Optimize devcontainer for faster startup (#9)

* Optimize devcontainer for faster startup

- Disabled package upgrades (upgradePackages: false)
- Removed heavy features: kubectl-helm-minikube, sshd
- Changed Git to os-provided version for faster builds
- Removed unnecessary packages from Dockerfile
- Removed docker-compose.yml for simpler single-container setup
- Streamlined postCreateCommand
- Removed heavy VS Code extensions
- Added setup-optional-tools.sh for on-demand tool installation
- Added dependabot.yml for dependency management

Estimated startup time reduced from 4-6 minutes to 1-2 minutes.

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Fix CI workflow to match optimized devcontainer

- Remove docker-compose.yml validation steps
- Remove tcl dependency installation
- Remove kubectl and helm checks (not installed by default)
- Remove tclsh check (not installed by default)
- Keep only essential tool checks

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Fix Hadolint DL3008 warning in Dockerfile

Add hadolint ignore comment for DL3008 warning about unpinned package versions.
For a development template, using latest versions from the base image is preferred
for flexibility and ease of maintenance.

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Fix Gitleaks by fetching full git history

Add fetch-depth: 0 to checkout steps to ensure Gitleaks has access
to the full commit history for scanning the commit range.

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Remove github-copilot-cli check from tests

This tool is no longer installed as part of the optimized devcontainer.

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Add Python support for balanced operability

Add Python 3.12 feature with pip and tools for a complete development experience.
Python is nearly universal for scripting, automation, and development workflows.

Changes:
- Added Python 3.12 with pip and development tools
- Added Python VS Code extensions (Python, Pylance)
- Updated postCreateCommand to verify all core tools
- Updated CI tests to verify Python installation
- Updated README with more accurate feature list and timing

This balances startup speed (2-3 min) with operational completeness.

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Add Claude Code CLI and extension by default

Install Claude Code CLI via npm in postCreateCommand and include
the Claude Dev VS Code extension for AI-assisted development.

Changes:
- Added Claude Code CLI installation via npm
- Added anthropic.claude-dev VS Code extension
- Updated postCreateCommand to verify claude installation
- Updated CI tests to check for claude CLI
- Updated README to list Claude Code in features

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Remove redundant setup-optional-tools.sh script

Since all essential tools (including Claude Code CLI) are now installed
by default in postCreateCommand, the optional tools script is redundant.

Changes:
- Removed .devcontainer/setup-optional-tools.sh
- Updated README with better customization examples
- Added examples for adding Kubernetes tools when needed

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Update security workflow for optimized devcontainer

Improvements:
- Remove redundant tcl installation step
- Fix Dockerfile path in trigger (covered by .devcontainer/**)
- Pin Trivy action to specific version (0.28.0) instead of @master
- Add severity filtering (CRITICAL,HIGH) to focus on important issues
- Improve workflow stability and reproducibility

The workflow now properly scans the optimized devcontainer configuration.

Signed-off-by: Ihor Dvoretskyi <[email protected]>

* Update Claude Code extension reference in devcontainer configuration

Signed-off-by: Ihor Dvoretskyi <[email protected]>

---------

Signed-off-by: Ihor Dvoretskyi <[email protected]>

Author: idvoretskyi

.devcontainer/Dockerfile

@@ -1,18 +1,15 @@
 FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04
 
-# Install essential packages and set up directories
 # hadolint ignore=DL3008
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y install --no-install-recommends \
         curl \
         wget \
         jq \
         build-essential \
-        openssh-server \
-        tcl \
     && apt-get clean -y \
-    && rm -rf /var/lib/apt/lists/* \
-    && mkdir -p /run/sshd \
-    && mkdir -p /home/vscode/.ssh \
-    && chown -R vscode:vscode /home/vscode/.ssh \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p /home/vscode/.ssh \
+    && chown -R vscode:vscode /home/vscode \
     && chmod 700 /home/vscode/.ssh

