Merge pull request #10 from usma0118/devcontainers-template

usma0118 · web-flow · commit 3b63a7fde64f · 2024-06-03T14:05:06.000+02:00
Create devcontainer.yaml
diff --git a/.devcontainer/base/.dockerignore b/.devcontainer/base/.dockerignore
@@ -0,0 +1,2 @@
+.git
+.vscode
diff --git a/.devcontainer/base/Dockerfile b/.devcontainer/base/Dockerfile
@@ -0,0 +1,73 @@
+FROM mcr.microsoft.com/devcontainers/base:alpine-3.19
+ENV PYTHONUNBUFFERED 1
+ARG USERNAME=vscode
+
+RUN apk add --no-cache \
+    zsh \
+    ca-certificates curl wget gettext sshpass \
+    fzf jq git openssh-client \
+    go-task \
+    python3 py3-pip py3-virtualenv\
+    git direnv shellcheck\
+    ansible ansible-lint &&\
+    apk add --no-cache \
+        --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
+        age helm kubectl sops &&\
+    apk add --no-cache \
+    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \
+        lsd
+RUN if [ -f /etc/bash.bashrc ]; then \
+    echo -e 'eval "$(direnv hook bash)"' >> /etc/bash.bashrc; \
+    fi && \
+    if [ -f /etc/zsh/zshrc ]; then \
+        echo -e 'eval "$(direnv hook zsh)"' >> /etc/zsh/zshrc; \
+    fi
+USER $USERNAME
+
+# Add direnv whitelist for the workspace directory
+RUN mkdir -p /home/$USERNAME/.config/direnv &&\
+    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config &&\
+tee /home/$USERNAME/.config/direnv/direnv.toml > /dev/null <<EOF
+[whitelist]
+prefix = [ "/workspaces", "/home/vscode/.dotfiles" ]
+EOF
+
+WORKDIR /workspaces
+RUN virtualenv /home/$USERNAME/.venv &&\
+    git config --global --add safe.directory /workspaces/dotfiles &&\
+    git config --global --add safe.directory /home/$USERNAME/.dotfiles
+ENV VIRTUAL_ENV /home/$USERNAME/.venv
+ENV PATH $VIRTUAL_ENV:$PATH
+RUN . $VIRTUAL_ENV/bin/activate && pip install --upgrade pip && pip install pre-commit
+RUN mkdir /home/$USERNAME/.fonts \
+# Download MesloLGS font files
+&& curl -sLo /home/$USERNAME/.fonts/MesloLGS\ NF\ Regular.ttf https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Regular.ttf \
+&& curl -sLo /home/$USERNAME/.fonts/MesloLGS\ NF\ Bold.ttf https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold.ttf \
+&& curl -sLo /home/$USERNAME/.fonts/MesloLGS\ NF\ Italic.ttf https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Italic.ttf \
+&& curl -sLo /home/$USERNAME/.fonts/MesloLGS\ NF\ Bold\ Italic.ttf https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold%20Italic.ttf \
+# Download zsh-syntax-highlighting
+&& git clone https://github.com/zsh-users/zsh-syntax-highlighting.git /home/$USERNAME/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting --depth 1 \
+# Download zsh-autosuggestions
+&& git clone https://github.com/zsh-users/zsh-autosuggestions /home/$USERNAME/.oh-my-zsh/custom/plugins/zsh-autosuggestions --depth 1 \
+# Download powerlevel10k
+&& git clone https://github.com/romkatv/powerlevel10k.git /home/$USERNAME/.oh-my-zsh/custom/themes/powerlevel10k --depth=1 \
+# Download powerlevel10k config
+&& curl -sLo /home/$USERNAME/.p10k.zsh https://raw.githubusercontent.com/usma0118/dotfiles/HEAD/zshrc/themes/dev.p10k.zsh \
+&& curl -sLo /home/$USERNAME/.zsh https://raw.githubusercontent.com/usma0118/dotfiles/HEAD/.profile/.zshrc \
+&& curl -sLo /home/$USERNAME/.aliases https://raw.githubusercontent.com/usma0118/dotfiles/HEAD/.profile/.aliases
+
+RUN mkdir -p /home/$USERNAME/.vscode-server/extensions \
+        /home/$USERNAME/.cache \
+        /home/$USERNAME/.local \
+        /home/$USERNAME/.history \
+    && chown -R $USERNAME \
+        /home/$USERNAME/.vscode-server \
+        /home/$USERNAME/.cache \
+        /home/$USERNAME/.local \
+        /home/$USERNAME/.history \
+        /home/$USERNAME/.oh-my-zsh/custom/themes \
+        /home/$USERNAME/.oh-my-zsh/custom/plugins &&\
