NHSDigital · anthony-nhs · Feb 25, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,97 +1,15 @@
-FROM mcr.microsoft.com/devcontainers/base:ubuntu
-
-# provide DOCKER_GID via build args if you need to force group id to match host
-ARG DOCKER_GID
-ARG TARGETARCH
-ENV TARGETARCH=${TARGETARCH}
-
-ARG ASDF_VERSION
-COPY .tool-versions.asdf /tmp/.tool-versions.asdf
-
-# Anticipate and resolve potential permission issues with apt
-RUN mkdir -p /tmp && chmod 1777 /tmp
-
-RUN apt-get update \
-    && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y dist-upgrade \
-    && apt-get -y install --no-install-recommends htop vim curl git build-essential \
-    libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
-    zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
-    openjdk-8-jdk jq apt-transport-https ca-certificates gnupg-agent \
-    software-properties-common bash-completion python3-pip make libbz2-dev \
-    libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev liblzma-dev netcat-traditional libyaml-dev
-
-# Download correct AWS CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
-    else \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
-    fi && \
-    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
-    /tmp/aws-cli/aws/install && \
-    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
-
-# Download correct SAM CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip"; \
-    else \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip"; \
-    fi && \
-    unzip /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli && \
-    /tmp/aws-sam-cli/install && \
-    rm /tmp/aws-sam-cli.zip && rm -rf /tmp/aws-sam-cli
-
-# Install ASDF
-RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
-    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
-      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz"; \
-    else \
-      wget -O /tmp/asdf.tar.gz "https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz"; \
-    fi && \
-    tar -xzf /tmp/asdf.tar.gz -C /tmp && \
-    mkdir -p /usr/bin && \
-    mv /tmp/asdf /usr/bin/asdf && \
-    chmod +x /usr/bin/asdf && \
-    rm -rf /tmp/asdf.tar.gz 
+ARG IMAGE_NAME=node_24_python_3_14
+ARG IMAGE_VERSION=latest
+FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION}
 
+USER root
 # specify DOCKER_GID to force container docker group id to match host
 RUN if [ -n "${DOCKER_GID}" ]; then \
-      if ! getent group docker; then \
-        groupadd -g ${DOCKER_GID} docker; \
-      else \
-        groupmod -g ${DOCKER_GID} docker; \
-      fi && \
-      usermod -aG docker vscode; \
+    if ! getent group docker; then \
+    groupadd -g ${DOCKER_GID} docker; \
+    else \
+    groupmod -g ${DOCKER_GID} docker; \
+    fi && \
+    usermod -aG docker vscode; \
     fi
-
-USER vscode
-
-ENV PATH="/home/vscode/.asdf/shims/:$PATH"
-RUN \
-    echo 'PATH="/home/vscode/.asdf/shims/:$PATH"' >> ~/.bashrc; \
-    echo '. <(asdf completion bash)' >> ~/.bashrc; \
-    echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc; \
-    echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc; \
-    echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc;
-
-# Install ASDF plugins
-RUN asdf plugin add python && \
-    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git && \
-    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git && \
-    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git && \
-    asdf plugin add java && \
-    asdf plugin add direnv && \
-    asdf plugin add golang https://github.com/kennyp/asdf-golang.git && \
-    asdf plugin add golangci-lint https://github.com/hypnoglow/asdf-golangci-lint.git && \
-    asdf plugin add actionlint && \
-    asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git
-
-
-WORKDIR /workspaces/prescriptionsforpatients
-ADD .tool-versions /workspaces/prescriptionsforpatients/.tool-versions
-ADD .tool-versions /home/vscode/.tool-versions
-
-# install python before poetry to ensure correct python version is used
-RUN asdf install python && \
-    asdf install
+
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,12 +1,18 @@
 {
-  "name": "Ubuntu",
+  "name": "eps-pfp-aws",
   "build": {
     "dockerfile": "Dockerfile",
     "context": "..",
     "args": {
-      "DOCKER_GID": "${env:DOCKER_GID:}"
-    }
+      "DOCKER_GID": "${env:DOCKER_GID:}",
+      "IMAGE_NAME": "node_24_python_3_12",
+      "IMAGE_VERSION": "v1.0.7",
+      "USER_UID": "${localEnv:USER_ID:}",
+      "USER_GID": "${localEnv:GROUP_ID:}"
+    },
+    "updateRemoteUserUID": false
   },
+  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
   "mounts": [
     "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
     "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
@@ -45,11 +51,11 @@
         "python.testing.unittestEnabled": false,
         "python.testing.pytestEnabled": true,
         "flake8.enabled": true,
-        "python.linting.enabled": true, // required to format on save
+        "python.linting.enabled": true,
         "editor.defaultFormatter": "dbaeumer.vscode-eslint",
-        "editor.formatOnPaste": false, // required
-        "editor.formatOnType": false, // required
-        "editor.formatOnSave": true, // optional
+        "editor.formatOnPaste": false,
+        "editor.formatOnType": false,
+        "editor.formatOnSave": true,
         "editor.formatOnSaveMode": "file",
         "editor.tabSize": 2,
         "cSpell.words": ["fhir", "Formik", "pino", "serialisation"],
@@ -59,13 +65,6 @@
     }
   },
   "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
-  "postCreateCommand": "docker build -f https://raw.githubusercontent.com/NHSDigital/eps-workflow-quality-checks/refs/tags/v4.0.4/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets .  && rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/prescriptions-for-patients; make install && poetry run pre-commit install --install-hooks -f",
   "features": {
-    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
-      "version": "latest",
-      "moby": "true",
-      "installDockerBuildx": "true"
-    },
-    "ghcr.io/devcontainers/features/github-cli:1": {}
-    }
   }
+}
diff --git a/.github/actions/mark_jira_released/action.yml b/.github/actions/mark_jira_released/action.yml
diff --git a/.github/actions/update_confluence_jira/action.yml b/.github/actions/update_confluence_jira/action.yml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,28 +8,16 @@ env:
   BRANCH_NAME: ${{ github.ref_name }}
 
