From 866bbca8a4841bfa0f9894c3177fdb38f1fe291b Mon Sep 17 00:00:00 2001 From: Tim Stephenson Date: Mon, 30 Mar 2026 09:13:46 +0000 Subject: [PATCH 1/4] chore: check if git-secrets already configured --- .devcontainer/devcontainer.json | 2 +- scripts/install-git-secrets.sh | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 scripts/install-git-secrets.sh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 40283e9..5c0ae11 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -22,7 +22,7 @@ "--network=host" ], "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" }, - "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt", + "postCreateCommand": "bash .devcontainer/../scripts/install-git-secrets.sh", "features": { }, "customizations": { diff --git a/scripts/install-git-secrets.sh b/scripts/install-git-secrets.sh new file mode 100644 index 0000000..48236a9 --- /dev/null +++ b/scripts/install-git-secrets.sh @@ -0,0 +1,7 @@ +#!/bin/bash +if ! git config --get-all secrets.patterns | grep -Fq AKIA; then + git-secrets --register-aws +fi +if ! git config --get-all secrets.providers | grep -Fxq "cat /usr/share/secrets-scanner/nhsd-rules-deny.txt"; then + git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt +fi From 91739122d9a9381107e42e18a5d600d8ca424275 Mon Sep 17 00:00:00 2001 From: Tim Stephenson Date: Mon, 30 Mar 2026 10:08:55 +0000 Subject: [PATCH 2/4] chore: add lifecycle scripts to base container --- .devcontainer/devcontainer.json | 4 +++- src/base/.devcontainer/Dockerfile | 1 + src/base/.devcontainer/scripts/lifecycle/post_attach.sh | 4 ++++ .../base/.devcontainer/scripts/lifecycle/post_create.sh | 3 +++ src/base/.devcontainer/scripts/lifecycle/post_start.sh | 4 ++++ 5 files changed, 15 insertions(+), 1 deletion(-) create mode 100755 src/base/.devcontainer/scripts/lifecycle/post_attach.sh rename scripts/install-git-secrets.sh => src/base/.devcontainer/scripts/lifecycle/post_create.sh (70%) mode change 100644 => 100755 create mode 100755 src/base/.devcontainer/scripts/lifecycle/post_start.sh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 5c0ae11..993737f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -22,7 +22,9 @@ "--network=host" ], "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" }, - "postCreateCommand": "bash .devcontainer/../scripts/install-git-secrets.sh", + "postCreateCommand": "bash ${SCRIPTS_DIR}/postCreate.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/postStart.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/postAttach.sh", "features": { }, "customizations": { diff --git a/src/base/.devcontainer/Dockerfile b/src/base/.devcontainer/Dockerfile index 8b1f4fd..de08e1e 100644 --- a/src/base/.devcontainer/Dockerfile +++ b/src/base/.devcontainer/Dockerfile @@ -21,6 +21,7 @@ ENV CONTAINER_NAME=${CONTAINER_NAME} ENV TARGETARCH=${TARGETARCH} COPY .tool-versions.asdf ${SCRIPTS_DIR}/${CONTAINER_NAME}/.tool-versions.asdf +COPY --chmod=755 scripts/lifecycle/*.sh ${SCRIPTS_DIR}/ COPY --chmod=755 scripts/root_install.sh ${SCRIPTS_DIR}/${CONTAINER_NAME}/root_install.sh COPY --chmod=755 Mk ${SCRIPTS_DIR}/Mk diff --git a/src/base/.devcontainer/scripts/lifecycle/post_attach.sh b/src/base/.devcontainer/scripts/lifecycle/post_attach.sh new file mode 100755 index 0000000..88b881e --- /dev/null +++ b/src/base/.devcontainer/scripts/lifecycle/post_attach.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# Script to run as devcontainer postAttachCommand + +# currently empty diff --git a/scripts/install-git-secrets.sh b/src/base/.devcontainer/scripts/lifecycle/post_create.sh old mode 100644 new mode 100755 similarity index 70% rename from scripts/install-git-secrets.sh rename to src/base/.devcontainer/scripts/lifecycle/post_create.sh index 48236a9..5c8c5ee --- a/scripts/install-git-secrets.sh +++ b/src/base/.devcontainer/scripts/lifecycle/post_create.sh @@ -1,4 +1,7 @@ #!/bin/bash +# Script to run as devcontainer postCreateCommand + +# Install git-secrets, register AWS patterns and NHS rules in an idempotent way if ! git config --get-all secrets.patterns | grep -Fq AKIA; then git-secrets --register-aws fi diff --git a/src/base/.devcontainer/scripts/lifecycle/post_start.sh b/src/base/.devcontainer/scripts/lifecycle/post_start.sh new file mode 100755 index 0000000..1c26bf0 --- /dev/null +++ b/src/base/.devcontainer/scripts/lifecycle/post_start.