From 8f5ed9651474c1892e158deb759b1426802c0b73 Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Wed, 6 Nov 2024 17:43:20 -0800
Subject: [PATCH 1/7] Updates to some go tooling installs, install `gh` and
 various fixes * Bake `gh` into the container * Install latest versions of
 goelv and gofumpt * Add a Makefile to make test builds and runs of container
 easier * Fix .zshrc causing some errors due to wrong completion syntax for
 some commands. * Uncomment install of gopls * Update help to add the build
 date of the container.

---
 .mise.toml                           |  1 +
 Dockerfile                           |  7 +------
 Makefile                             | 18 ++++++++++++++++++
 home/vscode/.config/mise/config.toml |  1 +
 home/vscode/.zshrc                   |  4 ++--
 scripts/40_install_other_apps.sh     | 14 ++++----------
 usr/local/bin/help                   |  1 +
 7 files changed, 28 insertions(+), 18 deletions(-)
 create mode 100644 Makefile

diff --git a/.mise.toml b/.mise.toml
index 12e6912..45ecc99 100644
--- a/.mise.toml
+++ b/.mise.toml
@@ -1,3 +1,4 @@
+[tools]
 # See: https://mise.jdx.dev/configuration.html for config options.
 # NOTE: Top level tools are installed in home/vscode/config/mise/config.toml during setup.
 #[env]
diff --git a/Dockerfile b/Dockerfile
index 3fb1ade..4ac2dc5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -44,16 +44,11 @@ RUN sudo chown vscode /scripts
 # Copy just files needed for mise from /home.
 COPY --chown=vscode:vscode home/vscode/.config/mise /home/vscode/.config/mise
 
-# These are only used in 30_install_mise.sh so do not need to be ENV vars.
+# These are only used in 30_install_mise_packages.sh so do not need to be ENV vars.
 ARG MISE_VERBOSE=0
 ARG RUST_BACKTRACE=0
-# https://github.com/jdx/mise/releases
 RUN /scripts/30_install_mise_packages.sh
 
-# https://github.com/go-delve/delve/releases
-ARG GO_DELVE_DLV_VERSION="1.23.1"
-# https://github.com/mvdan/gofumpt/releases
-ARG GO_FUMPT_VERSION="0.7.0"
 RUN /scripts/40_install_other_apps.sh
 
 RUN sudo rm -rf /scripts
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1d4e8f4
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,18 @@
+IMAGE_NAME := ghcr.io/sarg3nt/go-dev-container
+IMAGE_TAG := 1.0.4
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/[\/_]/-/g')
+CURRENT_DIR := $(shell pwd)
+
+.PHONY: build
+build:
+	docker build -t "$(IMAGE_NAME):$(IMAGE_TAG)-$(GIT_BRANCH)" .
+
+.PHONY: run
+run:
+	docker run --mount type=bind,source="${CURRENT_DIR}",target=/workspaces/working \
+		-w /workspaces/working -it --rm -u "vscode" \
+		"$(IMAGE_NAME):$(IMAGE_TAG)-$(GIT_BRANCH)" zsh
+
+.PHONY: push
+push: 
+	docker push "$(IMAGE_NAME):$(IMAGE_TAG)-$(GIT_BRANCH)"
\ No newline at end of file
diff --git a/home/vscode/.config/mise/config.toml b/home/vscode/.config/mise/config.toml
index 4b9d4e9..c707ed0 100644
--- a/home/vscode/.config/mise/config.toml
+++ b/home/vscode/.config/mise/config.toml
@@ -8,6 +8,7 @@ golangci-lint = 'latest'
 goreleaser = 'latest'
 bat = 'latest'
 fzf = "latest"
+gh = "latest"
 gitui = "latest"
 helm = "latest"
 k9s = "latest"
diff --git a/home/vscode/.zshrc b/home/vscode/.zshrc
index e3b0c83..1c97f64 100644
--- a/home/vscode/.zshrc
+++ b/home/vscode/.zshrc
@@ -143,7 +143,7 @@ alias kn="kubens"
 alias h="helm"
 
 # shellcheck source=/dev/null
-source <(kubectl completion bash)
+source <(kubectl completion zsh)
 complete -o default -F __start_kubectl k
 
