From 4bd2682c7d594e3b1c5da6db1dccd88a45e82f6d Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 15:28:36 +0200 Subject: [PATCH 01/10] Optimize devcontainer for faster startup - Disabled package upgrades (upgradePackages: false) - Removed heavy features: kubectl-helm-minikube, sshd - Changed Git to os-provided version for faster builds - Removed unnecessary packages from Dockerfile - Removed docker-compose.yml for simpler single-container setup - Streamlined postCreateCommand - Removed heavy VS Code extensions - Added setup-optional-tools.sh for on-demand tool installation - Added dependabot.yml for dependency management Estimated startup time reduced from 4-6 minutes to 1-2 minutes. Signed-off-by: Ihor Dvoretskyi --- .devcontainer/Dockerfile | 12 ++--- .devcontainer/devcontainer.json | 20 ++------ .devcontainer/docker-compose.yml | 18 ------- .devcontainer/setup-optional-tools.sh | 13 +++++ .github/dependabot.yml | 20 ++++++++ README.md | 70 +++++++++++++++++++++++---- 6 files changed, 101 insertions(+), 52 deletions(-) delete mode 100644 .devcontainer/docker-compose.yml create mode 100644 .devcontainer/setup-optional-tools.sh create mode 100644 .github/dependabot.yml diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 1944322..79a5e8a 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,18 +1,14 @@ FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04 -# Install essential packages and set up directories -# hadolint ignore=DL3008 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && apt-get -y install --no-install-recommends \ curl \ wget \ jq \ build-essential \ - openssh-server \ - tcl \ && apt-get clean -y \ - && rm -rf /var/lib/apt/lists/* \ - && mkdir -p /run/sshd \ - && mkdir -p /home/vscode/.ssh \ - && chown -R vscode:vscode /home/vscode/.ssh \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir -p /home/vscode/.ssh \ + && chown -R vscode:vscode /home/vscode \ && chmod 700 /home/vscode/.ssh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 5b79038..96b26cf 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -9,10 +9,10 @@ "ghcr.io/devcontainers/features/common-utils:2": { "installZsh": true, "username": "vscode", - "upgradePackages": true + "upgradePackages": false }, "ghcr.io/devcontainers/features/git:1": { - "version": "latest", + "version": "os-provided", "ppa": false }, "ghcr.io/devcontainers/features/node:1": { @@ -25,14 +25,6 @@ "moby": true, "dockerDashComposeVersion": "v2" }, - "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": { - "version": "latest", - "helm": "latest", - "minikube": "latest" - }, - "ghcr.io/devcontainers/features/sshd:1": { - "version": "latest" - }, "ghcr.io/devcontainers/features/github-cli:1": { "version": "latest" } @@ -43,9 +35,7 @@ "ms-azuretools.vscode-docker", "github.copilot", "github.copilot-chat", - "redhat.vscode-yaml", - "ms-kubernetes-tools.vscode-kubernetes-tools", - "blinksh.blink-fs" + "redhat.vscode-yaml" ], "settings": { "editor.formatOnSave": true, @@ -57,8 +47,6 @@ } } }, - "forwardPorts": [22], - "postCreateCommand": "npm install -g @anthropic-ai/claude-code@latest && echo '🚀 Development environment ready! Docker, Kubernetes (Minikube), Claude Code, and SSH are configured.' && sudo service ssh start", - "postStartCommand": "sudo service ssh restart", + "postCreateCommand": "echo 'Development environment ready'", "remoteUser": "vscode" } diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml deleted file mode 100644 index ee58e6f..0000000 --- a/.devcontainer/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3' - -services: - app: - build: - context: . - dockerfile: Dockerfile - volumes: - - ../..:/workspaces:cached - - vscode:/vscode:cached - ports: - - "22:22" - command: sleep infinity - environment: - - DOCKER_HOST=unix:///var/run/docker.sock - -volumes: - vscode: diff --git a/.devcontainer/setup-optional-tools.sh b/.devcontainer/setup-optional-tools.sh new file mode 100644 index 0000000..dada8c9 --- /dev/null +++ b/.devcontainer/setup-optional-tools.