microsoft
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 90 additions & 13 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 90 additions & 13 deletions
diff --git a/‎.devcontainer/installMoreTools.sh‎
Lines changed: 0 additions & 8 deletions b/‎.devcontainer/installMoreTools.sh‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎.github/.markdownlint.json‎
Lines changed: 3 additions & 0 deletions b/‎.github/.markdownlint.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/dependabot.yaml‎
Lines changed: 79 additions & 4 deletions b/‎.github/dependabot.yaml‎
Lines changed: 79 additions & 4 deletions
diff --git a/‎.github/workflows/codeql.yaml‎
Lines changed: 13 additions & 11 deletions b/‎.github/workflows/codeql.yaml‎
Lines changed: 13 additions & 11 deletions
diff --git a/‎.github/workflows/commit-message.yaml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/commit-message.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/devcontainer.yaml‎
Lines changed: 46 additions & 0 deletions b/‎.github/workflows/devcontainer.yaml‎
Lines changed: 46 additions & 0 deletions
@@ -1,25 +1,102 @@
 {
   "name": "retina",
-  "image": "mcr.microsoft.com/devcontainers/base:jammy",
+  "image": "mcr.microsoft.com/devcontainers/base:noble",
   "features": {
-    "ghcr.io/devcontainers/features/common-utils:2": {},
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
-    "ghcr.io/devcontainers/features/github-cli:1": {},
-    "ghcr.io/devcontainers/features/go:1": {},
-    "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {},
-    "ghcr.io/devcontainers-contrib/features/kind:1": {},
-    "ghcr.io/devcontainers/features/azure-cli:1": {}
+    "ghcr.io/devcontainers/features/docker-in-docker:2.16.1": {},
+    "ghcr.io/devcontainers/features/github-cli:1.1.0": {},
+    "ghcr.io/devcontainers/features/go:1.3.4": {
+      "version": "1.24.11"
+    },
+    "ghcr.io/devcontainers/features/kubectl-helm-minikube:1.3.1": {},
+    "ghcr.io/devcontainers-extra/features/kind:1.0.15": {},
+    "ghcr.io/devcontainers/features/azure-cli:1.2.9": {},
+    // LLVM 17 is the minimum version available for Ubuntu Noble on apt.llvm.org.
+    // Provides clang and llvm-strip needed for eBPF compilation.
+    "ghcr.io/devcontainers-community/features/llvm:3.2.0": {
+      "version": "17"
+    }
+  },
+  "hostRequirements": {
+    "cpus": 4,
+    "memory": "8gb",
+    "storage": "32gb"
+  },
+  // Persist Go module and build caches across container rebuilds.
+  "mounts": [
+    {
+      "type": "volume",
+      "source": "retina-gomodcache",
+      "target": "/go/pkg/mod"
+    },
+    {
+      "type": "volume",
+      "source": "retina-gobuildcache",
+      "target": "/home/vscode/.cache/go-build"
+    }
+  ],
+  // These commands run in parallel during container creation.
+  "onCreateCommand": {
+    // The LLVM feature installs versioned binaries (clang-17, llvm-strip-17).
+    // Create unversioned symlinks so the build system can find them.
+    "symlinks": "sudo ln -sf /usr/bin/clang-17 /usr/bin/clang && sudo ln -sf /usr/bin/llvm-strip-17 /usr/bin/llvm-strip",
+    // Fix ownership of volume mounts (created as root) and cache dirs,
+    // then download Go modules.
+    "go-setup": "sudo chown -R vscode:vscode /go /home/vscode/.cache && go mod download",
+    // Install jq (needed by some Makefile targets and scripts).
+    "apt-deps": "sudo apt-get update && sudo apt-get install -y --no-install-recommends jq && sudo rm -rf /var/lib/apt/lists/*"
+  },
+  // Wait for Docker-in-Docker to be ready, then create a Kind cluster for local testing.
+  "postStartCommand": {
+    "kind": "while ! docker info >/dev/null 2>&1; do sleep 1; done && kind create cluster 2>/dev/null || true"
+  },
+  "waitFor": "onCreateCommand",
+  "forwardPorts": [
+    9965,
+    4244,
+    10093
+  ],
+  "portsAttributes": {
+    "9965": {
+      "label": "Hubble Metrics",
+      "onAutoForward": "silent"
+    },
+    "4244": {
+      "label": "Hubble Relay",
+      "onAutoForward": "silent"
+    },
+    "10093": {
+      "label": "Retina Metrics",
+      "onAutoForward": "silent"
+    }
   },
-  "postCreateCommand": "bash .devcontainer/installMoreTools.sh && kind create cluster",
   "customizations": {
     "vscode": {
       "extensions": [
-        "esbenp.prettier-vscode",
         "golang.go",
-        "mutantdino.resourcemonitor",
         "ms-vscode.makefile-tools",
-        "ms-kubernetes-tools.vscode-kubernetes-tools"
-      ]
+        "ms-kubernetes-tools.vscode-kubernetes-tools",
+        "ms-azuretools.vscode-docker",
+        "redhat.vscode-yaml",
+        "mutantdino.resourcemonitor",
+        "DavidAnson.vscode-markdownlint"
+      ],
+      "settings": {
+        "go.lintTool": "golangci-lint",
+        "go.lintFlags": [
+          "--config=.golangci.yaml",
+          "--timeout=10m"
+        ],
+        "go.formatTool": "gofumpt",
+        "files.insertFinalNewline": true,
+        "markdownlint.config": {
+          "extends": ".github/.markdownlint.json"
+        },
+        "[markdown]": {
+          "editor.codeActionsOnSave": {
+            "source.fixAll.markdownlint": "explicit"
+          }
+        }
+      }
     }
   }
 }
@@ -2,6 +2,9 @@
     "MD013": false,
     "MD010": false,
     "MD033": false,
+    "MD058": false,
+    "MD059": false,
