Chore: [AEA-0000] - devcontainer fail fast, posix equality, force docker gid (#2361)

## Summary

- Routine Change

### Details

- fail fast on RUN steps (use && instead of ;)
- posix-compliant equality (single = conditions)
- permit injection of docker group id if needed to resolve error on
starting the dev container:

```
Digital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && poetry run pre-commit install --install-hooks -f
ERROR: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Head "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied
[9902 ms] postAttachCommand from devcontainer.json failed with exit code 1. Skipping any further user-provided commands.
```

Author: tstephen-nhs

.devcontainer/Dockerfile

@@ -1,11 +1,16 @@
 FROM mcr.microsoft.com/devcontainers/base:ubuntu
 
+# provide DOCKER_GID via build args if you need to force group id to match host
+ARG DOCKER_GID
 ARG TARGETARCH
 ENV TARGETARCH=${TARGETARCH}
 
 ARG ASDF_VERSION
 COPY .tool-versions.asdf /tmp/.tool-versions.asdf
 
+# Anticipate and resolve potential permission issues with apt
+RUN mkdir -p /tmp && chmod 1777 /tmp
+
 RUN apt-get update \
     && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y dist-upgrade \
@@ -18,7 +23,7 @@ RUN apt-get update \
     xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev
 
 # Download correct AWS CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
       wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
     else \
       wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
@@ -28,7 +33,7 @@ RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
     rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
 
 # Download correct SAM CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
       wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip"; \
     else \
       wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip"; \
@@ -43,6 +48,16 @@ RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf)
     tar -xvzf /tmp/asdf.tar.gz; \
     mv asdf /usr/bin
 
+# specify DOCKER_GID to force container docker group id to match host
+RUN if [ -n "${DOCKER_GID}" ]; then \
+      if ! getent group docker; then \
+        groupadd -g ${DOCKER_GID} docker; \
+      else \
+        groupmod -g ${DOCKER_GID} docker; \
+      fi && \
+      usermod -aG docker vscode; \
+    fi
+
 USER vscode
 
 ENV PATH="/home/vscode/.asdf/shims/:$PATH"
@@ -54,19 +69,18 @@ RUN \
     echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
 
 # Install ASDF plugins
-RUN asdf plugin add python; \
-    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
-    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
-    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
-    asdf plugin add direnv; \
-    asdf plugin add actionlint; \
+RUN asdf plugin add python && \
+    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git && \
+    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git && \
+    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git && \
+    asdf plugin add direnv && \
+    asdf plugin add actionlint && \
     asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git
 
-
 WORKDIR /workspaces/eps-prescription-status-update-api
 ADD .tool-versions /workspaces/eps-prescription-status-update-api/.tool-versions
 ADD .tool-versions /home/vscode/.tool-versions
 
 # install python before poetry to ensure correct python version is used
-RUN asdf install python; \
+RUN asdf install python && \
     asdf install

.devcontainer/devcontainer.json

@@ -6,7 +6,9 @@
   "build": {
     "dockerfile": "Dockerfile",
     "context": "..",
-    "args": {}
+    "args": {
+      "DOCKER_GID": "${env:DOCKER_GID:}"
+    }
   },
   "mounts": [
     "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
@@ -37,7 +39,7 @@
         "github.vscode-github-actions"
       ],
       "settings": {
-        "python.defaultInterpreterPath": "/workspaces/eps-prescription-status-update/.venv/bin/python",
+        "python.defaultInterpreterPath": "/workspaces/eps-prescription-status-update-api/.venv/bin/python",
         "python.analysis.autoSearchPaths": true,
         "python.analysis.extraPaths": [],
         "python.testing.unittestEnabled": false,
@@ -55,14 +57,15 @@
       }
     }
   },
-    "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
-    "postAttachCommand": "docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && poetry run pre-commit install --install-hooks -f",
-    "features": {
-      "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
-        "version": "latest",
-        "moby": "true",
-        "installDockerBuildx": "true"
-      },
-      "ghcr.io/devcontainers/features/github-cli:1": {}
-    }
+  "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
+  "updateRemoteUserUID": true,
+  "postAttachCommand": "docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && poetry run pre-commit install --install-hooks -f",
+  "features": {
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
+      "version": "latest",
+      "moby": "true",
+      "installDockerBuildx": "true"
+    },
+    "ghcr.io/devcontainers/features/github-cli:1": {}
+  }
 }