chore: use devcontainer image v1.1.0

[lurtz]

Always using the latest version might result in surprise build breaks. It should be updated with commits.

[github-actions]

License Check Results

🚀 The license check job ran with the Bazel command:

bazel run //:license-check

Status: ⚠️ Needs Review

Click to expand output

[License Check Output]
Extracting Bazel installation...
Starting local Bazel server (8.3.0) and connecting to it...
INFO: Invocation ID: 24a75245-30b8-4406-bae5-6609605c7eee
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
WARNING: For repository 'googletest', the root module requires module version googletest@1.17.0, but got googletest@1.17.0.bcr.2 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
Loading: 
Loading: 4 packages loaded
Loading: 4 packages loaded
    currently loading: 
Loading: 4 packages loaded
    currently loading: 
Loading: 4 packages loaded
    currently loading: 
Loading: 4 packages loaded
    currently loading: 
Analyzing: target //:license-check (5 packages loaded, 0 targets configured)
Analyzing: target //:license-check (5 packages loaded, 0 targets configured)

Analyzing: target //:license-check (37 packages loaded, 9 targets configured)

Analyzing: target //:license-check (90 packages loaded, 9 targets configured)

Analyzing: target //:license-check (125 packages loaded, 352 targets configured)

Analyzing: target //:license-check (157 packages loaded, 2549 targets configured)

Analyzing: target //:license-check (164 packages loaded, 2806 targets configured)

Analyzing: target //:license-check (165 packages loaded, 6195 targets configured)

Analyzing: target //:license-check (168 packages loaded, 7524 targets configured)

Analyzing: target //:license-check (168 packages loaded, 7524 targets configured)

Analyzing: target //:license-check (168 packages loaded, 7524 targets configured)

Analyzing: target //:license-check (173 packages loaded, 9532 targets configured)

Analyzing: target //:license-check (173 packages loaded, 9533 targets configured)

Analyzing: target //:license-check (173 packages loaded, 9533 targets configured)

Analyzing: target //:license-check (174 packages loaded, 9657 targets configured)

Analyzing: target //:license-check (174 packages loaded, 9657 targets configured)

Analyzing: target //:license-check (174 packages loaded, 9657 targets configured)

Analyzing: target //:license-check (175 packages loaded, 9777 targets configured)

Analyzing: target //:license-check (175 packages loaded, 9777 targets configured)

Analyzing: target //:license-check (176 packages loaded, 23066 targets configured)

Analyzing: target //:license-check (176 packages loaded, 23066 targets configured)

INFO: Analyzed target //:license-check (177 packages loaded, 25001 targets configured).
[9 / 13] [Prepa] JavaToolchainCompileClasses external/rules_java+/toolchains/platformclasspath_classes
[10 / 13] [Prepa] JavaToolchainCompileBootClasspath external/rules_java+/toolchains/platformclasspath.jar
INFO: From Generating Dash formatted dependency file ...:
INFO: Successfully converted 2 packages from Cargo.lock to bazel-out/k8-fastbuild/bin/formatted.txt
[12 / 13] [Prepa] Building license.check.license_check.jar ()
INFO: Found 1 target...
Target //:license.check.license_check up-to-date:
  bazel-bin/license.check.license_check
  bazel-bin/license.check.license_check.jar
INFO: Elapsed time: 215.079s, Critical Path: 2.76s
INFO: 13 processes: 9 internal, 3 processwrapper-sandbox, 1 worker.
INFO: Build completed successfully, 13 total actions
INFO: Running command line: bazel-bin/license.check.license_check ./formatted.txt <args omitted>
usage: org.eclipse.dash.licenses.cli.Main [-batch <int>] [-cd <url>]
       [-confidence <int>] [-ef <url>] [-excludeSources <sources>] [-help] [-lic
       <url>] [-project <shortname>] [-repo <url>] [-review] [-summary <file>]
       [-timeout <seconds>] [-token <token>]

[github-actions]

The created documentation from the pull request is available at: docu-html

[NEOatNHNG]

Hmm, I'm not sure whether we want to change the devcontainer file in all the repos whenever we do a devcontainer release. If we do that then we should probably set up dependabot or something similar so that we get a notification that a newer version is available.

Otherwise I'm fine with pointing to latest as it is currently, which always takes the latest released version of the devcontainer. That way we stay up-to-date automatically and when we notice that it breaks we can pin it to a specific version until it is resolved. After all this is only the developer setup, which has additional tooling (vscode extensions, language server, etc.), not the build dependencies (which are completely managed via bazel) which would be needed for a reproducible build.

[lurtz]

If we do that then we should probably set up dependabot or something similar so that we get a notification that a newer version is available.

I hope we get to that point. We should also need that for the many dependencies configured in bazel.

Otherwise I'm fine with pointing to latest as it is currently, which always takes the latest released version of the devcontainer. That way we stay up-to-date automatically and when we notice that it breaks we can pin it to a specific version until it is resolved.

There are some subtleties. IIRC after you downloaded the latest tag once, there will be no further check if that has changed remotely. You have to run explicitly docker pull ghcr.io/eclipse-score/devcontainer:latest to really fetch the latest version. Thus we might end up using different image versions without knowing.

The workflow you described works ok, if you are constantly working on this repo but imagine someone rarely compiles the code and is the unlucky one to download a non working version of the devcontainer. This also creates trouble, which could have been avoided.

And we might eventually use devcontainer images in CI: eclipse-score/score#2475

[AlexanderLanin]

We're using pinned devcontainer images everywhere, lets do the same here. Dependabot should update it for you when a new one appears.