+    "MD060": false,
     "MD024": {
         "siblings_only": true
     }
 
@@ -1,15 +1,36 @@
 version: 2
 updates:
+  # Docker base images across all Dockerfiles
   - package-ecosystem: "docker"
-    directory: "/"
+    directories:
+      - "/controller"
+      - "/shell"
+      - "/cli"
+      - "/operator"
+      - "/test/image"
+      - "/hack/tools/kapinger"
+      - "/hack/tools/toolbox"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     reviewers:
       - "microsoft/retina"
     commit-message:
       prefix: "deps"
     labels: ["area/infra", "area/dependencies"]
     open-pull-requests-limit: 10
+    cooldown:
+      default-days: 7
+    groups:
+      golang-base:
+        patterns: ["*golang*"]
+      azurelinux-base:
+        patterns: ["*azurelinux*"]
+      windows-base:
+        patterns: ["*windows*", "*nanoserver*", "*servercore*"]
+      ubuntu-base:
+        patterns: ["*ubuntu*"]
+
+  # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -20,6 +41,34 @@ updates:
       prefix: "deps"
     labels: ["area/infra", "area/dependencies"]
     open-pull-requests-limit: 10
+    cooldown:
+      default-days: 3
+    groups:
+      actions-patch:
+        update-types: ["patch"]
+
+  # npm (Docusaurus site)
+  - package-ecosystem: "npm"
+    directory: "/site"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "microsoft/retina"
+    commit-message:
+      prefix: "deps"
+    labels: ["area/docs", "area/dependencies"]
+    open-pull-requests-limit: 5
+    cooldown:
+      default-days: 7
+      semver-major-days: 30
+    groups:
+      docusaurus:
+        patterns:
+          - "@docusaurus/*"
+          - "@mdx-js/*"
+        update-types: ["patch"]
+
+  # Go modules
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
@@ -29,6 +78,32 @@ updates:
     commit-message:
       prefix: "deps"
     labels: ["lang/go", "area/dependencies"]
-    ignore:
-      - dependency-name: "github.com/inspektor-gadget/inspektor-gadget"
     open-pull-requests-limit: 10
+    cooldown:
+      default-days: 7
+      semver-major-days: 30
+    groups:
+      k8s:
+        patterns:
+          - "k8s.io/*"
+          - "sigs.k8s.io/*"
+        exclude-patterns:
+          - "sigs.k8s.io/cloud-provider-azure/*"
+        update-types: ["patch"]
+      cilium:
+        patterns:
+          - "github.com/cilium/*"
+        update-types: ["patch"]
+      aws-sdk:
+        patterns:
+          - "github.com/aws/aws-sdk-go-v2/*"
+        update-types: ["patch"]
+      azure-sdk:
+        patterns:
+          - "github.com/Azure/*"
+          - "sigs.k8s.io/cloud-provider-azure/*"
+        update-types: ["patch"]
+      otel:
+        patterns:
+          - "go.opentelemetry.io/*"
+        update-types: ["patch"]
@@ -6,6 +6,14 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   analyze:
     name: Analyze
@@ -17,7 +25,6 @@ jobs:
         language: [go]
     runs-on: ubuntu-latest
     env:
-      IS_NOT_MERGE_GROUP: ${{ github.event_name != 'merge_group' }}
       GOOS: ${{ matrix.goos }}
       GOARCH: ${{ matrix.goarch }}
     timeout-minutes: 90
@@ -27,23 +34,18 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        if: env.IS_NOT_MERGE_GROUP
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup go
-        if: env.IS_NOT_MERGE_GROUP
-        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
         with:
           go-version-file: go.mod
       - name: Initialize CodeQL
-        if: env.IS_NOT_MERGE_GROUP
-        uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           languages: ${{ matrix.language }}
       - name: Autobuild
-        if: env.IS_NOT_MERGE_GROUP
-        uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
       - name: Perform CodeQL Analysis
-        if: env.IS_NOT_MERGE_GROUP
-        uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           category: "/language:${{matrix.language}}"
@@ -8,10 +8,15 @@ on:
       - synchronize
       - edited
       - reopened
+
+permissions:
+  contents: read
+
 jobs:
   commit-message:
     if: ${{ github.event_name != 'merge_group' }}
     runs-on: ubuntu-24.04
+    timeout-minutes: 5
     steps:
       - name: verify_commit_message
         env:
 
@@ -0,0 +1,46 @@
+name: DevContainer
+on:
+  merge_group:
+  push:
+    branches: [main]
+    paths:
+      - ".devcontainer/**"
+      - "go.mod"
+  pull_request:
+    branches: [main]
+    paths:
+      - ".devcontainer/**"
+      - "go.mod"
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build DevContainer
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Build and validate devcontainer
+        uses: devcontainers/ci@b63b30de439b47a52267f241112c5b453b673db5 # v0.3.1900000449
+        with:
+          runCmd: |
+            clang --version
+            llvm-strip --version
+            go version
+            EXPECTED_GO=$(grep '^go ' go.mod | awk '{print $2}')
+            ACTUAL_GO=$(go version | grep -oP '\d+\.\d+\.\d+')
+            if [ "$EXPECTED_GO" != "$ACTUAL_GO" ]; then
+              echo "::error::Go version mismatch: devcontainer has $ACTUAL_GO but go.mod requires $EXPECTED_GO"
+              exit 1
+            fi
+            kubectl version --client
+            helm version
+            kind version
+            grep -rl 'go:generate.*bpf2go' pkg/plugin/ | xargs -I{} go generate {}