use mise

Author: opopops

.github/workflows/code-server.yml

@@ -31,4 +31,5 @@ jobs:
     with:
       tag: ${{ matrix.version }}${{ matrix.variant == 'dev' && '-dev' || '' }}
       target: ${{ matrix.variant }}
+      scan: 'false'
     secrets: inherit

.github/workflows/iac.yml

@@ -114,6 +114,8 @@ jobs:
           target: ${{ inputs.target }}
           platforms: linux/amd64
           cache-from: type=local,src=${{ runner.temp }}/.buildx-cache
+          secrets: |
+            "github_token=${{ secrets.GITHUB_TOKEN }}"
           load: true
           pull: true
           push: false
@@ -147,6 +149,8 @@ jobs:
           platforms: ${{ inputs.platforms }}
           cache-from: type=local,src=${{ runner.temp }}/.buildx-cache
           cache-to: type=local,dest=${{ runner.temp }}/.buildx-cache-new,mode=max
+          secrets: |
+            "github_token=${{ secrets.GITHUB_TOKEN }}"
           pull: true
           push: true
           sbom: true

.github/workflows/release.yaml

@@ -3,178 +3,8 @@
 ARG WOLFI_VERSION="latest"
 ARG CODE_SERVER_VERSION="latest"
 
-FROM --platform=$BUILDPLATFORM cgr.dev/chainguard/wolfi-base:${WOLFI_VERSION} AS base
-
-ARG TARGETOS
-ARG TARGETARCH
-ARG TARGETVARIANT
-
-RUN apk add --no-cache \
-    curl \
-    gzip \
-    unzip
-
-FROM base AS jq
-
-# --- Install jq CLI
-ARG JQ_VERSION="1.7.1"
-ENV JQ_VERSION=$JQ_VERSION
-RUN curl -fsL --output /usr/bin/jq \
-    https://github.com/jqlang/jq/releases/download/jq-${JQ_VERSION}/jq-${TARGETOS}-${TARGETARCH} && \
-    chmod 755 /usr/bin/jq
-
-USER nonroot
-
-FROM base AS yq
-
-# --- Install yq CLI
-ARG YQ_VERSION="v4.44.1"
-ENV YQ_VERSION=$YQ_VERSION
-RUN curl -fsL --output /usr/bin/yq \
-    https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_${TARGETOS}_${TARGETARCH} && \
-    chmod 755 /usr/bin/yq
-
-USER nonroot
-
-FROM base AS powerline-go
-
-# --- Install yq CLI
-ARG POWERLINEGO_VERSION="v1.24"
-ENV POWERLINEGO_VERSION=$POWERLINEGO_VERSION
-RUN curl -fsL --output /usr/bin/powerline-go \
-    https://github.com/justjanne/powerline-go/releases/download/${POWERLINEGO_VERSION}/powerline-go-${TARGETOS}-${TARGETARCH} && \
-    chmod 755 /usr/bin/powerline-go
-
-USER nonroot
-
-FROM base AS kubectl
-
-# --- Install kubectl CLI
-ARG KUBECTL_VERSION="v1.29.5"
-ENV KUBECTL_VERSION=$KUBECTL_VERSION
-RUN curl -fsSL https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl \
-    -o /usr/bin/kubectl && \
-    chmod 755 /usr/bin/kubectl
-
-USER nonroot
-
-FROM base AS k9s
-
-# --- Install k9s CLI
-ARG K9S_VERSION="v0.50.16"
-ENV K9S_VERSION=$K9S_VERSION
-RUN curl -fsSL https://github.com/derailed/k9s/releases/download/${K9S_VERSION}/k9s_Linux_${TARGETARCH}.tar.gz | \
-    tar xvzf - -C /usr/bin k9s && \
-    chmod 755 /usr/bin/k9s
-
-USER nonroot
-
-FROM base AS helm
-
-# --- Install helm CLI
-ARG HELM_VERSION="v3.19.2"
-ENV HELM_VERSION=$HELM_VERSION
-RUN curl -fsSL https://get.helm.sh/helm-${HELM_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz | \
-    tar xvzf - --strip-components=1 -C /usr/bin ${TARGETOS}-${TARGETARCH}/helm && \
-    chmod 755 /usr/bin/helm
-
-USER nonroot
-
-FROM base AS helmfile
-
-# --- Install helmfile CLI
-ARG HELMFILE_VERSION="1.2.2"
-ENV HELMFILE_VERSION=$HELMFILE_VERSION
-RUN curl -fsSL https://github.com/helmfile/helmfile/releases/download/v${HELMFILE_VERSION}/helmfile_${HELMFILE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz | \
-    tar xvzf - -C /usr/bin helmfile && \
-    chmod 755 /usr/bin/helmfile
-
-USER nonroot
-
-FROM base AS grype
-
-# --- Install grype CLI
-ARG GRYPE_VERSION="0.104.1"
-ENV GRYPE_VERSION=$GRYPE_VERSION
-RUN curl -fsSL https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz | \
-    tar xvzf - -C /usr/bin grype && \
-    chmod 755 /usr/bin/grype
-
-USER nonroot
-
-FROM base AS cosign
-
-# --- Install cosign CLI
-ARG COSIGN_VERSION="3.0.2"
-ENV COSIGN_VERSION=$COSIGN_VERSION
-RUN curl -fsSL https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-${TARGETOS}-${TARGETARCH} \
-    -o /usr/bin/cosign && \
-    chmod 755 /usr/bin/cosign
-
-USER nonroot
-
-FROM base AS terraform
-
-# --- Install terraform CLI
-ARG TERRAFORM_VERSION="1.14.1"
-ENV TERRAFORM_VERSION=$TERRAFORM_VERSION
-RUN TEMP_DIR=$(mktemp -d) && \
-    curl -fsSL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_${TARGETOS}_${TARGETARCH}.zip \
-    -o ${TEMP_DIR}/terraform.zip && \
-    unzip -d $TEMP_DIR ${TEMP_DIR}/terraform.zip  && \
-    mv ${TEMP_DIR}/terraform /usr/bin/terraform && \
-    chmod 755 /usr/bin/terraform && \
-    rm -rf ${TEMP_DIR}
-
-USER nonroot
-
-FROM base AS tofu
-
-# --- Install tofu CLI
-ARG TOFU_VERSION="1.10.8"
-ENV TOFU_VERSION=$TOFU_VERSION
-RUN curl -fsSL https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz | \
-    tar xvzf - -C /usr/bin tofu && \
-    chmod 755 /usr/bin/tofu
-
-USER nonroot
-
-FROM base AS terragrunt
-
-# --- Install terragrunt CLI
-ARG TERRAGRUNT_VERSION="0.94.0"
-ENV TERRAGRUNT_VERSION=$TERRAGRUNT_VERSION
-RUN curl -fsSL https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH} \
-    -o /usr/bin/terragrunt && \
-    chmod 755 /usr/bin/terragrunt
-
-USER nonroot
-
-FROM base AS vault
-
-# --- Install vault CLI
-ARG VAULT_VERSION="1.21.1"
-ENV VAULT_VERSION=$VAULT_VERSION
-RUN TEMP_DIR=$(mktemp -d) && \
-    curl -fsSL https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_${TARGETOS}_${TARGETARCH}.zip \
-    -o ${TEMP_DIR}/vault.zip && \
-    unzip -d $TEMP_DIR ${TEMP_DIR}/vault.zip  && \
-    mv ${TEMP_DIR}/vault /usr/bin/vault && \
-    chmod 755 /usr/bin/vault && \
-    rm -rf ${TEMP_DIR}
-
-USER nonroot
-
-FROM base AS dagger
-
-# --- Install dagger CLI
-ARG DAGGER_VERSION="0.19.8"
-ENV DAGGER_VERSION=$DAGGER_VERSION
-RUN curl -fsSL https://github.com/dagger/dagger/releases/download/v${DAGGER_VERSION}/dagger_v${DAGGER_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz | \
-    tar xvzf - -C /usr/bin dagger && \
-    chmod 755 /usr/bin/dagger
-
-USER nonroot
+ARG MISE_VERSION="2025.12.0"
+FROM jdxcode/mise:${MISE_VERSION} AS mise
 
