/amp-devcontainer

🔋amp-devcontainer is a batteries-included devcontainer useable for modern, embedded, software development

Primary LanguageTypeScriptMIT LicenseMIT

amp-devcontainer

Linting & Formatting Build & Push OpenSSF Best Practices OpenSSF Scorecard

Overview

This repository contains devcontainers tailored towards modern, embedded, C++ and Rust development.

State

This repository is under active development; see pulse for more details.

Description

Image variants

Two devcontainers are published towards the GitHub Container Registry:

Both containers include a full Visual Studio Code configuration that is compatible with GitHub Codespaces.

A summary of the included tools can be found below. For the full list of all included tools and tool versions see the Dependency Graph, the SBOM published with a release, or the SBOM attached to the image.

amp-devcontainer-cpp

The amp-devcontainer-cpp built from this repository contains compilers and tools to facilitate modern, embedded, C++ development. The amp-devcontainer-cpp includes support for host- and cross-compilation using gcc, arm-gcc and clang compilers. Next to the compilers there is support for package management (using CPM.cmake and Conan) code-coverage measurement, mutation testing (using mull), fuzzing (using libfuzzer) and static analysis and formatting (clang-format, clang-tidy, clangd, include-what-you-use).

The default build system is set up to use CMake, Ninja and CCache.

amp-devcontainer-rust

The amp-devcontainer-rust built from this repository contains the Rust ecosystem and additional tools to facilitate, embedded, Rust development. The amp-devcontainer-rust includes support for host- and cross-compilation. Next to the Rust ecosystem there is support for code-coverage measurement, mutation testing (using cargo-mutants), fuzzing (using rust-fuzz) and static analysis and formatting (clippy, rustfmt).

For embedded development and flashing and debugging probe-rs and flip-link are included.

Visual Studio Code

Both containers can be used in Visual Studio Code or GitHub Codespaces without any additional configuration. All included tools are set-up and necessary plug-ins will be installed at container start. This behavior is implemented by appending devcontainer metadata to an image label according to the specifications. It is possible to override, amend or change the options following this merge logic.

Usage

Verify image signature

The container images are signed with SigStore Cosign using a keyless signing method.

The signature can be verified with the following command (using Docker), verifying that the image is actually signed by the GitHub CI system:

amp-devcontainer-cpp

docker run --rm gcr.io/projectsigstore/cosign verify ghcr.io/philips-software/amp-devcontainer-cpp --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp https://github.com/philips-software/amp-devcontainer

amp-devcontainer-rust

docker run --rm gcr.io/projectsigstore/cosign verify ghcr.io/philips-software/amp-devcontainer-rust --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp https://github.com/philips-software/amp-devcontainer

The resulting containers can be used in a .devcontainer.json file or in a .devcontainer folder.

Note

While the following examples use the latest tag, it is recommended to pin to a specific version. Or better yet, a specific SHA.

amp-devcontainer-cpp

.devcontainer/devcontainer.json or .devcontainer.json

{
    "image": "ghcr.io/philips-software/amp-devcontainer-cpp:latest"
}

amp-devcontainer-rust

.devcontainer/devcontainer.json or .devcontainer.json

{
    "image": "ghcr.io/philips-software/amp-devcontainer-rust:latest"
}

Community

This project uses a code of conduct to define expected conduct in our community. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the repository administrators by using the Report content functionality of GitHub.

Changelog

See the changelog for more info on what's been changed.

Contributing

This project uses Semantic Versioning 2.0.0 and Conventional Commits 1.0.0 please see the contributing guideline for more information.

Build & Test

The containers can be built and tested locally by importing this repository in VS Code with the Remote Containers plug-in installed. As a prerequisite Docker needs to be installed on the host system. Alternatively a GitHub Codespace can be started.

Running the Integration Tests

A test task is available to run the included bats tests. Choose Tasks: Run Test Task from the command pallette (Ctrl + Shift + P).

Running the Acceptance Tests

Create a .env file in the root of the workspace with the following contents, this assumes a GitHub account that has rights to create a Codespace on this repository and is configured for time-based one-time password (TOTP) two-factor authentication (2FA).

GITHUB_USER=
GITHUB_PASSWORD=
GITHUB_TOTP_SECRET=

Test can now be run using the Test Explorer. The user interface is available on port 6080 by-default. When port 6080 is already taken another port will be exposed. This can be seen with the Ports view (Ctrl + Shift + P, Ports: Focus on Ports View).

Reporting vulnerabilities

If you find a vulnerability, please report it to us! See security for more information.

Licenses

See license