initial commit

Author: anthony-nhs

.devcontainer/Dockerfile

@@ -0,0 +1,97 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
+ARG TARGETARCH
+ENV TARGETARCH=${TARGETARCH}
+
+# Install essential packages first
+RUN apt-get update && apt-get install -y \
+    curl \
+    wget \
+    git \
+    sudo \
+    unzip \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy ASDF version file
+ARG ASDF_VERSION
+COPY .tool-versions.asdf /tmp/.tool-versions.asdf
+
+# Add amd64 architecture if on arm64
+RUN if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then dpkg --add-architecture amd64; fi
+
+RUN apt-get update \
+    && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y dist-upgrade \
+    && apt-get -y install --no-install-recommends htop vim curl git build-essential \
+    libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
+    zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
+    jq apt-transport-https ca-certificates gnupg-agent \
+    software-properties-common bash-completion python3-pip make libbz2-dev \
+    libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
+    xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev uuid-runtime xxd unzip
+
+# install aws stuff
+# Download correct AWS CLI for arch
+RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
+    else \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
+    fi && \
+    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
+    /tmp/aws-cli/aws/install && \
+    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
+
+# Install ASDF
+RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
+    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \
+    else \
+      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \
+    fi && \
+    tar -xzf /tmp/asdf.tar.gz -C /tmp && \
+    mkdir -p /usr/bin && \
+    mv /tmp/asdf /usr/bin/asdf && \
+    chmod +x /usr/bin/asdf && \
+    rm -rf /tmp/asdf.tar.gz 
+
+# install gitsecrets
+RUN git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets && \
+    cd /tmp/git-secrets && \
+    make install && \
+    cd && \
+    rm -rf /tmp/git-secrets && \
+    mkdir -p /usr/share/secrets-scanner && \
+    chmod 755 /usr/share/secrets-scanner && \
+    curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
+
+USER vscode
+
+ENV PATH="/home/vscode/.asdf/shims/:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"
+RUN \
+    echo 'PATH="/home/vscode/.asdf/shims/:$PATH:/workspaces/eps-devcontainers/node_modules/.bin"' >> ~/.bashrc; \
+    echo '. <(asdf completion bash)' >> ~/.bashrc; \
+    echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \
+    echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \
+    echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
+
+# Install ASDF plugins
+RUN asdf plugin add python; \
+    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
+    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
+    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
+    asdf plugin add direnv; \
+    asdf plugin add actionlint; \
+    asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git; \
+    asdf plugin add trivy https://github.com/zufardhiyaulhaq/asdf-trivy.git
+
+
+WORKDIR /workspaces/eps-devcontainers
+COPY .tool-versions /workspaces/eps-devcontainers/.tool-versions
+COPY .tool-versions /home/vscode/.tool-versions
+
+# install python before poetry to ensure correct python version is used
+RUN asdf install python; \
+    asdf install
+
+RUN git-secrets --register-aws --global && \
+  git-secrets --add-provider --global -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt

.devcontainer/devcontainer.json

@@ -0,0 +1,86 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
+{
+    "name": "Ubuntu",
+    // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+    "build": {
+      "dockerfile": "Dockerfile",
+      "context": "..",
+      "args": {}
+    },
+    "mounts": [
+      "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
+      "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
+      "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
+      "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
+    ],
+    "runArgs": [
+      "--network=host"
+    ],
+    "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
+    "postAttachCommand": "docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && poetry run pre-commit install --install-hooks -f",
+    "features": {
+      "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
+        "version": "latest",
+        "moby": "true",
+        "installDockerBuildx": "true"
+      },
+      "ghcr.io/devcontainers/features/github-cli:1": {}
+    },
+    "customizations": {
+      "vscode": {
+        "extensions": [
+            "AmazonWebServices.aws-toolkit-vscode",
+            "redhat.vscode-yaml",
+            "ms-python.python",
+            "ms-python.flake8",
+            "eamodio.gitlens",
+            "github.vscode-pull-request-github",
+            "orta.vscode-jest",
+            "42crunch.vscode-openapi",
+            "mermade.openapi-lint",
+            "christian-kohler.npm-intellisense",
+            "dbaeumer.vscode-eslint",
+            "lfm.vscode-makefile-term",
+            "GrapeCity.gc-excelviewer",
+            "redhat.vscode-xml",
+            "streetsidesoftware.code-spell-checker",
+            "timonwong.shellcheck",
+            "mkhl.direnv",
+            "github.vscode-github-actions",
+            "Gruntfuggly.todo-tree",
+            "ms-vscode.makefile-tools"
+        ],
+        "settings": {
+          "python.defaultInterpreterPath": "/workspaces/eps-devcontainers/.venv/bin/python",
+          "python.analysis.autoSearchPaths": true,
+          "python.analysis.extraPaths": [],
+          "python.testing.unittestEnabled": false,
+          "python.testing.pytestEnabled": true,
+          "pylint.enabled": false,
+          "python.linting.flake8Enabled": true,
+          "python.linting.enabled": true, // required to format on save
+          "editor.formatOnPaste": false, // required
+          "editor.formatOnType": false, // required
+          "editor.formatOnSave": true, // optional
+          "editor.formatOnSaveMode": "file",
+          "cSpell.words": ["fhir", "Formik", "pino", "serialisation"],
+          "editor.defaultFormatter": "dbaeumer.vscode-eslint"
+  
+        },
+        "eslint.useFlatConfig": true,
+        "eslint.format.enable": true
+      }
+    },
+    "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/eps-devcontainers; make install; direnv allow ."
+    // "features": {},
+    // Use 'forwardPorts' to make a list of ports inside the container available locally.
+    // "forwardPorts": [],
+    // Use 'postCreateCommand' to run commands after the container is created.
+    // "postCreateCommand": ""
+    // Configure tool-specific properties.
+    // "customizations": {},
+    // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+    // "remoteUser": "root"
+  }
+  

