ci: add container content diff

[rjaegers]

🚀 Hey, I have created a Pull Request

Description of changes

This PR adds a container content diff to the build steps. Having the ability to diff the created images to the edge baseline has the benefit of seeing exactly what changed in a new image version. This has several uses:

• Explain where a size delta came from
• Identify issues with build repproduceability
• See exactly what is changed with new or updated packages

✔️ Checklist

• I have followed the contribution guidelines for this repository
• I have added tests for new behavior, and have not broken any existing tests
• I have added or updated relevant documentation
• I have verified that all added components are accounted for in the SBOM

[Copilot]

Pull Request Overview

Adds a CI step to generate and upload a semantic diff of container contents using diffoci.

• Download and run diffoci to compare edge vs. versioned container
• Save output to container-diff.json and upload it as a workflow artifact

Comments suppressed due to low confidence (3)

.github/workflows/wc-build-push.yml:173

• [nitpick] Pinning the action by a commit SHA works, but using the semantic version tag (e.g., actions/[email protected]) improves readability and eases future upgrades.

      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

.github/workflows/wc-build-push.yml:165

• [nitpick] Adding a name: field for this step (e.g., Run diffoci semantic diff) would make the workflow more self-documenting in CI logs.

      - run: |

.github/workflows/wc-build-push.yml:167

• Consider verifying the downloaded diffoci binary with a checksum or signature to ensure its integrity and prevent supply-chain attacks.

          wget -O diffoci https://github.com/reproducible-containers/diffoci/releases/download/v0.1.7/diffoci-v0.1.7.linux-amd64

[github-actions]

Test Results

 4 files  ±0   4 suites  ±0   2m 22s ⏱️ -1s
30 tests ±0  30 ✅ ±0  0 💤 ±0  0 ❌ ±0 
64 runs  ±0  64 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit d93c623. ± Comparison against base commit 8d1dc8d.

♻️ This comment has been updated with latest results.

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	18		0	0	0.6s
✅ DOCKERFILE	hadolint	2		0	0	0.76s
✅ GHERKIN	gherkin-lint	2		0	0	1.03s
✅ JSON	npm-package-json-lint	yes		no	no	0.38s
✅ JSON	prettier	16	1	0	0	0.47s
✅ JSON	v8r	16		0	0	7.16s
✅ MARKDOWN	markdownlint	9	0	0	0	0.89s
✅ MARKDOWN	markdown-table-formatter	9	0	0	0	0.23s
✅ REPOSITORY	checkov	yes		no	no	16.61s
✅ REPOSITORY	gitleaks	yes		no	no	0.4s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
⚠️ REPOSITORY	grype	yes		no	1	23.44s
✅ REPOSITORY	secretlint	yes		no	no	0.98s
✅ REPOSITORY	syft	yes		no	no	1.98s
✅ REPOSITORY	trivy	yes		no	no	6.85s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.24s
✅ REPOSITORY	trufflehog	yes		no	no	3.27s
✅ SPELL	lychee	63		0	0	2.57s
✅ YAML	prettier	24	0	0	0	0.97s
✅ YAML	v8r	24		0	0	6.58s
✅ YAML	yamllint	24		0	0	1.06s

See detailed report in MegaLinter reports

[github-actions]

📦 Container Size Analysis

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge to ghcr.io/philips-software/amp-devcontainer-rust:pr-845

📈 Size Comparison Table

OS/Platform	Previous Size	Current Size	Change	Trend
linux/amd64	489.22M	489.22M	0.00 (+0.00%)	🔄
linux/arm64	441.18M	441.18M	0.00 (+0.00%)	🔄

[github-actions]

📦 Container Size Analysis

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge to ghcr.io/philips-software/amp-devcontainer-cpp:pr-845

📈 Size Comparison Table

OS/Platform	Previous Size	Current Size	Change	Trend
linux/amd64	662.41M	656.98M	-5.43M (-0.82%)	🔽
linux/arm64	645.11M	639.69M	-5.42M (-0.84%)	🔽

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Pull Request Report (#845)

Static measures

Description	Value
Number of added lines	34
Number of deleted lines	12
Number of changed files	3
Number of commits	8
Number of reviews	2
Number of comments (w/o review comments)	5
Number of reviews that contains a comment to resolve	1
Number of reviews that requested a change from the author	0
Number of reviews that approved the Pull Request	1
Get the total number of participants of a Pull Request	5

Time related measures

Description	Value
PR lead time (from creation to close of PR)	9.8 Days
Time that was spend on the branch before the PR was created	16 Sec
Time that was spend on the branch before the PR was merged	9.8 Days
Time to merge after last review	4.9 Days

Status check related measures

Description	Value
Total runtime for last status check run (Workflow for PR)	42 Min
Total time spend in last status check run on PR	18.6 Min

[github-actions]

🎉 Hooray! The changes in this pull request went live with the release of v6.2.0 🎉