Development Container (#12)

.devcontainer/data-engineering/devcontainer.json

@@ -0,0 +1,23 @@
+{
+  "name": "data-engineering",
+  "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+  "features": {
+    "ghcr.io/devcontainers/features/common-utils:2": { "configureZshAsDefaultShell": true },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+    "../features/src/base": {},
+    "../features/src/aws-tools": { "awsIamEmail": "${localEnv:MOJ_DATA_PLATFORM_AWS_IAM_EMAIL}" }
+  },
+  "remoteUser": "vscode",
+  "runArgs": ["--name=data-engineering-devcontainer"],
+  "mounts": [
+    { "source": "ministryofjustice-data-platform-devcontainer-persisted", "target": "/opt/vscode-dev-containers", "type": "volume" },
+    { "source": "ministryofjustice-data-platform-devcontainer-workspace", "target": "/home/vscode/workspace", "type": "volume" },
+    { "source": "ministryofjustice-data-platform-devcontainer-commandhistory", "target": "/home/vscode/.commandhistory", "type": "volume" }
+  ],
+  "workspaceFolder": "/home/vscode/workspace",
+  "customizations": {
+    "vscode": {
+      "extensions": ["EditorConfig.EditorConfig", "GitHub.copilot", "GitHub.vscode-pull-request-github"]
+    }
+  }
+}

.devcontainer/features/src/aws-tools/devcontainer-feature.json

@@ -0,0 +1,37 @@
+{
+  "id": "aws-tools",
+  "version": "1.0.0",
+  "name": "aws-tools",
+  "description": "AWS Tools - AWS CLI, AWS Vault",
+  "options": {
+    "installAwsCli": {
+      "type": "boolean",
+      "description": "Install AWS CLI (https://aws.amazon.com/cli/)",
+      "default": true
+    },
+    "awsCliVersion": {
+      "type": "string",
+      "description": "AWS CLI version",
+      "proposals": ["latest"],
+      "default": "latest"
+    },
+    "awsIamEmail": {
+      "type": "string",
+      "description": "AWS IAM email",
+      "default": ""
+    },
+    "installAwsVault": {
+      "type": "boolean",
+      "description": "Install AWS Vault (https://github.com/99designs/aws-vault)",
+      "default": true
+    },
+    "awsVaultVersion": {
+      "type": "string",
+      "description": "AWS Vault version",
+      "proposals": ["latest"],
+      "default": "latest"
+    }
+  },
+  "mounts": [{ "source": "ministryofjustice-data-platform-devcontainer-awsvault", "target": "/home/vscode/.awsvault", "type": "volume" }],
+  "installsAfter": ["./features/src/base"]
+}

.devcontainer/features/src/aws-tools/install-aws-cli.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -e
+
+source /usr/local/bin/devcontainer-utils
+
+VERSION=${AWSCLIVERSION:-"latest"}
+AWS_IAM_EMAIL="${AWSIAMEMAIL}"
+
+if [[ "${VERSION}" == "latest" ]]; then
+  ARTEFACT="awscli-exe-linux-$( uname -m ).zip"
+else
+  ARTEFACT="awscli-exe-linux-$( uname -m )-${VERSION}.zip"
+fi
+
+### Install
+
+curl https://awscli.amazonaws.com/${ARTEFACT} \
+  --output ${ARTEFACT}
+
+unzip ${ARTEFACT}
+
+bash ./aws/install
+
+rm --force --recursive aws ${ARTEFACT}
+
+#### Completion
+
+echo "complete -C '/usr/local/bin/aws_completer' aws" > /home/vscode/.dotfiles/aws.sh
+
+### Config
+
+mkdir --parents /home/vscode/.aws
+
+cp  $( dirname $0 )/src/home/vscode/.aws/config /home/vscode/.aws/config
+
+sed -i "s|AWS_IAM_EMAIL|${AWS_IAM_EMAIL}|g" /home/vscode/.aws/config
+
+chown --recursive vscode:vscode /home/vscode/.aws

