feat: add devcontainer templates

.devcontainer/cpp-template/.devcontainer/Dockerfile

@@ -0,0 +1,3 @@
+FROM ghcr.io/philips-software/amp-devcontainer-cpp:${templateOption:imageVersion}
+
+HEALTHCHECK NONE

.devcontainer/cpp-template/.devcontainer/devcontainer.json

@@ -0,0 +1,5 @@
+{
+  "build": {
+    "dockerfile": "Dockerfile"
+  }
+}

.devcontainer/cpp-template/.github/dependabot.yml

@@ -0,0 +1,10 @@
+---
+version: 2
+
+updates:
+  - package-ecosystem: docker
+    directory: .devcontainer
+    schedule:
+      interval: weekly
+    cooldown:
+      default-days: 5

.devcontainer/cpp-template/devcontainer-template.json

@@ -0,0 +1,22 @@
+{
+  "id": "cpp-template",
+  "version": "6.5.3",
+  "name": "amp-devcontainer-cpp",
+  "description": "A modern, batteries-included software development environment for C++",
+  "documentationURL": "https://github.com/philips-software/amp-devcontainer/blob/main/README.md",
+  "licenseURL": "https://github.com/philips-software/amp-devcontainer/blob/main/LICENSE",
+  "publisher": "philips-software",
+  "options": {
+    "imageVersion": {
+      "type": "string",
+      "description": "amp-devcontainer version",
+      "default": "6.5.3"
+    }
+  },
+  "optionalPaths": [
+    ".github/dependabot.yml"
+  ],
+  "platforms": [
+    "Any"
+  ]
+}

.devcontainer/rust-template/.devcontainer/Dockerfile

@@ -0,0 +1,3 @@
+FROM ghcr.io/philips-software/amp-devcontainer-rust:${templateOption:imageVersion}
+
+HEALTHCHECK NONE

.devcontainer/rust-template/.devcontainer/devcontainer.json

@@ -0,0 +1,5 @@
+{
+  "build": {
+    "dockerfile": "Dockerfile"
+  }
+}

.devcontainer/rust-template/.github/dependabot.yml

@@ -0,0 +1,10 @@
+---
+version: 2
+
+updates:
+  - package-ecosystem: docker
+    directory: .devcontainer
+    schedule:
+      interval: weekly
+    cooldown:
+      default-days: 5

.devcontainer/rust-template/devcontainer-template.json

@@ -0,0 +1,22 @@
+{
+  "id": "rust-template",
+  "version": "6.5.3",
+  "name": "amp-devcontainer-rust",
+  "description": "A modern, batteries-included software development environment for Rust",
+  "documentationURL": "https://github.com/philips-software/amp-devcontainer/blob/main/README.md",
+  "licenseURL": "https://github.com/philips-software/amp-devcontainer/blob/main/LICENSE",
+  "publisher": "philips-software",
+  "options": {
+    "imageVersion": {
+      "type": "string",
+      "description": "amp-devcontainer version",
+      "default": "6.5.3"
+    }
+  },
+  "optionalPaths": [
+    ".github/dependabot.yml"
+  ],
+  "platforms": [
+    "Any"
+  ]
+}

.github/workflows/pr-image-cleanup.yml

@@ -22,6 +22,7 @@ jobs:
         with:
           delete-tags: pr-${{ github.event.pull_request.number }}
           packages: amp-devcontainer,amp-devcontainer-cpp,amp-devcontainer-rust
+
   cleanup-cache:
     name: 🧹 Cleanup Cache
     runs-on: ubuntu-latest