+        SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=/home/$USERNAME/.history/.bash_history" >> "/home/$USERNAME/.bashrc" &&\
+        echo "export PROMPT_COMMAND='history -a' && export HISTFILE=/home/$USERNAME/.history/.zsh_history" >> "/home/$USERNAME/.zsh_history"
+
+RUN echo "Pre-Loading zsh" && zsh -i -c "exit"
diff --git a/.github/workflows/dev-container-workflow.yml b/.github/workflows/dev-container-workflow.yml
@@ -0,0 +1,90 @@
+---
+  # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+  name: "Dev container - Build & release"
+  on:
+    workflow_dispatch:
+      inputs:
+        logLevel:
+          description: 'Log level'
+          required: true
+          default: 'warning'
+          type: choice
+          options:
+          - info
+          - warning
+          - debug
+    push:
+      branches: ["main"]
+      tags:
+        - '**'
+      paths: [".devcontainer/base/**"]
+    pull_request:
+      branches: ["main"]
+      paths: [".devcontainer/base/**"]
+  concurrency:
+    group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+    cancel-in-progress: true
+  env:
+    REGISTRY: ghcr.io
+    IMAGE_NAME: ${{ github.repository }}/devcontainers/base
+  jobs:
+    build-docker-image:
+      runs-on: ubuntu-latest
+      permissions:
+        contents: read
+        packages: write
+        id-token: write
+        attestations: write
+      strategy:
+        fail-fast: true
+      steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: arm64,amd64,arm
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+      - if: ${{ github.event_name != 'pull_request' }}
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@f7b4ed12385588c3f9bc252f0a2b520d83b52d48
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,format=short
+          flavor: |
+            latest=auto
+            prefix=
+            suffix=
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          context: "{{defaultContext}}:cryfs"
+          sbom: true
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: |
+            type=gha
+          cache-to: type=gha,mode=max
+      - if: ${{ github.event_name != 'pull_request' }}
+        name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        id: attest
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.docker_build.outputs.digest }}
+          push-to-registry: ${{ github.event_name != 'pull_request' }}
diff --git a/.github/workflows/devcontainer.yaml b/.github/workflows/devcontainer.yaml
@@ -0,0 +1,58 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Devcontainer"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+    paths: ["devcontainer/**"]
+  pull_request:
+    branches: ["main"]
+    paths: ["devcontainer/**"]
+#  schedule:
+#   - cron: "0 0 * * 1"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  devcontainer:
+    if: ${{ github.repository == 'usma0118/containers/devcontainers' }}
+    name: publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      - if: ${{ github.event_name != 'pull_request' }}
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: devcontainers/ci@v0.3
+        env:
+          BUILDX_NO_DEFAULT_ATTESTATIONS: true
+        with:
+          imageName: ghcr.io/${{ github.repository }}/devcontainer
+          # cacheFrom: ghcr.io/${{ github.repository }}/devcontainer
+          imageTag: base,latest
+          platform: linux/amd64,linux/arm64
+          configFile: devcontainer/dev/devcontainer.json
+          push: ${{ github.event_name == 'pull_request' && 'never' || 'always' }}
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,7 @@
+{
+    "ansible.python.interpreterPath": "/home/vscode/.venv/bin/python",
+    "terminal.integrated.fontFamily": "MesloLGS NF",
+    "dotfiles.repository": "usma0118/dotfiles",
+    "dotfiles.targetPath": "~/.dotfiles",
+    "dotfiles.installCommand": "~/.dotfiles/bootstrap.sh",
+}