 FROM lscr.io/linuxserver/code-server:${CODE_SERVER_VERSION} AS prod
 
@@ -188,7 +18,6 @@ LABEL org.opencontainers.image.source="https://github.com/opopops/docker/tree/ma
 LABEL org.opencontainers.image.description="Code-Server image"
 
 ENV DEBIAN_FRONTEND="noninteractive"
-RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
 RUN --mount=type=cache,id=apt-cache-${TARGETARCH}${TARGETVARIANT},target=/var/cache/apt,sharing=locked \
     --mount=type=cache,id=apt-${TARGETARCH}${TARGETVARIANT},target=/var/lib/apt,sharing=locked \
     apt-get update && \
@@ -204,63 +33,27 @@ RUN --mount=type=cache,id=apt-cache-${TARGETARCH}${TARGETVARIANT},target=/var/ca
     nano \
     openssh-client \
     pigz \
-    pipx \
-    python3-pip \
-    python3-venv \
     rsync \
     unzip \
     vim
 
-ENV EDITOR=vi
-ENV PATH="${PATH}:/config/.local/bin"
-
-# --- Install docker
-ARG DOCKER_VERSION="29.1.2"
-ENV DOCKER_VERSION=$DOCKER_VERSION
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
-    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
-    $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-# Pin docker version
-# https://docs.docker.com/engine/release-notes/23.0/
-RUN cat <<EOF > /etc/apt/preferences.d/docker
-Package: /docker-ce/
-Pin: version 5:${DOCKER_VERSION}*
-Pin-Priority: 1000
-EOF
-
-RUN --mount=type=cache,id=apt-cache-${TARGETARCH}${TARGETVARIANT},target=/var/cache/apt,sharing=locked \
-    --mount=type=cache,id=apt-${TARGETARCH}${TARGETVARIANT},target=/var/lib/apt,sharing=locked \
-    apt-get update && \
-    apt-get install --yes --no-install-recommends \
-    docker-buildx-plugin \
-    docker-compose-plugin \
-    docker-ce-cli
+# --- Install mise
+ENV MISE_CACHE_DIR=/mise/cache \
+    MISE_CONFIG_DIR=/mise \ 
+    MISE_DATA_DIR=/mise
 
