From f139f28d2002221799e3fa54c4179e76775dba4e Mon Sep 17 00:00:00 2001
From: Ron Jaegers <ron.jaegers@philips.com>
Date: Wed, 15 Nov 2023 06:04:17 +0000
Subject: [PATCH 1/4] chore: update amp-devcontainer to v4.0.2

---
 .devcontainer/Dockerfile        |  1 +
 .devcontainer/devcontainer.json | 57 ++++++++++++++++++++-------------
 .github/dependabot.yml          |  4 +++
 .vscode/extensions.json         |  8 -----
 4 files changed, 40 insertions(+), 30 deletions(-)
 create mode 100644 .devcontainer/Dockerfile
 delete mode 100644 .vscode/extensions.json

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
new file mode 100644
index 00000000..6d2442ba
--- /dev/null
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1 @@
+FROM ghcr.io/philips-software/amp-devcontainer:v4.0.2@sha256:2d052e0bcb3840ea45aaa21ea6904f6d84b0e310c97e5690a6d48da522ec384e
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index cac85ec0..3beb5ce8 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,25 +1,38 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
-// https://github.com/microsoft/vscode-dev-containers/tree/v0.231.6/containers/cpp
 {
-    "name": "C++",
-    "image": "ghcr.io/philips-software/amp-devcontainer@sha256:a6e3e72d23ad998339495c2c4e921155cda3bdd3554f1350b55fe7501a1136e9", //v2.5.0
-    "runArgs": [
-        "--cap-add=SYS_PTRACE",
-        "--security-opt",
-        "seccomp=unconfined"
-    ],
-    // Add the IDs of extensions you want installed when the container is created.
-    "customizations": {
-        "vscode": {
-            "settings": {},
-            "extensions": [
-                "marus25.cortex-debug",
-                "mcu-debug.debug-tracker-vscode",
-                "matepek.vscode-catch2-test-adapter",
-                "ms-vscode.cmake-tools",
-                "llvm-vs-code-extensions.vscode-clangd",
-                "SonarSource.sonarlint-vscode"
-            ]
-        }
+  // This devcontainer has been set-up to run docker-from-docker scenarios as per
+  // https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker
+  "build": {
+    "context": "..",
+    "dockerfile": "Dockerfile"
+  },
+  "runArgs": ["--add-host=host.docker.internal:host-gateway"],
+  "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
+  "mounts": [
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
+  ],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "llvm-vs-code-extensions.vscode-clangd",
+        "marus25.cortex-debug",
+        "matepek.vscode-catch2-test-adapter",
+        "mhutchie.git-graph",
+        "ms-vscode.cmake-tools",
+        "ms-vscode.cpptools",
+        "ms-vsliveshare.vsliveshare",
+        "SonarSource.sonarlint-vscode"
+      ],
+      "settings": {
+        "C_Cpp.autoAddFileAssociations": false,
+        "C_Cpp.intelliSenseEngine": "disabled",
+        "clangd.arguments": [
+          "--query-driver=/**/arm-none-eabi-*"
+        ],
+        "cmake.copyCompileCommands": "${workspaceFolder}/build/compile_commands.json",
+        "cmake.statusbar.visibility": "default",
+        "cmake.useProjectStatusView": false,
+        "sonarlint.pathToCompileCommands": "${workspaceFolder}/build/compile_commands.json"
+      }
     }
+  }
 }
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e2323ae2..3173e5ed 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,3 +6,7 @@ updates:
     directory: /
     schedule:
       interval: daily
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
deleted file mode 100644
index b5489d63..00000000
--- a/.vscode/extensions.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-    "recommendations": [
-        "marus25.cortex-debug",
-        "ms-vscode.cmake-tools",
-        "ms-vscode.cpptools",
-        "twxs.cmake"
-    ]
-}

From f9bfb4844b5e52c0d373407d8ff9121d4dc4efcf Mon Sep 17 00:00:00 2001
From: Ron Jaegers <ron.jaegers@philips.com>
Date: Wed, 15 Nov 2023 09:50:31 +0000
Subject: [PATCH 2/4] chore: suppress false-positive linter findings

---
 .devcontainer/Dockerfile | 1 +
 .mega-linter.yml         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 6d2442ba..a114b532 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1 +1,2 @@
+# trivy:ignore:AVD-DS-0002
 FROM ghcr.io/philips-software/amp-devcontainer:v4.0.2@sha256:2d052e0bcb3840ea45aaa21ea6904f6d84b0e310c97e5690a6d48da522ec384e
diff --git a/.mega-linter.yml b/.mega-linter.yml
index ebfcfa86..d50eae0d 100644
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@@ -7,6 +7,7 @@ ENABLE:
   - YAML
 DISABLE_LINTERS:
   - REPOSITORY_DEVSKIM
+  - REPOSITORY_KICS
   - REPOSITORY_SEMGREP
   - SPELL_CSPELL
   - SPELL_PROSELINT

From b856cb6a0ffb393ba953e4ed4fca2b4e73ea491b Mon Sep 17 00:00:00 2001
From: Ron Jaegers <ron.jaegers@philips.com>
Date: Wed, 15 Nov 2023 10:46:24 +0000
Subject: [PATCH 3/4] chore: add .trivignore in favor of inline exclusions

---
 .devcontainer/Dockerfile | 1 -
 .mega-linter.yml         | 1 -
 .trivyignore             | 7 +++++++
 3 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 .trivyignore

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index a114b532..6d2442ba 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,2 +1 @@
-# trivy:ignore:AVD-DS-0002
 FROM ghcr.io/philips-software/amp-devcontainer:v4.0.2@sha256:2d052e0bcb3840ea45aaa21ea6904f6d84b0e310c97e5690a6d48da522ec384e
diff --git a/.mega-linter.yml b/.mega-linter.yml
index d50eae0d..1883a223 100644
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@@ -15,6 +15,5 @@ DISABLE_ERRORS_LINTERS:
   - MARKDOWN_MARKDOWN_LINK_CHECK
   - SPELL_LYCHEE
 PRINT_ALPACA: false
-FLAVOR_SUGGESTIONS: false
 SHOW_SKIPPED_LINTERS: false
 FILTER_REGEX_EXCLUDE: (hal_st/middlewares/STM32_WPAN/)
diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000..565467de
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,7 @@
+# See: https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0002/
+# We allow root access in our container that we use for development purposes
+DS002
+
+# See: https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0026/
+# We don't require a HEALTHCHECK for our devcontainer
+DS026

From f63d285f308d10652a4533511d114e5aed8f0024 Mon Sep 17 00:00:00 2001
From: Ron <45816308+rjaegers@users.noreply.github.com>
Date: Wed, 6 Dec 2023 10:26:07 +0100
Subject: [PATCH 4/4] Update .devcontainer/devcontainer.json

Co-authored-by: EkelmansPh <58972933+EkelmansPh@users.noreply.github.com>
---
 .devcontainer/devcontainer.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 3beb5ce8..f08e1b04 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -29,8 +29,7 @@
           "--query-driver=/**/arm-none-eabi-*"
         ],
         "cmake.copyCompileCommands": "${workspaceFolder}/build/compile_commands.json",
-        "cmake.statusbar.visibility": "default",
-        "cmake.useProjectStatusView": false,
+        "cmake.options.statusBarVisibility": "compact",
         "sonarlint.pathToCompileCommands": "${workspaceFolder}/build/compile_commands.json"
       }
     }