chore(ci): add GitHub Actions and Docker configuration

[iplaylf2]

Summary by CodeRabbit

• Chores
  • Added repository review/profile and pre-merge automation settings.
  • Enabled project spell-checking with custom dictionaries and added new words.
  • Added a pull request template to guide automated title/review behavior.
  • Added a CI workflow to discover and build container images with graceful handling when none are found.
  • Recommended VS Code extensions and added base and .NET container configurations.

[coderabbitai]

Warning

Rate limit exceeded

@iplaylf2 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 21 minutes and 15 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 27d0655 and c0e4d22.

📒 Files selected for processing (1)

• .github/workflows/pre-merge-to-master.yml (1 hunks)

Walkthrough

Adds repository tooling and CI configuration: CodeRabbit review settings, spellcheck dictionaries and wordlists, a PR template, VS Code extension recommendations, a pre-merge workflow that discovers/builds images, and two image Dockerfiles (base and refactored .NET multi-stage build).

Changes

Cohort / File(s)	Summary
CodeRabbit & Editor Config ​.coderabbit.yaml, ​.vscode/extensions.json, ​.github/pull_request_template.md	Adds CodeRabbit configuration (assertive review profile, auto-title instruction format, fail_commit_status, sequence_diagrams/suggested_reviewers/poem flags, auto_review with bot-reviewer label exclusion, pre_merge_checks toggles, enabled tools), VS Code extension recommendations, and a PR template with auto-generation and bot-review guidance.
Spellcheck Dictionaries ​.cspell.yaml, ​.cspell/project-words.txt, ​.cspell/third-party-words.txt	Adds cspell config referencing project-words and third-party-words dictionaries; adds iplaylf to project words and nine third-party entries (buildx, coderabbit, coderabbitai, devcontainers, dockerfiles, docstrings, mapfile, pipefail, shellcheck).
GitHub Actions Workflow ​.github/workflows/pre-merge-to-master.yml	Adds a pre-merge workflow that discovers Dockerfiles under images, produces a JSON/jq matrix of image definitions (name, context, file), runs matrix-driven Buildx builds with per-image caching and no push, and reports final build status; handles empty discovery gracefully.
Container Images images/base/Dockerfile, images/dotnet/Dockerfile	Adds images/base/Dockerfile with FROM mcr.microsoft.com/devcontainers/base. Refactors images/dotnet/Dockerfile to include a builder stage that adds the install script and uses a BuildKit inline mount in the final stage to execute /builder/dotnet-install.sh, preserving DOTNET_ROOT and PATH.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Inspect jq matrix generation and empty-discovery handling in .github/workflows/pre-merge-to-master.yml.
• Verify BuildKit inline mount and cross-stage script access in images/dotnet/Dockerfile.
• Confirm .coderabbit.yaml auto-title, fail_commit_status, auto_review exclusions, and tool toggles reflect intended CI/review behavior.

Pre-merge checks and finishing touches

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 01f3906 and 6042e9a.

📒 Files selected for processing (9)

• .coderabbit.yaml (1 hunks)
• .cspell.yaml (1 hunks)
• .cspell/project-words.txt (1 hunks)
• .cspell/third-party-words.txt (1 hunks)
• .github/pull_request_template.md (1 hunks)
• .github/workflows/pre-merge-to-master.yml (1 hunks)
• .vscode/extensions.json (1 hunks)
• images/base/Dockerfile (1 hunks)
• images/dotnet/Dockerfile (1 hunks)

🧰 Additional context used

🪛 Checkov (3.2.334)

images/base/Dockerfile

[low] 1-1: Ensure the base image uses a non latest version tag

(CKV_DOCKER_7)

---

[low] 1-1: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

---

[low] 1-1: Ensure that a user for the container has been created

(CKV_DOCKER_3)

images/dotnet/Dockerfile

[low] 5-5: Ensure that COPY is used instead of ADD in Dockerfiles

(CKV_DOCKER_4)

---

[low] 1-1: Ensure the base image uses a non latest version tag

(CKV_DOCKER_7)

---

[low] 1-21: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

🪛 Hadolint (2.14.0)

images/base/Dockerfile

[warning] 1-1: Always tag the version of an image explicitly

(DL3006)

images/dotnet/Dockerfile

[error] 16-16: unexpected " <newline> type=bi"
expecting "env=", "from=", "gid=", "id=", "mode=", "readonly", "readonly=", "readwrite", "readwrite=", "relabel=", "required", "required=False", "required=True", "required=false", "required=true", "ro", "ro=", "rw", "rw=", "sharing=", "type=", "uid=", source=, or target=

(DL1000)

🪛 LanguageTool

.cspell/project-words.txt

[grammar] ~1-~1: Dit kan een fout zijn.
Context: iplaylf

(QB_NEW_NL)

🪛 markdownlint-cli2 (0.18.1)

.github/pull_request_template.md

1-1: First line in a file should be a top-level heading

(MD041, first-line-heading, first-line-h1)

🔇 Additional comments (8)

.vscode/extensions.json (1)

1-7: LGTM!

