feat: initial django-devcontainer setup

Author: alihaidar0

.dockerignore

@@ -0,0 +1,25 @@
+# ============================================================
+#  .dockerignore
+#  Only docker/ and scripts/ are needed for the image build.
+# ============================================================
+
+# Git
+.git
+.gitignore
+.gitattributes
+.github
+
+# Docs
+*.md
+!README.md
+docs/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Editor
+.vscode/
+.idea/
+*.swp
+*~

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# Code owners for the repository
+# These users will be automatically requested for review on all PRs
+
+* @alihaidar0

.github/dependabot.yml

@@ -0,0 +1,45 @@
+version: 2
+updates:
+  # ── GitHub Actions ────────────────────────────────────────────────────
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    target-branch: "main"
+    rebase-strategy: "auto"
+    assignees:
+      - "alihaidar0"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    groups:
+      github-actions-all:
+        patterns:
+          - "*"
+    open-pull-requests-limit: 5
+
+  # ── Docker base image ─────────────────────────────────────────────────
+  - package-ecosystem: "docker"
+    directory: "/docker"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
+    target-branch: "main"
+    rebase-strategy: "auto"
+    assignees:
+      - "alihaidar0"
+    commit-message:
+      prefix: "build"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "docker"
+    open-pull-requests-limit: 3

.github/labels.yml

@@ -0,0 +1,54 @@
+- name: "dependencies"
+  color: "0075ca"
+  description: "Automated dependency update opened by Dependabot"
+- name: "github-actions"
+  color: "e4e669"
+  description: "Updates to GitHub Actions versions in workflow files"
+- name: "docker"
+  color: "0db7ed"
+  description: "Updates to the Docker base image or Dockerfile"
+- name: "breaking change"
+  color: "d73a4a"
+  description: "Introduces a breaking change that requires attention before merging"
+- name: "bug"
+  color: "ee0701"
+  description: "Something is broken or behaving incorrectly"
+- name: "enhancement"
+  color: "84b6eb"
+  description: "Improvement to an existing feature or behaviour"
+- name: "feature"
+  color: "0e8a16"
+  description: "Adds new functionality to the image or developer environment"
+- name: "chore"
+  color: "fef2c0"
+  description: "Maintenance task with no functional impact — cleanup, rename, reorder"
+- name: "documentation"
+  color: "0075ca"
+  description: "Changes to README, comments, or other documentation only"
+- name: "ready for review"
+  color: "0e8a16"
+  description: "PR is complete and ready for a review pass"
+- name: "work in progress"
+  color: "e99695"
+  description: "PR is open for early feedback but is not ready to merge"
+- name: "blocked"
+  color: "d73a4a"
+  description: "Blocked by another PR, issue, or external dependency"
+- name: "on hold"
+  color: "f9d0c4"
+  description: "Deliberately paused — not blocked, not abandoned, not yet ready"
+- name: "priority: high"
+  color: "d73a4a"
+  description: "Should be reviewed and merged within the current week"
+- name: "priority: low"
+  color: "c2e0c6"
+  description: "No urgency — can be picked up when convenient"
+- name: "duplicate"
+  color: "cccccc"
+  description: "This issue or PR already exists elsewhere — see linked item"
+- name: "wont fix"
+  color: "ffffff"
+  description: "Acknowledged but intentionally out of scope for this repo"
+- name: "good first issue"
+  color: "7057ff"
+  description: "Suitable for a first contribution — well scoped and documented"

