fix qc

Author: anthony-nhs

.devcontainer/devcontainer.json

@@ -6,7 +6,7 @@
     "args": {
       "DOCKER_GID": "${env:DOCKER_GID:}",
       "IMAGE_NAME": "node_24_python_3_14",
-      "IMAGE_VERSION": "pr-18-1a66d5b",
+      "IMAGE_VERSION": "v1.0.3",
       "USER_UID": "${localEnv:USER_ID:}",
       "USER_GID": "${localEnv:GROUP_ID:}"
     },

.github/workflows/quality-checks.yml

@@ -32,6 +32,11 @@ jobs:
       image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
       options: --user 1001:1001
     steps:
+      - &init_tool_versions
+        name: copy .tool-versions
+        run: |
+          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
+
       - &checkout
         name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
@@ -56,21 +61,7 @@ jobs:
 
       - name: make install
         run: |
-          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
-          echo "Running id"
-          id
-          echo "Running pwd"
-          pwd
-          echo "Running env"
-          env
-          echo "Running make install"
           make install
-          echo "These are env vars"
-          echo "VAR1 is $VAR1"
-          echo "VAR2 is $VAR2"
-        env:
-          VAR1: value1
-          VAR2: value2
       - name: Run secrets scan
         run: |
           make secret-scan
@@ -212,15 +203,15 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   get_docker_images_to_scan:
+    runs-on: ubuntu-22.04
+    container:
+      image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
+      options: --user 1001:1001
     outputs:
       docker_images: ${{ steps.normalized_docker_images.outputs.images }}
-    runs-on: ubuntu-22.04
     steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          ref: ${{ env.BRANCH_NAME }}
-          fetch-depth: 0
+      - *init_tool_versions
+      - *checkout
       - name: Determine docker images to scan
         id: normalized_docker_images
         env:
@@ -279,56 +270,31 @@ jobs:
 
   docker_vulnerability_scan:
     runs-on: ubuntu-22.04
+    container:
+      image: ghcr.io/nhsdigital/eps-devcontainers/${{ inputs.runtime_docker_image }}
+      options: --user 1001:1001
     needs: get_docker_images_to_scan
     if: ${{ inputs.run_docker_scan == true }}
     strategy:
       matrix:
         docker_image: ${{ fromJson(needs.get_docker_images_to_scan.outputs.docker_images) }}
     steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          ref: ${{ env.BRANCH_NAME }}
-          fetch-depth: 0
-      - name: Setting up .npmrc
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
-          echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
-
-      - name: Cache npm dependencies
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb
-        with:
-          path: ./node_modules
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+      - *init_tool_versions
+      - *checkout
+      - *setup_npmrc
+      - *cache_npm
 
       - name: make install
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make install
+        run: |
+          make install
 
       - name: Build docker images
-        if: ${{ inputs.run_docker_scan == true }}
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make docker-build
+        run: |
+          make docker-build
 
       - name: Check docker vulnerabilities
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make trivy-scan-docker
+        run: |
+          make trivy-scan-docker
         env:
           DOCKER_IMAGE: ${{ matrix.docker_image }}
 
@@ -343,7 +309,10 @@ jobs:
   IaC-validation:
     runs-on: ubuntu-22.04
     steps:
+      - *init_tool_versions
       - *checkout
+      - *setup_npmrc
+      - *cache_npm
 
       - name: Check for SAM templates
         id: check_sam_templates
@@ -392,58 +361,31 @@ jobs:
 
       - name: Run cfn-lint
         if: steps.check_sam_templates.outputs.sam_exists == 'true' || steps.check_cf_templates.outputs.cf_exists == 'true'
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make cfn-lint
-
-      - *cache_npm
-      - *setup_npmrc
+        run: |
+          make cfn-lint
 
       - name: make install NodeJS
         if: steps.check_cdk.outputs.cdk_exists == 'true'
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make install-node compile
+        run: |
+          make install-node compile
 
       - name: Run cdk-synth
         if: steps.check_cdk.outputs.cdk_exists == 'true'
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make cdk-synth
+        run: |
+          make cdk-synth
 
       - name: Run cfn-guard script for sam templates
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make cfn-guard-sam-templates
+        run: |
+          make cfn-guard-sam-templates
 
       - name: Run cfn-guard script for cloudformation templates
         if: steps.check_cf_templates.outputs.cf_exists == 'true'
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make cfn-guard-cloudformation
+        run: |
+          make cfn-guard-cloudformation
       - name: Run cfn-guard script for cdk templates
         if: steps.check_cdk.outputs.cdk_exists == 'true'
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make cfn-guard-cdk
+        run: |
+          make cfn-guard-cdk
 
       - name: Download terraform plans
         uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
@@ -466,12 +408,8 @@ jobs:
 
       - name: Run cfn-guard script for terraform plans
         if: steps.check_terraform_plans.outputs.terraform_plans_exist == 'true'
-        uses: anthony-nhs/docker-run-action-fork@80b8bf1eaca8275e1c2b848cf7ea5fabb2443d78
-        with:
-          workspace_folder: ${{ github.workspace }}
-          image: ${{ inputs.runtime_docker_image }}
-          run: |
-            make cfn-guard-terraform
+        run: |
+          make cfn-guard-terraform
 
       - name: Show cfn-guard output
         if: failure()