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# Script to run as devcontainer postStartCommand + +# currently empty From 81ed52267878bf50df0b9999f14b73006fd31fbf Mon Sep 17 00:00:00 2001 From: Tim Stephenson Date: Mon, 30 Mar 2026 11:06:32 +0000 Subject: [PATCH 3/4] chore: apply std postXxx scripts to all containers --- .devcontainer/devcontainer.json | 6 +++--- Makefile | 6 +++++- src/base/.devcontainer/devcontainer.json | 3 +++ src/base_node/node_24/.devcontainer/devcontainer.json | 3 +++ .../node_24_python_3_10/.devcontainer/devcontainer.json | 3 +++ .../node_24_python_3_12/.devcontainer/devcontainer.json | 3 +++ .../node_24_python_3_13/.devcontainer/devcontainer.json | 3 +++ .../node_24_python_3_14/.devcontainer/devcontainer.json | 3 +++ .../eps-data-extract/.devcontainer/devcontainer.json | 3 +++ .../eps-storage-terraform/.devcontainer/devcontainer.json | 3 +++ .../fhir_facade_api/.devcontainer/devcontainer.json | 3 +++ .../.devcontainer/devcontainer.json | 3 +++ .../.devcontainer/devcontainer.json | 3 +++ .../regression_tests/.devcontainer/devcontainer.json | 3 +++ 14 files changed, 44 insertions(+), 4 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 993737f..2232f7e 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -22,9 +22,9 @@ "--network=host" ], "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" }, - "postCreateCommand": "bash ${SCRIPTS_DIR}/postCreate.sh", - "postStartCommand": "bash ${SCRIPTS_DIR}/postStart.sh", - "postAttachCommand": "bash ${SCRIPTS_DIR}/postAttach.sh", + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": { }, "customizations": { diff --git a/Makefile b/Makefile index 40646c3..ab813ea 100644 --- a/Makefile +++ b/Makefile @@ -65,8 +65,12 @@ build-all: build-base-image build-node-24-image build-node-24-python-3-10-image build-regression-tests-image build-image: guard-CONTAINER_NAME guard-BASE_VERSION_TAG guard-BASE_FOLDER guard-IMAGE_TAG + workspace_folder="$${CONTAINER_NAME}"; \ + case "$${CONTAINER_NAME}" in \ + eps_*) workspace_folder="$$(printf '%s' "$${CONTAINER_NAME}" | tr '_' '-')" ;; \ + esac; \ npx devcontainer build \ - --workspace-folder ./src/$${BASE_FOLDER}/$${CONTAINER_NAME} \ + --workspace-folder ./src/$${BASE_FOLDER}/$${workspace_folder} \ $(NO_CACHE_FLAG) \ --push false \ --output type=image,name="${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}",push=false,compression=zstd \ diff --git a/src/base/.devcontainer/devcontainer.json b/src/base/.devcontainer/devcontainer.json index 7e75348..9b8e753 100644 --- a/src/base/.devcontainer/devcontainer.json +++ b/src/base/.devcontainer/devcontainer.json @@ -12,6 +12,9 @@ "IMAGE_TAG": "${localEnv:IMAGE_TAG}" } }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": { "ghcr.io/devcontainers/features/docker-outside-of-docker:1": { "version": "latest", diff --git a/src/base_node/node_24/.devcontainer/devcontainer.json b/src/base_node/node_24/.devcontainer/devcontainer.json index 90d861a..c14ec52 100644 --- a/src/base_node/node_24/.devcontainer/devcontainer.json +++ b/src/base_node/node_24/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/languages/node_24_python_3_10/.devcontainer/devcontainer.json b/src/languages/node_24_python_3_10/.devcontainer/devcontainer.json index a810718..3e8304b 100644 --- a/src/languages/node_24_python_3_10/.devcontainer/devcontainer.json +++ b/src/languages/node_24_python_3_10/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json b/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json index 0ac0328..95b9ffb 100644 --- a/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json +++ b/src/languages/node_24_python_3_12/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json b/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json index 0ac0328..95b9ffb 100644 --- a/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json +++ b/src/languages/node_24_python_3_13/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json b/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json