Refactor devcontainer configuration (#9)

Refactor devcontainer configuration and add workflow for rebuilding devcontainer image

Co-authored-by: Vianpyro <vianney@veremme.org>

Author: Vianpyro

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
-    "name": "ChocoMax API Development Container",
-    "dockerFile": "Dockerfile",
+    "name": "ChocoMax API",
+    "image": "ghcr.io/themaximousse/api-devcontainer:latest",
     "customizations": {
         "settings": {
             "terminal.integrated.shell.linux": "/bin/bash"

.github/workflows/package-docker-image.yml

@@ -1,41 +1,107 @@
 ---
-name: Package Docker Image
+name: Package Docker Images
 
 permissions:
   packages: write
+  contents: write
 
 on:
   push:
     branches:
       - main
-  workflow_dispatch:
+    paths:
+      - 'app/**/*.py'
+      - '.devcontainer/**'
+      - '.github/workflows/package-docker-images.yml'
 
 jobs:
-  docker:
+  build-docker-images:
+    name: Build and push ${{ matrix.name }} image
     runs-on: ubuntu-latest
+    continue-on-error: true
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: api
+            context: ./
+            dockerfile: Dockerfile
+            path_filter: api/
+            needs_api_url: true
+          - name: api-devcontainer
+            context: ./.devcontainer
+            dockerfile: .devcontainer/Dockerfile
+            path_filter: .devcontainer/
+            needs_api_url: true
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if build is needed
+        id: check_changes
+        run: |
+          # Check if files in the component's directory were changed
+          if git diff --name-only HEAD~1 HEAD | grep -q "^${{ matrix.path_filter }}" || \
+             git diff --name-only HEAD~1 HEAD | grep -q "^\.github/workflows/package-docker-images\.yml"; then
+            echo "should_build=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "should_build=false" >> "$GITHUB_OUTPUT"
+          fi
 
       - name: Extract version
+        if: steps.check_changes.outputs.should_build == 'true'
         id: version
         run: |
-          VERSION=$(grep -oP '__version__\s*=\s*"\K[0-9]+\.[0-9]+\.[0-9]+' app/version.py)
+          VERSION=$(date +%y.%m.%d.%H.%M)
           echo "tag=$VERSION" >> "$GITHUB_OUTPUT"
 
-      - uses: docker/login-action@v3
+      - name: Normalize repository owner
+        if: steps.check_changes.outputs.should_build == 'true'
+        id: repo_owner
+        run: echo "name=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
+
+      - name: Validate Dockerfile exists
+        if: steps.check_changes.outputs.should_build == 'true'
+        run: |
+          test -f "${{ matrix.dockerfile }}" || (echo "Dockerfile not found at ${{ matrix.dockerfile }}" && exit 1)
+
+      - name: Set up QEMU
+        if: steps.check_changes.outputs.should_build == 'true'
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        if: steps.check_changes.outputs.should_build == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        if: steps.check_changes.outputs.should_build == 'true'
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Normalize image name
-        run: |
-          echo "REPO_LOWER=$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"
+      - name: Build and push ${{ matrix.name }} image
+        if: steps.check_changes.outputs.should_build == 'true'
+        uses: docker/build-push-action@v5
+        with:
+          context: ${{ matrix.context }}
+          platforms: linux/amd64,linux/arm64
+          push: true
+          build-args: ${{ matrix.needs_api_url == true && format('PUBLIC_API_URL={0}', secrets.PUBLIC_API_URL) || '' }}
+          tags: |
+            ghcr.io/${{ steps.repo_owner.outputs.name }}/${{ matrix.name }}:${{ steps.version.outputs.tag }}
+            ghcr.io/${{ steps.repo_owner.outputs.name }}/${{ matrix.name }}:latest
+          cache-from: type=gha,scope=${{ matrix.name }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.name }}
 
-      - name: Build and push Docker image
-        run: |
-          IMAGE="ghcr.io/${REPO_LOWER}-image:${{ steps.version.outputs.tag }}"
-          echo "🔨 Building image: $IMAGE"
-          docker build -t "$IMAGE" .
-          docker push "$IMAGE"
+      - name: Generate SBOM
+        if: steps.check_changes.outputs.should_build == 'true'
+        uses: anchore/sbom-action@v0
+        with:
+          image: ghcr.io/${{ steps.repo_owner.outputs.name }}/${{ matrix.name }}:${{ steps.version.outputs.tag }}
+          format: spdx-json
+          upload-release-assets: false
+          artifact-name: sbom-${{ matrix.name }}-${{ steps.version.outputs.tag }}

.github/workflows/update-devcontainer.yml

@@ -0,0 +1,48 @@
+---
+name: Rebuild Devcontainer to Update Dependencies
+
+permissions:
+  packages: write
+  contents: write
+
+on:
+  schedule:
+    - cron: '0 4 1 * *' # Run monthly on the 1st at 4 AM UTC
+  workflow_dispatch:
+
+jobs:
+  rebuild-devcontainer:
+    name: Rebuild devcontainer base image
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract version
+        id: version
+        run: |
+          VERSION=$(date +%y.%m.%d.%H.%M)
+          echo "tag=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push devcontainer image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./.devcontainer
+          platforms: linux/amd64,linux/arm64
+          push: true
+          no-cache: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/api-devcontainer:${{ steps.version.outputs.tag }}
+            ghcr.io/${{ github.repository_owner }}/api-devcontainer:latest