.gitignore

@@ -0,0 +1,3 @@
+node_modules/
+.venv/
+src/base/.devcontainer/language_versions/

.pre-commit-config.yaml

@@ -0,0 +1,54 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-merge-conflict
+        name: Check for merge conflict strings
+
+      - id: end-of-file-fixer
+        name: Fix missing newline at the end of files
+
+      - id: check-shebang-scripts-are-executable
+        name: Check shell scripts are executable
+        files: \.(sh)$
+
+      - id: check-yaml
+        name: Check pipelines configuration
+        files: ^(.github)
+
+  - repo: https://github.com/pycqa/flake8
+    rev: "7ef0350a439c93166bc8ba89fcc3de6a9a664e6c" # release 6.1.0
+    hooks:
+      - id: flake8
+
+  - repo: local
+    hooks:
+      - id: lint-githubactions
+        name: Lint github actions
+        entry: make
+        args: ["lint-githubactions"]
+        language: system
+        files: ^.github
+        types_or: [yaml]
+        pass_filenames: false
+
+      - id: lint-githubaction-scripts
+        name: Lint github action scripts
+        entry: make
+        args: ["lint-githubaction-scripts"]
+        language: system
+        files: ^.github/scripts
+        types_or: [sh, shell]
+        pass_filenames: false
+
+      - id: git-secrets
+        name: Git Secrets
+        description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+        entry: bash
+        args:
+          - -c
+          - 'git-secrets --pre_commit_hook'
+        language: system
+
+fail_fast: true
+default_stages: [pre-commit]

.tool-versions

@@ -0,0 +1,8 @@
+nodejs 24.12.0
+python 3.14.2
+poetry 2.2.1
+shellcheck 0.11.0
+direnv 2.37.1
+actionlint 1.7.10
+ruby 3.3.0
+trivy 0.68.2

.tool-versions.asdf

@@ -0,0 +1,2 @@
+# define the .asdf-version to use here
+0.18.0

Makefile

@@ -0,0 +1,33 @@
+CONTAINER_PREFIX=ghcr.io/nhsdigital/eps-devcontainer-
+CONTAINER_NAME=base
+IMAGE_NAME=${CONTAINER_PREFIX}$(CONTAINER_NAME)
+WORKSPACE_FOLDER=.
+
+install: install-python install-node install-hooks
+
+install-python:
+	poetry install
+
+install-node:
+	npm install
+
+install-hooks: install-python
+	poetry run pre-commit install --install-hooks --overwrite
+
+install-hooks:
+build-base-image: generate-language-version-files
+	CONTAINER_NAME=$(CONTAINER_NAME) \
+	devcontainer build \
+		--workspace-folder ./src/base/ \
+		--push false \
+		--image-name "${IMAGE_NAME}"
+
+generate-language-version-files:
+	./scripts/generate_language_version_files.sh
+
+scan-base-image:
+	trivy image \
+		--severity HIGH,CRITICAL \
+		--ignorefile .trivyignore.yaml \
+		--exit-code 1 \
+		--format table ${IMAGE_NAME} 

package-lock.json

@@ -0,0 +1,14 @@
+{
+  "name": "eps-devcontainers",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "@devcontainers/cli": "^0.80.3"
+  }
+}