use new image again

Author: anthony-nhs

.devcontainer/Dockerfile

@@ -1,6 +1,6 @@
+ARG IMAGE_NAME=node_24_python_3_14
 ARG IMAGE_VERSION=latest
-ARG IMAGE=node_24_python_3_14
-FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE}:${IMAGE_VERSION}
+FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION}
 
 USER root
 # specify DOCKER_GID to force container docker group id to match host
@@ -12,8 +12,3 @@ RUN if [ -n "${DOCKER_GID}" ]; then \
     fi && \
     usermod -aG docker vscode; \
     fi
-
-# fix vscode user back to 1000
-RUN usermod -u 1000 vscode; \
-    groupmod -g 1000 vscode; \
-    chown -R vscode:vscode /home/vscode

.devcontainer/devcontainer.json

@@ -1,44 +1,47 @@
 {
-  "name": "Ubuntu",
+  "name": "eps-common-workflows",
   "build": {
     "dockerfile": "Dockerfile",
     "context": "..",
     "args": {
       "DOCKER_GID": "${env:DOCKER_GID:}",
-      "IMAGE_VERSION": "pr-16-36dcbc3",
-      "IMAGE": "node_24_python_3_14"
+      "IMAGE_NAME": "node_24_python_3_14",
+      "IMAGE_VERSION": "e0808a3",
+      "USER_UID": "${localEnv:USER_ID:}",
+      "USER_GID": "${localEnv:GROUP_ID:}"
     },
-    "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
-    "mounts": [
-      "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
-    ],
-    "containerUser": "vscode",
-    "remoteEnv": {
-      "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
-    },
-    "features": {},
-    "customizations": {
-      "vscode": {
-        "extensions": [
-          "AmazonWebServices.aws-toolkit-vscode",
-          "redhat.vscode-yaml",
-          "eamodio.gitlens",
-          "github.vscode-pull-request-github",
-          "streetsidesoftware.code-spell-checker",
-          "timonwong.shellcheck",
-          "github.vscode-github-actions"
-        ],
-        "settings": {
-          "cSpell.words": [
-            "fhir",
-            "Formik",
-            "pino",
-            "serialisation"
-          ]
-        }
+    "updateRemoteUserUID": false
+  },
+  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
+  "mounts": [
+    "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
+  ],
+  "containerUser": "vscode",
+  "remoteEnv": {
+    "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
+  },
+  "features": {},
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "AmazonWebServices.aws-toolkit-vscode",
+        "redhat.vscode-yaml",
+        "eamodio.gitlens",
+        "github.vscode-pull-request-github",
+        "streetsidesoftware.code-spell-checker",
+        "timonwong.shellcheck",
+        "github.vscode-github-actions"
+      ],
+      "settings": {
+        "cSpell.words": [
+          "fhir",
+          "Formik",
+          "pino",
+          "serialisation"
+        ]
       }
     }
   }

.github/workflows/quality-checks.yml

@@ -36,14 +36,10 @@ jobs:
           ref: ${{ env.BRANCH_NAME }}
           fetch-depth: 0
       - name: Run secrets scan
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             git-secrets --scan-history .
 
       - &setup_npmrc
@@ -62,26 +58,10 @@ jobs:
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
 
       - name: make install
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
-            echo "Running id"
-            id
-            echo "Running pwd"
-            pwd
-            echo "home is $HOME"
-            echo "running asdf plugin list"
-            asdf plugin list
-            echo "Checking mount"
-            ls -l /
-            echo $PATH
-            export PATH="$HOME/.asdf/shims:$PATH"
-            echo "running make install"
             make install
 
       - name: Check language tools used and setup trivy config
@@ -138,14 +118,10 @@ jobs:
           cmd: yq -i '.pkg.include-dev-deps = true' 'trivy.yaml'
       - name: convert python dependencies to requirements.txt
         if: ${{ steps.check_languages.outputs.uses_poetry == 'true' }}
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             POETRY_VERSION=$(poetry --version | awk '{print $3}')
 
             if [[ "$(printf '%s\n' "2.0.0" "$POETRY_VERSION" "3.0.0" | sort -V | head -n1)" == "2.0.0" ]] \
@@ -158,14 +134,10 @@ jobs:
             poetry export -f requirements.txt --with dev --without-hashes --output=requirements.txt
       - name: download go dependencies
         if: ${{ steps.check_languages.outputs.uses_go == 'true' }}
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             cd src
             go mod vendor
       - name: Check licenses
@@ -198,14 +170,10 @@ jobs:
             cat license_scan.txt
           fi
       - name: Run code lint
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             make lint
 
       - name: Run ShellCheck
@@ -218,14 +186,10 @@ jobs:
             .git
 
       - name: Run unit tests
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             make test
       - name: Generate SBOM
         uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
@@ -509,14 +473,10 @@ jobs:
 
       - name: Run cfn-lint
         if: steps.check_sam_templates.outputs.sam_exists == 'true' || steps.check_cf_templates.outputs.cf_exists == 'true'
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             pip install cfn-lint
             cfn-lint -I "cloudformation/**/*.y*ml" 2>&1 | awk '/Run scan/ { print } /^[EW][0-9]/ { print; getline; print }'
             cfn-lint -I "SAMtemplates/**/*.y*ml" 2>&1 | awk '/Run scan/ { print } /^[EW][0-9]/ { print; getline; print }'
@@ -526,37 +486,25 @@ jobs:
 
       - name: make install NodeJS
         if: steps.check_cdk.outputs.cdk_exists == 'true'
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             make install-node && make compile
 
       - name: Run cdk-synth
         if: steps.check_cdk.outputs.cdk_exists == 'true'
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             make cdk-synth
 
       - name: Init cfn-guard
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             set -eou pipefail
 
             rm -rf /tmp/ruleset
@@ -571,14 +519,10 @@ jobs:
 
       - name: Run cfn-guard script for sam templates
         if: steps.check_sam_templates.outputs.sam_exists == 'true'
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
             set -eou pipefail
 
             declare -a rulesets=("ncsc" "ncsc-cafv3" "wa-Reliability-Pillar" "wa-Security-Pillar")
@@ -602,15 +546,10 @@ jobs:
 
       - name: Run cfn-guard script for cloudformation templates
         if: steps.check_cf_templates.outputs.cf_exists == 'true'
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
-
             declare -a rulesets=("ncsc" "ncsc-cafv3" "wa-Reliability-Pillar" "wa-Security-Pillar")
             for ruleset in "${rulesets[@]}"
             do
@@ -625,15 +564,10 @@ jobs:
 
       - name: Run cfn-guard script for cdk templates
         if: steps.check_cdk.outputs.cdk_exists == 'true'
-        uses: addnab/docker-run-action@5ddaad0f7eedd03f64e412b1931852bd3031b273
+        uses: anthony-nhs/docker-run-action-fork@4d62f8d0e1ae07c4b0abad4eac02db8fa7bc984b
         with:
           image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
-          options: >
-            -v ${{ github.workspace }}:/work 
-            -u 1001:1001
           run: |
-            cd /work
-
             declare -a rulesets=("ncsc" "ncsc-cafv3" "wa-Reliability-Pillar" "wa-Security-Pillar")
             for ruleset in "${rulesets[@]}"
             do

.pre-commit-config.yaml

@@ -23,7 +23,7 @@ repos:
         entry: bash
         args:
           - -c
-          - 'docker run -v "$LOCAL_WORKSPACE_FOLDER:/src" git-secrets --pre_commit_hook'
+          - "git-secrets --pre_commit_hook"
         language: system
       - id: lint-githubactions
         name: Lint github actions