Merge pull request #6 from a5chin/feature/devcontainer

DevContainer のアップデート
a5chin · Dec 2, 2024 · 208d5c7 · 208d5c7
2 parents 929f1c4 + 08d911f
commit 208d5c7
Show file tree

Hide file tree

Showing 6 changed files with 105 additions and 53 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,41 +1,31 @@
-FROM debian:bookworm-slim AS builder
+ARG BASE_IMAGE=mcr.microsoft.com/vscode/devcontainers/python
+ARG DEBIAN_VERSION=bookworm
+ARG PYTHON_VERSION=3.12
+ARG TRIVY_VERSION=0.57.1
 
-# hadolint ignore=DL3008
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-    apt-transport-https \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release
 
-SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]
+FROM ghcr.io/aquasecurity/trivy:$TRIVY_VERSION AS trivy
 
-# Install gcloud
-# ref: https://cloud.google.com/sdk/docs/install#deb
-RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg \
-    | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \
-    echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
-    | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
 
-# Install Trivy
-# ref: https://trivy.dev/dev/getting-started/installation/
-RUN curl https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - && \
-    echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" \
-    | tee -a /etc/apt/sources.list.d/trivy.list
+FROM $BASE_IMAGE:$PYTHON_VERSION-$DEBIAN_VERSION
+COPY --from=trivy --chown=vscode: /usr/local/bin/trivy /usr/local/bin/trivy
 
-# hadolint ignore=DL3008
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-    google-cloud-cli \
-    trivy
+LABEL maintainer="a5chin <a5chin.origin+contact@gmain.com>"
 
+ARG GCLOUD_SDK_VERSION=502.0.0
+ARG TFENV_VERSION=v3.0.0
 
-FROM mcr.microsoft.com/vscode/devcontainers/base:bookworm
+SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]
 
-LABEL maintainer="a5chin <a5chin.origin+contact@gmain.com>"
+RUN if [ "$(uname -m)" = 'aarch64' ]; then _ARCH=arm; else _ARCH=x86_64; fi \
+    && curl -fsS "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-$GCLOUD_SDK_VERSION-linux-$_ARCH.tar.gz" \
+    | tar zx -C /opt \
+    && /opt/google-cloud-sdk/install.sh \
+    --quiet \
+    --usage-reporting=false \
+    --additional-components alpha beta
+
+RUN git clone --depth=1 -b $TFENV_VERSION https://github.com/tfutils/tfenv.git /opt/tfenv
 
-COPY --from=builder --chown=vscode: /usr/bin/python* /usr/bin/python*
-COPY --from=builder --chown=vscode: /usr/bin/gcloud /usr/bin/gcloud
-COPY --from=builder --chown=vscode: /usr/bin/trivy /usr/bin/trivy
-COPY --from=builder --chown=vscode: /usr/lib /usr/lib
+ENV PATH=$PATH:/opt/google-cloud-sdk/bin
+ENV PATH=$PATH:/opt/tfenv/bin
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -2,12 +2,17 @@
     "name": "Terraform",
     "build": {
         "context": "..",
-        "dockerfile": "Dockerfile"
+        "dockerfile": "Dockerfile",
+        "args": {
+            "BASE_IMAGE": "mcr.microsoft.com/vscode/devcontainers/python",
+            "DEBIAN_VERSION": "bookworm",
+            "GCLOUD_SDK_VERSION": "502.0.0",
+            "PYTHON_VERSION": "3.12",
+            "TFENV_VERSION": "v3.0.0",
+            "TRIVY_VERSION": "0.57.1"
+        }
     },
     "features": {
-        "terraform": {
-            "version": "1.9.8"
-        },
         "ghcr.io/devcontainers-extra/features/pre-commit:2": {},
         "ghcr.io/devcontainers-extra/features/terraform-docs:1": {},
         "ghcr.io/dhoeric/features/hadolint:1": {}
@@ -16,28 +21,19 @@
         "vscode": {
             "extensions": [
                 "aquasecurityofficial.trivy-vulnerability-scanner",
-                "codezombiech.gitignore",
-                "eamodio.gitlens",
                 "exiasr.hadolint",
+                "hashicorp.terraform",
                 "mosapride.zenkaku",
                 "ms-azuretools.vscode-docker",
-                "oderwat.indent-rainbow",
-                "pkief.material-icon-theme",
                 "redhat.vscode-yaml",
-                "shardulm94.trailing-spaces",
-                "usernamehw.errorlens",
-                "yzhang.markdown-all-in-one"
-            ],
-            "settings": {
-                "terminal.integrated.defaultProfile.linux": "zsh",
-                "terminal.integrated.profiles.linux": {
-                    "zsh": {
-                        "path": "/bin/zsh"
-                    }
-                }
-            }
+                "shardulm94.trailing-spaces"
+            ]
         }
     },
-    "postStartCommand": "pre-commit install",
+    "containerEnv": {
+        "DISPLAY": "dummy",
+        "PYTHONUNBUFFERED": "True"
+    },
+    "postCreateCommand": "pre-commit install",
     "remoteUser": "vscode"
 }
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,43 @@
+name: Docker
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint-devcontainer:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Lint Dockerfile
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: .devcontainer/Dockerfile
+
+  build-devcontainer:
+    runs-on: ubuntu-latest
+
+    needs: lint-devcontainer
+    if: ${{ success() }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: .devcontainer/Dockerfile
+          push: false
+          tags: latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -16,3 +16,13 @@ repos:
       - id: terraform_tflint
         name: terraform-lint
         description: "Run tflint"
+
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.12.0
+    hooks:
+      - id: hadolint
+        name: Lint Dockerfiles
+        description: Runs hadolint to lint Dockerfiles
+        language: system
+        types: ["dockerfile"]
+        entry: hadolint
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -4,6 +4,7 @@
         "codezombiech.gitignore",
         "eamodio.gitlens",
         "exiasr.hadolint",
+        "hashicorp.terraform",
         "mosapride.zenkaku",
         "ms-azuretools.vscode-docker",
         "ms-vscode-remote.remote-containers",

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,6 +1,12 @@
 {
     "files.insertFinalNewline": true,
     "files.trimTrailingWhitespace": true,
+    "terminal.integrated.defaultProfile.linux": "zsh",
+    "terminal.integrated.profiles.linux": {
+        "zsh": {
+            "path": "/bin/zsh"
+        }
+    },
     "[dockercompose]": {
         "editor.autoIndent": "advanced",
         "editor.defaultFormatter": "redhat.vscode-yaml",
@@ -28,6 +34,12 @@
         },
         "editor.tabSize": 2
     },
+    "[json][jsonc]": {
+        "editor.defaultFormatter": "vscode.json-language-features",
+        "editor.formatOnSave": true,
+        "editor.insertSpaces": true,
+        "editor.tabSize": 4
+    },
     "[terraform]": {
         "editor.defaultFormatter": "hashicorp.terraform",
         "editor.formatOnSave": true,