feat: extract common base image

[Ron (rjaegers)]

🚀 Hey, I have created a Pull Request

Description of changes

This pull request introduces a new "base" devcontainer image to serve as a foundational layer for language-specific devcontainers (cpp, rust), and refactors the build, test, and release workflows to leverage this shared base image. The changes aim to reduce duplication, improve maintainability, and streamline the CI/CD process for all container flavors.

Key changes include:

Introduction of a Shared Base Devcontainer

• Added a new .devcontainer/base/Dockerfile and associated devcontainer.json to define a minimal, reusable base image with common dependencies and tooling for all flavors. (.devcontainer/base/Dockerfile, .devcontainer/base/devcontainer.json) [1] [2]
• Created a dedicated apt-requirements.json for the base image and moved shared package definitions from flavor-specific files. (.devcontainer/base/apt-requirements.json, .devcontainer/rust/apt-requirements.json, .devcontainer/cpp/apt-requirements-base.json) [1] [2] [3]

Refactoring of Language-Specific Devcontainers

• Updated cpp and rust devcontainers to use the new base image via the BASE_IMAGE build argument, simplifying their Dockerfiles and removing duplicated setup steps (e.g., BATS installation, CA certificates). (.devcontainer/cpp/Dockerfile, .devcontainer/rust/Dockerfile) [1] [2]
• Adjusted flavor-specific devcontainer.json files to build the base image locally when needed and to pass the correct BASE_IMAGE argument. (.devcontainer/cpp/devcontainer.json, .devcontainer/rust/devcontainer.json) [1] [2]

CI/CD Workflow Improvements

• Refactored GitHub Actions workflows (continuous-integration.yml, release-build.yml, update-dependencies.yml) to build, push, and test the base image first, then use it as the foundation for building and testing the language-specific images. This ensures consistency and reduces redundant work. [1] [2] [3] [4] [5] [6] [7] [8] [9]
• Updated the release template and default devcontainer image references to include and use the new base image. (.github/RELEASE_TEMPLATE.md, .devcontainer/devcontainer.json) [1] [2]

These changes make the devcontainer setup more modular and maintainable, and ensure that updates to shared dependencies or configuration are propagated consistently across all flavors.

✔️ Checklist

• I have followed the contribution guidelines for this repository
• I have added tests for new behavior, and have not broken any existing tests
• I have added or updated relevant documentation
• I have verified that all added components are accounted for in the SBOM

[Copilot]

Pull request overview

This pull request introduces a modular build system for amp-devcontainer by extracting common dependencies into a reusable base image. The change aims to improve maintainability, reduce build times through image layering, and streamline CI/CD workflows.

Changes:

• Created a new amp-devcontainer-base image with shared dependencies (BATS testing tools, certificates, common packages)
• Refactored C++ and Rust Dockerfiles to build from the base image instead of duplicating setup logic
• Updated CI/CD workflows to build the base image first, then use its digest for flavor builds

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
.devcontainer/base/Dockerfile	Defines the new base image with common dependencies extracted from flavor-specific Dockerfiles
.devcontainer/base/apt-requirements-base.json	Centralizes base package versions previously duplicated across flavor files
.devcontainer/base/devcontainer-metadata.json	Provides metadata configuration for the base image
.devcontainer/cpp/Dockerfile	Refactored to use base image and removed duplicated setup steps
.devcontainer/cpp/apt-requirements-base.json	Cleaned up to only include C++-specific packages
.devcontainer/cpp/devcontainer.json	Added build configuration to use locally-built base image
.devcontainer/rust/Dockerfile	Refactored to use base image and removed duplicated setup steps
.devcontainer/rust/apt-requirements-base.json	Cleaned up to only include Rust-specific packages
.devcontainer/rust/devcontainer.json	Added build configuration to use locally-built base image
.github/workflows/wc-build-push.yml	Added support for build arguments and version output
.github/workflows/wc-build-push-test.yml	Reordered inputs alphabetically and added build-args support
.github/workflows/continuous-integration.yml	Added base image build job and wired outputs to flavor builds
.github/workflows/release-build.yml	Added base image build job and updated release notes generation
.github/RELEASE_TEMPLATE.md	Added base image to container table
README.md	Added documentation for the new base image

