Conversation
There was a problem hiding this comment.
Pull request overview
Initial repository setup for an “eps-update-devcontainer” composite GitHub Action, including CI/release workflows, devcontainer config, Dependabot, and GitHub Copilot instruction scaffolding.
Changes:
- Added a composite action (
action.yml) to resolve the latest devcontainer image version from GHCR and open a PR updating.devcontainer/devcontainer.json. - Introduced standard CI / PR / release reusable-workflow wiring under
.github/workflows/. - Added baseline repo tooling/configuration (devcontainer, Dependabot, PR template, Copilot instructions/prompts, Makefile, README).
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Documents the action usage and behavior (currently diverges from implementation). |
| Makefile | Adds placeholder targets and forwards unknown targets to shared EPS make includes. |
| action.yml | Composite action to resolve image version and create a PR updating devcontainer.json. |
| .github/workflows/release.yml | Schedules release/tagging via reusable workflows. |
| .github/workflows/pull_request.yml | PR checks, title check, and dry-run tagging via reusable workflows. |
| .github/workflows/ci.yml | Push-to-main CI and dry-run tagging via reusable workflows. |
| .github/pull_request_template.md | Adds PR template and naming guidance. |
| .github/prompts/code_review.prompt.md | Adds a reusable prompt for comprehensive code review. |
| .github/instructions/project/instructions.md | Adds project-level Copilot instructions. |
| .github/instructions/languages/typescript.instructions.md | Adds TypeScript Copilot guidance. |
| .github/instructions/languages/terraform.instructions.md | Adds Terraform Copilot guidance. |
| .github/instructions/languages/sam.instructions.md | Adds SAM Copilot guidance. |
| .github/instructions/languages/python.instructions.md | Adds Python Copilot guidance. |
| .github/instructions/languages/cloudformation.instructions.md | Adds CloudFormation Copilot guidance. |
| .github/instructions/languages/cdk.instructions.md | Adds CDK (TypeScript) Copilot guidance. |
| .github/instructions/general/security.instructions.md | Adds security/OWASP guidance for all files. |
| .github/dependabot.yml | Configures Dependabot updates for actions/pip/npm with a GitHub Packages registry. |
| .github/copilot-instructions.md | Wires base standards to the per-language/per-project instruction files. |
| .github/config/settings.yml | Adds tag format config consumed by reusable workflows. |
| .devcontainer/Dockerfile | Defines devcontainer image build with optional docker group remapping. |
| .devcontainer/devcontainer.json | Configures devcontainer build args, mounts, and VS Code customizations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 21 out of 21 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
This PR is linked to a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: AEA-0000 |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 25 out of 26 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| USER root | ||
| # specify DOCKER_GID to force container docker group id to match host | ||
| RUN if [ -n "${DOCKER_GID}" ]; then \ | ||
| if ! getent group docker; then \ | ||
| groupadd -g ${DOCKER_GID} docker; \ | ||
| else \ | ||
| groupmod -g ${DOCKER_GID} docker; \ |
There was a problem hiding this comment.
DOCKER_GID is referenced in the RUN step but not declared as a build arg (ARG DOCKER_GID). As a result, the DOCKER_GID passed from devcontainer.json won't be available during build, and this block will never run. Declare ARG DOCKER_GID (and consider quoting ${DOCKER_GID} where used) so the group id sync works as intended.
| USER root | |
| # specify DOCKER_GID to force container docker group id to match host | |
| RUN if [ -n "${DOCKER_GID}" ]; then \ | |
| if ! getent group docker; then \ | |
| groupadd -g ${DOCKER_GID} docker; \ | |
| else \ | |
| groupmod -g ${DOCKER_GID} docker; \ | |
| ARG DOCKER_GID | |
| USER root | |
| # specify DOCKER_GID to force container docker group id to match host | |
| RUN if [ -n "${DOCKER_GID}" ]; then \ | |
| if ! getent group docker; then \ | |
| groupadd -g "${DOCKER_GID}" docker; \ | |
| else \ | |
| groupmod -g "${DOCKER_GID}" docker; \ |
| @@ -0,0 +1,16 @@ | |||
| .PHONY: install install-node compile lint test | |||
There was a problem hiding this comment.
.PHONY does not include several targets defined in this Makefile (install-python, install-hooks). Add them to .PHONY to avoid surprising behavior if files with those names exist.
| .PHONY: install install-node compile lint test | |
| .PHONY: install install-node install-python install-hooks compile lint test |
| - name: Create GitHub App Token | ||
| uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 | ||
| id: generate-token | ||
| with: | ||
| app-id: "${{ inputs.CREATE_PULL_REQUEST_APP_ID }}" | ||
| private-key: "${{ inputs.CREATE_PULL_REQUEST_PEM }}" | ||
|
|
||
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 |
There was a problem hiding this comment.
Even when no version change is needed, the workflow still generates a GitHub App token and runs create-pull-request. While create-pull-request will typically no-op when there are no diffs, generating the token (and making extra API calls) is unnecessary. Add an if: condition to the token/PR steps so they only run when latest_version differs from DEVCONTAINER_VERSION (or when the update step actually modified the file).
No description provided.