.devcontainer/devcontainer.json

@@ -9,12 +9,16 @@
         "ghcr.io/devcontainers/features/common-utils:2": {
             "installZsh": true,
             "username": "vscode",
-            "upgradePackages": true
+            "upgradePackages": false
         },
         "ghcr.io/devcontainers/features/git:1": {
-            "version": "latest",
+            "version": "os-provided",
             "ppa": false
         },
+        "ghcr.io/devcontainers/features/python:1": {
+            "version": "3.12",
+            "installTools": true
+        },
         "ghcr.io/devcontainers/features/node:1": {
             "version": "lts",
             "nodeGypDependencies": false,
@@ -25,14 +29,6 @@
             "moby": true,
             "dockerDashComposeVersion": "v2"
         },
-        "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {
-            "version": "latest",
-            "helm": "latest",
-            "minikube": "latest"
-        },
-        "ghcr.io/devcontainers/features/sshd:1": {
-            "version": "latest"
-        },
         "ghcr.io/devcontainers/features/github-cli:1": {
             "version": "latest"
         }
@@ -44,8 +40,9 @@
                 "github.copilot",
                 "github.copilot-chat",
                 "redhat.vscode-yaml",
-                "ms-kubernetes-tools.vscode-kubernetes-tools",
-                "blinksh.blink-fs"
+                "ms-python.python",
+                "ms-python.vscode-pylance",
+                "anthropic.claude-code"
             ],
             "settings": {
                 "editor.formatOnSave": true,
@@ -57,8 +54,6 @@
             }
         }
     },
-    "forwardPorts": [22],
-    "postCreateCommand": "npm install -g @anthropic-ai/claude-code@latest @github/copilot && echo '🚀 Development environment ready! Docker, Kubernetes (Minikube), Claude Code, GitHub Copilot CLI, and SSH are configured.' && sudo service ssh start",
-    "postStartCommand": "sudo service ssh restart",
+    "postCreateCommand": "npm install -g @anthropic-ai/claude-code && python3 --version && node --version && docker --version && gh --version && claude --version && echo 'Development environment ready'",
     "remoteUser": "vscode"
 }

.devcontainer/docker-compose.yml

@@ -0,0 +1,20 @@
+# Keep devcontainer dependencies up to date
+version: 2
+updates:
+  # Monitor GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "github-actions"
+
+  # Monitor Docker base images
+  - package-ecosystem: "docker"
+    directory: "/.devcontainer"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "docker"

.github/dependabot.yml

@@ -17,15 +17,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
-      - name: Install missing dependencies
-        run: sudo apt-get update && sudo apt-get install -y tcl
-
-      - name: Check Docker Compose file existence
-        run: test -f .devcontainer/docker-compose.yml && echo "Docker Compose file exists"
-
-      - name: Validate docker-compose.yml
-        run: docker compose -f .devcontainer/docker-compose.yml config
+        with:
+          fetch-depth: 0
 
       - name: Lint Dockerfile
         uses: hadolint/[email protected]
@@ -48,27 +41,27 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
-      - name: Install missing dependencies
-        run: sudo apt-get update && sudo apt-get install -y tcl
-
-      - name: Check Docker Compose version
-        run: docker compose version
+        with:
+          fetch-depth: 0
 
       - name: Test devcontainer functionality
         uses: devcontainers/[email protected]
         with:
           push: never
           runCmd: |
             # Test basic tools are available
-            which tclsh || echo "tclsh is missing"
+            which python3 || echo "python3 is missing"
+            which pip3 || echo "pip3 is missing"
             which docker || echo "docker is missing"
-            which kubectl || echo "kubectl is missing"
-            which helm || echo "helm is missing"
             which gh || echo "gh is missing"
             which node || echo "node is missing"
             which npm || echo "npm is missing"
-            which github-copilot-cli || echo "github-copilot-cli is missing"
+            which claude || echo "claude is missing"
             # Test essential packages
+            python3 --version
+            node --version
+            docker --version
+            gh --version
+            claude --version
             curl --version
             jq --version