.devcontainer/features/src/aws-tools/install-aws-vault.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -e
+
+source /usr/local/bin/devcontainer-utils
+
+VERSION=${VERSION:-"latest"}
+GITHUB_REPOSITORY="99designs/aws-vault"
+
+if [ "${VERSION}" == "latest" ]; then
+  get_github_latest_tag ${GITHUB_REPOSITORY}
+  VERSION="${GITHUB_LATEST_TAG}"
+  VERSION_STRIP_V="${GITHUB_LATEST_TAG_STRIP_V}"
+else
+  VERSION="${VERSION}"
+fi
+
+### Install
+
+curl --location https://github.com/${GITHUB_REPOSITORY}/releases/download/${VERSION}/aws-vault-linux-${ARCHITECTURE} \
+  --output /usr/local/bin/aws-vault
+
+chmod +x /usr/local/bin/aws-vault
+
+### Config
+
+echo "export AWS_VAULT_BACKEND=\"file\"" > /home/vscode/.dotfiles/aws-vault.sh
+echo "export AWS_VAULT_FILE_PASSPHRASE=\"\"" >> /home/vscode/.dotfiles/aws-vault.sh

.devcontainer/features/src/aws-tools/install.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+if [[ "${INSTALLAWSCLI}" == "true" ]]; then
+  bash $( dirname $0 )/install-aws-cli.sh
+fi
+
+if [[ "${INSTALLAWSVAULT}" == "true" ]]; then
+  bash $( dirname $0 )/install-aws-vault.sh
+fi

.devcontainer/features/src/aws-tools/src/home/vscode/.aws/config

@@ -0,0 +1,31 @@
+[default]
+cli_pager=
+output=json
+region=eu-west-1
+
+##################################################
+# Analytical Platform
+##################################################
+
+[profile analytical-platform-landing]
+mfa_serial=arn:aws:iam::335823981503:mfa/AWS_IAM_EMAIL
+
+[profile analytical-platform-data]
+source_profile=analytical-platform-landing
+mfa_serial=arn:aws:iam::335823981503:mfa/AWS_IAM_EMAIL
+role_arn=arn:aws:iam::593291632749:role/restricted-admin
+
+[profile analytical-platform-dev]
+source_profile=analytical-platform-landing
+mfa_serial=arn:aws:iam::335823981503:mfa/AWS_IAM_EMAIL
+role_arn=arn:aws:iam::525294151996:role/restricted-admin
+
+[profile analytical-platform-management]
+source_profile=analytical-platform-landing
+mfa_serial=arn:aws:iam::335823981503:mfa/AWS_IAM_EMAIL
+role_arn=arn:aws:iam::042130406152:role/restricted-admin
+
+[profile analytical-platform-prod]
+source_profile=analytical-platform-landing
+mfa_serial=arn:aws:iam::335823981503:mfa/AWS_IAM_EMAIL
+role_arn=arn:aws:iam::312423030077:role/restricted-admin

.devcontainer/features/src/base/.zshrc

@@ -0,0 +1,40 @@
+####################
+# Oh My ZSH Internals
+####################
+export ZSH="${HOME}/.oh-my-zsh"
+export ZSH_THEME="moj-codespaces"
+export plugins=(git)
+
+source "${ZSH}/oh-my-zsh.sh"
+
+####################
+# Oh My ZSH Options
+####################
+export DISABLE_AUTO_UPDATE="true"
+export DISABLE_UPDATE_PROMPT="true"
+
+####################
+# Shell Options
+####################
+export HISTFILE="${HOME}/.commandhistory/.zsh_history"
+
+####################
+# Shell Completion
+####################
+autoload bashcompinit && bashcompinit
+autoload -Uz compinit && compinit
+
+####################
+# Dotfiles
+####################
+for file in ${HOME}/.dotfiles/*.sh; do
+  source ${file}
+done
+
+####################
+# First Notice
+####################
+if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "/opt/vscode-dev-containers/first-run-notice-already-displayed" ]; then
+  cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt"
+  ((sleep 10s; touch "/opt/vscode-dev-containers/first-run-notice-already-displayed") &)
+fi

