update readme

Author: anthony-nhs

README.md

@@ -31,8 +31,8 @@ asdf install and setup for these so they are available globally as vscode user
 Install and setup git-secrets
 
 # Using the images
-In each eps project, this should be the contents of .devcontainer/Dockerfile.
-
+## Project setup
+In each eps project, `.devcontainer/Dockerfile` should be set to
 ```
 ARG IMAGE_NAME=node_24_python_3_14
 ARG IMAGE_VERSION=latest
@@ -49,11 +49,7 @@ RUN if [ -n "${DOCKER_GID}" ]; then \
     usermod -aG docker vscode; \
     fi
 ```
-And this should be the contents of .devcontainer/devcontainer.json.   
-This file will be used in github workflows to calculate the version of container to use in builds, so it must be valid JSON (no comments).   
-The name should be changed to match the name of the project.   
-IMAGE_NAME and IMAGE_VERSION should be changed as appropriate.   
-You should not need to add any features as these are already baked into the image
+`.devcontainer/devcontainer.json` should be set to.   
 ```
 {
   "name": "eps-common-workflows",
@@ -86,7 +82,12 @@ You should not need to add any features as these are already baked into the imag
   }
 }
 ```
+Note - this file will be used in github workflows to calculate the version of container to use in builds, so it must be valid JSON (no comments).   
+The name should be changed to match the name of the project.   
+IMAGE_NAME and IMAGE_VERSION should be changed as appropriate.   
+You should not need to add any features as these are already baked into the image
 
+## Getting image name and version in github actions
 This job should be used in github actions wherever you need to get the dev container name or tag
 
 ```
@@ -106,6 +107,30 @@ This job should be used in github actions wherever you need to get the dev conta
           echo "DEVCONTAINER_IMAGE_NAME=$DEVCONTAINER_IMAGE_NAME" >> "$GITHUB_OUTPUT"
           echo "DEVCONTAINER_IMAGE_VERSION=$DEVCONTAINER_VERSION" >> "$GITHUB_OUTPUT"
 ```
+## Using images in github actions
+To use the image in github actions, you can use code like this
+```
+jobs:
+  my_job_name:
+    runs-on: ubuntu-22.04
+    container:
+      image: ghcr.io/nhsdigital/eps-devcontainers/<container name>:githubactions-<tag>
+      options: --user 1001:1001
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: copy .tool-versions
+        run: |
+          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
+      ... other steps ....
+```
+It is important that 
+- the image specified uses the tag starting githubactions-
+- there is `options: --user 1001:1001` below image
+- the default shell is set to be bash
+- the first step copies .tool-versions from /home/vscode to $HOME/.tool-versions
+
 # Project structure
 We have 4 types of dev container. These are defined under src
 
@@ -235,26 +260,6 @@ For an image built locally, you should put the IMAGE_VERSION=local-build.
 For an image built from a pull request, you should put the IMAGE_VERSION=<tag of image as show in pull request job>.  
 You can only use images built from a pull request for testing changes in github actions.   
 
-## Using images in github actions
-To use the image in github actions, you can use it in github actions using code like this
-```
-jobs:
-  my_job_name:
-    runs-on: ubuntu-22.04
-    container:
-      image: ghcr.io/nhsdigital/eps-devcontainers/<container name>:githubactions-<tag>
-      options: --user 1001:1001
-    steps:
-      - name: copy .tool-versions
-        run: |
-          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
-      ... other steps ....
-```
-It is important that 
-- the image uses the tag starting githubactions-
-- there is `options: --user 1001:1001` below image
-- the first step copies .tool-versions from /home/vscode to $HOME/.tool-versions
-
 ## Generating a .trivyignore file
 You can generate a .trivyignore file for known vulnerabilities by either downloading the json scan output generated by the build, or by generating it locally using the scanning images commands above with a make target of scan-image-json