index 8580944..01708ae 100644 --- a/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json +++ b/src/languages/node_24_python_3_14/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/projects/eps-data-extract/.devcontainer/devcontainer.json b/src/projects/eps-data-extract/.devcontainer/devcontainer.json index 8b10457..bfcb365 100644 --- a/src/projects/eps-data-extract/.devcontainer/devcontainer.json +++ b/src/projects/eps-data-extract/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/projects/eps-storage-terraform/.devcontainer/devcontainer.json b/src/projects/eps-storage-terraform/.devcontainer/devcontainer.json index 95c0a22..9c56e49 100644 --- a/src/projects/eps-storage-terraform/.devcontainer/devcontainer.json +++ b/src/projects/eps-storage-terraform/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/projects/fhir_facade_api/.devcontainer/devcontainer.json b/src/projects/fhir_facade_api/.devcontainer/devcontainer.json index 95c0a22..9c56e49 100644 --- a/src/projects/fhir_facade_api/.devcontainer/devcontainer.json +++ b/src/projects/fhir_facade_api/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/projects/node_24_python_3_14_golang_1_24/.devcontainer/devcontainer.json b/src/projects/node_24_python_3_14_golang_1_24/.devcontainer/devcontainer.json index e84c9ef..67e5a9b 100644 --- a/src/projects/node_24_python_3_14_golang_1_24/.devcontainer/devcontainer.json +++ b/src/projects/node_24_python_3_14_golang_1_24/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/projects/node_24_python_3_14_java_24/.devcontainer/devcontainer.json b/src/projects/node_24_python_3_14_java_24/.devcontainer/devcontainer.json index 65abfbe..2a6b023 100644 --- a/src/projects/node_24_python_3_14_java_24/.devcontainer/devcontainer.json +++ b/src/projects/node_24_python_3_14_java_24/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } diff --git a/src/projects/regression_tests/.devcontainer/devcontainer.json b/src/projects/regression_tests/.devcontainer/devcontainer.json index 95c0a22..9c56e49 100644 --- a/src/projects/regression_tests/.devcontainer/devcontainer.json +++ b/src/projects/regression_tests/.devcontainer/devcontainer.json @@ -13,6 +13,9 @@ }, "context": "." }, + "postCreateCommand": "bash ${SCRIPTS_DIR}/post_create.sh", + "postStartCommand": "bash ${SCRIPTS_DIR}/post_start.sh", + "postAttachCommand": "bash ${SCRIPTS_DIR}/post_attach.sh", "features": {} } From 32e923df9fc76e8a1a3ae3e23b5ab57d80b03ff9 Mon Sep 17 00:00:00 2001 From: Tim Stephenson Date: Mon, 30 Mar 2026 11:32:19 +0000 Subject: [PATCH 4/4] chore: strict mode --- src/base/.devcontainer/scripts/lifecycle/post_attach.sh | 3 ++- src/base/.devcontainer/scripts/lifecycle/post_create.sh | 3 ++- src/base/.devcontainer/scripts/lifecycle/post_start.sh | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/base/.devcontainer/scripts/lifecycle/post_attach.sh b/src/base/.devcontainer/scripts/lifecycle/post_attach.sh index 88b881e..6fe214c 100755 --- a/src/base/.devcontainer/scripts/lifecycle/post_attach.sh +++ b/src/base/.devcontainer/scripts/lifecycle/post_attach.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash # Script to run as devcontainer postAttachCommand +set -euo pipefail # currently empty diff --git a/src/base/.devcontainer/scripts/lifecycle/post_create.sh b/src/base/.devcontainer/scripts/lifecycle/post_create.sh index 5c8c5ee..13c7512 100755 --- a/src/base/.devcontainer/scripts/lifecycle/post_create.sh +++ b/src/base/.devcontainer/scripts/lifecycle/post_create.sh @@ -1,5 +1,6 @@ -#!/bin/bash +#!/usr/bin/env bash # Script to run as devcontainer postCreateCommand +set -euo pipefail # Install git-secrets, register AWS patterns and NHS rules in an idempotent way if ! git config --get-all secrets.patterns | grep -Fq AKIA; then diff --git a/src/base/.devcontainer/scripts/lifecycle/post_start.sh b/src/base/.devcontainer/scripts/lifecycle/post_start.sh index 1c26bf0..63dbbc0 100755 --- a/src/base/.devcontainer/scripts/lifecycle/post_start.sh +++ b/src/base/.devcontainer/scripts/lifecycle/post_start.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash # Script to run as devcontainer postStartCommand +set -euo pipefail # currently empty