 # kx and kn
@@ -164,7 +164,7 @@ complete -F _kube_contexts kx
 complete -F _kube_namespaces kn
 
 # shellcheck source=/dev/null
-source <(helm completion bash)
+source <(helm completion zsh)
 complete -F __start_helm h
 complete -F __start_helm helm
 
diff --git a/scripts/40_install_other_apps.sh b/scripts/40_install_other_apps.sh
index 22cc210..5216bc1 100755
--- a/scripts/40_install_other_apps.sh
+++ b/scripts/40_install_other_apps.sh
@@ -18,20 +18,14 @@ main() {
   install_kubectx_kubens_completions
   install_omz_plugins
   clean_up
-  date >/home/vscode/build_date.txt
+  date +"%B %d %Y" >/home/vscode/build_date.txt
 }
 
 add_go_tools() {
   log "Adding Go Tools" "green"
-  go install "github.com/go-delve/delve/cmd/dlv@v${GO_DELVE_DLV_VERSION}"
-  go install "mvdan.cc/gofumpt@v${GO_FUMPT_VERSION}"
-  # gopls is installed by the go plugin
-  #go install golang.org/x/tools/gopls@latest
-
-  # TODO: Find it if this is still needed and remove if not.
-  #echo "golang:x:999:vscode" | sudo tee -a /etc/group
-  #sudo chgrp -R 999 /go
-  #sudo chmod -R g+rwx /go
+  go install "github.com/go-delve/delve/cmd/dlv@latest"
+  go install "mvdan.cc/gofumpt@latest"
+  go install golang.org/x/tools/gopls@latest
 }
 
 add_vscode_extensions_cache() {
diff --git a/usr/local/bin/help b/usr/local/bin/help
index e11d46f..d37c332 100755
--- a/usr/local/bin/help
+++ b/usr/local/bin/help
@@ -10,6 +10,7 @@ main() {
   source /usr/bin/lib/sh/colors.sh
   echo -e "${BLUE}********************************************************************"
   echo -e "                          Go Dev Container"
+  echo -e "                      Build Date: $(cat /home/vscode/build_date.txt)"
   echo -e "********************************************************************${NC}"
   echo -e "${CYAN}Type \"help\" to display this messsage again.${NC}"
   echo -e ""

From 7a274e706bd4de6551deecde912c5e254e561042 Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Wed, 6 Nov 2024 17:44:57 -0800
Subject: [PATCH 2/7] Uncomment tools and env section in mise.toml as they are
 kind of required.

---
 .mise.toml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.mise.toml b/.mise.toml
index 45ecc99..3d8a2bd 100644
--- a/.mise.toml
+++ b/.mise.toml
@@ -1,13 +1,12 @@
-[tools]
 # See: https://mise.jdx.dev/configuration.html for config options.
 # NOTE: Top level tools are installed in home/vscode/config/mise/config.toml during setup.
-#[env]
+[env]
 # supports arbitrary env vars so mise can be used like direnv/dotenv
 #EXAMPLE = 'bar'
 
 # specify single or multiple versions of specific tools you want installed for this project.
 # Below are examples.
-# [tools]
+[tools]
 # golang = '1.23.1'
 # golangci-lint = '1.61.0'
 # goreleaser = "2.3.2"

From 7f97dc31a086fc35bc9dd8e72414e84eb3eec519 Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Wed, 6 Nov 2024 17:53:58 -0800
Subject: [PATCH 3/7] Fix spelling error in Dockerfile

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4ac2dc5..9710d54 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,11 @@
 # syntax=docker/dockerfile:1
 
 # See: https://hub.docker.com/r/docker/dockerfile.  Syntax directive must be first line
-# cspell:ignore FUMPT
+# cspell:ignore
 
 # Mise application list and versions are located in
 # home/vscode/.config/mise/config.toml
-# Add custom Mise tools and version to your projects root as .mist.toml  See: https://mise.jdx.dev/configuration.html
+# Add custom Mise tools and version to your projects root as .mise.toml  See: https://mise.jdx.dev/configuration.html
 
 FROM jdxcode/mise@sha256:412a4b0c307116a7e338aebba5ea3c620bcc3d6d3106ca61f24295a945874bb9 AS mise
 

From 549de510c1a0bce6fc30016ff7f134122929946a Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Wed, 6 Nov 2024 18:44:28 -0800
Subject: [PATCH 4/7] * Move microsoft_dev_container install to
 install_system_packages to save some contaienr size. * Switch to mounting the
 install scripts to reduce layers

---
 Dockerfile                                    | 19 ++------
 scripts/10_install_system_packages.sh         | 21 +++++++++
 ...nstall_microsoft_dev_container_features.sh | 46 -------------------
 ...ackages.sh => 20_install_mise_packages.sh} |  2 +-
 ...other_apps.sh => 30_install_other_apps.sh} |  2 +-
 5 files changed, 26 insertions(+), 64 deletions(-)
 delete mode 100755 scripts/20_install_microsoft_dev_container_features.sh
 rename scripts/{30_install_mise_packages.sh => 20_install_mise_packages.sh} (94%)
 rename scripts/{40_install_other_apps.sh => 30_install_other_apps.sh} (98%)

diff --git a/Dockerfile b/Dockerfile
index 9710d54..88df019 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,15 +22,8 @@ ENV USERNAME="vscode"
 # Copy script libraries for use by internal scripts
 COPY usr/bin/lib /usr/bin/lib
 