-RUN groupadd -g 996 docker && \
-    usermod -a -G docker abc
+RUN mkdir -p \
+    $MISE_CONFIG_DIR \
+    $MISE_CACHE_DIR \
+    $MISE_DATA_DIR 
 
-# --- Install python packages
-RUN --mount=type=cache,target=/config/.cache/pip \
-    pipx install ansible-lint && \
-    pipx install pylint && \
-    pipx install pytest && \
-    pipx install ruff && \
-    pipx install uv
+COPY --link --from=mise /usr/local/bin/mise /usr/local/bin/mise
+COPY ./mise.toml ${MISE_CONFIG_DIR}/mise.toml
+RUN --mount=type=cache,id=mise-cache,target=${MISE_CACHE_DIR} \
+    --mount=type=secret,id=github_token,env=GITHUB_TOKEN \
+    mise upgrade
 
-# --- Install binaries
-COPY --link --from=cosign /usr/bin/cosign /usr/local/bin/cosign
-COPY --link --from=dagger /usr/bin/dagger /usr/local/bin/dagger
-COPY --link --from=grype /usr/bin/grype /usr/local/bin/grype
-COPY --link --from=helm /usr/bin/helm /usr/local/bin/helm
-COPY --link --from=helmfile /usr/bin/helmfile /usr/local/bin/helmfile
-COPY --link --from=jq /usr/bin/jq /usr/local/bin/jq
-COPY --link --from=k9s /usr/bin/k9s /usr/local/bin/k9s
-COPY --link --from=kubectl /usr/bin/kubectl /usr/local/bin/kubectl
-COPY --link --from=powerline-go /usr/bin/powerline-go /usr/local/bin/powerline-go
-COPY --link --from=tofu /usr/bin/tofu /usr/bin/local/tofu
-COPY --link --from=vault /usr/bin/vault /usr/local/bin/vault
-COPY --link --from=yq /usr/bin/yq /usr/bin/local/yq
+ENV EDITOR=vi
 
 # --- Update bashrc
 RUN cat <<EOF >> /config/.bashrc
@@ -280,11 +73,15 @@ alias kwolfi="kubectl run shell --rm -i --tty --image-pull-policy='Always' --ima
 alias terraform='tofu'
 alias tf='tofu'
 
+# MISE
+eval "$(mise activate bash)"
+
+# POWERLINE-GO
 function _update_ps1() {
-    PS1="\$(/usr/bin/powerline-go -mode flat -hostname-only-if-ssh -cwd-max-depth 3 -modules cwd,git,terraform-workspace,kube -error \$? -jobs \$(jobs -p | wc -l))"
+    PS1="\$(powerline-go -mode flat -hostname-only-if-ssh -cwd-max-depth 3 -modules cwd,git,terraform-workspace,kube -error \$? -jobs \$(jobs -p | wc -l))"
 }
 
-if [ "\$TERM" != "linux" ] && [ -f "/usr/bin/powerline-go" ]; then
+if [ "\$TERM" != "linux" ]; then
     PROMPT_COMMAND="_update_ps1; \$PROMPT_COMMAND"
 fi
 EOF

images/code-server/Dockerfile

@@ -0,0 +1,50 @@
+min_version = "2025.12.0"
+
+[settings]
+jobs = 4
+
+[tools]
+# Core tools
+python = { version = "3.13" }
+
+# Packages managers
+uv = { version = "latest" }
+pipx = { version = "latest" }
+
+# Additional tools
+apko = { version = "latest" }
+aws-cli = { version = "latest" }
+cosign = { version = "latest" }
+crane = { version = "latest" }
+dagger = { version = "latest" }
+docker-cli = { version = "latest" }
+docker-compose = { version = "latest" }
+envsubst = { version = "latest" }
+github-cli = { version = "latest" }
+gitleaks = { version = "latest" }
+grype = { version = "latest" }
+helm = { version = "latest" }
+helm-diff = { version = "latest" }
+helmfile = { version = "latest" }
+jq = { version = "latest" }
+k3d = { version = "latest" }
+k9s = { version = "latest" }
+kube-capacity = { version = "latest"}
+kubeconform = { version = "latest" }
+kubectl = { version = "latest" }
+kustomize = { version = "latest" }
+melange = { version = "latest" }
+opentofu = { version = "latest" }
+packer = { version = "latest" }
+powerline-go = { version = "latest" }
+pre-commit = { version = "latest" }
+ruff = { version = "latest" }
+terraform = { version = "latest" }
+usage = { version = "latest" }
+yq = { version = "latest" }
+
+# Pipx tools
+"pipx:ansible" = { version = "latest", uvx = "false", pipx_args = "--include-deps" }
+
+# GiHub Tools: https://mise.jdx.dev/dev-tools/backends/github.html#github-backend
+"github:docker/buildx" = { version = "latest" , bin = "docker-buildx"}