Merge branch 'AEA-0000-sonarcloud-issue' into aea-6313-eps-storage-terraform-image

Author: JackSpagnoliNHS

README.md

@@ -62,9 +62,9 @@ USER root
 # specify DOCKER_GID to force container docker group id to match host
 RUN if [ -n "${DOCKER_GID}" ]; then \
     if ! getent group docker; then \
-    groupadd -g ${DOCKER_GID} docker; \
+    groupadd -g "${DOCKER_GID}" docker; \
     else \
-    groupmod -g ${DOCKER_GID} docker; \
+    groupmod -g "${DOCKER_GID}" docker; \
     fi && \
     usermod -aG docker vscode; \
     fi
@@ -108,40 +108,26 @@ IMAGE_NAME and IMAGE_VERSION should be changed as appropriate.
 You should not need to add any features as these are already baked into the image
 
 ## Getting image name and version in GitHub Actions
-This job should be used in GitHub Actions wherever you need to get the dev container name or tag
+This shared workflow should be used in GitHub Actions wherever you need to get the dev container name or tag.
+
+verify_published_from_main_image should be set to false for testing pull request images.
 
 ```
   get_config_values:
-    runs-on: ubuntu-22.04
-    outputs:
-      devcontainer_image_name: ${{ steps.load-config.outputs.DEVCONTAINER_IMAGE_NAME }}
-      devcontainer_image_version: ${{ steps.load-config.outputs.DEVCONTAINER_VERSION }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      - name: Load config value
-        id: load-config
-        run: |
-          DEVCONTAINER_IMAGE_NAME=$(jq -r '.build.args.IMAGE_NAME' .devcontainer/devcontainer.json)
-          DEVCONTAINER_IMAGE_VERSION=$(jq -r '.build.args.IMAGE_VERSION' .devcontainer/devcontainer.json)
-          echo "DEVCONTAINER_IMAGE_NAME=$DEVCONTAINER_IMAGE_NAME" >> "$GITHUB_OUTPUT"
-          echo "DEVCONTAINER_IMAGE_VERSION=$DEVCONTAINER_VERSION" >> "$GITHUB_OUTPUT"
+    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
+    with:
+      verify_published_from_main_image: false
 ```
 ## Using images in GitHub Actions
 To use the image in GitHub Actions, you should first verify the attestation of the image and reference the image by the digest
 For CI and release pipelines, you should set verify_published_from_main_image to ensure that only images published from main are used.   
 ```
 jobs:
-  verify_attestation:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/verify-attestation.yml@<latest published version>
-    with:
-      runtime_docker_image: "${{ inputs.runtime_docker_image }}"
-      verify_published_from_main_image: false
   my_job_name:
     runs-on: ubuntu-22.04
-    needs: verify_attestation
+    needs: get_config_values
     container:
-      image: ${{ needs.verify_attestation.outputs.pinned_image }}
+      image: ${{ needs.get_config_values.outputs.pinned_image }}
       options: --user 1001:1001 --group-add 128
     defaults:
       run:
@@ -153,7 +139,6 @@ jobs:
       ... other steps ....
 ```
 It is important that:
-- the image specified uses the tag starting githubactions-
 - there is `options: --user 1001:1001 --group-add 128` below image to ensure it uses the correct user id and is added to the docker group
 - the default shell is set to be bash
 - the first step copies .tool-versions from /home/vscode to $HOME/.tool-versions