[Maintenance] Upgrade development container to Debian 12, add Amazon Linux 2023 Support (#55)

* Stabilize and automate the dev container build

This commit resolves a series of build and runtime errors to create a stable,
portable, and fully automated dev container environment that works on both
`arm64` and `x86_64` architectures out-of-the-box.

- Stabilize Dockerfile Build:
    - Upgrades the base image from `bullseye` to `bookworm`.
    - Consolidates all `apt-get` dependencies into a single, correctly ordered
      layer, installing necessary tools for cross-compilation
      (`gcc-x86-64-linux-gnu`, `libc6-dev-amd64-cross`).
    - Fixes `rustup` permission errors by installing the toolchain as `root`
      and granting ownership to the `vscode` user.
    - Adds `--break-system-packages` to the `pip install` command to comply
      with Debian `bookworm`'s package management policies.

- Improve Architecture Portability:
    - Makes the `bin/build` and `bin/test` scripts architecture-aware, allowing
      them to run seamlessly on both `arm64` and `x86_64` hosts without manual
      configuration.
    - Fixes a bug that caused inconsistent naming of the shared library (`.so`)
      file between build and test runs.

- Fix Container Startup on ARM64:
    - Centralizes QEMU and `binfmt` setup within the `Dockerfile` build,
      creating an architecture-aware initialization process.
    - This allows for the removal of legacy, conflicting setup methods that
      caused startup failures on `arm64` hosts:
        - Removes the privileged `docker run` command for `qemu-user-static`
          from the `postCreate` script.
        - Disables the redundant QEMU setup in the `docker-in-docker` feature
          by configuring `install-qemu: false` for the feature.

* Refactor to improve portability and robustness

This commit implements a small refactor to make the dev container setup
more resilient and truly multi-platform.

- Installs `aarch64` cross-compilation packages (`gcc-aarch64-linux-gnu`,
  `libc6-dev-arm64-cross`) in the `Dockerfile` to enable building for
   ARM64 on x86_64 hosts.
- Updates `bin/build-arch` to use the correct `strip` binary (native or
  cross-compile) by checking both the host and target architectures.
- Adds a 30-second timeout to the `postCreate` script to prevent it from
  hanging if the Docker daemon fails to start.
- Adds a comment to `bin/test` clarifying why language runtime tests are
  now enabled for all architectures.
- Merges the `update-alternatives` command into the main `RUN` layer,
  reducing the total number of image layers.

* Update `Test` workflow to use newer ubuntu runner image

* Modernize Test workflow and Dockerfile images

This commit updates the CI configuration to resolve build failures
and align the test environments with modern, supported versions.

- Replaces deprecated `ubuntu-20.04` runners with `ubuntu-22.04`
  in the GitHub Actions workflow, fixing the hanging jobs.
- Adds QEMU and Docker Buildx to `arm64` jobs to enable cross-platform
  image builds.
- Upgrades the Debian test environment from a Bullseye-based image
  to a Bookworm-based one, and updates Node.js from v18 to v22 (LTS).
- Updates the Python 2.7 test environment to use an `ubuntu:22.04`
  base image and installs Python 2.7 via the `deadsnakes` PPA.

