From 0baa2f793e88502b26aa34dc9714bed2d4cd68fe Mon Sep 17 00:00:00 2001
From: Lionel Suss <801084+lion3ls@users.noreply.github.com>
Date: Mon, 26 Jan 2026 12:01:10 +0000
Subject: [PATCH 1/2] feat(backend): use a local feature

Signed-off-by: Lionel Suss <801084+lion3ls@users.noreply.github.com>
---
 .../.devcontainer/devcontainer-lock.json      | 28 +++++++--------
 .../backend/.devcontainer/devcontainer.json   |  7 ++--
 .../features/postgres-rds/.bash_aliases       |  1 +
 .../postgres-rds/devcontainer-feature.json    |  7 ++++
 .../features/postgres-rds/install.sh          | 35 +++++++++++++++++++
 5 files changed, 61 insertions(+), 17 deletions(-)
 create mode 100644 images/src/backend/.devcontainer/features/postgres-rds/.bash_aliases
 create mode 100644 images/src/backend/.devcontainer/features/postgres-rds/devcontainer-feature.json
 create mode 100755 images/src/backend/.devcontainer/features/postgres-rds/install.sh

diff --git a/images/src/backend/.devcontainer/devcontainer-lock.json b/images/src/backend/.devcontainer/devcontainer-lock.json
index 5e35e46b..613d038e 100644
--- a/images/src/backend/.devcontainer/devcontainer-lock.json
+++ b/images/src/backend/.devcontainer/devcontainer-lock.json
@@ -1,5 +1,10 @@
 {
   "features": {
+    "ghcr.io/lifadev/devcontainers/features/aws2": {
+      "version": "2026.1.23",
+      "resolved": "ghcr.io/lifadev/devcontainers/features/aws2@sha256:1038400f730d812e91b97b70727e1ed56a562288f0c5f9c4c0a20ee528c8dea8",
+      "integrity": "sha256:1038400f730d812e91b97b70727e1ed56a562288f0c5f9c4c0a20ee528c8dea8"
+    },
     "ghcr.io/lifadev/devcontainers/features/base": {
       "version": "2025.4.12",
       "resolved": "ghcr.io/lifadev/devcontainers/features/base@sha256:d083d0f6d166afaebcb771e9adfa8f957bf27f3449a383fc2655aded11de9846",
@@ -10,30 +15,25 @@
       "resolved": "ghcr.io/lifadev/devcontainers/features/bash@sha256:ad1a99a16c4b41daaf289d4e6fba1db418d34bbc609735c0ef91c7fa95576f46",
       "integrity": "sha256:ad1a99a16c4b41daaf289d4e6fba1db418d34bbc609735c0ef91c7fa95576f46"
     },
-    "ghcr.io/lifadev/devcontainers/features/developer": {
-      "version": "2026.1.22",
-      "resolved": "ghcr.io/lifadev/devcontainers/features/developer@sha256:ee97423622b3931d1ef48e5ed54d2b4cd3c3dc07cc6a3462e13acdf9466b9fcd",
-      "integrity": "sha256:ee97423622b3931d1ef48e5ed54d2b4cd3c3dc07cc6a3462e13acdf9466b9fcd"
-    },
-    "ghcr.io/lifadev/devcontainers/features/starship": {
-      "version": "2025.12.30",
-      "resolved": "ghcr.io/lifadev/devcontainers/features/starship@sha256:42b087359e4118f75f2d7399bdc7e5866d8db0a4f14e82bd67f93e43d6536b81",
-      "integrity": "sha256:42b087359e4118f75f2d7399bdc7e5866d8db0a4f14e82bd67f93e43d6536b81"
-    },
     "ghcr.io/lifadev/devcontainers/features/cdk": {
       "version": "2026.1.25",
       "resolved": "ghcr.io/lifadev/devcontainers/features/cdk@sha256:5c080c866b4223277a8857ec5de3829bedf3b3e18583ae8b5df5bb68312f90eb",
       "integrity": "sha256:5c080c866b4223277a8857ec5de3829bedf3b3e18583ae8b5df5bb68312f90eb"
     },
+    "ghcr.io/lifadev/devcontainers/features/developer": {
+      "version": "2026.1.22",
+      "resolved": "ghcr.io/lifadev/devcontainers/features/developer@sha256:ee97423622b3931d1ef48e5ed54d2b4cd3c3dc07cc6a3462e13acdf9466b9fcd",
+      "integrity": "sha256:ee97423622b3931d1ef48e5ed54d2b4cd3c3dc07cc6a3462e13acdf9466b9fcd"
+    },
     "ghcr.io/lifadev/devcontainers/features/node24": {
       "version": "2026.1.22",
       "resolved": "ghcr.io/lifadev/devcontainers/features/node24@sha256:354a0a005634a32a187a39c34be33f60f644bf8576f80fd8471d6d3e363747c7",
       "integrity": "sha256:354a0a005634a32a187a39c34be33f60f644bf8576f80fd8471d6d3e363747c7"
     },
-    "ghcr.io/lifadev/devcontainers/features/aws2": {
-      "version": "2026.1.23",
-      "resolved": "ghcr.io/lifadev/devcontainers/features/aws2@sha256:1038400f730d812e91b97b70727e1ed56a562288f0c5f9c4c0a20ee528c8dea8",
-      "integrity": "sha256:1038400f730d812e91b97b70727e1ed56a562288f0c5f9c4c0a20ee528c8dea8"
+    "ghcr.io/lifadev/devcontainers/features/starship": {
+      "version": "2025.12.30",
+      "resolved": "ghcr.io/lifadev/devcontainers/features/starship@sha256:42b087359e4118f75f2d7399bdc7e5866d8db0a4f14e82bd67f93e43d6536b81",
+      "integrity": "sha256:42b087359e4118f75f2d7399bdc7e5866d8db0a4f14e82bd67f93e43d6536b81"
     },
