kaniko is added

.devcontainer/Dockerfile

@@ -0,0 +1,5 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu
+
+RUN apt clean && apt update --fix-missing
+RUN apt install -y pkg-config \
+    && rm -rf /var/lib/apt/lists/*

.devcontainer/devcontainer.json

@@ -0,0 +1,47 @@
+{
+    "name": "loafle.docker.tools",
+    // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+    "dockerComposeFile": "docker-compose.yaml",
+    "service": "app",
+    "workspaceFolder": "/workspace",
+    "shutdownAction": "stopCompose",
+    "features": {
+        "ghcr.io/devcontainers/features/git:1": {},
+        "ghcr.io/devcontainers/features/docker-in-docker:2": {}
+    },
+    // Configure tool-specific properties.
+    "customizations": {
+        // Configure properties specific to VS Code.
+        "vscode": {
+            "settings": {
+                "terminal.integrated.defaultProfile.linux": "zsh",
+                "terminal.integrated.profiles.linux": {
+                    "zsh": {
+                        "path": "/bin/zsh"
+                    }
+                },
+                "editor.formatOnSave": true
+            },
+            "extensions": [
+                "eamodio.gitlens",
+                "esbenp.prettier-vscode",
+                "ms-azuretools.vscode-docker",
+                "ms-kubernetes-tools.vscode-kubernetes-tools",
+                "streetsidesoftware.code-spell-checker",
+                "tamasfe.even-better-toml"
+            ]
+        }
+    },
+    // Use 'forwardPorts' to make a list of ports inside the container available locally.
+    // "forwardPorts": [],
+    // Use 'postCreateCommand' to run commands after the container is created.
+    "postCreateCommand": "/bin/sh ./.devcontainer/postCreateCommand.sh",
+    // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+    // "remoteUser": "vscode"
+    "mounts": [
+        "source=${localEnv:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,consistency=cached",
+        "source=${localEnv:HOME}/.config/pypoetry,target=/home/vscode/.config/pypoetry,type=bind,consistency=cached",
+        "source=${localEnv:HOME}/.ssh/id_rsa,target=/home/vscode/.ssh/id_rsa,type=bind,consistency=cached",
+        "source=${localEnv:HOME}/.netrc,target=/home/vscode/.netrc,type=bind,consistency=cached"
+    ]
+}

.devcontainer/docker-compose.yaml

@@ -0,0 +1,48 @@
+version: "3.8"
+
+services:
+  app:
+    # Using a Dockerfile is optional, but included for completeness.
+    build: 
+      context: .
+      dockerfile: Dockerfile
+      # [Optional] You can use build args to set options. e.g. 'VARIANT' below affects the image in the Dockerfile
+      # args: 
+      #   VARIANT: buster
+    # environment:
+    #   PORT: 3000
+    # ports:
+    #   - 3000:3000
+
+    volumes:
+      # This is where VS Code should expect to find your project's source code and the value of "workspaceFolder" in .devcontainer/devcontainer.json
+      - ..:/workspace:cached
+
+      # Uncomment the next line to use Docker from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker-compose for details.
+      # - /var/run/docker.sock:/var/run/docker.sock 
+
+    # Overrides default command so things don't shut down after the process ends.
+    # command: /bin/sh -c "while sleep 1000; do :; done"  
+    command: sleep infinity
+
+    # Runs app on the same network as the service container, allows "forwardPorts" in devcontainer.json function.
+    # network_mode: service:another-service
+    
+    # Use "forwardPorts" in **devcontainer.json** to forward an app port locally. 
+    # (Adding the "ports" property to this file will not forward from a Codespace.)
+
+    # Uncomment the next line to use a non-root user for all processes - See https://aka.ms/vscode-remote/containers/non-root for details.
+    # user: vscode
+
+    # Uncomment the next four lines if you will use a ptrace-based debugger like C++, Go, and Rust.
+    # cap_add:
+    #   - SYS_PTRACE
+    # security_opt:
+    #   - seccomp:unconfined
+
+  # You can include other services not opened by VS Code as well
+  # another-service:
+  #   image: mongo:latest
+  #   restart: unless-stopped
+
+    # As in the "app" service, use "forwardPorts" in **devcontainer.json** to forward an app port locally.

.devcontainer/postCreateCommand.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -ex
+
+# sudo apt clean
+# sudo apt update --fix-missing
+
+# project dependency

kaniko/1.23.2-bash/Dockerfile

@@ -0,0 +1,34 @@
+# Dockerfile (kaniko-with-bash) docker.unbox-x.net/registry/tools/kaniko:v1.23.2
+# Stage 1: 공식 Kaniko executor 바이너리 추출
+FROM gcr.io/kaniko-project/executor:v1.23.2 AS kaniko
+
+# Stage 2: 안전한 Bash 환경을 가진 최종 이미지
+FROM debian:bookworm-slim
+
+# 보안: 루트 인증서 및 최소 도구 설치
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    bash \
+    coreutils \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# 보안: executor 바이너리 복사 (Go 정적 빌드 바이너리)
+COPY --from=kaniko /kaniko/executor /kaniko/executor
+
+# 보안: 실행 디렉토리 및 사용자 지정
+RUN addgroup --system kaniko && adduser --system --ingroup kaniko kaniko && \
+    mkdir -p /workspace && chown -R kaniko:kaniko /workspace && \
+    chown -R kaniko:kaniko /kaniko
+
+# PATH 설정
+ENV PATH="/kaniko:$PATH"
+
+# 보안: 작업 디렉토리 설정
+WORKDIR /workspace
+
+# 보안: 루트 권한 제거
+USER kaniko
+
+# ENTRYPOINT 설정
+ENTRYPOINT ["/kaniko/executor"]