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +echo "Installing optional development tools..." + +# Uncomment if needed: +# npm install -g @anthropic-ai/claude-code@latest + +# Uncomment if needed: +# pip3 install --user black pylint pytest + +echo "Optional tools installation complete" diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..e3ad6ea --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +# Keep devcontainer dependencies up to date +version: 2 +updates: + # Monitor GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "github-actions" + + # Monitor Docker base images + - package-ecosystem: "docker" + directory: "/.devcontainer" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "docker" diff --git a/README.md b/README.md index 9641692..4a0b9ba 100644 --- a/README.md +++ b/README.md @@ -3,29 +3,79 @@ [![CI](https://github.com/idvoretskyi/dev/actions/workflows/ci.yml/badge.svg)](https://github.com/idvoretskyi/dev/actions/workflows/ci.yml) [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/idvoretskyi/dev) -This repository serves as a default generic GitHub Codespace template. +This repository serves as an optimized GitHub Codespaces template for general development workflows. ## Features - Base image: Ubuntu 24.04 -- Pre-installed development tools -- VS Code extensions for productivity -- Configured with sensible defaults +- Essential development tools: + - Git (OS-provided) + - Node.js LTS + - Docker-in-Docker + - GitHub CLI + - Zsh with common utilities +- VS Code extensions: + - Docker support + - GitHub Copilot + - YAML support + +## Performance Optimizations + +The devcontainer is optimized for fast startup: + +- Disabled package upgrades during build +- Removed heavy features (kubectl, helm, minikube, sshd) +- Removed unnecessary Docker packages +- Minimal postCreateCommand +- Essential VS Code extensions only + +Estimated startup time: 1-2 minutes ## Usage +### GitHub Codespaces 1. Click "Code" button on the GitHub repository 2. Select "Create codespace on main" 3. Wait for the environment to build -4. Start coding! -## Customization +### VS Code Local Dev Containers +1. Clone this repository +2. Open in VS Code +3. Click "Reopen in Container" when prompted + +## Using as a Template + +### Method 1: GitHub Template +Click "Use this template" button to create a new repository + +### Method 2: Copy Configuration +```bash +cp -r .devcontainer /path/to/your/project/ +``` + +### Customization + +Edit `.devcontainer/devcontainer.json` to add features: + +```json +{ + "features": { + "ghcr.io/devcontainers/features/python:1": { + "version": "3.11" + } + }, + "postCreateCommand": "pip install -r requirements.txt" +} +``` + +## Optional Tools -You can customize this environment by: +Install additional tools as needed: +```bash +bash .devcontainer/setup-optional-tools.sh +``` -- Modifying `.devcontainer/devcontainer.json` to add VS Code extensions or settings -- Editing `.devcontainer/Dockerfile` to install additional packages -- Updating `.devcontainer/docker-compose.yml` to add services like databases +Edit the script to customize which tools to install. ## License From d6388fe8075b5e09ba219436865d015878d71d98 Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 15:33:14 +0200 Subject: [PATCH 02/10] Fix CI workflow to match optimized devcontainer - Remove docker-compose.yml validation steps - Remove tcl dependency installation - Remove kubectl and helm checks (not installed by default) - Remove tclsh check (not installed by default) - Keep only essential tool checks Signed-off-by: Ihor Dvoretskyi --- .github/workflows/ci.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a4410c..46c159a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,15 +18,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Install missing dependencies - run: sudo apt-get update && sudo apt-get install -y tcl - - - name: Check Docker Compose file existence - run: test -f .devcontainer/docker-compose.yml && echo "Docker Compose file exists" - - - name: Validate docker-compose.yml - run: docker compose -f .devcontainer/docker-compose.yml config - - name: Lint Dockerfile uses: hadolint/hadolint-action@v3.1.0 with: @@ -49,22 +40,13 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Install missing dependencies - run: sudo apt-get update && sudo apt-get install -y tcl - - - name: Check Docker Compose version - run: docker compose version - - name: Test devcontainer functionality uses: devcontainers/ci@v0.3 with: push: never runCmd: | # Test basic tools are available - which tclsh || echo "tclsh is missing" which docker || echo "docker is missing" - which kubectl || echo "kubectl is missing" - which helm || echo "helm is missing" which gh || echo "gh is missing" which node || echo "node is missing" which npm || echo "npm is missing" From 52f64d7adc7cad74d69d9ff7090ffaba114c2d05 Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 15:35:12 +0200 Subject: [PATCH 03/10] Fix Hadolint DL3008 warning in Dockerfile Add hadolint ignore comment for DL3008 warning about unpinned package versions. For a development template, using latest versions from the base image is preferred for flexibility and ease of maintenance. Signed-off-by: Ihor Dvoretskyi --- .devcontainer/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 79a5e8a..ce6663f 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,6 @@ FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04 +# hadolint ignore=DL3008 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && apt-get -y install --no-install-recommends \ curl \ From a9a4a5125365337eb5f1be099694e18f720d2227 Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 15:37:07 +0200 Subject: [PATCH 04/10] Fix Gitleaks by fetching full git history Add fetch-depth: 0 to checkout steps to ensure Gitleaks has access to the full commit history for scanning the commit range. Signed-off-by: Ihor Dvoretskyi --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46c159a..0754b8f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,6 +17,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Lint Dockerfile uses: hadolint/hadolint-action@v3.1.0 @@ -39,6 +41,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Test devcontainer functionality uses: devcontainers/ci@v0.3 From 3586fe71578ff0c565ba51f296c47f398d8c1736 Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 16:02:02 +0200 Subject: [PATCH 05/10] Remove github-copilot-cli check from tests This tool is no longer installed as part of the optimized devcontainer. Signed-off-by: Ihor Dvoretskyi --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0754b8f..d53b33f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,7 +54,6 @@ jobs: which gh || echo "gh is missing" which node || echo "node is missing" which npm || echo "npm is missing" - which github-copilot-cli || echo "github-copilot-cli is missing" # Test essential packages curl --version jq --version \ No newline at end of file From 0947159b3c05c6bc38a0687f138311b6795a306e Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 16:04:36 +0200 Subject: [PATCH 06/10] Add Python support for balanced operability Add Python 3.12 feature with pip and tools for a complete development experience. Python is nearly universal for scripting, automation, and development workflows. Changes: - Added Python 3.12 with pip and development tools - Added Python VS Code extensions (Python, Pylance) - Updated postCreateCommand to verify all core tools - Updated CI tests to verify Python installation - Updated README with more accurate feature list and timing This balances startup speed (2-3 min) with operational completeness. Signed-off-by: Ihor Dvoretskyi --- .devcontainer/devcontainer.json | 10 ++++++++-- .github/workflows/ci.yml | 6 ++++++ README.md | 18 +++++++++++------- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 96b26cf..adf6bad 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -15,6 +15,10 @@ "version": "os-provided", "ppa": false }, + "ghcr.io/devcontainers/features/python:1": { + "version": "3.12", + "installTools": true + }, "ghcr.io/devcontainers/features/node:1": { "version": "lts", "nodeGypDependencies": false, @@ -35,7 +39,9 @@ "ms-azuretools.vscode-docker", "github.copilot", "github.copilot-chat", - "redhat.vscode-yaml" + "redhat.vscode-yaml", + "ms-python.python", + "ms-python.vscode-pylance" ], "settings": { "editor.formatOnSave": true, @@ -47,6 +53,6 @@ } } }, - "postCreateCommand": "echo 'Development environment ready'", + "postCreateCommand": "python3 --version && node --version && docker --version && gh --version && echo 'Development environment ready'", "remoteUser": "vscode" } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d53b33f..fe4d498 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,10 +50,16 @@ jobs: push: never runCmd: | # Test basic tools are available + which python3 || echo "python3 is missing" + which pip3 || echo "pip3 is missing" which docker || echo "docker is missing" which gh || echo "gh is missing" which node || echo "node is missing" which npm || echo "npm is missing" # Test essential packages + python3 --version + node --version + docker --version + gh --version curl --version jq --version \ No newline at end of file diff --git a/README.md b/README.md index 4a0b9ba..b0cab72 100644 --- a/README.md +++ b/README.md @@ -9,27 +9,31 @@ This repository serves as an optimized GitHub Codespaces template for general de - Base image: Ubuntu 24.04 - Essential development tools: + - Python 3.12 with pip + - Node.js LTS with npm - Git (OS-provided) - - Node.js LTS - - Docker-in-Docker + - Docker-in-Docker with Docker Compose v2 - GitHub CLI - Zsh with common utilities + - Build essentials (gcc, make, etc.) - VS Code extensions: + - Python language support - Docker support - GitHub Copilot - YAML support ## Performance Optimizations -The devcontainer is optimized for fast startup: +The devcontainer balances speed with operability: +- Includes essential tools: Python, Node.js, Docker, Git, GitHub CLI - Disabled package upgrades during build - Removed heavy features (kubectl, helm, minikube, sshd) -- Removed unnecessary Docker packages -- Minimal postCreateCommand -- Essential VS Code extensions only +- Uses OS-provided Git for faster builds +- Streamlined postCreateCommand with version checks +- Core VS Code extensions only -Estimated startup time: 1-2 minutes +Estimated startup time: 2-3 minutes ## Usage From b3a5ee1a119170fdd173120d5ce17a283baee5d5 Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 16:06:33 +0200 Subject: [PATCH 07/10] Add Claude Code CLI and extension by default Install Claude Code CLI via npm in postCreateCommand and include the Claude Dev VS Code extension for AI-assisted development. Changes: - Added Claude Code CLI installation via npm - Added anthropic.claude-dev VS Code extension - Updated postCreateCommand to verify claude installation - Updated CI tests to check for claude CLI - Updated README to list Claude Code in features Signed-off-by: Ihor Dvoretskyi --- .devcontainer/devcontainer.json | 5 +++-- .github/workflows/ci.yml | 2 ++ README.md | 6 ++++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index adf6bad..dd8a665 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -41,7 +41,8 @@ "github.copilot-chat", "redhat.vscode-yaml", "ms-python.python", - "ms-python.vscode-pylance" + "ms-python.vscode-pylance", + "anthropic.claude-dev" ], "settings": { "editor.formatOnSave": true, @@ -53,6 +54,6 @@ } } }, - "postCreateCommand": "python3 --version && node --version && docker --version && gh --version && echo 'Development environment ready'", + "postCreateCommand": "npm install -g @anthropic-ai/claude-code && python3 --version && node --version && docker --version && gh --version && claude --version && echo 'Development environment ready'", "remoteUser": "vscode" } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fe4d498..2adccd2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,10 +56,12 @@ jobs: which gh || echo "gh is missing" which node || echo "node is missing" which npm || echo "npm is missing" + which claude || echo "claude is missing" # Test essential packages python3 --version node --version docker --version gh --version + claude --version curl --version jq --version \ No newline at end of file diff --git a/README.md b/README.md index b0cab72..9af4a30 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,11 @@ This repository serves as an optimized GitHub Codespaces template for general de - Git (OS-provided) - Docker-in-Docker with Docker Compose v2 - GitHub CLI + - Claude Code CLI - Zsh with common utilities - Build essentials (gcc, make, etc.) - VS Code extensions: + - Claude Dev (Anthropic) - Python language support - Docker support - GitHub Copilot @@ -26,11 +28,11 @@ This repository serves as an optimized GitHub Codespaces template for general de The devcontainer balances speed with operability: -- Includes essential tools: Python, Node.js, Docker, Git, GitHub CLI +- Includes essential tools: Python, Node.js, Docker, Git, GitHub CLI, Claude Code CLI - Disabled package upgrades during build - Removed heavy features (kubectl, helm, minikube, sshd) - Uses OS-provided Git for faster builds -- Streamlined postCreateCommand with version checks +- Installs Claude Code CLI via npm in postCreateCommand - Core VS Code extensions only Estimated startup time: 2-3 minutes From aa0caf16eb1d0259784429036e3e40ba552eb2dc Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 16:08:39 +0200 Subject: [PATCH 08/10] Remove redundant