     "ghcr.io/wemaintain/devcontainers/features/cdktf": {
       "version": "2025.6.7",
diff --git a/images/src/backend/.devcontainer/devcontainer.json b/images/src/backend/.devcontainer/devcontainer.json
index 8c2bd9a5..8c0225ec 100644
--- a/images/src/backend/.devcontainer/devcontainer.json
+++ b/images/src/backend/.devcontainer/devcontainer.json
@@ -10,18 +10,19 @@
     "ghcr.io/lifadev/devcontainers/features/starship": {},
     "ghcr.io/wemaintain/devcontainers/features/cdktf": {},
     "ghcr.io/wemaintain/devcontainers/features/nx": {},
-    "ghcr.io/wemaintain/devcontainers/features/terraform": {}
+    "ghcr.io/wemaintain/devcontainers/features/terraform": {},
+    "./features/postgres-rds": {}
   },
   "remoteUser": "developer",
   "updateRemoteUserUID": true,
   "remoteEnv": {
     "PATH": "/opt/bin:${containerEnv:PATH}"
   },
-  "postCreateCommand": "sudo env PATH=$PATH CI=true corepack enable && mkdir -p ~/.aws && wget -q https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -O ~/.aws/rds-ca-cert.pem && printf \"alias withPg='DB_HOST=wemaintain-pgsql-staging.cdtgkxemrw9j.eu-west-1.rds.amazonaws.com DB_USER=backend_dev DB_PASSWORD=\\$(aws rds --profile prod:back generate-db-auth-token --hostname wemaintain-pgsql-staging.cdtgkxemrw9j.eu-west-1.rds.amazonaws.com --port 5432 --region eu-west-1 --username backend_dev) DB_SSL_CA=\\$HOME/.aws/rds-ca-cert.pem'\\n\" > ~/.bash_aliases",
+  "postCreateCommand": "sudo env PATH=$PATH CI=true corepack enable",
   "customizations": {
     "manifest": {
       "name": "backend",
-      "version": "2026.1.264"
+      "version": "2026.1.265"
     },
     "vscode": {
       "settings": {
diff --git a/images/src/backend/.devcontainer/features/postgres-rds/.bash_aliases b/images/src/backend/.devcontainer/features/postgres-rds/.bash_aliases
new file mode 100644
index 00000000..f4c97c52
--- /dev/null
+++ b/images/src/backend/.devcontainer/features/postgres-rds/.bash_aliases
@@ -0,0 +1 @@
+alias withPg='DB_HOST=wemaintain-pgsql-staging.cdtgkxemrw9j.eu-west-1.rds.amazonaws.com DB_USER=backend_dev DB_PASSWORD=$(aws rds --profile prod:back generate-db-auth-token --hostname wemaintain-pgsql-staging.cdtgkxemrw9j.eu-west-1.rds.amazonaws.com --port 5432 --region eu-west-1 --username backend_dev) DB_SSL_CA=/usr/local/share/aws/rds-ca-cert.pem'
diff --git a/images/src/backend/.devcontainer/features/postgres-rds/devcontainer-feature.json b/images/src/backend/.devcontainer/features/postgres-rds/devcontainer-feature.json
new file mode 100644
index 00000000..7a52b673
--- /dev/null
+++ b/images/src/backend/.devcontainer/features/postgres-rds/devcontainer-feature.json
@@ -0,0 +1,7 @@
+{
+  "id": "postgres-rds",
+  "version": "1.0.0",
+  "name": "PostgreSQL RDS Setup",
+  "description": "Sets up SSL certificate and aliases for RDS connections",
+  "options": {}
+}
diff --git a/images/src/backend/.devcontainer/features/postgres-rds/install.sh b/images/src/backend/.devcontainer/features/postgres-rds/install.sh
new file mode 100755
index 00000000..33428c27
--- /dev/null
+++ b/images/src/backend/.devcontainer/features/postgres-rds/install.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -e
+
+check_packages() {
+    if ! dpkg -s "$@" > /dev/null 2>&1; then
+        if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+            apt-get update
+        fi
+        apt-get -y install --no-install-recommends "$@"
+    fi
+}
+
+# Install dependencies if missing
+check_packages wget ca-certificates
+
+# Download cert
+mkdir -p /usr/local/share/aws
+echo "Downloading AWS RDS CA certificate..."
+wget -q https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -O /usr/local/share/aws/rds-ca-cert.pem
+chmod 644 /usr/local/share/aws/rds-ca-cert.pem
+
+# Add alias to /etc/skel so new users get it
+echo "Adding alias to /etc/skel/.bash_aliases"
+mkdir -p /etc/skel
+cat .bash_aliases >> /etc/skel/.bash_aliases
+
+# If the user 'developer' already exists (e.g. from base image), update it.
+# Otherwise, relying on /etc/skel is sufficient for when the user is created later.
+if id -u developer >/dev/null 2>&1; then
+    echo "User 'developer' exists, updating their .bash_aliases"
+    USER_HOME=$(getent passwd developer | cut -d: -f6)
+    mkdir -p "$USER_HOME"
+    cat .bash_aliases >> "$USER_HOME/.bash_aliases"
+    chown developer:developer "$USER_HOME/.bash_aliases"
+fi