.devcontainer/features/src/base/devcontainer-feature.json

@@ -0,0 +1,7 @@
+{
+  "id": "base",
+  "version": "1.0.0",
+  "name": "base",
+  "description": "Dev Container Base",
+  "installsAfter": ["ghcr.io/devcontainers/features/common-utils"]
+}

.devcontainer/features/src/base/devcontainer-utils

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+##################################################
+# Environment
+##################################################
+
+export DEBIAN_FRONTEND=noninteractive
+
+##################################################
+# Functions
+##################################################
+
+get_architecture() {
+  case "$( uname -m )" in
+    x86_64) 
+      export ARCHITECTURE="amd64" ;;
+    aarch64 | armv8*) 
+      export ARCHITECTURE="arm64" ;;
+    *) 
+      echo "(!) Architecture $( uname -m ) unsupported"; exit 1 ;;
+  esac
+}
+
+get_github_latest_tag() {
+  local repository="${1}"
+  local tag=$( curl --silent "https://api.github.com/repos/${repository}/releases/latest" | jq -r '.tag_name' )
+  local tag_strip_v=$( echo "${tag}" | sed "s|v||" )
+
+  export GITHUB_LATEST_TAG="${tag}"
+  export GITHUB_LATEST_TAG_STRIP_V="${tag_strip_v}"
+}
+
+apt_install() {
+  local packages="${1}"
+
+  apt update --yes
+
+  apt-get install --yes --no-install-recommends ${packages}
+
+  rm --force --recursive /var/lib/apt/lists/*
+}
+
+##################################################
+# Default
+##################################################
+
+get_architecture

.devcontainer/features/src/base/first-run-notice.txt

@@ -0,0 +1,5 @@
+👋 Welcome! You are using the Ministry of Justice Data Platform devcontainer image.
+
+🆘 If you need help or assistance, please raise an issue on https://github.com/ministryofjustice/data-platform/issues
+
+🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1)

.devcontainer/features/src/base/install.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -e
+
+### Copy files
+cp $( dirname $0 )/devcontainer-utils  /usr/local/bin/devcontainer-utils
+cp $( dirname $0 )/moj-codespaces.zsh-theme /home/vscode/.oh-my-zsh/custom/themes/moj-codespaces.zsh-theme
+cp $( dirname $0 )/first-run-notice.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt
+cp $( dirname $0 )/.zshrc /home/vscode/.zshrc
+
+### Correct Permissions
+chmod +x /usr/local/bin/devcontainer-utils
+chown vscode:vscode /usr/local/bin/devcontainer-utils
+chown vscode:vscode /home/vscode/.oh-my-zsh/custom/themes/moj-codespaces.zsh-theme
+chown vscode:vscode /usr/local/etc/vscode-dev-containers/first-run-notice.txt
+chown vscode:vscode /home/vscode/.zshrc
+
+### Persistent Mounts
+mkdir --parents /opt/vscode-dev-containers && chown vscode:vscode /opt/vscode-dev-containers
+mkdir --parents /home/vscode/workspace && chown vscode:vscode /home/vscode/workspace
+mkdir --parents /home/vscode/.commandhistory && chown vscode:vscode /home/vscode/.commandhistory
+mkdir --parents /home/vscode/.dotfiles && chown vscode:vscode /home/vscode/.dotfiles
+
+### Install APT Packages
+
+source /usr/local/bin/devcontainer-utils
+
+apt_install "direnv"

