From 316672f8905a424303108286a952c0de333383c8 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 11:22:28 +0000 Subject: [PATCH 01/27] setup github action --- .github/dependabot.yml | 46 +++++++++++++++ .github/pull_request_template.md | 59 +++++++++++++++++++ .github/workflows/pull_request.yml | 92 ++++++++++++++++++++++++++++++ Makefile | 8 +++ 4 files changed, 205 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/pull_request.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..4a87436 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,46 @@ +######################################################################### +# Dependabot configuration file +######################################################################### + +version: 2 + +updates: + - package-ecosystem: "github-actions" + # Workflow files stored in the + # default location of `.github/workflows` + directory: "/" + schedule: + interval: "weekly" + day: "friday" + time: "18:00" # UTC + open-pull-requests-limit: 20 + commit-message: + prefix: "Upgrade: [dependabot] - " + + ################################### + # NPM workspace ################## + ################################### + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "friday" + time: "18:00" + open-pull-requests-limit: 20 + versioning-strategy: increase + commit-message: + prefix: "Upgrade: [dependabot] - " + + ################################### + # Poetry ######################### + ################################### + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "friday" + time: "18:00" + open-pull-requests-limit: 20 + versioning-strategy: increase + commit-message: + prefix: "Upgrade: [dependabot] - " diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..203df63 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,59 @@ +## Summary + +**Remove items from this list if they are not relevant. Remove this line once this has been done** + +- Routine Change +- :exclamation: Breaking Change +- :robot: Operational or Infrastructure Change +- :sparkles: New Feature +- :warning: Potential issues that might be caused by this change + +### Details + +Add any summary information of what is in the change. **Remove this line if you have nothing to add.** + +## Pull Request Naming + +Pull requests should be named using the following format: + +```text +Tag: [AEA-NNNN] - Short description +``` + +Tag can be one of: + +- `Fix` - for a bug fix. (Patch release) +- `Update` - either for a backwards-compatible enhancement or for a rule change that adds reported problems. (Patch release) +- `New` - implemented a new feature. (Minor release) +- `Breaking` - for a backwards-incompatible enhancement or feature. (Major release) +- `Docs` - changes to documentation only. (Patch release) +- `Build` - changes to build process only. (No release) +- `Upgrade` - for a dependency upgrade. (Patch release) +- `Chore` - for refactoring, adding tests, etc. (anything that isn't user-facing). (Patch release) + +If the current release is x.y.z then +- a patch release increases z by 1 +- a minor release increases y by 1 +- a major release increases x by 1 + +Correct tagging is necessary for our automated versioning and release process. + +The description of your pull request will be used as the commit message for the merge, and also be included in the changelog. Please ensure that your title is sufficiently descriptive. + +### Rerunning Checks + +If you need to rename your pull request, you can restart the checks by either: + +- Closing and reopening the pull request +- pushing an empty commit + ```bash + git commit --allow-empty -m 'trigger build' + git push + ``` +- Amend your last commit and force push to the branch + ```bash + git commit --amend --no-edit + git push --force + ``` + +Rerunning the checks from within the pull request will not use the updated title. diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 0000000..398dee2 --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,92 @@ +name: deploy_pr + +on: + pull_request: + branches: [master] + +env: + BRANCH_NAME: ${{ github.event.pull_request.head.ref }} + +jobs: + dependabot-auto-approve-and-merge: + needs: quality_checks + uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432 + secrets: + AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }} + AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }} + + get_asdf_version: + runs-on: ubuntu-22.04 + outputs: + asdf_version: ${{ steps.asdf-version.outputs.version }} + tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} + steps: + - name: Checkout code + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 + + - name: Get asdf version + id: asdf-version + run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" + - name: Load config value + id: load-config + run: | + TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) + echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + + quality_checks: + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@trivy + needs: [get_asdf_version] + with: + asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + pr_title_format_check: + uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@2b3ddfd1e59daf9905522d0140c6cd08e2547432 + + get_issue_number: + runs-on: ubuntu-22.04 + needs: quality_checks + outputs: + issue_number: ${{ steps.get_issue_number.outputs.result }} + version: ${{ steps.get_issue_number.outputs.version_number }} + + steps: + - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd + name: get issue number + id: get_issue_number + with: + script: | + if (context.issue.number) { + // Return issue number if present + return context.issue.number; + } else { + // Otherwise return issue number from commit + return ( + await github.rest.repos.listPullRequestsAssociatedWithCommit({ + commit_sha: context.sha, + owner: context.repo.owner, + repo: context.repo.repo, + }) + ).data[0].number; + } + result-encoding: string + + get_commit_id: + runs-on: ubuntu-22.04 + outputs: + commit_id: ${{ steps.commit_id.outputs.commit_id }} + sha_short: ${{ steps.commit_id.outputs.sha_short }} + + steps: + - name: Checkout code + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 + with: + ref: ${{ env.BRANCH_NAME }} + + - name: Get Commit ID + id: commit_id + run: | + # echo "commit_id=${{ github.sha }}" >> "$GITHUB_ENV" + echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" diff --git a/Makefile b/Makefile index 0fc362a..e2a7d48 100644 --- a/Makefile +++ b/Makefile @@ -31,3 +31,11 @@ scan-base-image: --ignorefile .trivyignore.yaml \ --exit-code 1 \ --format table ${IMAGE_NAME} + +lint: lint-githubactions + +test: + echo "Not implemented" + +lint-githubactions: + actionlint From ffbe7b95761a9865dcc0b6f818954fe6e6343c5f Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 11:24:12 +0000 Subject: [PATCH 02/27] fix pull_request action --- .github/workflows/pull_request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 398dee2..4bc5cb0 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,8 +1,8 @@ -name: deploy_pr +name: pull_request on: pull_request: - branches: [master] + branches: [main] env: BRANCH_NAME: ${{ github.event.pull_request.head.ref }} From 6e8825f36a339240f0965f00c591bdf45040dd60 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 11:25:21 +0000 Subject: [PATCH 03/27] set tagformat --- .github/config/settings.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/config/settings.yml diff --git a/.github/config/settings.yml b/.github/config/settings.yml new file mode 100644 index 0000000..05dbcda --- /dev/null +++ b/.github/config/settings.yml @@ -0,0 +1 @@ +TAG_FORMAT: "v${version}" From fe133a56ba9373d7675190280a48d65aa2ac7c51 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:07:33 +0000 Subject: [PATCH 04/27] build the image --- .gitallowed | 1 + .github/workflows/build_multi_arch_image.yml | 35 ++++++++++++++++++++ .github/workflows/pull_request.yml | 5 +++ 3 files changed, 41 insertions(+) create mode 100644 .gitallowed create mode 100644 .github/workflows/build_multi_arch_image.yml diff --git a/.gitallowed b/.gitallowed new file mode 100644 index 0000000..76bb1a8 --- /dev/null +++ b/.gitallowed @@ -0,0 +1 @@ +id-token: write diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml new file mode 100644 index 0000000..324c874 --- /dev/null +++ b/.github/workflows/build_multi_arch_image.yml @@ -0,0 +1,35 @@ +name: Build and push docker image + +on: + workflow_call: + +jobs: + build_image: + permissions: + id-token: write + runs-on: ${{ matrix.runner }} + strategy: + matrix: + include: + - arch: amd64 + runner: ubuntu-22.04 + - arch: arm64 + runner: ubuntu-22.04-arm + steps: + - name: Checkout code + uses: actions/checkout@v5 + with: + fetch-depth: 0 + + - name: Build container + run: | + make build-base-image + docker tag ghcr.io/nhsdigital/eps-devcontainer-base:latest ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }} + docker save "ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }}" -o