diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 1944322..ce6663f 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,6 +1,5 @@ FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04 -# Install essential packages and set up directories # hadolint ignore=DL3008 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && apt-get -y install --no-install-recommends \ @@ -8,11 +7,9 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ wget \ jq \ build-essential \ - openssh-server \ - tcl \ && apt-get clean -y \ - && rm -rf /var/lib/apt/lists/* \ - && mkdir -p /run/sshd \ - && mkdir -p /home/vscode/.ssh \ - && chown -R vscode:vscode /home/vscode/.ssh \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir -p /home/vscode/.ssh \ + && chown -R vscode:vscode /home/vscode \ && chmod 700 /home/vscode/.ssh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 0c8a02b..b897469 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -9,12 +9,16 @@ "ghcr.io/devcontainers/features/common-utils:2": { "installZsh": true, "username": "vscode", - "upgradePackages": true + "upgradePackages": false }, "ghcr.io/devcontainers/features/git:1": { - "version": "latest", + "version": "os-provided", "ppa": false }, + "ghcr.io/devcontainers/features/python:1": { + "version": "3.12", + "installTools": true + }, "ghcr.io/devcontainers/features/node:1": { "version": "lts", "nodeGypDependencies": false, @@ -25,14 +29,6 @@ "moby": true, "dockerDashComposeVersion": "v2" }, - "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": { - "version": "latest", - "helm": "latest", - "minikube": "latest" - }, - "ghcr.io/devcontainers/features/sshd:1": { - "version": "latest" - }, "ghcr.io/devcontainers/features/github-cli:1": { "version": "latest" } @@ -44,8 +40,9 @@ "github.copilot", "github.copilot-chat", "redhat.vscode-yaml", - "ms-kubernetes-tools.vscode-kubernetes-tools", - "blinksh.blink-fs" + "ms-python.python", + "ms-python.vscode-pylance", + "anthropic.claude-code" ], "settings": { "editor.formatOnSave": true, @@ -57,8 +54,6 @@ } } }, - "forwardPorts": [22], - "postCreateCommand": "npm install -g @anthropic-ai/claude-code@latest @github/copilot && echo '🚀 Development environment ready! Docker, Kubernetes (Minikube), Claude Code, GitHub Copilot CLI, and SSH are configured.' && sudo service ssh start", - "postStartCommand": "sudo service ssh restart", + "postCreateCommand": "npm install -g @anthropic-ai/claude-code && python3 --version && node --version && docker --version && gh --version && claude --version && echo 'Development environment ready'", "remoteUser": "vscode" } diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml deleted file mode 100644 index ee58e6f..0000000 --- a/.devcontainer/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3' - -services: - app: - build: - context: . - dockerfile: Dockerfile - volumes: - - ../..:/workspaces:cached - - vscode:/vscode:cached - ports: - - "22:22" - command: sleep infinity - environment: - - DOCKER_HOST=unix:///var/run/docker.sock - -volumes: - vscode: diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..e3ad6ea --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +# Keep devcontainer dependencies up to date +version: 2 +updates: + # Monitor GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "github-actions" + + # Monitor Docker base images + - package-ecosystem: "docker" + directory: "/.devcontainer" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "docker" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a4410c..2adccd2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,15 +17,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - - name: Install missing dependencies - run: sudo apt-get update && sudo apt-get install -y tcl - - - name: Check Docker Compose file existence - run: test -f .devcontainer/docker-compose.yml && echo "Docker Compose file exists" - - - name: Validate docker-compose.yml - run: docker compose -f .devcontainer/docker-compose.yml config + with: + fetch-depth: 0 - name: Lint Dockerfile uses: hadolint/hadolint-action@v3.1.0 @@ -48,12 +41,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - - name: Install missing dependencies - run: sudo apt-get update && sudo apt-get install -y tcl - - - name: Check Docker Compose version - run: docker compose version + with: + fetch-depth: 0 - name: Test devcontainer functionality uses: devcontainers/ci@v0.3 @@ -61,14 +50,18 @@ jobs: push: never runCmd: | # Test basic tools are available - which tclsh || echo "tclsh is