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-base:edge ➔ ghcr.io/philips-software/amp-devcontainer-base:pr-1078

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	0 B	167.86 MB	+167.86 MB (+∞)	🔼
linux/arm64	0 B	160.87 MB	+160.87 MB (+∞)	🔼

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	20		0	0	0.51s
✅ DOCKERFILE	hadolint	3		0	0	0.76s
✅ GHERKIN	gherkin-lint	6		0	0	2.45s
✅ JSON	npm-package-json-lint	yes		no	no	0.4s
✅ JSON	prettier	21	4	0	0	0.52s
✅ JSON	v8r	21		0	0	7.29s
✅ MARKDOWN	markdownlint	11	0	0	0	0.87s
✅ MARKDOWN	markdown-table-formatter	11	0	0	0	0.23s
✅ REPOSITORY	checkov	yes		no	no	17.6s
✅ REPOSITORY	gitleaks	yes		no	no	0.51s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	28.52s
✅ REPOSITORY	secretlint	yes		no	no	0.91s
✅ REPOSITORY	syft	yes		no	no	2.04s
✅ REPOSITORY	trivy	yes		no	no	7.64s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.22s
✅ REPOSITORY	trufflehog	yes		no	no	2.28s
✅ SPELL	lychee	79		0	0	21.7s
✅ YAML	prettier	28	0	0	0	1.03s
✅ YAML	v8r	28		0	0	7.6s
✅ YAML	yamllint	28		0	0	0.88s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge ➔ ghcr.io/philips-software/amp-devcontainer-cpp:pr-1078

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	683.37 MB	683.86 MB	+494.72 kB (+0.07%)	🔼
linux/arm64	665.29 MB	665.79 MB	+494.51 kB (+0.07%)	🔼

[github-actions]

📦 Container Size Analysis

Note

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge ➔ ghcr.io/philips-software/amp-devcontainer-rust:pr-1078

📈 Size Comparison Table

OS/Platform	Previous	Current	Change	Trend
linux/amd64	548.17 MB	548.27 MB	+99.29 kB (+0.02%)	🔼
linux/arm64	502.9 MB	502.98 MB	+74.87 kB (+0.01%)	🔼

[github-actions]

Test Results

 5 files  ±0   5 suites  ±0   3m 26s ⏱️ +2s
32 tests ±0  32 ✅ ±0  0 💤 ±0  0 ❌ ±0 
67 runs  ±0  67 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit dac1a3b. ± Comparison against base commit 5ec2927.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

.devcontainer/base/apt-requirements.json:1

• The 'rustup' package should not be in the base image requirements. It was removed in this diff, which is correct, but this comment highlights that the removal is fixing an issue where rustup was incorrectly placed in the base image instead of the Rust-specific image.

{

[sonarqubecloud]

Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 23 out of 23 changed files in this pull request and generated 1 comment.

[github-actions]

Pull Request Report (#1078)

Static measures

Description	Value
Number of added lines	229
Number of deleted lines	157
Number of changed files	23
Number of commits	5
Number of reviews	15
Number of comments (w/o review comments)	6
Number of reviews that contains a comment to resolve	14
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	6

Time related measures

Description	Value
PR lead time (from creation to close of PR)	6 Days
Time that was spend on the branch before the PR was created	1.1 Min
Time that was spend on the branch before the PR was merged	6 Days
Time to merge after last review	3.9 Hours

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	44.1 Min
Total time spend in last status check run on PR	17.6 Min

[github-actions]

🎉 Hooray! The changes in this pull request went live with the release of v6.7.0 🎉