Bump devcontainer image

[ejfine]

Why is this change necessary?

focal is way out of date, and causing problems with builds

How does this change address the issue?

Bumps to noble

What side effects does this change have?

N/A

How is this change tested?

Building devcontainers in downstream repos

Other

bumped some other versions of things

Summary by CodeRabbit

• Chores
  • Bumped development and CI tooling, refreshed workflow action versions, and updated VS Code extension.
  • Upgraded devcontainer base image; adjusted workspace/venv setup and permissions; exposed SSH port for the container.
• New Features
  • Added a new template option to control pulling from a container registry and included corresponding test fixtures.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@ejfine has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Devcontainer Dockerfile and configs updated plus multiple dependency and CI/action version bumps; template added pull_from_ecr context with corresponding test data entries and conditional logic adjustments.

Changes

Cohort / File(s)	Summary
Devcontainer image / Dockerfile .devcontainer/Dockerfile	Base image bumped (2.13.1-focal → 5.1.1-noble); added ARG REPO_NAME/ENV VENV_PATH; create /workspaces and venv path; adjusted permissions (chmod -R 777 / chgrp -R 0); removed yarn source list line; exposed 2222; bumped bash-completion package version.
DevContainer config (instance + template) .devcontainer/devcontainer.json, template/.devcontainer/devcontainer.json.jinja-base	VS Code extension coderabbit.coderabbit-vscode updated 0.16.4 → 0.16.6; devcontainer context/hash comment updated.
Install tooling script .devcontainer/install-ci-tooling.py	Tool version constants bumped: UV_VERSION 0.9.21→0.9.26, COPIER_VERSION 9.11.0→9.11.2, PRE_COMMIT_VERSION 4.5.0→4.5.1.
Context / template data extensions/context.py	Many pinned versions updated (uv, pre-commit, copier, pnpm, pyright, ty, strawberry-graphql, uuid-utils) and GitHub Action tags bumped (e.g., setup-python, cache, upload/download-artifact, setup-node); Debian release name bookworm→trixie.
CI workflow .github/workflows/ci.yaml	GitHub Action pins updated (e.g., setup-python v6.1.0→v6.2.0; cache-pre-commit-hooks v4.3.0→v5.0.2) across multiple occurrences.
Project deps pyproject.toml	Dependency pins updated: pyright[nodejs] >=1.1.407→>=1.1.408, ty >=0.0.9→>=0.0.13, copier ==9.11.0→==9.11.2.
Template: copier and tests template/copier.yml.jinja-base, template/tests/copier_data/data1.yaml.jinja-base, template/tests/copier_data/data2.yaml.jinja-base	Added new boolean context variable pull_from_ecr (default: no) and included it in several when conditions for AWS-related questions; test data files updated to include pull_from_ecr: true/false.

Sequence Diagram(s)

(Skipped — changes are configuration, version bumps, and template conditional additions without new multi-component control flow.)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Misc version bumps #122 — Overlapping tooling and devcontainer version bumps touching extensions/context.py, .devcontainer/*, and pyproject.toml.
• Ariadne Codegen path, and VCRpy fixtures #116 — Similar edits to GitHub Action pins and context/version literals in extensions/context.py.
• Claude code feature #99 — Related updates to devcontainer tooling versions and .devcontainer/install-ci-tooling.py.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the primary change—bumping the devcontainer base image from focal to noble—and clearly conveys the main objective of the pull request.
Description check	✅ Passed	The description covers all required sections from the template: motivation, solution, side effects, testing approach, and additional context about other version bumps.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/ci.yaml (1)

138-138: Inconsistent mutex action versions between jobs.

The pre-commit job (line 47) uses gh-action-mutex@1ebad517141198e08d47cf72f3c0975316620a65 (v1.0.0-alpha.10), but the lint-matrix job uses gh-action-mutex@d3d5b354d460d4b6a1e3ee5b7951678658327812 (v1.0.0-alpha.9). Consider aligning both to the same version for consistency.

♻️ Proposed fix to align mutex versions

-        uses: ben-z/gh-action-mutex@d3d5b354d460d4b6a1e3ee5b7951678658327812 # v1.0.0-alpha.9
+        uses: ben-z/gh-action-mutex@1ebad517141198e08d47cf72f3c0975316620a65 # v1.0.0-alpha.10

.devcontainer/Dockerfile (1)

8-11: Update bash-completion version pattern for Ubuntu Noble compatibility.

The grep pattern '^1:2.10' will not match bash-completion 1:2.11-8 available in Ubuntu Noble, causing apt-get install to fail. Update the pattern to '^1:2.11' or use an alternative approach to select the latest available version.

🤖 Fix all issues with AI agents

In @.devcontainer/install-ci-tooling.py:
- Line 9: The COPIER_VERSION constant in .devcontainer/install-ci-tooling.py is
set to "9.11.2" but pyproject.toml pins copier==9.11.0; update COPIER_VERSION to
match pyproject.toml (set COPIER_VERSION to "9.11.0") or alternatively update
pyproject.toml to the desired version so both sources align; ensure you change
the COPIER_VERSION symbol in install-ci-tooling.py (or the copier pin in
pyproject.toml) and run the provided verification commands to confirm both files
report the same version.

