1.0.3

.github/workflows/docker-publish.yml

@@ -1,5 +1,4 @@
 name: Docker
-
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
@@ -9,7 +8,7 @@ on:
   schedule:
     - cron: '29 9 * * *'
   push:
-    branches: [ "main" ]
+    branches: [ "main", "1.0.2" ]
     # Publish semver tags as releases.
     tags: [ '*.*.*' ]
   pull_request:
@@ -21,10 +20,8 @@ env:
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
-
 jobs:
   build:
-
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -37,25 +34,29 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      # Set up QEMU for multi-platform builds
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        uses: sigstore/cosign-installer@v3.5.0
         with:
           cosign-release: 'v2.2.4'
 
-      # Set up BuildKit Docker container builder to be able to build
-      # multi-platform images and export cache
-      # https://github.com/docker/setup-buildx-action
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
-
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -65,17 +66,18 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        uses: docker/build-push-action@v5
         with:
           context: .
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -96,3 +98,4 @@ jobs:
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+

Dockerfile

@@ -1,45 +1,69 @@
 # Use Debian latest as the base image
 FROM debian:latest
 
-# Install necessary packages (without software-properties-common as it's no more available in Trixie)
-RUN apt-get update && apt-get install -y apt-transport-https wget curl gnupg2
+# Arguments pour la détection de l'architecture
+ARG TARGETARCH
+ARG TARGETVARIANT
 
-# Add the Microsoft GPG key and repository manually
-RUN wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /tmp/packages.microsoft.gpg && \
-    install -o root -g root -m 644 /tmp/packages.microsoft.gpg /etc/apt/trusted.gpg.d/ && \
-    echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/trusted.gpg.d/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list && \
-    rm /tmp/packages.microsoft.gpg
-
-# Install needed packages on your IDE system
-RUN apt-get update && apt-get install -y code
-
-RUN apt-get -y install sudo -y \
+# Install necessary packages
+RUN apt-get update && apt-get install -y \
+    apt-transport-https \
+    wget \
+    curl \
+    gnupg2 \
+    sudo \
     nano \
     git \
-    curl \
-    wget \
     unzip \
     npm \
-    ssh && \
-    apt-get clean autoclean && \
+    ssh \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install VS Code based on architecture
+RUN ARCH=$(dpkg --print-architecture) && \
+    echo "Detected architecture: $ARCH (TARGETARCH=$TARGETARCH)" && \
+    if [ "$TARGETARCH" = "amd64" ] || [ "$ARCH" = "amd64" ]; then \
+        echo "Installing VS Code for amd64..." && \
+        wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /tmp/packages.microsoft.gpg && \
+        install -o root -g root -m 644 /tmp/packages.microsoft.gpg /etc/apt/trusted.gpg.d/ && \
+        echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list && \
+        rm /tmp/packages.microsoft.gpg && \
+        apt-get update && apt-get install -y code && rm -rf /var/lib/apt/lists/* && \
+        echo "VS Code installed successfully" && \
+        which code || (echo "ERROR: code command not found after installation!" && exit 1); \
+    elif [ "$TARGETARCH" = "arm64" ] || [ "$ARCH" = "arm64" ]; then \
+        echo "Installing VS Code for arm64..." && \
+        wget https://aka.ms/linux-arm64-deb -O /tmp/vscode-arm64.deb && \
+        apt-get update && apt-get install -y /tmp/vscode-arm64.deb && \
+        rm /tmp/vscode-arm64.deb && rm -rf /var/lib/apt/lists/* && \
+        echo "VS Code installed successfully" && \
+        which code || (echo "ERROR: code command not found after installation!" && exit 1); \
+    elif [ "$TARGETARCH" = "arm" ] && [ "$TARGETVARIANT" = "v7" ]; then \
+        echo "WARNING: VS Code is not officially available for armv7 - container will be built without VS Code"; \
+    else \
+        echo "WARNING: VS Code is not available for architecture: $TARGETARCH$TARGETVARIANT ($ARCH) - container will be built without VS Code"; \
+    fi
+
+# Additional cleanup
+RUN apt-get clean autoclean && \
     apt-get autoremove --yes && \
     rm -rf /var/lib/{apt,dpkg,cache,log}/
 
 # Copy start.sh to the container
 COPY start.sh /app/start.sh
 RUN chmod +x /app/start.sh
 
-# Create a non-root user
-RUN useradd -m vscodeuser && \
+# Create a non-root user with default UID/GID (will be adjustable at runtime via env vars)
+RUN groupadd -g 1000 vscodeuser && \
+    useradd -m -u 1000 -g 1000 -s /bin/bash vscodeuser && \
     echo 'vscodeuser ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/vscodeuser && \
-    chmod 0444 /etc/sudoers.d/vscodeuser && \
+    chmod 0440 /etc/sudoers.d/vscodeuser && \
     usermod -aG sudo vscodeuser
 
-# Switch to the non-root user
-USER vscodeuser
+# Don't switch to vscodeuser yet - start.sh will handle it
 
 # Set the home directory for the non-root user
 ENV HOME=/home/vscodeuser
 
-# Exécutez le script au lancement du conteneur
-ENTRYPOINT ["sh", "/app/start.sh"]
+# Exécutez le script au lancement du conteneur (as root to allow UID/GID changes)
+ENTRYPOINT ["/app/start.sh"]