missing" + which python3 || echo "python3 is missing" + which pip3 || echo "pip3 is missing" which docker || echo "docker is missing" - which kubectl || echo "kubectl is missing" - which helm || echo "helm is missing" which gh || echo "gh is missing" which node || echo "node is missing" which npm || echo "npm is missing" - which github-copilot-cli || echo "github-copilot-cli is missing" + which claude || echo "claude is missing" # Test essential packages + python3 --version + node --version + docker --version + gh --version + claude --version curl --version jq --version \ No newline at end of file diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index abd5d98..233940e 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -8,13 +8,11 @@ on: branches: [ main ] paths: - '.devcontainer/**' - - 'Dockerfile' - '.github/workflows/security.yml' pull_request: branches: [ main ] paths: - '.devcontainer/**' - - 'Dockerfile' - '.github/workflows/security.yml' workflow_dispatch: # Allow manual trigger @@ -30,9 +28,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Install missing dependencies - run: sudo apt-get update && sudo apt-get install -y tcl - - name: Build Docker image for scanning run: | IMAGE_NAME="dev-template:${{ github.sha }}" @@ -40,11 +35,12 @@ jobs: echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: '${{ env.IMAGE_NAME }}' format: 'sarif' output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 @@ -70,12 +66,13 @@ jobs: retention-days: 30 - name: Run Trivy filesystem scan - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.28.0 with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-fs-results.sarif' + severity: 'CRITICAL,HIGH' - name: Upload filesystem scan results uses: github/codeql-action/upload-sarif@v3 diff --git a/README.md b/README.md index 9641692..bc05ba0 100644 --- a/README.md +++ b/README.md @@ -3,29 +3,90 @@ [![CI](https://github.com/idvoretskyi/dev/actions/workflows/ci.yml/badge.svg)](https://github.com/idvoretskyi/dev/actions/workflows/ci.yml) [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/idvoretskyi/dev) -This repository serves as a default generic GitHub Codespace template. +This repository serves as an optimized GitHub Codespaces template for general development workflows. ## Features - Base image: Ubuntu 24.04 -- Pre-installed development tools -- VS Code extensions for productivity -- Configured with sensible defaults +- Essential development tools: + - Python 3.12 with pip + - Node.js LTS with npm + - Git (OS-provided) + - Docker-in-Docker with Docker Compose v2 + - GitHub CLI + - Claude Code CLI + - Zsh with common utilities + - Build essentials (gcc, make, etc.) +- VS Code extensions: + - Claude Dev (Anthropic) + - Python language support + - Docker support + - GitHub Copilot + - YAML support + +## Performance Optimizations + +The devcontainer balances speed with operability: + +- Includes essential tools: Python, Node.js, Docker, Git, GitHub CLI, Claude Code CLI +- Disabled package upgrades during build +- Removed heavy features (kubectl, helm, minikube, sshd) +- Uses OS-provided Git for faster builds +- Installs Claude Code CLI via npm in postCreateCommand +- Core VS Code extensions only + +Estimated startup time: 2-3 minutes ## Usage +### GitHub Codespaces 1. Click "Code" button on the GitHub repository 2. Select "Create codespace on main" 3. Wait for the environment to build -4. Start coding! -## Customization +### VS Code Local Dev Containers +1. Clone this repository +2. Open in VS Code +3. Click "Reopen in Container" when prompted + +## Using as a Template + +### Method 1: GitHub Template +Click "Use this template" button to create a new repository + +### Method 2: Copy Configuration +```bash +cp -r .devcontainer /path/to/your/project/ +``` + +### Customization + +Edit `.devcontainer/devcontainer.json` to add features or tools: + +```json +{ + "features": { + "ghcr.io/devcontainers/features/java:1": { + "version": "17" + } + }, + "postCreateCommand": "pip install -r requirements.txt" +} +``` -You can customize this environment by: +To add heavy tools like Kubernetes: -- Modifying `.devcontainer/devcontainer.json` to add VS Code extensions or settings -- Editing `.devcontainer/Dockerfile` to install additional packages -- Updating `.devcontainer/docker-compose.yml` to add services like databases +```json +{ + "features": { + "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": { + "version": "latest", + "helm": "latest", + "minikube": "none" + } + } +} +``` ## License