kykyi/Actions + Devcontainers on private ECR image

## Actions + Devcontainers on private ECR image
Run VSCode dev containers and GitHub actions off of the same private AWS ECR image

## actions.yml
# .github/actions.yml
name: Test suite

on:
  [push]

permissions:
  id-token: write
  contents: read

jobs:

  login-to-amazon-ecr:
    runs-on: ubuntu-latest
    steps:
    - name: Setup AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        role-to-assume: arn:aws:iam::012345678901:role/github-actions-role
        aws-region: your-region
        mask-aws-account-id: 'false'
    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1
    outputs:
      registry: ${{ steps.login-ecr.outputs.registry }}
      docker_username: ${{ steps.login-ecr.outputs.docker_username_012345678901_dkr_ecr_your_region_amazonaws_com }}
      docker_password: ${{ steps.login-ecr.outputs.docker_username_012345678901_dkr_ecr_eyour_region_amazonaws_com }}

  run-with-internal-service:
    name: Run tests private ECR container
    needs: login-to-amazon-ecr
    runs-on: ubuntu-latest
    container:
      image: ${{ needs.login-to-amazon-ecr.outputs.registry }}/ecr_repo:tag
      credentials:
        username: ${{ needs.login-to-amazon-ecr.outputs.docker_username }}
        password: ${{ needs.login-to-amazon-ecr.outputs.docker_password }}
      ports:
        - '80:80'
    steps:
    - name: Checkout the branch
      uses: actions/checkout@v3
    - name: Setup AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        role-to-assume: arn:aws:iam::012345678901:role/github-actions-role
        aws-region: your-region
    - name: Run tests with pytest
      run: pytest tests --disable-warnings

## devcontainer.json
# .devcontainer/devcontainer.json
{
    "name": "Your devcontainer name",
    "image": "012345678901.dkr.ecr.your-region.amazonaws.com/ecr_repo:tag",
    "mounts": ["source=${localEnv:HOME}/.aws/credentials,target=/workspaces/your-repo/.aws/credentials,type=bind,consistency=cached"]
}

## Dockerfile
# .devcontainer/Dockerfile
# Example for a python environment
FROM python:3.9.7-slim

RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y build-essential cmake git wget

COPY ./.devcontainer/requirements.txt requirements.txt

RUN pip install -r requirements.txt --no-cache-dir

## Makefile
# .devcontainer/Makefile
# amd64 for apple silicon, arm64 for github actions CI
deploy:
	docker buildx build --platform linux/amd64,linux/arm64 --push -t 012345678901.dkr.ecr.your-region.amazonaws.com/ecr_repo:tag -f ./.devcontainer/Dockerfile .

## requirements.txt
# .devcontainer/requirements.txt
# Your requirements here
pytest # for example
	# .github/actions.yml
	name: Test suite

	on:
	[push]

	permissions:
	id-token: write
	contents: read

	jobs:

	login-to-amazon-ecr:
	runs-on: ubuntu-latest
	steps:
	- name: Setup AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	role-to-assume: arn:aws:iam::012345678901:role/github-actions-role
	aws-region: your-region
	mask-aws-account-id: 'false'
	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v1
	outputs:
	registry: ${{ steps.login-ecr.outputs.registry }}
	docker_username: ${{ steps.login-ecr.outputs.docker_username_012345678901_dkr_ecr_your_region_amazonaws_com }}
	docker_password: ${{ steps.login-ecr.outputs.docker_username_012345678901_dkr_ecr_eyour_region_amazonaws_com }}

	run-with-internal-service:
	name: Run tests private ECR container
	needs: login-to-amazon-ecr
	runs-on: ubuntu-latest
	container:
	image: ${{ needs.login-to-amazon-ecr.outputs.registry }}/ecr_repo:tag
	credentials:
	username: ${{ needs.login-to-amazon-ecr.outputs.docker_username }}
	password: ${{ needs.login-to-amazon-ecr.outputs.docker_password }}
	ports:
	- '80:80'
	steps:
	- name: Checkout the branch
	uses: actions/checkout@v3
	- name: Setup AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	role-to-assume: arn:aws:iam::012345678901:role/github-actions-role
	aws-region: your-region
	- name: Run tests with pytest
	run: pytest tests --disable-warnings
	# .devcontainer/devcontainer.json
	{
	"name": "Your devcontainer name",
	"image": "012345678901.dkr.ecr.your-region.amazonaws.com/ecr_repo:tag",
	"mounts": ["source=${localEnv:HOME}/.aws/credentials,target=/workspaces/your-repo/.aws/credentials,type=bind,consistency=cached"]
	}
	# .devcontainer/Dockerfile
	# Example for a python environment
	FROM python:3.9.7-slim

	RUN apt-get update && apt-get -y upgrade
	RUN apt-get install -y build-essential cmake git wget

	COPY ./.devcontainer/requirements.txt requirements.txt

	RUN pip install -r requirements.txt --no-cache-dir
	# .devcontainer/Makefile
	# amd64 for apple silicon, arm64 for github actions CI
	deploy:
	docker buildx build --platform linux/amd64,linux/arm64 --push -t 012345678901.dkr.ecr.your-region.amazonaws.com/ecr_repo:tag -f ./.devcontainer/Dockerfile .
	# .devcontainer/requirements.txt
	# Your requirements here
	pytest # for example