 jobs:
-  get_asdf_version:
-    runs-on: ubuntu-22.04
-    outputs:
-      asdf_version: ${{ steps.asdf-version.outputs.version }}
-      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+  get_config_values:
+    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
+    with:
+      verify_published_from_main_image: true
 
-      - name: Get asdf version
-        id: asdf-version
-        run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT"
-      - name: Load config value
-        id: load-config
-        run: |
-          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
-          echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT"
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@d215f841eb18b803e339e4ed597ed1f30e086e17
-    needs: [get_asdf_version]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
+    needs: [get_config_values]
     with:
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
@@ -44,21 +32,23 @@ jobs:
           echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
 
   tag_release:
-    needs: [quality_checks, get_commit_id, get_asdf_version]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@d215f841eb18b803e339e4ed597ed1f30e086e17
+    needs: [quality_checks, get_commit_id, get_config_values]
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
     with:
       dry_run: true
-      asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }}
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       branch_name: main
-      tag_format: ${{ needs.get_asdf_version.outputs.tag_format }}
+      tag_format: ${{ needs.get_config_values.outputs.tag_format }}
     secrets: inherit
 
   package_code:
-    needs: tag_release
+    needs: [tag_release, get_config_values]
     uses: ./.github/workflows/sam_package_code.yml
+    with:
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   release_dev:
-    needs: [tag_release, package_code, get_commit_id]
+    needs: [tag_release, package_code, get_commit_id, get_config_values]
     uses: ./.github/workflows/sam_release_code.yml
     with:
       ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
@@ -83,6 +73,7 @@ jobs:
       FORWARD_CSOC_LOGS: false
       ALLOW_NHS_NUMBER_OVERRIDE: true
       REGRESSION_TEST_NON_PROXYGEN: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -95,7 +86,7 @@ jobs:
       PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
 
   release_dev_sandbox:
-    needs: [tag_release, package_code, get_commit_id]
+    needs: [tag_release, package_code, get_commit_id, get_config_values]
     uses: ./.github/workflows/sam_release_code.yml
     with:
       ARTIFACT_BUCKET_PREFIX: ${{needs.tag_release.outputs.version_tag}}
@@ -114,6 +105,7 @@ jobs:
       RUN_REGRESSION_TESTS: false
       FORWARD_CSOC_LOGS: false
       ALLOW_NHS_NUMBER_OVERRIDE: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -127,6 +119,7 @@ jobs:
         tag_release,
         release_dev,
         release_dev_sandbox,
+        get_config_values,
         package_code,
         get_commit_id,
       ]
@@ -152,6 +145,7 @@ jobs:
       FORWARD_CSOC_LOGS: false
       ALLOW_NHS_NUMBER_OVERRIDE: true
       REGRESSION_TEST_NON_PROXYGEN: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
       CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}