* Add test environment for Amazon Linux 2023

* Fix permissions/dependencies in tests

* Downgrade py27 Ubuntu, fix amzn2023 WORKDIR

* Attempt fixes for amzn2023 in Test workflow

* Fix py27 in Test workflow

* Use absolute path instead of tilde

* Set WORKDIR for amzn2023, zip for py27

* Add WORKDIR to amzn2023, util-linux to py27

* Add nodejs to amzn2023, revert py27 for debug

* Fix wrapt to v1 for py27

* Use rust:1-1 not rust:2-1

Author: brcarp

.devcontainer/Dockerfile

@@ -1,30 +1,49 @@
-FROM mcr.microsoft.com/devcontainers/rust:1-1-bullseye
-
-RUN sudo apt-get update -y \
-    && sudo apt-get upgrade -y 
-
-RUN sudo apt-get install -y --fix-missing zip 
-
-RUN sudo apt-get update -y \
-    && sudo apt-get upgrade -y \
-    && sudo apt-get install -y zip ltrace
-
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-RUN rustup update \
-    && rustup target add aarch64-unknown-linux-gnu
-
-RUN rustup default stable
-# x86_64 to arm64 support.
-RUN sudo apt-get install -y \
-    qemu \
+FROM mcr.microsoft.com/devcontainers/rust:1-1-bookworm
+
+RUN apt-get update -y \
+    && apt-get upgrade -y \
+    && apt-get install -y --fix-missing --no-install-recommends \
+    \
+    # Zip for packaging
+    zip \
+    \
+    # QEMU for multi-architecture support
+    qemu-system \
     binfmt-support \
-    qemu-user-static
+    qemu-user-static \
+    \
+    # Language runtimes for tests
+    nodejs \
+    ruby \
+    php \
+    php-common \
+    python3-pip \
+    \
+    # Cross-compilation toolchains
+    gcc-x86-64-linux-gnu \
+    libc6-dev-amd64-cross \
+    gcc-aarch64-linux-gnu \
+    libc6-dev-arm64-cross \
+    \
+    # Clean up, enable QEMU, and set Python alternative in a single layer
+    && rm -rf /var/lib/apt/lists/* \
+    && update-binfmts --enable qemu-aarch64 \
+    && update-alternatives --install /usr/bin/python python /usr/bin/python3 1
+
+# Switch to root to install rust targets and fix permissions
+USER root
+
+# Install rust targets for cross-compilation
+RUN rustup update \
+    && rustup default stable \
+    && rustup target add aarch64-unknown-linux-gnu \
+    && rustup target add x86_64-unknown-linux-gnu
 
-# Easy way to install node, ruby, and php
-RUN apt-get -y install nodejs ruby php php-common
+# Grant vscode user ownership of rustup and cargo directories
+RUN chown -R vscode:vscode /usr/local/rustup /usr/local/cargo
 
-# Easy way to install Python.
-RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1
+# Switch back to vscode user
+USER vscode
 
 # Multi-platform SAM CLI. https://github.com/aws/aws-sam-cli/issues/3908
-RUN apt-get install -y pip && pip install aws-sam-cli
+RUN pip install aws-sam-cli --break-system-packages

.devcontainer/devcontainer.json

@@ -5,7 +5,9 @@
   },
   "features": {
     "ghcr.io/devcontainers/features/aws-cli:latest": {},
-    "ghcr.io/devcontainers/features/docker-in-docker:latest": {},
+    "ghcr.io/devcontainers/features/docker-in-docker:latest": {
+      "install-qemu": false
+    },
     "ghcr.io/customink/codespaces-features/docker-log-level": {},
     "ghcr.io/devcontainers/features/sshd:latest": {}
   },

.devcontainer/postCreate

@@ -1,8 +1,14 @@
 #!/bin/sh
 set -e
 
-docker run \
-  --rm \
-  --privileged \
-  multiarch/qemu-user-static \
-  --reset -p yes 
+# Wait for docker to be ready
+TIMEOUT=30
+while ! docker info > /dev/null 2>&1; do
+    echo "Waiting for docker daemon..."
+    sleep 1
+    TIMEOUT=$((TIMEOUT - 1))
+    if [ $TIMEOUT -le 0 ]; then
+        echo "Docker daemon failed to start"
+        exit 1
+    fi
+done 

.github/workflows/test.yml

@@ -3,7 +3,7 @@ on: [push, workflow_dispatch]
 jobs:
   image:
     name: Image
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
       - uses: docker/login-action@v2
@@ -19,7 +19,7 @@ jobs:
           runCmd: echo DONE!
   debian-x86-64:
     name: Debian x86_64
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: image
     steps:
       - name: Checkout
@@ -34,11 +34,15 @@ jobs:
             ./bin/test-local
   debian-arm64:
     name: Debian arm64
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: image
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Test
         uses: devcontainers/ci@v0.2
         with:
@@ -49,7 +53,7 @@ jobs:
             ./debian/test-arm64
   amazon-x86-64:
     name: AmazonLinux2/x86_64
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: image
     steps:
       - name: Checkout
@@ -64,11 +68,15 @@ jobs:
             ./amzn/test
   amazon-arm64:
     name: AmazonLinux2 arm64
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: image
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Test
         uses: devcontainers/ci@v0.2
         with:
@@ -79,7 +87,7 @@ jobs:
             ./amzn/test-arm64
   ubuntu-py27:
     name: Ubuntu x86_64 (Python27)
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: image
     steps:
       - name: Checkout
@@ -92,3 +100,37 @@ jobs:
           runCmd: |
             ./py27/setup
             ./py27/test
+  amazonlinux2023-x86-64:
+    name: AmazonLinux2023/x86_64
+    runs-on: ubuntu-22.04
+    needs: image
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Test
+        uses: devcontainers/ci@v0.2
+        with:
+          push: never
+          cacheFrom: ghcr.io/rails-lambda/crypteia-ci
+          runCmd: |
+            ./amzn2023/setup
+            ./amzn2023/test
+  amazonlinux2023-arm64:
+    name: AmazonLinux2023 arm64
+    runs-on: ubuntu-22.04
+    needs: image
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Test
+        uses: devcontainers/ci@v0.2
+        with:
+          push: never
+          cacheFrom: ghcr.io/rails-lambda/crypteia-ci
+          runCmd: |
+            ./amzn2023/setup-arm64
+            ./amzn2023/test-arm64

