/release-note helper scripts no longer used by workflows. |
Comments suppressed due to low confidence (1)
.github/workflows/run_regression_tests.yml:20
- This workflow defines
REGRESSION_TESTS_PEMboth as an optional input and as a required secret, but the job only uses the secret (secrets.REGRESSION_TESTS_PEM). Keeping the unused input is confusing for callers and can lead to passing credentials the wrong way. Remove theREGRESSION_TESTS_PEMinput (or make the workflow consistently use the input instead of the secret).
required: true
type: string
REGRESSION_TESTS_PEM:
type: string
pinned_image:
type: string
required: true
secrets:
REGRESSION_TESTS_PEM:
required: true
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
201
to
205
| entry: bash | ||
| args: | ||
| - -c | ||
| - 'docker run -v "$LOCAL_WORKSPACE_FOLDER:/src" git-secrets --pre_commit_hook' | ||
| - 'git-secrets --pre_commit_hook' | ||
| language: system |
| @@ -352,5 +341,5 @@ cdk-diff: guard-CDK_APP_NAME | |||
| --context VERSION_NUMBER=$$VERSION_NUMBER \ | |||
| --context COMMIT_ID=$$COMMIT_ID | |||
|
|
|||
Comment on lines
+5
to
+14
| USER root | ||
| # specify DOCKER_GID to force container docker group id to match host | ||
| RUN if [ -n "${DOCKER_GID}" ]; then \ | ||
| if ! getent group docker; then \ | ||
| groupadd -g ${DOCKER_GID} docker; \ | ||
| else \ | ||
| wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \ | ||
| groupmod -g ${DOCKER_GID} docker; \ | ||
| fi && \ | ||
| unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \ | ||
| /tmp/aws-cli/aws/install && \ | ||
| rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli | ||
|
|
||
| # Install ASDF | ||
| RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \ | ||
| wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \ | ||
| tar -xvzf /tmp/asdf.tar.gz; \ | ||
| mv asdf /usr/bin | ||
|
|
||
| USER vscode | ||
|
|
||
| ENV PATH="/home/vscode/.asdf/shims/:$PATH" | ||
| RUN \ | ||
| echo 'PATH="/home/vscode/.asdf/shims/:$PATH"' >> ~/.bashrc; \ | ||
| echo '. <(asdf completion bash)' >> ~/.bashrc; \ | ||
| echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \ | ||
| echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \ | ||
| echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc; | ||
|
|
||
| # Install ASDF plugins | ||
| RUN asdf plugin add python; \ | ||
| asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \ | ||
| asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \ | ||
| asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \ | ||
| asdf plugin add direnv; \ | ||
| asdf plugin add actionlint; \ | ||
| asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git | ||
|
|
||
|
|
||
| WORKDIR /workspaces/eps-prescription-tracker-ui | ||
| ADD .tool-versions /workspaces/eps-prescription-tracker-ui/.tool-versions | ||
| ADD .tool-versions /home/vscode/.tool-versions | ||
|
|
||
| # install python before poetry to ensure correct python version is used | ||
| RUN asdf install python; \ | ||
| asdf install | ||
| usermod -aG docker vscode; \ | ||
| fi |
| asdf install | ||
| usermod -aG docker vscode; \ | ||
| fi | ||
|
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Details