eps-devcontainer-base-latest-${{ matrix.arch }}.img + + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + name: Upload docker images + with: + name: eps-devcontainer-base-latest-${{ matrix.arch }}.img + path: | + eps-devcontainer-base-latest-${{ matrix.arch }}.img diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 4bc5cb0..ed66650 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -90,3 +90,8 @@ jobs: # echo "commit_id=${{ github.sha }}" >> "$GITHUB_ENV" echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + + + package_docker_image: + needs: [get_issue_number, quality_checks, get_commit_id] + uses: ./.github/workflows/build_multi_arch_image.yml From 16938f80350f072f7babc2dfd73ee8a89e9feffb Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:10:27 +0000 Subject: [PATCH 05/27] use github token --- .github/workflows/build_multi_arch_image.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 324c874..4d7f212 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -26,7 +26,8 @@ jobs: make build-base-image docker tag ghcr.io/nhsdigital/eps-devcontainer-base:latest ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }} docker save "ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }}" -o eps-devcontainer-base-latest-${{ matrix.arch }}.img - + env: + GH_TOKEN: ${{ github.token }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f name: Upload docker images with: From c14ba96117462de3f9691996a513298d4c03eb68 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:18:08 +0000 Subject: [PATCH 06/27] correct script --- scripts/generate_language_version_files.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/scripts/generate_language_version_files.sh b/scripts/generate_language_version_files.sh index b10626f..1e523ae 100755 --- a/scripts/generate_language_version_files.sh +++ b/scripts/generate_language_version_files.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Get the current directory of the script +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +LANGUAGE_VERSIONS_DIR="${SCRIPT_DIR}/../src/base/.devcontainer/language_versions" + # Define repositories to fetch .tool-versions from REPOS=( "NHSDigital/electronic-prescription-service-clinical-prescription-tracker" @@ -30,12 +34,13 @@ REPOS=( # Define output files -NODEJS_FILE="/workspaces/eps-devcontainers/src/base/.devcontainer/language_versions/nodejs-versions.txt" -PYTHON_FILE="/workspaces/eps-devcontainers/src/base/.devcontainer/language_versions/python-versions.txt" -JAVA_FILE="/workspaces/eps-devcontainers/src/base/.devcontainer/language_versions/java-versions.txt" -TERRAFORM_FILE="/workspaces/eps-devcontainers/src/base/.devcontainer/language_versions/terraform-versions.txt" -GOLANG_FILE="/workspaces/eps-devcontainers/src/base/.devcontainer/language_versions/golang-versions.txt" -ALL_LANGUAGES_FILE="/workspaces/eps-devcontainers/src/base/.devcontainer/language_versions/language-versions.txt" +mkdir -p "${LANGUAGE_VERSIONS_DIR}" +NODEJS_FILE="${LANGUAGE_VERSIONS_DIR}/nodejs-versions.txt" +PYTHON_FILE="${LANGUAGE_VERSIONS_DIR}/python-versions.txt" +JAVA_FILE="${LANGUAGE_VERSIONS_DIR}/java-versions.txt" +TERRAFORM_FILE="${LANGUAGE_VERSIONS_DIR}/terraform-versions.txt" +GOLANG_FILE="${LANGUAGE_VERSIONS_DIR}/golang-versions.txt" +ALL_LANGUAGES_FILE="${LANGUAGE_VERSIONS_DIR}/language-versions.txt" # Clear existing files true > "$NODEJS_FILE" true > "$PYTHON_FILE" From 94adbe2234074b4553bcd4150897e7868876bd39 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:27:21 +0000 Subject: [PATCH 07/27] run make install --- .github/workflows/build_multi_arch_image.yml | 45 ++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 4d7f212..8af914e 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -4,10 +4,29 @@ on: workflow_call: jobs: + get_asdf_version: + runs-on: ubuntu-22.04 + outputs: + asdf_version: ${{ steps.asdf-version.outputs.version }} + tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} + steps: + - name: Checkout code + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 + + - name: Get asdf version + id: asdf-version + run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" + - name: Load config value + id: load-config + run: | + TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) + echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" + build_image: permissions: id-token: write runs-on: ${{ matrix.runner }} + needs: [get_asdf_version] strategy: matrix: include: @@ -21,6 +40,32 @@ jobs: with: fetch-depth: 0 + # using git commit sha for version of action to ensure we have stable version + - name: Install asdf + uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 + with: + asdf_version: ${{ needs.get_asdf_version.outputs.asdf_version }} + + - name: Cache asdf + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb + with: + path: | + ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + restore-keys: | + ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + + - name: Install asdf dependencies in .tool-versions + uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47 + with: + asdf_version: ${{ needs.get_asdf_version.outputs.asdf_version }} + env: + PYTHON_CONFIGURE_OPTS: --enable-shared + + - name: make install + run: | + make install + - name: Build container run: | make build-base-image From d0868cef22a68e684fcc785cab3787eafa0e4626 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:32:14 +0000 Subject: [PATCH 08/27] fix build --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e2a7d48..bee24e6 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ install-hooks: install-python install-hooks: build-base-image: generate-language-version-files CONTAINER_NAME=$(CONTAINER_NAME) \ - devcontainer build \ + npx devcontainer build \ --workspace-folder ./src/base/ \ --push false \ --image-name "${IMAGE_NAME}" From 57e5cd9decc50827f25f713a23bdd93bc0b9593b Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:40:20 +0000 Subject: [PATCH 09/27] use setup-node rather than asdf --- .github/workflows/build_multi_arch_image.yml | 45 +++----------------- 1 file changed, 5 insertions(+), 40 deletions(-) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 8af914e..8a6e635 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -4,29 +4,11 @@ on: workflow_call: jobs: - get_asdf_version: - runs-on: ubuntu-22.04 - outputs: - asdf_version: ${{ steps.asdf-version.outputs.version }} - tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} - steps: - - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - - - name: Get asdf version - id: asdf-version - run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" - - name: Load config value - id: load-config - run: | - TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) - echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" build_image: permissions: id-token: write runs-on: ${{ matrix.runner }} - needs: [get_asdf_version] strategy: matrix: include: @@ -36,32 +18,15 @@ jobs: runner: ubuntu-22.04-arm steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: fetch-depth: 0 - # using git commit sha for version of action to ensure we have stable version - - name: Install asdf - uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 + # use setup-node rather than asdf so that it works multi-arch + - name: setup node + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f with: - asdf_version: ${{ needs.get_asdf_version.outputs.asdf_version }} - - - name: Cache asdf - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb - with: - path: | - ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | - ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - - - name: Install asdf dependencies in .tool-versions - uses: asdf-vm/actions/install@b7bcd026f18772e44fe1026d729e1611cc435d47 - with: - asdf_version: ${{ needs.get_asdf_version.outputs.asdf_version }} - env: - PYTHON_CONFIGURE_OPTS: --enable-shared - + node-version-file: .tool-versions - name: make install run: | make install From 989a38a71403cddca8ed55ea2252d433b89e8962 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:45:33 +0000 Subject: [PATCH 10/27] make install node --- .github/workflows/build_multi_arch_image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 8a6e635..036915e 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -29,7 +29,7 @@ jobs: node-version-file: .tool-versions - name: make install run: | - make install + make install-node - name: Build container run: | From 6bdd72b359182c855227b6941a2eac68607b2c1b Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:53:42 +0000 Subject: [PATCH 11/27] try different way of building --- .github/workflows/build_multi_arch_image.yml | 1 + .github/workflows/pull_request.yml | 2 +- Makefile | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 036915e..bc62b67 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -38,6 +38,7 @@ jobs: docker save "ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }}" -o eps-devcontainer-base-latest-${{ matrix.arch }}.img env: GH_TOKEN: ${{ github.token }} + ARCHITECTURE: ${{ matrix.arch }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f name: Upload docker images with: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index ed66650..2c937f5 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -93,5 +93,5 @@ jobs: package_docker_image: - needs: [get_issue_number, quality_checks, get_commit_id] + needs: [get_issue_number, get_commit_id] uses: ./.github/workflows/build_multi_arch_image.yml diff --git a/Makefile b/Makefile index bee24e6..cf96122 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,7 @@ build-base-image: generate-language-version-files npx devcontainer build \ --workspace-folder ./src/base/ \ --push false \ + --platform linux/${ARCHITECTURE} \ --image-name "${IMAGE_NAME}" generate-language-version-files: From 8f16180348cdc167bf7239bc3e51f3a10a715536 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 12:54:37 +0000 Subject: [PATCH 12/27] remove deps --- .github/workflows/pull_request.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 2c937f5..d693dfe 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -93,5 +93,4 @@ jobs: package_docker_image: - needs: [get_issue_number, get_commit_id] uses: ./.github/workflows/build_multi_arch_image.yml From 9d9eca7d29d6487d6bc7a80bba3795f44bdf271c Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 13:03:30 +0000 Subject: [PATCH 13/27] add some debug --- src/base/.devcontainer/scripts/root_install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index fd3a1ae..833d23d 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -14,6 +14,7 @@ rm -rf /var/lib/apt/lists/* # Add amd64 architecture if on arm64 if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then + echo "Adding amd64 architecture support" dpkg --add-architecture amd64 fi From 8ffc5b010cd551820e612d7d7d500e2018d1ffdc Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 13:07:53 +0000 Subject: [PATCH 14/27] do not update dist --- src/base/.devcontainer/scripts/root_install.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index 833d23d..f50c163 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -24,7 +24,6 @@ apt-get remove -y \ # install necessary libraries for asdf and language runtimes apt-get update export DEBIAN_FRONTEND=noninteractive -apt-get -y dist-upgrade apt-get -y install --no-install-recommends htop vim curl git build-essential \ libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \ zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \ From 3e486dcaa433c20de9ef0d248d118f58444ca757 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 13:16:44 +0000 Subject: [PATCH 15/27] debug --- src/base/.devcontainer/scripts/root_install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index f50c163..b59dc9e 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash set -e +export DEBIAN_FRONTEND=noninteractive # Install essential packages first apt-get update @@ -16,14 +17,16 @@ rm -rf /var/lib/apt/lists/* if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then echo "Adding amd64 architecture support" dpkg --add-architecture amd64 + echo "Running apt-get update for multi-arch" + apt-get update fi # uninstall unnecessary packages +echo "Removing unnecessary packages" apt-get remove -y \ python3 # install necessary libraries for asdf and language runtimes -apt-get update -export DEBIAN_FRONTEND=noninteractive +echo "Installing necessary packages" apt-get -y install --no-install-recommends htop vim curl git build-essential \ libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \ zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \ From 48ab087801c739f2f91f11b391573e11d2f5199b Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 13:20:40 +0000 Subject: [PATCH 16/27] clean --- src/base/.devcontainer/scripts/root_install.sh | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index b59dc9e..d4b4e20 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -2,25 +2,14 @@ set -e export DEBIAN_FRONTEND=noninteractive -# Install essential packages first -apt-get update -apt-get install -y \ - curl \ - wget \ - git \ - sudo \ - unzip -apt-get clean -rm -rf /var/lib/apt/lists/* - # Add amd64 architecture if on arm64 if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then echo "Adding amd64 architecture support" dpkg --add-architecture amd64 - echo "Running apt-get update for multi-arch" - apt-get update fi +echo "Running apt-get update" +apt-get update # uninstall unnecessary packages echo "Removing unnecessary packages" apt-get remove -y \ From 35fc41bca4cb2ab5ca47f10bef8b0c827204b0a7 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 13:28:12 +0000 Subject: [PATCH 17/27] fix it --- src/base/.devcontainer/scripts/root_install.