.github/workflows/ci.yml

@@ -8,13 +8,11 @@ on:
     branches: [ main ]
     paths:
       - '.devcontainer/**'
-      - 'Dockerfile'
       - '.github/workflows/security.yml'
   pull_request:
     branches: [ main ]
     paths:
       - '.devcontainer/**'
-      - 'Dockerfile'
       - '.github/workflows/security.yml'
   workflow_dispatch: # Allow manual trigger
 
@@ -30,21 +28,19 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Install missing dependencies
-        run: sudo apt-get update && sudo apt-get install -y tcl
-
       - name: Build Docker image for scanning
         run: |
           IMAGE_NAME="dev-template:${{ github.sha }}"
           docker build -t "$IMAGE_NAME" .devcontainer/
           echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           image-ref: '${{ env.IMAGE_NAME }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
@@ -70,12 +66,13 @@ jobs:
           retention-days: 30
 
       - name: Run Trivy filesystem scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
           format: 'sarif'
           output: 'trivy-fs-results.sarif'
+          severity: 'CRITICAL,HIGH'
 
       - name: Upload filesystem scan results
         uses: github/codeql-action/upload-sarif@v3

.github/workflows/security.yml

@@ -3,29 +3,90 @@
 [![CI](https://github.com/idvoretskyi/dev/actions/workflows/ci.yml/badge.svg)](https://github.com/idvoretskyi/dev/actions/workflows/ci.yml)
 [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/idvoretskyi/dev)
 
-This repository serves as a default generic GitHub Codespace template.
+This repository serves as an optimized GitHub Codespaces template for general development workflows.
 
 ## Features
 
 - Base image: Ubuntu 24.04
-- Pre-installed development tools
-- VS Code extensions for productivity
-- Configured with sensible defaults
+- Essential development tools:
+  - Python 3.12 with pip
+  - Node.js LTS with npm
+  - Git (OS-provided)
+  - Docker-in-Docker with Docker Compose v2
+  - GitHub CLI
+  - Claude Code CLI
+  - Zsh with common utilities
+  - Build essentials (gcc, make, etc.)
+- VS Code extensions:
+  - Claude Dev (Anthropic)
+  - Python language support
+  - Docker support
+  - GitHub Copilot
+  - YAML support
+
+## Performance Optimizations
+
+The devcontainer balances speed with operability:
+
+- Includes essential tools: Python, Node.js, Docker, Git, GitHub CLI, Claude Code CLI
+- Disabled package upgrades during build
+- Removed heavy features (kubectl, helm, minikube, sshd)
+- Uses OS-provided Git for faster builds
+- Installs Claude Code CLI via npm in postCreateCommand
+- Core VS Code extensions only
+
+Estimated startup time: 2-3 minutes
 
 ## Usage
 
+### GitHub Codespaces
 1. Click "Code" button on the GitHub repository
 2. Select "Create codespace on main"
 3. Wait for the environment to build
-4. Start coding!
 
-## Customization
+### VS Code Local Dev Containers
+1. Clone this repository
+2. Open in VS Code
+3. Click "Reopen in Container" when prompted
+
+## Using as a Template
+
+### Method 1: GitHub Template
+Click "Use this template" button to create a new repository
+
+### Method 2: Copy Configuration
+```bash
+cp -r .devcontainer /path/to/your/project/
+```
+
+### Customization
+
+Edit `.devcontainer/devcontainer.json` to add features or tools:
+
+```json
+{
+  "features": {
+    "ghcr.io/devcontainers/features/java:1": {
+      "version": "17"
+    }
+  },
+  "postCreateCommand": "pip install -r requirements.txt"
+}
+```
 
-You can customize this environment by:
+To add heavy tools like Kubernetes:
 
-- Modifying `.devcontainer/devcontainer.json` to add VS Code extensions or settings
-- Editing `.devcontainer/Dockerfile` to install additional packages
-- Updating `.devcontainer/docker-compose.yml` to add services like databases
+```json
+{
+  "features": {
+    "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {
+      "version": "latest",
+      "helm": "latest",
+      "minikube": "none"
+    }
+  }
+}
+```
 
 ## License