[Copilot]

Pull request overview

Updates the development container base image from Ubuntu Focal to Noble to resolve build issues caused by an outdated OS baseline, and refreshes related development tooling versions.

Changes:

• Bump devcontainer base image tag from ...-focal to ...-noble.
• Update pinned tooling versions (uv, pre-commit, copier, pyright, ty) across config, lockfile, and template context.
• Refresh selected GitHub Actions and VS Code extension versions.

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
.devcontainer/Dockerfile	Switches devcontainer base image to a Noble-based devcontainers/universal tag.
.devcontainer/devcontainer.json	Updates VS Code extension version and regenerates devcontainer context hash.
.devcontainer/install-ci-tooling.py	Bumps installed CI tooling versions (uv/copier/pre-commit).
.github/workflows/ci.yaml	Updates action versions used for Python setup and caching.
extensions/context.py	Updates template context version pins for tooling, CI action versions, and OS-related defaults.
pyproject.toml	Updates declared dev dependencies to match new pinned tooling versions.
template/.devcontainer/devcontainer.json.jinja-base	Updates the template’s VS Code extension version to match the repo devcontainer config.
uv.lock	Locks updated dependency versions and artifacts reflecting the bumped tooling.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.devcontainer/devcontainer.json:
- Line 25: The pinned extension entry "coderabbit.coderabbit-vscode@0.16.6" is
incorrect; update the devcontainer extension list by replacing that exact string
with "coderabbit.coderabbit-vscode@0.16.0" (the latest published release) or
remove the "@0.16.6" version suffix entirely to let the container install the
latest available version; ensure the change is made where the extension string
appears so the devcontainer.json references a valid Marketplace release.

In @.devcontainer/Dockerfile:
- Around line 8-9: Update the typo in the Dockerfile comment: change the comment
string "# temporary hack until yarn updates its GBG key" to use "GPG" instead of
"GBG" so it reads "# temporary hack until yarn updates its GPG key"; leave the
RUN line (rm /etc/apt/sources.list.d/yarn.list || true) unchanged.

♻️ Duplicate comments (1)

.devcontainer/Dockerfile (1)

11-13: Avoid hard-coding the bash-completion epoch on Noble (build will fail).

On Noble the grep '^1:2.10' is likely to return nothing, producing bash-completion= and breaking apt-get install. This matches a previously raised concern. Consider selecting the newest available version or falling back to an unpinned install.

🔧 Suggested fix (version fallback)

-RUN apt-get update -y && apt-get install -y \
-    "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \
+RUN apt-get update -y && \
+    ver="$(apt-cache madison bash-completion | awk '{print $3}' | head -n 1)" && \
+    if [ -n "$ver" ]; then pkg="bash-completion=$ver"; else pkg="bash-completion"; fi && \
+    apt-get install -y "$pkg" --no-install-recommends \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*

Ubuntu 24.04 (Noble) bash-completion package version (apt-cache madison output or package repository listing)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

coderabbit.coderabbit-vscode 0.16.6 VS Code Marketplace

💡 Result:

I couldn’t find any evidence that CodeRabbit.coderabbit-vscode version 0.16.6 exists on (or is referenced by) the VS Code Marketplace.

• The Marketplace listing for CodeRabbit (CodeRabbit Inc.) is here:
  https://marketplace.visualstudio.com/items?itemName=CodeRabbit.coderabbit-vscode  [1]
• A VSIX archive site that mirrors Marketplace packages shows latest version = 0.16.0, updated November 19, 2025 (not 0.16.6). [2]

Conclusion: If you’re looking for 0.16.6, it likely was never published to the Marketplace, was pulled, or the version number you have is from another distribution/build (e.g., internal, pre-release, or a different channel).

Sources: [1] [2]

---

🌐 Web query:

coderabbit-vscode extension release notes changelog 0.16.6

💡 Result:

I couldn’t find any public release notes/changelog specifically for CodeRabbit VS Code extension v0.16.6.

What I can verify publicly:

• The official Marketplace listing exists for CodeRabbit.coderabbit-vscode, but it doesn’t expose a readable per-version changelog in the page content I can access. [1]
• A VSIX mirror site (VsixHub) currently reports the latest published version as 0.16.0 (updated Nov 19, 2025)—not 0.16.6. [2]
• CodeRabbit’s official product changelog mentions major IDE milestones (e.g., “VS Code extension v1.0” on Aug 13, 2025) but does not provide granular patch-version notes like 0.16.6. [3]

If you tell me where you’re seeing 0.16.6 (e.g., the exact extension ID/source, a screenshot, or your Extensions panel showing that version), I can dig further and try to trace that build (it may be an internal/pre-release channel or a different extension with a similar name).

