Merge remote-tracking branch 'origin/main' into dev_container_build

Author: anthony-nhs

.devcontainer/Dockerfile

@@ -1,12 +1,26 @@
 FROM mcr.microsoft.com/devcontainers/base:ubuntu
 
-
+# provide DOCKER_GID via build args if you need to force group id to match host
+ARG DOCKER_GID
 ARG TARGETARCH
 ENV TARGETARCH=${TARGETARCH}
 
 ARG ASDF_VERSION
 COPY .tool-versions.asdf /tmp/.tool-versions.asdf
 
+# specify DOCKER_GID to force container docker group id to match host
+RUN if [ -n "${DOCKER_GID}" ]; then \
+      if ! getent group docker; then \
+        groupadd -g ${DOCKER_GID} docker; \
+      else \
+        groupmod -g ${DOCKER_GID} docker; \
+      fi && \
+      usermod -aG docker vscode; \
+    fi
+
+# Anticipate and resolve potential permission issues with apt
+RUN mkdir -p /tmp && chmod 1777 /tmp
+
 RUN apt-get update \
     && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y dist-upgrade \
@@ -53,16 +67,16 @@ USER vscode
 ENV PATH="$PATH:/home/vscode/.asdf/shims/:/workspaces/eps-prescription-tracker-ui/node_modules/.bin:/workspaces/eps-workflow-quality-checks/.venv/bin"
 
 # Install ASDF plugins#
-RUN asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
-    asdf plugin add actionlint; \
-    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
-    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
+RUN asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git && \
+    asdf plugin add actionlint && \
+    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git && \
+    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git && \
     asdf plugin add python
 
 WORKDIR /workspaces/eps-workflow-quality-checks
 
 ADD .tool-versions /workspaces/eps-workflow-quality-checks/.tool-versions
 ADD .tool-versions /home/vscode/.tool-versions
 
-RUN asdf install python; \
-    asdf install;
+RUN asdf install python && \
+    asdf install

.devcontainer/devcontainer.json

@@ -6,7 +6,9 @@
     "build": {
       "dockerfile": "Dockerfile",
       "context": "..",
-      "args": {}
+      "args": {
+        "DOCKER_GID": "${env:DOCKER_GID:}"
+      }
     },
     "mounts": [
       "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",

.github/workflows/pull_request.yml

@@ -47,9 +47,14 @@ jobs:
           #  echo "commit_id=${{ github.sha }}" >> "$GITHUB_ENV"
           echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
           echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
-
+  dependabot-auto-approve-and-merge:
+    needs: quality_checks
+    uses: NHSDigital/eps-workflow-dependabot/.github/workflows/dependabot-auto-approve-and-merge.yml@4b56ed8edd7c5357fd0123a2bd84b3429d3a6b20
+    secrets:
+      AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
+      AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
   pr_title_format_check:
-    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@f80157cecce288dd175e61b477a1d2dbe9c88b99
+    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@f3d071da30cd01dc0e4472ac0e2d7452db78d1c7
   get_asdf_version:
     runs-on: ubuntu-22.04
     outputs:
@@ -89,7 +94,7 @@ jobs:
 
   tag_release:
     needs: [quality_checks, get_asdf_version]
-    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f80157cecce288dd175e61b477a1d2dbe9c88b99
+    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f3d071da30cd01dc0e4472ac0e2d7452db78d1c7
     with:
       dry_run: true
       asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}

.github/workflows/quality-checks.yml

@@ -361,7 +361,7 @@ jobs:
           path: cfn_guard_output
 
       - name: Generate and check SBOMs
-        uses: NHSDigital/eps-action-sbom@efc65411a5d69d617c9ba15d633a18f7b9896859
+        uses: NHSDigital/eps-action-sbom@ae6916d542c092ec1636f9a0ba14464ba25a97d1
 
       - name: "check is SONAR_TOKEN exists"
         env:

.github/workflows/release.yml

@@ -63,7 +63,7 @@ jobs:
       PUSH_IMAGE_ROLE: ${{ secrets.DEV_CONTAINER_PUSH_IMAGE_ROLE }}
   tag_release:
     needs: [quality_checks, get_asdf_version]
-    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f80157cecce288dd175e61b477a1d2dbe9c88b99
+    uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f3d071da30cd01dc0e4472ac0e2d7452db78d1c7
     with:
       dry_run: false
       asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}