amzn2023/Dockerfile

@@ -0,0 +1,19 @@
+FROM public.ecr.aws/amazonlinux/amazonlinux:2023
+
+# Install required build dependencies and Node.js for testing
+RUN dnf install -y gcc openssl-devel python3-pip util-linux nodejs && \
+    pip3 install setuptools && \
+    dnf clean all
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+RUN /root/.cargo/bin/rustup update \
+    && /root/.cargo/bin/rustup target add aarch64-unknown-linux-gnu \
+    && /root/.cargo/bin/rustup default stable
+
+WORKDIR /var/task
+
+ENV CRYPTEIA_BUILD_OS=amzn
+ENV CRYPTEIA_BUILD_TARGET=x86_64-unknown-linux-gnu
+

amzn2023/Dockerfile-arm64

@@ -0,0 +1,18 @@
+FROM public.ecr.aws/amazonlinux/amazonlinux:2023
+
+# Install required build dependencies and Node.js for testing
+RUN dnf install -y gcc openssl-devel python3-pip util-linux nodejs && \
+    pip3 install setuptools && \
+    dnf clean all
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+RUN /root/.cargo/bin/rustup update \
+    && /root/.cargo/bin/rustup target add aarch64-unknown-linux-gnu \
+    && /root/.cargo/bin/rustup default stable
+
+WORKDIR /var/task
+
+ENV CRYPTEIA_BUILD_OS=amzn
+ENV CRYPTEIA_BUILD_TARGET=aarch64-unknown-linux-gnu

amzn2023/Dockerfile-test

@@ -0,0 +1,15 @@
+FROM public.ecr.aws/lambda/nodejs:22
+
+COPY build/crypteia-amzn /opt/extensions/crypteia
+COPY build/libcrypteia-amzn.so /opt/lib/libcrypteia.so
+
+WORKDIR /var/task
+
+ENV CRYPTEIA_BUILD_OS=amzn
+ENV SKIP_CARGO_TEST=1
+
+ENV EXISTING=existingvalue
+ENV LD_PRELOAD=/opt/lib/libcrypteia.so
+
+# For assert.sh support
+RUN dnf install -y util-linux && dnf clean all

amzn2023/Dockerfile-test-arm64

@@ -0,0 +1,16 @@
+FROM public.ecr.aws/lambda/nodejs:22-arm64
+
+COPY build/crypteia-amzn-arm64 /opt/extensions/crypteia
+COPY build/libcrypteia-amzn-arm64.so /opt/lib/libcrypteia.so
+
+WORKDIR /var/task
+
+ENV CRYPTEIA_BUILD_OS=amzn
+ENV SKIP_CARGO_TEST=1
+
+ENV EXISTING=existingvalue
+ENV LD_PRELOAD=/opt/lib/libcrypteia.so
+
+# For assert.sh support
+RUN dnf install -y util-linux && dnf clean all
+

amzn2023/setup

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+echo "== [amzn2023/Dockerfile] building... =="
+docker build --tag crypteia-lambda-amzn2023 --file amzn2023/Dockerfile .
+
+echo "== [amzn2023/Dockerfile] bin/setup =="
+docker run \
+  --rm \
+  --user root \
+  --entrypoint "./bin/setup" \
+  --volume "${PWD}:/var/task" \
+  crypteia-lambda-amzn2023
+

amzn2023/setup-arm64

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+echo "== [amzn2023/Dockerfile-arm64] building... =="
+docker build --platform linux/arm64 --tag crypteia-lambda-amzn2023-arm64 --file amzn2023/Dockerfile-arm64 .
+
+echo "== [amzn2023/Dockerfile-arm64] bin/setup =="
+docker run \
+  --platform linux/arm64 \
+  --rm \
+  --user root \
+  --entrypoint "./bin/setup" \
+  --volume "${PWD}:/var/task" \
+  crypteia-lambda-amzn2023-arm64