.github/workflows/docker.yml

@@ -0,0 +1,131 @@
+# ============================================================
+#  .github/workflows/docker.yml
+#
+#  Builds the Django dev container image and pushes to Docker Hub.
+#  Cross-platform: linux/amd64 (Windows/Linux) + linux/arm64 (Apple Silicon)
+#
+#  Triggers:
+#    - Push to main                   → builds + pushes :latest + :sha-xxx
+#    - PR targeting main              → builds only (no push) — validates Dockerfile
+#    - Manual dispatch                → optional push, optional force rebuild
+#
+#  Required GitHub Secrets:
+#    DOCKERHUB_USERNAME   Docker Hub username
+#    DOCKERHUB_TOKEN      Docker Hub access token (Read/Write)
+#
+#  Platforms:
+#    linux/amd64  — Windows / Linux / GCP
+#    linux/arm64  — Apple Silicon Macs
+# ============================================================
+
+name: Docker
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "docker/Dockerfile.dev"
+      - "scripts/**"
+      - ".github/workflows/docker.yml"
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "docker/Dockerfile.dev"
+      - "scripts/**"
+      - ".github/workflows/docker.yml"
+
+  workflow_dispatch:
+    inputs:
+      push_image:
+        description: "Push image to Docker Hub?"
+        required: true
+        default: "true"
+        type: choice
+        options:
+          - "true"
+          - "false"
+      force_rebuild:
+        description: "Bypass layer cache (full rebuild)"
+        required: false
+        type: boolean
+        default: false
+
+concurrency:
+  group: docker-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  IMAGE_NAME: alihaidar199527/django-devcontainer
+
+jobs:
+
+  build-and-push:
+    name: Build & Push Dev Image
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Log in to Docker Hub
+        # Skip login on PR builds — we are not pushing, no credentials needed
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=sha,prefix=sha-,format=short
+
+      - name: Build and push
+        id: build
+        uses: docker/build-push-action@v7
+        with:
+          context: .
+          file: docker/Dockerfile.dev
+          platforms: linux/amd64,linux/arm64
+          # Push only on a real push to main or an approved manual dispatch
+          # PR builds compile the image to validate it but never push
+          push: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.push_image == 'true') }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          no-cache: ${{ inputs.force_rebuild == true }}
+          provenance: true
+          sbom: true
+
+      - name: Write job summary
+        if: always()
+        run: |
+          echo "## 🐳 Docker Build Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| **Image** | \`${{ env.IMAGE_NAME }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Digest** | \`${{ steps.build.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Tags** | \`${{ steps.meta.outputs.tags }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Platforms** | \`linux/amd64, linux/arm64\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Triggered by** | \`${{ github.event_name }}\` on \`${{ github.ref_name }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Commit** | \`${{ github.sha }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Pushed to Docker Hub** | \`${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.push_image == 'true') }}\` |" >> $GITHUB_STEP_SUMMARY

.github/workflows/dockerhub-description.yml

@@ -0,0 +1,72 @@
+# ============================================================
+#  .github/workflows/dockerhub-description.yml
+#
+#  Syncs README.md to the Docker Hub repository description.
+#
+#  Triggers:
+#    - Push to main where README.md changed      → updates Docker Hub if image exists
+#    - PR targeting main where README.md changed → updates Docker Hub if image exists
+#    - Manual dispatch                           → updates Docker Hub if image exists
+#
+#  Behaviour:
+#    - Checks if the image exists on Docker Hub before updating
+#    - Skips silently (no error) if the image does not exist yet
+#
+#  Required GitHub Secrets:
+#    DOCKERHUB_USERNAME   Docker Hub username
+#    DOCKERHUB_TOKEN      Docker Hub access token (Read/Write)
+# ============================================================
+
+name: Docker Hub description
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "README.md"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "README.md"
+  workflow_dispatch:
+jobs:
+  update-description:
+    name: Update Docker Hub description
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          sparse-checkout: README.md
+      - name: Check image exists on Docker Hub
+        id: check
+        run: |
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
+            https://hub.docker.com/v2/repositories/${{ secrets.DOCKERHUB_USERNAME }}/django-devcontainer/)
+          if [ "$STATUS" = "200" ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+      - name: Update Docker Hub description
+        if: steps.check.outputs.exists == 'true'
+        uses: peter-evans/dockerhub-description@v5
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: ${{ secrets.DOCKERHUB_USERNAME }}/django-devcontainer
+          readme-filepath: ./README.md
+      - name: Write job summary
+        if: always()
+        run: |
+          echo "## 📄 Docker Hub Description Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "| Field | Value |" >> $GITHUB_STEP_SUMMARY
+          echo "|-------|-------|" >> $GITHUB_STEP_SUMMARY
+          echo "| **Triggered by** | \`${{ github.event_name }}\` on \`${{ github.ref_name }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Commit** | \`${{ github.sha }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Image exists** | \`${{ steps.check.outputs.exists }}\` |" >> $GITHUB_STEP_SUMMARY
+          echo "| **Docker Hub updated** | \`${{ steps.check.outputs.exists }}\` |" >> $GITHUB_STEP_SUMMARY

.github/workflows/labels.yml

@@ -0,0 +1,27 @@
+name: Labels
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/labels.yml"
+  workflow_dispatch:
+
+jobs:
+  sync:
+    name: Sync labels to GitHub
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          sparse-checkout: .github/labels.yml
+      - name: Sync labels
+        uses: EndBug/label-sync@v2
+        with:
+          config-file: .github/labels.yml
+          token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,17 @@
+# OS
+.DS_Store
+Thumbs.db
+Desktop.ini
+
+# Editor
+.vscode/settings.json
+.idea/
+*.swp
+*~
+
+# Secrets
+.env
+.env.*
+!.env.example
+
+django-devcontainer-code.xml