Sources: [1] [2] [3]

---

Update extension version to an existing release.

coderabbit.coderabbit-vscode@0.16.6 does not exist on the VS Code Marketplace. The latest available version is 0.16.0 (published November 19, 2025). Update the pinned version to 0.16.0 or remove the version pin to use the latest available release.

🤖 Prompt for AI Agents

In @.devcontainer/devcontainer.json at line 25, The pinned extension entry
"coderabbit.coderabbit-vscode@0.16.6" is incorrect; update the devcontainer
extension list by replacing that exact string with
"coderabbit.coderabbit-vscode@0.16.0" (the latest published release) or remove
the "@0.16.6" version suffix entirely to let the container install the latest
available version; ensure the change is made where the extension string appears
so the devcontainer.json references a valid Marketplace release.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.devcontainer/Dockerfile (1)

16-22: Consider more restrictive permissions than 777.

While the rationale for broad permissions (Windows volume mount compatibility) is documented, chmod 777 grants world-writable access. In most devcontainer scenarios, 775 with appropriate group ownership would suffice and be slightly more restrictive.

That said, given this is a development-only container and the explicit rationale, this may be an acceptable trade-off for cross-platform compatibility.

♻️ Optional: slightly more restrictive permissions

 RUN mkdir -p /workspace && \
     mkdir -p ${VENV_PATH} && \
-    chmod -R 777 /workspaces ${VENV_PATH} && \
+    chmod -R 775 /workspaces ${VENV_PATH} && \
     chgrp -R 0 /workspaces ${VENV_PATH}

♻️ Duplicate comments (1)

.devcontainer/devcontainer.json (1)

25-25: Extension version 0.16.6 may not exist on VS Code Marketplace.

A previous review already flagged that this version does not appear to be published. Please verify the version exists or use 0.16.0 (or remove the version pin).

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.devcontainer/Dockerfile:
- Line 4: The Dockerfile change adds EXPOSE 2222 but the PR and commit message
don't explain why SSH on port 2222 is being exposed; update the Dockerfile
and/or PR description to clarify intent by either adding a concise comment above
the EXPOSE 2222 line explaining its purpose (e.g., for remote debugging,
forwarding the devcontainer SSH server, or legacy tooling) and any required
security notes, or amend the PR description to state why port 2222 is needed and
how it’s used; reference the EXPOSE 2222 directive in the Dockerfile and the
FROM change to ensure reviewers can see the context.

♻️ Duplicate comments (1)

.devcontainer/devcontainer.json (1)

25-25: Verify extension version exists on VS Code Marketplace.

A previous review flagged that coderabbit.coderabbit-vscode@0.16.6 may not exist on the VS Code Marketplace. Please confirm this version is now available before merging.

#!/bin/bash
# Check if version 0.16.6 exists on VS Code Marketplace
curl -s "https://marketplace.visualstudio.com/items?itemName=CodeRabbit.coderabbit-vscode" | grep -o 'Version[^<]*' | head -1

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Verify the image tag exists on MCR
curl -s "https://mcr.microsoft.com/v2/devcontainers/universal/tags/list" | jq -r '.tags[]' | grep -E '^5\.1\.1-noble$' | head -1

Repository: LabAutomationAndScreening/copier-base-template

Length of output: 101

---

🏁 Script executed:

# Examine the Dockerfile to understand the context
cat .devcontainer/Dockerfile

Repository: LabAutomationAndScreening/copier-base-template

Length of output: 1295

---

LGTM!

Base image upgrade from focal to noble aligns with the PR objective of addressing outdated image causing build problems. The tag 5.1.1-noble is valid.

Clarify the purpose of exposing SSH port 2222 (line 25) — this addition is not mentioned in the PR description.

🤖 Prompt for AI Agents

In @.devcontainer/Dockerfile at line 4, The Dockerfile change adds EXPOSE 2222
but the PR and commit message don't explain why SSH on port 2222 is being
exposed; update the Dockerfile and/or PR description to clarify intent by either
adding a concise comment above the EXPOSE 2222 line explaining its purpose
(e.g., for remote debugging, forwarding the devcontainer SSH server, or legacy
tooling) and any required security notes, or amend the PR description to state
why port 2222 is needed and how it’s used; reference the EXPOSE 2222 directive
in the Dockerfile and the FROM change to ensure reviewers can see the context.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

template/tests/copier_data/data1.yaml.jinja-base (1)

8-22: Add required AWS fields when pull_from_ecr: true.

With pull_from_ecr enabled (Line 8), aws_central_infrastructure_account_id and core_infra_base_access_profile_name become required by the template’s when conditions. This data file omits both, so non-interactive tests may fail.

🛠️ Proposed fix

 pull_from_ecr: true
 use_windows_in_ci: false
@@
 aws_identity_center_id: d-9145c20053
 aws_org_home_region: us-west-2
+aws_central_infrastructure_account_id: 000000000000
+core_infra_base_access_profile_name: CoreInfraBaseAccess
 aws_production_account_id: 123456789012