microsoft · WilliamBerryiii · Mar 7, 2026 · Mar 4, 2026 · Mar 5, 2026 · Mar 5, 2026
@@ -0,0 +1,95 @@
+name: "Devcontainer Change Log"
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    paths:
+      - '.devcontainer/**'
+      - '.github/workflows/copilot-setup-steps.yml'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+
+jobs:
+  log-changes:
+    name: Log Infrastructure Changes
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Write infrastructure change summary
+        env:
+          GIT_SHA: ${{ github.sha }}
+          REF_NAME: ${{ github.ref_name }}
+          EVENT_NAME: ${{ github.event_name }}
+          BEFORE_SHA: ${{ github.event.before }}
+        run: |
+          set -euo pipefail
+
+          {
+            echo "## Devcontainer Infrastructure Changes"
+            echo ""
+            echo "| Property | Value |"
+            echo "|----------|-------|"
+            echo "| Commit | \`${GIT_SHA}\` |"
+            echo "| Branch | \`${REF_NAME}\` |"
+            echo "| Trigger | \`${EVENT_NAME}\` |"
+            echo ""
+
+            if [ "$EVENT_NAME" = "workflow_dispatch" ]; then
+              echo "_Triggered via workflow_dispatch. No push range available for automatic diff._"
+            elif [ "$BEFORE_SHA" = "0000000000000000000000000000000000000000" ]; then
+              echo "_Initial push to branch — no prior commit range available._"
+            else
+              if ! CHANGED=$(git diff --name-only "$BEFORE_SHA" "$GIT_SHA" -- '.devcontainer/' '.github/workflows/copilot-setup-steps.yml' 2>&1); then
+                echo "_Could not compute diff: \`$BEFORE_SHA\` may not be reachable (force push?)._"
+              elif [ -z "$CHANGED" ]; then
+                echo "_No devcontainer infrastructure files changed in this push._"
+              else
+                echo "| File | Category | Pre-build Impact |"
+                echo "|------|----------|-----------------|"
+                while IFS= read -r file; do
+                  [ -z "$file" ] && continue
+                  case "$file" in
+                    .devcontainer/scripts/on-create.sh)
+                      echo "| \`$file\` | Lifecycle Scripts | High |"
+                      ;;
+                    .devcontainer/scripts/post-create.sh)
+                      echo "| \`$file\` | Lifecycle Scripts | Low |"
+                      ;;
+                    .devcontainer/Dockerfile*|.devcontainer/*.dockerfile)
+                      echo "| \`$file\` | Base Image | High |"
+                      ;;
+                    .devcontainer/features/*)
+                      echo "| \`$file\` | Features | Medium |"
+                      ;;
+                    .devcontainer/devcontainer.json)
+                      echo "| \`$file\` | Config | High |"
+                      ;;
+                    .github/workflows/copilot-setup-steps.yml)
+                      echo "| \`$file\` | Setup Steps | Medium |"
+                      ;;
+                    .devcontainer/*)
+                      echo "| \`$file\` | Config | Medium |"
+                      ;;
+                    *)
+                      echo "| \`$file\` | Other | Unknown |"
+                      ;;
+                  esac
+                done <<< "$CHANGED"
+              fi
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"
@@ -44,21 +44,22 @@ flowchart TD
 
 ## Workflow Inventory
 
-| Workflow                             | Trigger                 | Purpose                                         |
-|--------------------------------------|-------------------------|-------------------------------------------------|
-| `pr-validation.yml`                  | Pull request, manual    | Pre-merge quality gate with parallel validation |
-| `release-stable.yml`                 | Push to main, manual    | Post-merge validation and release automation    |
-| `weekly-security-maintenance.yml`    | Sunday 2 AM UTC, manual | Scheduled security posture review               |
-| `security-scan.yml`                  | Push to main/develop    | CodeQL security validation                      |
-| `release-marketplace-stable.yml`     | Manual                  | VS Code extension marketplace publishing        |
-| `release-marketplace-prerelease.yml` | Manual                  | VS Code extension pre-release publishing        |
-| `copilot-setup-steps.yml`            | Manual                  | Coding agent environment setup                  |
-| `release-prerelease.yml`             | PR closed               | Pre-release tag and publish on merge to main    |
-| `release-prerelease-pr.yml`          | Push to main            | Pre-release companion PR management             |
-| `scorecard.yml`                      | Schedule, push          | OpenSSF Scorecard security analysis             |
-| `codeql-analysis.yml`                | Schedule                | Weekly CodeQL security scan (also reusable)     |
-| `dependency-review.yml`              | Pull request            | Dependency vulnerability review (also reusable) |
-| `sha-staleness-check.yml`            | Manual                  | SHA reference freshness check (also reusable)   |
+| Workflow                             | Trigger                 | Purpose                                                           |
+|--------------------------------------|-------------------------|-------------------------------------------------------------------|
+| `pr-validation.yml`                  | Pull request, manual    | Pre-merge quality gate with parallel validation                   |
+| `release-stable.yml`                 | Push to main, manual    | Post-merge validation and release automation                      |
+| `weekly-security-maintenance.yml`    | Sunday 2 AM UTC, manual | Scheduled security posture review                                 |
+| `security-scan.yml`                  | Push to main/develop    | CodeQL security validation                                        |
+| `release-marketplace-stable.yml`     | Manual                  | VS Code extension marketplace publishing                          |
+| `release-marketplace-prerelease.yml` | Manual                  | VS Code extension pre-release publishing                          |
+| `copilot-setup-steps.yml`            | Manual                  | Coding agent environment setup                                    |
+| `devcontainer-change-log.yml`        | Push to main/develop    | Logs devcontainer infrastructure file changes to the step summary |
+| `release-prerelease.yml`             | PR closed               | Pre-release tag and publish on merge to main                      |
+| `release-prerelease-pr.yml`          | Push to main            | Pre-release companion PR management                               |
+| `scorecard.yml`                      | Schedule, push          | OpenSSF Scorecard security analysis                               |
+| `codeql-analysis.yml`                | Schedule                | Weekly CodeQL security scan (also reusable)                       |
+| `dependency-review.yml`              | Pull request            | Dependency vulnerability review (also reusable)                   |
+| `sha-staleness-check.yml`            | Manual                  | SHA reference freshness check (also reusable)                     |
 
 ### Reusable Workflows