CCM-12672: Improve devcontainer build and update asdf (#191)

* chore: Update devcontainer configuration and post-create script for improved SSL certificate handling

* chore: Update SSL certificate paths in Dockerfile and post-create script to use combined global + custom certs

* chore: Enhance devcontainer setup with improved Zsh configuration and additional dependencies

* chore: Enhance devcontainer setup with improved Zsh configuration and additional dependencies

* chore: Add asdf shims to devcontainer path

* chore: Update devcontainer configuration to streamline post-create command and refine PATH settings

* Remove redundant path config

* chore: Refine devcontainer configuration by removing redundant remoteEnv and updating PATH in Dockerfile

* chore: Add AWS CLI feature and update mounts for AWS configuration

* Downgrade Python version to 3.12.11 in .tool-versions to work with proxygen

Author: m-houston

.devcontainer/devcontainer.json

@@ -63,6 +63,7 @@
       "omzPlugins": "https://github.com/zsh-users/zsh-autosuggestions.git https://github.com/zsh-users/zsh-syntax-highlighting.git",
       "plugins": "zsh-autosuggestions zsh-syntax-highlighting"
     },
+    "ghcr.io/devcontainers/features/aws-cli:1": {},
     "ghcr.io/devcontainers/features/common-utils": {
       "configureZshAsDefaultShell": true,
       "installOhMyZsh": true,
@@ -75,11 +76,11 @@
       "installDockerComposeSwitch": true,
       "moby": true,
       "version": "latest"
-    },
-    "ghcr.io/devcontainers/features/ruby:1": {}
+    }
   },
   "mounts": [
-    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached"
+    "source=${localEnv:HOME}/.ssh,target=/home/vscode/.ssh,type=bind,consistency=cached",
+    "source=${localEnv:HOME}/.aws,target=/home/vscode/.aws,type=bind,consistency=cached"
   ],
   "name": "Devcontainer",
   "postCreateCommand": "scripts/devcontainer/postcreatecommand.sh"

.tool-versions

@@ -3,7 +3,7 @@ gitleaks 8.24.0
 jq 1.6
 nodejs 22.15.0
 pre-commit 3.6.0
-python 3.13.2
+python 3.12.11
 terraform 1.10.1
 terraform-docs 0.19.0
 trivy 0.61.0

.vscode/settings.json

@@ -8,8 +8,7 @@
     "**/.svn": true,
     "**/CVS": true,
     "**/Thumbs.db": true,
-    //".devcontainer": true,
     ".github": false,
     ".vscode": false
-  },
+  }
 }

scripts/devcontainer/Dockerfile

@@ -1,18 +1,42 @@
 # syntax=docker/dockerfile:1
 FROM mcr.microsoft.com/devcontainers/base:ubuntu
 
-# Copy CA certs and Dynamically set NODE_EXTRA_CA_CERTS accordingly
-RUN apt-get update && apt-get install -y ca-certificates
+# Copy CA certs and install Ruby and Go via Ubuntu packages (much faster than building from source)
+# Also install development libraries needed for Python compilation via asdf
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    ruby-full \
+    ruby-dev \
+    build-essential \
+    golang-go \
+    libsqlite3-dev \
+    libbz2-dev \
+    libncurses-dev \
+    libffi-dev \
+    libreadline-dev \
+    liblzma-dev \
+    libssl-dev \
+    zlib1g-dev \
+    && rm -rf /var/lib/apt/lists/*
 COPY custom-ca-certs/. /usr/local/share/ca-certificates/
 RUN update-ca-certificates
 
-# Concatenate all certs for use in EnvVars
-RUN find /usr/local/share/ca-certificates -type f \( -name '*.pem' -o -name '*.crt' \) -exec cat {} + > "/usr/local/share/ca-certificates/combined-cacerts.pem"
+# Use the updated system CA bundle which now includes both system and custom CAs
+ENV NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt"
+ENV SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
+ENV REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"
+ENV CURL_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"
+ENV GIT_SSL_CAINFO="/etc/ssl/certs/ca-certificates.crt"
+
+# Set Go environment variables and prepend asdf shims/bin to PATH
+ENV GOPATH="/home/vscode/go"
+ENV PATH="/home/vscode/.asdf/shims:/home/vscode/.asdf/bin:/go/bin:${GOPATH}/bin:${PATH}"
 
 # Ensure CA Certs is available for all shells, Node, Python & Ruby
 USER vscode
-RUN echo 'NODE_EXTRA_CA_CERTS="/usr/local/share/ca-certificates/combined-cacerts.pem"' >> ~/.zshrc
-RUN echo 'SSL_CERT_FILE="/usr/local/share/ca-certificates/combined-cacerts.pem"' >> ~/.zshrc
-RUN echo 'REQUESTS_CA_BUNDLE="/usr/local/share/ca-certificates/combined-cacerts.pem"' >> ~/.zshrc
-RUN echo 'CURL_CA_BUNDLE="/usr/local/share/ca-certificates/combined-cacerts.pem"' >> ~/.zshrc
-RUN echo 'GIT_SSL_CAINFO="/usr/local/share/ca-certificates/combined-cacerts.pem"' >> ~/.zshrc
+
+RUN echo 'NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt"' >> ~/.zshrc
+RUN echo 'SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"' >> ~/.zshrc
+RUN echo 'REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"' >> ~/.zshrc
+RUN echo 'CURL_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"' >> ~/.zshrc
+RUN echo 'GIT_SSL_CAINFO="/etc/ssl/certs/ca-certificates.crt"' >> ~/.zshrc

scripts/devcontainer/postcreatecommand.sh

@@ -1,18 +1,14 @@
-#!/bin/bash
-
-rm -Rf ~/.asdf
-git clone https://github.com/asdf-vm/asdf.git ~/.asdf;
-chmod +x ~/.asdf/asdf.sh;
-echo '. $HOME/.asdf/asdf.sh' >> ~/.zshrc
+#!/bin/zsh
 
 echo 'export GPG_TTY=$TTY' | cat - ~/.zshrc > temp && mv temp ~/.zshrc
 
+echo 'eval "$(asdf completion zsh)"' >> ~/.zshrc
 source ~/.zshrc
 
-echo 'asdf setup complete'
-
+make _install-dependencies # required before config to ensure python is available due to race between config:: make targets
 make config
 
+sudo gem install jekyll bundler
 jekyll --version && cd docs && bundle install
 
 echo 'jekyll setup complete'