This experimental repo automatically discovers all upstream Microsoft devcontainer images and tags, builds a thin overlay that installs our corporate SSL intercept CA, configures common HTTP clients, tests each image, and publishes to the GitHub Container Registry GHCR with identical tags.
This is an experiment. Support is provided on a best-effort basis. Suggestions and contributions are welcome!
- OS trust store (Debian/Ubuntu
update-ca-certificates; Alpine with fallback) - Tools: curl/requests, Git, npm/yarn/Node.js, pip, conda
References:
- Upstream catalog: devcontainers/images (
src/folders) 1 - MCR tags endpoint:
https://mcr.microsoft.com/v2/devcontainers/<image>/tags/list2 - CA install (Debian/Ubuntu):
update-ca-certificatesmanpage 3 - CA install (Alpine): known approaches & caveats 67
- Node extra certs & npm/yarn cafile configs 1615
- pip certificate handling / truststore 10
- Git SSL CA configuration 12
- conda
.condarcssl_verify17 - GHCR publishing via Actions (permissions & login) 1819
- Trigger the workflow (
Actions → Mirror Devcontainers with Corporate CA). - Images will publish to:
ghcr.io/<OWNER>/devcontainers/<image>:<tag>.
- We mirror all tags returned by MCR for each image family. 2
- Discovery uses the authoritative upstream catalog in GitHub. 1
- Multi-arch (amd64/arm64) builds use Docker Buildx; adjust platforms as needed.
See LICENSE.md for the license of the code in this repository.
See the upstream license documentation for the licenses of the devcontainers themselves.