setup-optional-tools.sh script Since all essential tools (including Claude Code CLI) are now installed by default in postCreateCommand, the optional tools script is redundant. Changes: - Removed .devcontainer/setup-optional-tools.sh - Updated README with better customization examples - Added examples for adding Kubernetes tools when needed Signed-off-by: Ihor Dvoretskyi --- .devcontainer/setup-optional-tools.sh | 13 ------------- README.md | 23 ++++++++++++++--------- 2 files changed, 14 insertions(+), 22 deletions(-) delete mode 100644 .devcontainer/setup-optional-tools.sh diff --git a/.devcontainer/setup-optional-tools.sh b/.devcontainer/setup-optional-tools.sh deleted file mode 100644 index dada8c9..0000000 --- a/.devcontainer/setup-optional-tools.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e - -echo "Installing optional development tools..." - -# Uncomment if needed: -# npm install -g @anthropic-ai/claude-code@latest - -# Uncomment if needed: -# pip3 install --user black pylint pytest - -echo "Optional tools installation complete" diff --git a/README.md b/README.md index 9af4a30..bc05ba0 100644 --- a/README.md +++ b/README.md @@ -61,28 +61,33 @@ cp -r .devcontainer /path/to/your/project/ ### Customization -Edit `.devcontainer/devcontainer.json` to add features: +Edit `.devcontainer/devcontainer.json` to add features or tools: ```json { "features": { - "ghcr.io/devcontainers/features/python:1": { - "version": "3.11" + "ghcr.io/devcontainers/features/java:1": { + "version": "17" } }, "postCreateCommand": "pip install -r requirements.txt" } ``` -## Optional Tools +To add heavy tools like Kubernetes: -Install additional tools as needed: -```bash -bash .devcontainer/setup-optional-tools.sh +```json +{ + "features": { + "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": { + "version": "latest", + "helm": "latest", + "minikube": "none" + } + } +} ``` -Edit the script to customize which tools to install. - ## License This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. From 5526304f6cfdba006236d6593683ba5981548331 Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 16:10:29 +0200 Subject: [PATCH 09/10] Update security workflow for optimized devcontainer Improvements: - Remove redundant tcl installation step - Fix Dockerfile path in trigger (covered by .devcontainer/**) - Pin Trivy action to specific version (0.28.0) instead of @master - Add severity filtering (CRITICAL,HIGH) to focus on important issues - Improve workflow stability and reproducibility The workflow now properly scans the optimized devcontainer configuration. Signed-off-by: Ihor Dvoretskyi --- .github/workflows/security.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index abd5d98..233940e 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -8,13 +8,11 @@ on: branches: [ main ] paths: - '.devcontainer/**' - - 'Dockerfile' - '.github/workflows/security.yml' pull_request: branches: [ main ] paths: - '.devcontainer/**' - - 'Dockerfile' - '.github/workflows/security.yml' workflow_dispatch: # Allow manual trigger @@ -30,9 +28,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Install missing dependencies - run: sudo apt-get update && sudo apt-get install -y tcl - - name: Build Docker image for scanning run: | IMAGE_NAME="dev-template:${{ github.sha }}" @@ -40,11 +35,12 @@ jobs: echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: '${{ env.IMAGE_NAME }}' format: 'sarif' output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 @@ -70,12 +66,13 @@ jobs: retention-days: 30 - name: Run Trivy filesystem scan - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.28.0 with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-fs-results.sarif' + severity: 'CRITICAL,HIGH' - name: Upload filesystem scan results uses: github/codeql-action/upload-sarif@v3 From 0c51a439b355a40323e12780fe93040a5524bbd6 Mon Sep 17 00:00:00 2001 From: Ihor Dvoretskyi Date: Mon, 3 Nov 2025 16:19:07 +0200 Subject: [PATCH 10/10] Update Claude Code extension reference in devcontainer configuration Signed-off-by: Ihor Dvoretskyi --- .devcontainer/devcontainer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index dd8a665..b897469 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -42,7 +42,7 @@ "redhat.vscode-yaml", "ms-python.python", "ms-python.vscode-pylance", - "anthropic.claude-dev" + "anthropic.claude-code" ], "settings": { "editor.formatOnSave": true,