.github/workflows/release-build.yml

@@ -2,10 +2,8 @@
 name: Release Build
 
 on:
-  push:
-    # This workflow should only run on tags, it will trigger when release-please
-    # kicks-off the release process.
-    tags: ["v*.*.*"]
+  release:
+    types: [published]
   workflow_dispatch:
 
 concurrency:
@@ -40,6 +38,7 @@ jobs:
       integration-test-file: test/${{ matrix.flavor }}/integration-tests.bats
       acceptance-test-path: ${{ matrix.flavor == 'cpp' && 'test/cpp/features' || '' }}
       test-devcontainer-file: ${{ matrix.flavor == 'cpp' && '.devcontainer/cpp-test/devcontainer.json' || '' }}
+
   apply-release-notes-template:
     name: 📝 Apply Release Template
     runs-on: ubuntu-latest
@@ -66,6 +65,7 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
           REF_NAME: ${{ github.ref_name }}
+
   update-release-notes:
     name: Update Release Notes (🍨 ${{ matrix.flavor }})
     strategy:
@@ -117,11 +117,37 @@ jobs:
           DIGEST: ${{ steps.inspect-manifest.outputs.digest }}
           GH_REPO: ${{ github.repository }}
           GH_TOKEN: ${{ github.token }}
+
+  publish-devcontainer-templates:
+    name: 📝 Publish templates
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write # is needed by devcontainers/action to write templates as OCI artifacts
+    steps:
+      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          disable-sudo: true
+          egress-policy: audit
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+      - uses: devcontainers/action@1082abd5d2bf3a11abccba70eef98df068277772 # v1.4.3
+        with:
+          disable-repo-tagging: true
+          publish-templates: true
+          base-path-to-templates: .devcontainer
+
   generate-documents:
     name: 📄 Documentation
     uses: ./.github/workflows/wc-document-generation.yml
     permissions:
       contents: read
+
   upload-documents:
     name: 📄 Upload Documents
     runs-on: ubuntu-latest
@@ -131,6 +157,10 @@ jobs:
       contents: write # is needed to modify a release
     needs: [generate-documents]
     steps:
+      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          disable-sudo: true
+          egress-policy: audit
       - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           pattern: documents
@@ -142,3 +172,17 @@ jobs:
           GH_REPO: ${{ github.repository }}
           GH_TOKEN: ${{ github.token }}
           REF_NAME: ${{ github.ref_name }}
+
+  comment-released-prs:
+    name: Comment on released PRs
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write # is needed by rdlf0/comment-released-prs-action to post comments on PRs
+    steps:
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          disable-sudo-and-containers: true
+          egress-policy: audit
+      - uses: rdlf0/comment-released-prs-action@a81897eaea04a5faa8779d28607826ddb033321a # v3.1.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/update-dependencies.yml

@@ -45,6 +45,7 @@ jobs:
           labels: dependencies,apt
           token: ${{ steps.token.outputs.token }}
           sign-commits: true
+
   update-vscode-extensions:
     name: Update VS Code Extensions (🍨 ${{ matrix.flavor }}, ${{ matrix.file }})
     runs-on: ubuntu-latest

.mega-linter.yml

@@ -21,6 +21,7 @@ PRINT_ALPACA: false
 SHOW_SKIPPED_LINTERS: false
 SPELL_LYCHEE_FILE_EXTENSIONS:
   [".feature", ".json", ".md", ".md.j2", ".txt", ".yaml", ".yml"]
+DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE: (\.devcontainer/.*-template/.*$)
 FILTER_REGEX_EXCLUDE: (CHANGELOG.md|package-lock.json)
 # tasks.json is wrongfully matched against another schema,
 # and schemas for .vscode/[tasks.json|launch.json] are built

release-please-config.json

@@ -24,5 +24,27 @@
       "release-type": "simple"
     }
   },
-  "plugins": ["sentence-case"]
+  "plugins": ["sentence-case"],
+  "extra-files": [
+    {
+      "type": "json",
+      "path": ".devcontainer/cpp-template/devcontainer-template.json",
+      "jsonpath": "$.version"
+    },
+    {
+      "type": "json",
+      "path": ".devcontainer/cpp-template/devcontainer-template.json",
+      "jsonpath": "$.options.imageVersion.default"
+    },
+    {
+      "type": "json",
+      "path": ".devcontainer/rust-template/devcontainer-template.json",
+      "jsonpath": "$.version"
+    },
+    {
+      "type": "json",
+      "path": ".devcontainer/rust-template/devcontainer-template.json",
+      "jsonpath": "$.options.imageVersion.default"
+    }
+  ]
 }