The VS Code extensions recommendations are well-chosen and align with the tooling introduced in this PR (spell-checking, YAML configuration support, and container development). The JSON structure is valid.

.cspell/third-party-words.txt (1)

1-9: LGTM!

The third-party dictionary entries are well-curated for this project's domain (Docker, shell scripting, CodeRabbit tooling) and sorted alphabetically for maintainability.

.coderabbit.yaml (1)

1-28: LGTM!

The CodeRabbit configuration is well-structured and aligns with the PR objectives. The assertive review profile, conventional commits format, and tool selections (hadolint, markdownlint, shellcheck) are appropriate for this container-focused repository. Disabling docstring and title pre-merge checks reduces friction while targeted tools cover the relevant code types.

.cspell/project-words.txt (1)

1-1: LGTM!

The project-specific word "iplaylf" (matching the repository owner) is appropriately added to the project dictionary.

.cspell.yaml (1)

1-16: LGTM!

The cspell configuration is well-structured with proper schema reference, dictionary definitions linked to the accompanying word files, and sensible exclusions. The addWords flags allow the dictionaries to grow as needed.

.github/workflows/pre-merge-to-master.yml (3)

1-7: Workflow trigger configuration is well-defined.

The workflow correctly triggers on common PR events (opened, synchronize, reopened, ready_for_review) targeting the master branch, which is appropriate for pre-merge validation.

---

49-85: Build and summarize jobs are well-configured.

The matrix-based build job correctly consumes discovered images, uses recent Docker action versions (v3 and v6), and implements sensible caching with per-image scopes. Disabling push and provenance is appropriate for pre-merge validation. Permissions are appropriately scoped to actions:write for GHA cache operations.

---

9-47: Verify intended naming behavior for nested Dockerfile structures.

The jq transformation executes without errors and correctly parses Dockerfile paths into matrix format. However, verification reveals a critical detail: the $parts[-2] extraction returns the immediate parent directory name, not the top-level image namespace.

For example:

• images/base/Dockerfile → name: "base" ✓
• images/custom/nested/Dockerfile → name: "nested" (not "custom")

Confirm whether this naming strategy aligns with your intended image naming scheme. If Dockerfiles should be nested as images/{image-name}/.../{Dockerfile} with name extracted as the immediate parent, the code is correct. If you expect name to reference a top-level namespace, the logic requires adjustment.

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (2)

images/dotnet/Dockerfile (2)

1-1: Pin base image version for reproducibility.

Dev container images are also versioned independent of the runtime. To avoid unexpected breaks, we recommend pinning to the latest major version of an image release to pick up security and feature updates without breaking changes.

Replace latest with a specific version tag (e.g., 0) in both FROM statements:

-FROM mcr.microsoft.com/devcontainers/base:latest AS builder
+FROM mcr.microsoft.com/devcontainers/base:0 AS builder

-FROM mcr.microsoft.com/devcontainers/base:latest
+FROM mcr.microsoft.com/devcontainers/base:0

Also applies to: 8-8

---

16-21: Fix RUN --mount syntax error (build blocker).

The Hadolint linter confirms this is a syntax error. Mount parameters must be comma-separated on a single line without line breaks or spaces.

Apply this diff:

-RUN --mount=\
-    type=bind,\
-    from=builder,\
-    source=/builder/dotnet-install.sh,\
-    target=/builder/dotnet-install.sh \
-    /builder/dotnet-install.sh --channel $SDK_VERSION
+RUN --mount=type=bind,from=builder,source=/builder/dotnet-install.sh,target=/builder/dotnet-install.sh \
+    /builder/dotnet-install.sh --channel $SDK_VERSION

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6042e9a and d187ba2.

📒 Files selected for processing (2)

• .github/workflows/pre-merge-to-master.yml (1 hunks)
• images/dotnet/Dockerfile (1 hunks)

🧰 Additional context used

🪛 Checkov (3.2.334)

images/dotnet/Dockerfile

[low] 5-5: Ensure that COPY is used instead of ADD in Dockerfiles

(CKV_DOCKER_4)

---

[low] 1-1: Ensure the base image uses a non latest version tag

(CKV_DOCKER_7)

---

[low] 1-21: Ensure that HEALTHCHECK instructions have been added to container images

(CKV_DOCKER_2)

🪛 Hadolint (2.14.0)

images/dotnet/Dockerfile

[error] 16-16: unexpected "<newline> type=bin"
expecting "env=", "from=", "gid=", "id=", "mode=", "readonly", "readonly=", "readwrite", "readwrite=", "relabel=", "required", "required=False", "required=True", "required=false", "required=true", "ro", "ro=", "rw", "rw=", "sharing=", "type=", "uid=", source=, or target=

(DL1000)

🔇 Additional comments (1)

.github/workflows/pre-merge-to-master.yml (1)

3-6: Workflow trigger configuration is appropriate.

The event types cover all relevant PR state transitions, and filtering by target branch ensures workflow runs only for PRs targeting master. The draft PR check (line 11) prevents unnecessary CI runs.