-# COPY scripts directory
-COPY scripts /scripts
-
 # Install packages using the dnf package manager
-RUN /scripts/10_install_system_packages.sh
-
-# Install the devcontainers features common-utils scripts from https://github.com/devcontainers/features
-# Installs common utilities and the USERNAME user as a non root user
-RUN /scripts/20_install_microsoft_dev_container_features.sh
+RUN --mount=type=bind,source=scripts/10_install_system_packages.sh,target=/10.sh,ro bash -c "/10.sh"
 
 # Set current user to the vscode user, run all future commands as this user.
 USER vscode
@@ -38,23 +31,17 @@ USER vscode
 # Copy the mise binary from the mise container
 COPY --from=mise /usr/local/bin/mise /usr/local/bin/mise
 
-# Install applications that are scoped to the vscode user
-RUN sudo chown vscode /scripts 
-
 # Copy just files needed for mise from /home.
 COPY --chown=vscode:vscode home/vscode/.config/mise /home/vscode/.config/mise
 
 # These are only used in 30_install_mise_packages.sh so do not need to be ENV vars.
 ARG MISE_VERBOSE=0
 ARG RUST_BACKTRACE=0
-RUN /scripts/30_install_mise_packages.sh
+RUN --mount=type=bind,source=scripts/20_install_mise_packages.sh,target=/20.sh,ro bash -c "/20.sh"
 
-RUN /scripts/40_install_other_apps.sh
-
-RUN sudo rm -rf /scripts
+RUN --mount=type=bind,source=scripts/30_install_other_apps.sh,target=/30.sh,ro bash -c "/30.sh"
 
 COPY --chown=vscode:vscode home /home/
-
 COPY usr /usr
 
 # VS Code by default overrides ENTRYPOINT and CMD with default values when executing `docker run`.
diff --git a/scripts/10_install_system_packages.sh b/scripts/10_install_system_packages.sh
index 4c06d7b..e906b22 100755
--- a/scripts/10_install_system_packages.sh
+++ b/scripts/10_install_system_packages.sh
@@ -67,6 +67,27 @@ main() {
   log "Installing xz zip unzip" "green"
   dnf install -y xz zip unzip
 
+  log "Installing dev containers features" "green"
+  log "Exporting zshell variables" "green"
+  export CONFIGUREZSHASDEFAULTSHELL=true
+  export INSTALL_OH_MY_ZSH=true
+  export UPGRADEPACKAGES=false
+
+  log "Making /tmp/source directory" "green"
+  mkdir /tmp/source
+  cd /tmp/source
+
+  log "Cloning devcontainers features repository" "green"
+  git clone --depth 1 -- https://github.com/devcontainers/features.git
+
+  log "Running install script" "green"
+  cd /tmp/source/features/src/common-utils/
+  ./install.sh
+  cd -
+
+  dnf -y remove epel-release
+  dnf -y remove dnf-plugins-core
+
   log "Running dnf autoremove" "green"
   dnf autoremove -y
 
diff --git a/scripts/20_install_microsoft_dev_container_features.sh b/scripts/20_install_microsoft_dev_container_features.sh
deleted file mode 100755
index 6cb9a24..0000000
--- a/scripts/20_install_microsoft_dev_container_features.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-IFS=$'\n\t'
-
-# cSpell:ignore CONFIGUREZSHASDEFAULTSHELL zshell
-
-# Install Microsoft Dev Container Features.
-# Create the user set by the USERNAME env var
-# See: https://github.com/devcontainers/features
-main() {
-  source "/usr/bin/lib/sh/log.sh"
-  log "20_install_microsoft_dev_container_features.sh" "blue"
-
-  log "Exporting zshell variables" "green"
-  export CONFIGUREZSHASDEFAULTSHELL=true
-  export INSTALL_OH_MY_ZSH=true
-  export UPGRADEPACKAGES=false
-
-  log "Making /tmp/source directory" "green"
-  mkdir /tmp/source
-  cd /tmp/source
-
-  log "Cloning devcontainers features repository" "green"
-  git clone --depth 1 -- https://github.com/devcontainers/features.git
-
-  log "Running install script" "green"
-  cd /tmp/source/features/src/common-utils/
-  ./install.sh
-
-  log "Running dnf autoremove" "green"
-  dnf autoremove -y
-
-  log "Running dnf clean all" "green"
-  dnf clean all
-
-  log "Removing /tmp/source direcotry" "green"
-  cd -
-
-  log "Deleting files from /tmp" "green"
-  rm -rf /tmp/*
-}
-
-# Run main
-if ! (return 0 2>/dev/null); then
-  (main "$@")
-fi
diff --git a/scripts/30_install_mise_packages.sh b/scripts/20_install_mise_packages.sh
similarity index 94%
rename from scripts/30_install_mise_packages.sh
rename to scripts/20_install_mise_packages.sh
index de5fdaa..e445b83 100755
--- a/scripts/30_install_mise_packages.sh
+++ b/scripts/20_install_mise_packages.sh
@@ -7,7 +7,7 @@ main() {
   source "/usr/bin/lib/sh/log.sh"
 