.devcontainer/features/src/base/moj-codespaces.zsh-theme

@@ -0,0 +1,56 @@
+# Oh My Zsh! theme - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme
+# Source: https://github.com/devcontainers/features/blob/main/src/common-utils/scripts/devcontainers.zsh-theme
+
+__zsh_prompt() {
+    local prompt_username
+    if [ ! -z "${GITHUB_USER}" ]; then 
+        prompt_username="@${GITHUB_USER}"
+    else
+        prompt_username="%n"
+    fi
+    PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow
+    PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd
+    PROMPT+='`\
+        if [ "$(git config --get devcontainers-theme.hide-status 2>/dev/null)" != 1 ] && [ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ]; then \
+            export BRANCH=$(git --no-optional-locks symbolic-ref --short HEAD 2>/dev/null || git --no-optional-locks rev-parse --short HEAD 2>/dev/null); \
+            if [ "${BRANCH}" != "" ]; then \
+                echo -n "%{$fg_bold[cyan]%}(%{$fg_bold[red]%}${BRANCH}" \
+                && if [ "$(git config --get devcontainers-theme.show-dirty 2>/dev/null)" = 1 ] && \
+                    git --no-optional-locks ls-files --error-unmatch -m --directory --no-empty-directory -o --exclude-standard ":/*" > /dev/null 2>&1; then \
+                        echo -n " %{$fg_bold[yellow]%}✗"; \
+                fi \
+                && echo -n "%{$fg_bold[cyan]%})%{$reset_color%} "; \
+            fi; \
+        fi`'
+
+    # AWS Vault Profile
+    if command -v aws-vault &> /dev/null; then
+      PROMPT+='`\
+          if [[ ${AWS_VAULT} == *"dev"* ]]; then \
+            echo -n "[ aws: %{$fg[green]%}${AWS_VAULT}%{$reset_color%} ] "; \
+          elif [[ ${AWS_VAULT} == *"management"* ]]; then \
+            echo -n "[ aws: %{$fg[blue]%}${AWS_VAULT}%{$reset_color%} ] "; \
+          elif [[ ${AWS_VAULT} == *"prod"* ]]; then \
+            echo -n "[ aws: %{$fg[red]%}${AWS_VAULT}%{$reset_color%} ] "; \
+          elif [[ ! -z ${AWS_VAULT} ]]; then \
+            echo -n "[ aws: %{$fg[yellow]%}${AWS_VAULT}%{$reset_color%} ] "; \
+          fi`'
+    fi
+
+    # Kubernetes Context
+    if command -v kubectl &> /dev/null; then
+      PROMPT+='`\
+          if [[ "$( kubectl config get-contexts | grep "*" | awk "{ print $2 }" | cut -d"/" -f2 )" == *"development"* ]]; then \
+            echo -n "[ k8s: %{$fg[green]%}development%{$reset_color%} ] "; \
+          elif [[ "$( kubectl config get-contexts | grep "*" | awk "{ print $2 }" | cut -d"/" -f2 )" == *"github-actions-moj"* ]]; then \
+            echo -n "[ k8s: %{$fg[blue]%}github-actions-moj%{$reset_color%} ] "; \
+          elif [[ "$( kubectl config get-contexts | grep "*" | awk "{ print $2 }" | cut -d"/" -f2 )" == *"production"* ]]; then \
+            echo -n "[ k8s: %{$fg[red]%}production%{$reset_color%} ] "; \
+          fi`'
+    fi
+
+    PROMPT+='%{$fg[white]%}$ %{$reset_color%}'
+    unset -f __zsh_prompt
+}
+
+__zsh_prompt

.devcontainer/features/src/container-tools/devcontainer-feature.json

@@ -0,0 +1,20 @@
+{
+  "id": "container-tools",
+  "version": "1.0.0",
+  "name": "container-tools",
+  "description": "Container Tools - Sigstore Cosign",
+  "options": {
+    "installCosign": {
+      "type": "boolean",
+      "description": "Install Sigstore Cosign (https://github.com/sigstore/cosign)",
+      "default": true
+    },
+    "cosignVersion": {
+      "type": "string",
+      "description": "Sigstore Cosign version",
+      "proposals": ["latest"],
+      "default": "latest"
+    }
+  },
+  "installsAfter": ["./features/src/base"]
+}