You can start working on developing with this project with relative ease by using the VS Code Remote Development extension. In this project there is a folder named .devcontainer that allows users to open the project in a docker container using the custom built development image. This development image has all the items needed to start working on the cfn_nag project right out of the box. All you need to do is open the project in the VS Code Remote Container to get started.
- Install the VS Code Remote Development extension pack
- Open the repo in VS Code
- When prompted "
Folder contains a dev container configuration file. Reopen folder to develop in a container" click the "Reopen in Container" button - When opening in the future use the "
[Dev Container] cfn_nag Development" option
There are a couple of dependencies that you need to configure locally before being able to fully utizlize the Remote Developemnt environment.
- Requires
ms-vscode-remote.remote-containers>=0.101.0 - Docker
- Needs to be installed in order to use the remote development container
- GPG
- Should to be installed in
~/.gnupg/to be able to sign git commits with gpg
- Should to be installed in
- SSH
- Should to be installed in
~/.sshto be able to use your ssh config and keys.
- Should to be installed in
The main .devcontainer/Dockerfile points to the latest stelligent/vscode-remote-cfn_nag Docker Hub container image. This image is created and pushed by a separate GitHub Actions Workflow. It will tag the newly created image with the short git sha and latest.
The stelligent/vscode-remote-cfn_nag container image is build and controlled by the .devcontainer/build/Dockerfile
From within this file we are starting from the official Ruby 2.5 image and then going through and installing and configuring the necessary items for the remote build environment.
Some important items to note here:
- Installs the
dockercli so that theraketasks can still run from within the remote development container environment. - Installs gems needed for the project and vscode extensions.
- Creates a non-root user (
cfn_nag_dev) and providessudoaccess so that the user can run theraketasks that call thedockercli. - Creates a way for the
bashcommand history to be saved between container runs. - Sets up the GPG home directory and sets the
ttyso that you can still sign git commits inside the container.
The VS Code Remote Development container settings are controlled from within the .devcontainer/devcontainer.json file.
Some important items to note here:
- Container Mount Consistency is set to
consistentto avoid a lag or mismatch from files that are changed during code editing from inside the remote container environment. DND_PWDEnvironment Variable is created to help with theraketasks that are executed while inside the remote container. The mount source needs to reference the local systems path from within the docker container.- Mounts:
- A volume is created and mounted to store the
bashcommand line history from within the container. Now when you close the connection and reopen at a later date, you can still search for previously used commands as needed. - The Docker socket is mounted so that you can still run
dockercommands from within the remote container environment. - If it exists, your local ssh directory (
~/.ssh) is mounted so that you still access your config and sshkeys to be able to connect to github with key authentication. - If it exists, your local gpg items (
~/.gnupg) are mounted so that you can still sign your commits and tags from within the remote container.
- A volume is created and mounted to store the
- Several vscode extensions are installed to help the user jumping right into project development. These extensions also have custom configured settings to work within the remote container environment.
- Runs
bundle installso that everything is fully setup for the user before they get logged into the connection. The user can simply just run therakecommands without needing to set anything else up.