   ############ Install mise
-  log "30_install_mise_packages.sh" "blue"
+  log "20_install_mise_packages.sh" "blue"
 
   # Mise is installed in the docker file from it's master docker branch.
   log "Configuring mise" "green"
diff --git a/scripts/40_install_other_apps.sh b/scripts/30_install_other_apps.sh
similarity index 98%
rename from scripts/40_install_other_apps.sh
rename to scripts/30_install_other_apps.sh
index 5216bc1..b2ab7cc 100755
--- a/scripts/40_install_other_apps.sh
+++ b/scripts/30_install_other_apps.sh
@@ -9,7 +9,7 @@ main() {
   source "/usr/bin/lib/sh/log.sh"
   export PATH="$HOME/.local/share/mise/shims:$HOME/.local/bin/:$PATH"
 
-  log "40_install_other_apps.sh" "blue"
+  log "30_install_other_apps.sh" "blue"
 
   add_go_tools
   add_vscode_extensions_cache

From 6d08496eb9bd255bd6c5073df6b95a2f9637f66d Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Wed, 6 Nov 2024 18:51:27 -0800
Subject: [PATCH 5/7] Fix logging in install_system_packages.sh

---
 scripts/10_install_system_packages.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/10_install_system_packages.sh b/scripts/10_install_system_packages.sh
index e906b22..4b49eab 100755
--- a/scripts/10_install_system_packages.sh
+++ b/scripts/10_install_system_packages.sh
@@ -3,7 +3,7 @@
 set -euo pipefail
 IFS=$'\n\t'
 
-# cSpell:ignore epel socat
+# cSpell:ignore epel socat CONFIGUREZSHASDEFAULTSHELL
 
 # Install system packages
 main() {
@@ -67,8 +67,8 @@ main() {
   log "Installing xz zip unzip" "green"
   dnf install -y xz zip unzip
 
-  log "Installing dev containers features" "green"
-  log "Exporting zshell variables" "green"
+  log "Installing dev container features" "blue"
+  log "Exporting dev container featrues install.sh config variables." "green"
   export CONFIGUREZSHASDEFAULTSHELL=true
   export INSTALL_OH_MY_ZSH=true
   export UPGRADEPACKAGES=false

From 4a57496e5c030c4263ead8cd44154d03b826ceed Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave_sargent@selinc.com>
Date: Thu, 7 Nov 2024 08:55:16 -0800
Subject: [PATCH 6/7] Skipt the trivy java db update

---
 .github/workflows/trivy.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index c8741f4..4fe12cf 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -29,13 +29,14 @@ jobs:
       contents: write # for actions/checkout to fetch code and for SBOM to push results
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-    runs-on: "ubuntu-20.04"
+    runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
         with:
           disable-sudo: true
           egress-policy: audit
+
       - name: Log into registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 
         with:
@@ -62,7 +63,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
         env:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
-          ENV TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd
@@ -81,7 +82,7 @@ jobs:
           scanners: "vuln"
         env:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
-          ENV TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
 
       - name: Upload SBOM to GitHub
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882

From 306c7d6e1efba2e3f343d118fc901b23ae828d56 Mon Sep 17 00:00:00 2001
From: Dave Sargent <dave@sarg3.net>
Date: Thu, 7 Nov 2024 09:43:39 -0800
Subject: [PATCH 7/7] Update scripts/10_install_system_packages.sh

Co-authored-by: Nan Zhou <nan.zhou.1992@gmail.com>
---
 scripts/10_install_system_packages.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/10_install_system_packages.sh b/scripts/10_install_system_packages.sh
index 4b49eab..918136a 100755
--- a/scripts/10_install_system_packages.sh
+++ b/scripts/10_install_system_packages.sh
@@ -68,7 +68,7 @@ main() {
   dnf install -y xz zip unzip
 
   log "Installing dev container features" "blue"
-  log "Exporting dev container featrues install.sh config variables." "green"
+  log "Exporting dev container features install.sh config variables." "green"
   export CONFIGUREZSHASDEFAULTSHELL=true
   export INSTALL_OH_MY_ZSH=true
   export UPGRADEPACKAGES=false