From a11769e062d099702b54f03390d3f58331c408ec Mon Sep 17 00:00:00 2001
From: Lionel Suss <801084+lion3ls@users.noreply.github.com>
Date: Mon, 26 Jan 2026 12:05:35 +0000
Subject: [PATCH 2/2] format

Signed-off-by: Lionel Suss <801084+lion3ls@users.noreply.github.com>
---
 .../features/postgres-rds/install.sh          | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/images/src/backend/.devcontainer/features/postgres-rds/install.sh b/images/src/backend/.devcontainer/features/postgres-rds/install.sh
index 33428c27..59b7e627 100755
--- a/images/src/backend/.devcontainer/features/postgres-rds/install.sh
+++ b/images/src/backend/.devcontainer/features/postgres-rds/install.sh
@@ -2,12 +2,12 @@
 set -e
 
 check_packages() {
-    if ! dpkg -s "$@" > /dev/null 2>&1; then
-        if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
-            apt-get update
-        fi
-        apt-get -y install --no-install-recommends "$@"
+  if ! dpkg -s "$@" >/dev/null 2>&1; then
+    if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+      apt-get update
     fi
+    apt-get -y install --no-install-recommends "$@"
+  fi
 }
 
 # Install dependencies if missing
@@ -22,14 +22,14 @@ chmod 644 /usr/local/share/aws/rds-ca-cert.pem
 # Add alias to /etc/skel so new users get it
 echo "Adding alias to /etc/skel/.bash_aliases"
 mkdir -p /etc/skel
-cat .bash_aliases >> /etc/skel/.bash_aliases
+cat .bash_aliases >>/etc/skel/.bash_aliases
 
 # If the user 'developer' already exists (e.g. from base image), update it.
 # Otherwise, relying on /etc/skel is sufficient for when the user is created later.
 if id -u developer >/dev/null 2>&1; then
-    echo "User 'developer' exists, updating their .bash_aliases"
-    USER_HOME=$(getent passwd developer | cut -d: -f6)
-    mkdir -p "$USER_HOME"
-    cat .bash_aliases >> "$USER_HOME/.bash_aliases"
-    chown developer:developer "$USER_HOME/.bash_aliases"
+  echo "User 'developer' exists, updating their .bash_aliases"
+  USER_HOME=$(getent passwd developer | cut -d: -f6)
+  mkdir -p "$USER_HOME"
+  cat .bash_aliases >>"$USER_HOME/.bash_aliases"
+  chown developer:developer "$USER_HOME/.bash_aliases"
 fi