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index d4b4e20..c441648 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -6,6 +6,14 @@ export DEBIAN_FRONTEND=noninteractive if [ "$TARGETARCH" == "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then echo "Adding amd64 architecture support" dpkg --add-architecture amd64 + + # Update sources.list to include amd64 repositories + echo "Configuring sources.list for amd64 and arm64" + sed -i.bak '/^deb / s|http://ports.ubuntu.com/ubuntu-ports|[arch=arm64] http://ports.ubuntu.com/ubuntu-ports|' /etc/apt/sources.list + # shellcheck disable=SC2129 + echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu jammy main universe" >> /etc/apt/sources.list + echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu jammy-updates main universe" >> /etc/apt/sources.list + echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu jammy-security main universe" >> /etc/apt/sources.list fi echo "Running apt-get update" From e9859604d103473310ec26d42b12431d1ace1b5e Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 13:37:41 +0000 Subject: [PATCH 18/27] less verbose --- .../.devcontainer/scripts/root_install.sh | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index c441648..96d0988 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -18,10 +18,7 @@ fi echo "Running apt-get update" apt-get update -# uninstall unnecessary packages -echo "Removing unnecessary packages" -apt-get remove -y \ - python3 + # install necessary libraries for asdf and language runtimes echo "Installing necessary packages" apt-get -y install --no-install-recommends htop vim curl git build-essential \ @@ -35,22 +32,22 @@ apt-get -y install --no-install-recommends htop vim curl git build-essential \ # install aws stuff # Download correct AWS CLI for arch if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then - wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \ + wget -O /tmp/awscliv2.zip --no-verbose "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" else - wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \ + wget -O /tmp/awscliv2.zip --no-verbose "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" fi - unzip /tmp/awscliv2.zip -d /tmp/aws-cli + unzip -q /tmp/awscliv2.zip -d /tmp/aws-cli /tmp/aws-cli/aws/install rm /tmp/awscliv2.zip rm -rf /tmp/aws-cli # Download correct SAM CLI for arch if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then - wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip"; \ + wget -O /tmp/aws-sam-cli.zip --no-verbose "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip" else - wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip"; \ + wget -O /tmp/aws-sam-cli.zip --no-verbose "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip" fi - unzip /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli + unzip -q /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli /tmp/aws-sam-cli/install rm /tmp/aws-sam-cli.zip rm -rf /tmp/aws-sam-cli @@ -58,9 +55,9 @@ if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then # Install ASDF ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then - wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \ + wget -O /tmp/asdf.tar.gz --no-verbose "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz" else - wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \ + wget -O /tmp/asdf.tar.gz --no-verbose "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz" fi tar -xzf /tmp/asdf.tar.gz -C /tmp mkdir -p /usr/bin From 54797f445396012e4e65a0d4042b94ac4804fd66 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 19:16:51 +0000 Subject: [PATCH 19/27] do not install java --- src/base/.devcontainer/scripts/root_install.sh | 3 +++ src/base/.devcontainer/scripts/vscode_install.sh | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh index 96d0988..0c0d632 100755 --- a/src/base/.devcontainer/scripts/root_install.sh +++ b/src/base/.devcontainer/scripts/root_install.sh @@ -31,6 +31,7 @@ apt-get -y install --no-install-recommends htop vim curl git build-essential \ # install aws stuff # Download correct AWS CLI for arch +echo "Installing aws cli" if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then wget -O /tmp/awscliv2.zip --no-verbose "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" else @@ -42,6 +43,7 @@ if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then rm -rf /tmp/aws-cli # Download correct SAM CLI for arch +echo "Installing aws-sam cli" if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then wget -O /tmp/aws-sam-cli.zip --no-verbose "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip" else @@ -53,6 +55,7 @@ if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then rm -rf /tmp/aws-sam-cli # Install ASDF +echo "Installing asdf" ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then wget -O /tmp/asdf.tar.gz --no-verbose "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz" diff --git a/src/base/.devcontainer/scripts/vscode_install.sh b/src/base/.devcontainer/scripts/vscode_install.sh index 0349116..838353a 100755 --- a/src/base/.devcontainer/scripts/vscode_install.sh +++ b/src/base/.devcontainer/scripts/vscode_install.sh @@ -42,9 +42,9 @@ while IFS= read -r version; do done < /tmp/python-versions.txt # Read Java versions from file and install -while IFS= read -r version; do - asdf install java "$version" -done < /tmp/java-versions.txt +# while IFS= read -r version; do +# asdf install java "$version" +# done < /tmp/java-versions.txt # Read Terraform versions from file and install while IFS= read -r version; do From d75d7836a1b933f69f81aca17a351a23f3aa9fa3 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 19:20:57 +0000 Subject: [PATCH 20/27] trigger build From 22fc0e85d4b60583659b84447d67ac5759ab8130 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 19:46:47 +0000 Subject: [PATCH 21/27] push the image --- .github/workflows/build_multi_arch_image.yml | 24 ++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index bc62b67..364999c 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -45,3 +45,27 @@ jobs: name: eps-devcontainer-base-latest-${{ matrix.arch }}.img path: | eps-devcontainer-base-latest-${{ matrix.arch }}.img + + publish_image: + needs: build_image + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Download amd64 images + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 + with: + name: eps-devcontainer-base-latest-amd64.img + - name: Download arm64 images + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 + with: + name: eps-devcontainer-base-latest-arm64.img + - name: Load and push multi-arch image + run: | + docker load -i eps-devcontainer-base-latest-amd64.img + docker load -i eps-devcontainer-base-latest-arm64.img + docker manifest create ghcr.io/nhsdigital/eps-devcontainer-base:latest ghcr.io/nhsdigital/eps-devcontainer-base:latest-amd64 ghcr.io/nhsdigital/eps-devcontainer-base:latest-arm64 + docker manifest push ghcr.io/nhsdigital/eps-devcontainer-base:latest From 21c4a8e1884eed962271f0450e18cb3144855af9 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 20:19:48 +0000 Subject: [PATCH 22/27] free disk space first --- .github/workflows/build_multi_arch_image.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 364999c..621e0ea 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -55,6 +55,16 @@ jobs: attestations: write id-token: write steps: + - name: Free Disk Space for Docker + uses: endersonmenezes/free-disk-space@e6ed9b02e683a3b55ed0252f1ee469ce3b39a885 + with: + remove_android: true + remove_dotnet: true + remove_haskell: true + remove_tool_cache: true + rm_cmd: "rm" + remove_packages: "azure-cli google-cloud-cli microsoft-edge-stable google-chrome-stable firefox postgresql* temurin-* *llvm* mysql* dotnet-sdk-*" + remove_packages_one_command: true - name: Download amd64 images uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: From 2eb89250961923aa800c2c191f5a7c9681d44f3b Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 21:14:17 +0000 Subject: [PATCH 23/27] fix creating manifest --- .github/workflows/build_multi_arch_image.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 621e0ea..82d2125 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -77,5 +77,9 @@ jobs: run: | docker load -i eps-devcontainer-base-latest-amd64.img docker load -i eps-devcontainer-base-latest-arm64.img - docker manifest create ghcr.io/nhsdigital/eps-devcontainer-base:latest ghcr.io/nhsdigital/eps-devcontainer-base:latest-amd64 ghcr.io/nhsdigital/eps-devcontainer-base:latest-arm64 + echo "creating manifest" + docker manifest create ghcr.io/nhsdigital/eps-devcontainer-base:latest \ + --amend ghcr.io/nhsdigital/eps-devcontainer-base:latest-amd64 \ + --amend ghcr.io/nhsdigital/eps-devcontainer-base:latest-arm64 + echo "pushing manifest" docker manifest push ghcr.io/nhsdigital/eps-devcontainer-base:latest From 7b5a8fda3c28ccfab754b948699b960b200c5c25 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Wed, 7 Jan 2026 21:45:29 +0000 Subject: [PATCH 24/27] push image --- .github/workflows/build_multi_arch_image.