New: [AEA-6256] cdk statemachine construct

.devcontainer/Dockerfile

@@ -1,70 +1,16 @@
-FROM mcr.microsoft.com/devcontainers/base:ubuntu
-
-ARG TARGETARCH
-ENV TARGETARCH=${TARGETARCH}
-
-ARG ASDF_VERSION
-COPY .tool-versions.asdf /tmp/.tool-versions.asdf
-
-RUN apt-get update \
-    && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y dist-upgrade \
-    && apt-get -y install --no-install-recommends htop vim curl git build-essential \
-    libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev libbz2-dev \
-    zlib1g-dev unixodbc unixodbc-dev libsecret-1-0 libsecret-1-dev libsqlite3-dev \
-    jq apt-transport-https ca-certificates gnupg-agent \
-    software-properties-common bash-completion python3-pip make libbz2-dev \
-    libreadline-dev libsqlite3-dev wget llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev liblzma-dev libyaml-dev
-
-
-# Download correct AWS CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
+ARG IMAGE_NAME=node_24_python_3_14
+ARG IMAGE_VERSION=latest
+FROM ghcr.io/nhsdigital/eps-devcontainers/${IMAGE_NAME}:${IMAGE_VERSION}
+
+USER root
+# specify DOCKER_GID to force container docker group id to match host
+RUN if [ -n "${DOCKER_GID}" ]; then \
+    if ! getent group docker; then \
+    groupadd -g ${DOCKER_GID} docker; \
     else \
-      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
+    groupmod -g ${DOCKER_GID} docker; \
     fi && \
-    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
-    /tmp/aws-cli/aws/install && \
-    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
-
-# Download correct SAM CLI for arch
-RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-arm64.zip"; \
-    else \
-      wget -O /tmp/aws-sam-cli.zip "https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip"; \
-    fi && \
-    unzip /tmp/aws-sam-cli.zip -d /tmp/aws-sam-cli && \
-    /tmp/aws-sam-cli/install && \
-    rm /tmp/aws-sam-cli.zip && rm -rf /tmp/aws-sam-cli
-
-# Install ASDF
-RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
-    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
-        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz; \
-    else \
-        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \
-    fi && \
-    tar -xvzf /tmp/asdf.tar.gz && \
-    mv asdf /usr/bin
-
-
-USER vscode
-
-ENV PATH="$PATH:/home/vscode/.asdf/shims/:/workspaces/eps-cdk-utils/node_modules/.bin"
-
-# Install ASDF plugins
-RUN asdf plugin add python; \
-    asdf plugin add poetry https://github.com/asdf-community/asdf-poetry.git; \
-    asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git; \
-    asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
-    asdf plugin add direnv; \
-    asdf plugin add actionlint;
-
-WORKDIR /workspaces/eps-workflow-quality-checks
-
-ADD .tool-versions /workspaces/eps-cdk-utils/.tool-versions
-ADD .tool-versions /home/vscode/.tool-versions
+    usermod -aG docker vscode; \
+    fi
 
-RUN asdf install python; \
-    asdf install
+RUN apt-get update && apt-get install -y --no-install-recommends git-secrets && rm -rf /var/lib/apt/lists/*

.devcontainer/devcontainer.json

@@ -1,43 +1,49 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the
-// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
 {
-    "name": "Ubuntu",
-    // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
-    "build": {
-      "dockerfile": "Dockerfile",
-      "context": "..",
-      "args": {}
-    },
-    "mounts": [
-      "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
-      "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
-    ],
-    "features": {
-      "ghcr.io/devcontainers/features/github-cli:1": {},
-      "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
-        "version": "latest",
-        "moby": "true",
-        "installDockerBuildx": "true"
-      }
-    },
-    "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
-    "containerUser": "vscode",
-    "customizations": {
-      "vscode": {
-        "extensions": [
-          "AmazonWebServices.aws-toolkit-vscode",
-          "redhat.vscode-yaml",
-          "eamodio.gitlens",
-          "github.vscode-pull-request-github",
-          "streetsidesoftware.code-spell-checker",
-          "timonwong.shellcheck",
-          "github.vscode-github-actions"
-        ],
-        "settings": {
-          "cSpell.words": ["fhir", "Formik", "pino", "serialisation"]
-        }
+  "name": "eps-cdk-utils",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "context": "..",
+    "args": {
+      "DOCKER_GID": "${env:DOCKER_GID:}",
+      "IMAGE_NAME": "node_24_python_3_14",
+      "IMAGE_VERSION": "v1.0.7",
+      "USER_UID": "${localEnv:USER_ID:}",
+      "USER_GID": "${localEnv:GROUP_ID:}"
+    }
+  },
+  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
+  "mounts": [
+    "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind"
+  ],
+  "features": {},
+  "remoteEnv": {
+    "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}"
+  },
+  "containerUser": "vscode",
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "AmazonWebServices.aws-toolkit-vscode",
+        "redhat.vscode-yaml",
+        "eamodio.gitlens",
+        "github.vscode-pull-request-github",
+        "streetsidesoftware.code-spell-checker",
+        "timonwong.shellcheck",
+        "github.vscode-github-actions",
+        "dbaeumer.vscode-eslint",
+        "vitest.explorer"
+      ],
+      "settings": {
+        "cSpell.words": [
+          "fhir",
+          "Formik",
+          "pino",
+          "serialisation"
+        ]
       }
     }
   }
+}

.github/dependabot.yml

@@ -10,34 +10,34 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "friday"
+      day: "thursday"
       time: "18:00" #UTC
     commit-message:
       prefix: "Upgrade: [dependabot] - "
 
   ###################################
-  # NPM workspace  ##################
+  # Poetry  #########################
   ###################################
-  - package-ecosystem: "npm"
+  - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "friday"
-      time: "18:00" #UTC
+      day: "thursday"
+      time: "20:00" #UTC
     versioning-strategy: increase
-    open-pull-requests-limit: 20
     commit-message:
       prefix: "Upgrade: [dependabot] - "
 
   ###################################
-  # Poetry  #########################
+  # NPM workspace  ##################
   ###################################
-  - package-ecosystem: "pip"
+  - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
-      day: "friday"
-      time: "18:00" #UTC
+      day: "thursday"
+      time: "22:00" #UTC
     versioning-strategy: increase
+    open-pull-requests-limit: 20
     commit-message:
       prefix: "Upgrade: [dependabot] - "