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index 82d2125..f27cc76 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -75,8 +75,12 @@ jobs: name: eps-devcontainer-base-latest-arm64.img - name: Load and push multi-arch image run: | + echo "loading images" docker load -i eps-devcontainer-base-latest-amd64.img docker load -i eps-devcontainer-base-latest-arm64.img + echo "pushing images" + docker push ghcr.io/nhsdigital/eps-devcontainer-base:latest-amd64 + docker push ghcr.io/nhsdigital/eps-devcontainer-base:latest-arm64 echo "creating manifest" docker manifest create ghcr.io/nhsdigital/eps-devcontainer-base:latest \ --amend ghcr.io/nhsdigital/eps-devcontainer-base:latest-amd64 \ From 6dd163625e6d6e272836f9bf18d926b0fa82bbc2 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Thu, 8 Jan 2026 00:03:01 +0000 Subject: [PATCH 25/27] fix name --- .github/workflows/build_multi_arch_image.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index f27cc76..cbf8fd2 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -34,7 +34,7 @@ jobs: - name: Build container run: | make build-base-image - docker tag ghcr.io/nhsdigital/eps-devcontainer-base:latest ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }} + docker tag ghcr.io/nhsdigital/eps-devcontainer-base:latest ghcr.io/nhsdigital/eps-devcontainers:latest-${{ matrix.arch }} docker save "ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }}" -o eps-devcontainer-base-latest-${{ matrix.arch }}.img env: GH_TOKEN: ${{ github.token }} @@ -79,11 +79,11 @@ jobs: docker load -i eps-devcontainer-base-latest-amd64.img docker load -i eps-devcontainer-base-latest-arm64.img echo "pushing images" - docker push ghcr.io/nhsdigital/eps-devcontainer-base:latest-amd64 - docker push ghcr.io/nhsdigital/eps-devcontainer-base:latest-arm64 + docker push ghcr.io/nhsdigital/eps-devcontainers:latest-amd64 + docker push ghcr.io/nhsdigital/eps-devcontainers:latest-arm64 echo "creating manifest" - docker manifest create ghcr.io/nhsdigital/eps-devcontainer-base:latest \ - --amend ghcr.io/nhsdigital/eps-devcontainer-base:latest-amd64 \ - --amend ghcr.io/nhsdigital/eps-devcontainer-base:latest-arm64 + docker manifest create ghcr.io/nhsdigital/eps-devcontainers:latest \ + --amend ghcr.io/nhsdigital/eps-devcontainers:latest-amd64 \ + --amend ghcr.io/nhsdigital/eps-devcontainers:latest-arm64 echo "pushing manifest" - docker manifest push ghcr.io/nhsdigital/eps-devcontainer-base:latest + docker manifest push ghcr.io/nhsdigital/eps-devcontainers:latest From 4ed613d5cc9fe8269548f568b5beff8495bcf740 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Thu, 8 Jan 2026 07:50:40 +0000 Subject: [PATCH 26/27] fix name --- .github/workflows/build_multi_arch_image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index cbf8fd2..bc74863 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -35,7 +35,7 @@ jobs: run: | make build-base-image docker tag ghcr.io/nhsdigital/eps-devcontainer-base:latest ghcr.io/nhsdigital/eps-devcontainers:latest-${{ matrix.arch }} - docker save "ghcr.io/nhsdigital/eps-devcontainer-base:latest-${{ matrix.arch }}" -o eps-devcontainer-base-latest-${{ matrix.arch }}.img + docker save "ghcr.io/nhsdigital/eps-devcontainers:latest-${{ matrix.arch }}" -o eps-devcontainer-base-latest-${{ matrix.arch }}.img env: GH_TOKEN: ${{ github.token }} ARCHITECTURE: ${{ matrix.arch }} From dc10f7dc7ff26e4c862638531ea391e784414a40 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Thu, 8 Jan 2026 08:45:38 +0000 Subject: [PATCH 27/27] auth to github --- .github/workflows/build_multi_arch_image.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_multi_arch_image.yml b/.github/workflows/build_multi_arch_image.yml index bc74863..b7737e7 100644 --- a/.github/workflows/build_multi_arch_image.yml +++ b/.github/workflows/build_multi_arch_image.yml @@ -75,6 +75,7 @@ jobs: name: eps-devcontainer-base-latest-arm64.img - name: Load and push multi-arch image run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin echo "loading images" docker load -i eps-devcontainer-base-latest-amd64.img docker load -i eps-devcontainer-base-latest-arm64.img