New: [AEA-6316] - Adds EPS Storage Terraform Project Image

.gitignore

@@ -3,3 +3,4 @@ node_modules/
 src/base/.devcontainer/language_versions/
 .trivyignore_combined.yaml
 .out/
+.envrc

src/projects/eps-storage-terraform/.devcontainer/.tool-versions

@@ -0,0 +1 @@
+terraform 1.14.2

src/projects/eps-storage-terraform/.devcontainer/Dockerfile

@@ -0,0 +1,39 @@
+ARG BASE_VERSION_TAG=latest
+ARG BASE_IMAGE=ghcr.io/nhsdigital/eps-devcontainers/node_24_python_3_13:${BASE_VERSION_TAG}
+
+FROM ${BASE_IMAGE}
+
+ARG SCRIPTS_DIR=/usr/local/share/eps
+ARG CONTAINER_NAME
+ARG MULTI_ARCH_TAG
+ARG BASE_VERSION_TAG
+ARG IMAGE_TAG
+ARG TARGETARCH
+
+ENV SCRIPTS_DIR=${SCRIPTS_DIR}
+ENV CONTAINER_NAME=${CONTAINER_NAME}
+ENV MULTI_ARCH_TAG=${MULTI_ARCH_TAG}
+ENV BASE_VERSION_TAG=${BASE_VERSION_TAG}
+ENV IMAGE_TAG=${IMAGE_TAG}
+ENV TARGETARCH=${TARGETARCH}
+
+LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}"
+LABEL org.opencontainers.image.version=${IMAGE_TAG}
+LABEL org.opencontainers.image.base.name=${BASE_IMAGE}
+LABEL org.opencontainers.image.containerName=${CONTAINER_NAME}
+
+USER root
+COPY --chmod=755 scripts ${SCRIPTS_DIR}/${CONTAINER_NAME}
+WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
+RUN ./root_install.sh
+
+USER vscode
+
+WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
+COPY .tool-versions /tmp/.tool-versions
+RUN cat /tmp/.tool-versions >> /home/vscode/.tool-versions
+
+RUN ./vscode_install.sh
+
+# Switch back to root to install the devcontainer CLI globally
+USER root

src/projects/eps-storage-terraform/.devcontainer/devcontainer.json

@@ -0,0 +1,18 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
+{
+    "name": "EPS Devcontainer node_24 python_3.13",
+    // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+    "build": {
+      "dockerfile": "Dockerfile",
+      "args": {
+        "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}",
+        "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}",
+        "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}",
+        "IMAGE_TAG": "${localEnv:IMAGE_TAG}"
+      },
+      "context": "."
+    },
+    "features": {}
+  }
+

src/projects/eps-storage-terraform/.devcontainer/scripts/root_install.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+# clean up
+apt-get clean
+rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

src/projects/eps-storage-terraform/.devcontainer/scripts/vscode_install.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+# install terraform using asdf
+asdf plugin add terraform
+asdf install

src/projects/eps-storage-terraform/.trivyignore.yaml

@@ -0,0 +1,107 @@
+vulnerabilities:
+  - id: CVE-2022-25235
+    statement: "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-12
+  - id: CVE-2022-25236
+    statement: "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-12
+  - id: CVE-2022-26485
+    statement: "Mozilla: Use-after-free in XSLT parameter processing"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-12
+  - id: CVE-2022-26486
+    statement: "Mozilla: Use-after-free in WebGPU IPC Framework"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-12
+  - id: CVE-2026-25547
+    statement: "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
+    purls:
+      - "pkg:npm/%40isaacs/brace-expansion@5.0.0"
+    expired_at: 2026-08-12
+  - id: CVE-2025-64756
+    statement: "glob: glob: Command Injection Vulnerability via Malicious Filenames"
+    purls:
+      - "pkg:npm/glob@10.4.5"
+      - "pkg:npm/glob@11.0.3"
+    expired_at: 2026-08-12
+  - id: CVE-2026-23745
+    statement: "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-08-12
+  - id: CVE-2026-23950
+    statement: "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-08-12
+  - id: CVE-2026-24842
+    statement: "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-08-12
+  - id: CVE-2022-25235
+    statement: "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-13
+  - id: CVE-2022-25236
+    statement: "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-13
+  - id: CVE-2022-26485
+    statement: "Mozilla: Use-after-free in XSLT parameter processing"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-13
+  - id: CVE-2022-26486
+    statement: "Mozilla: Use-after-free in WebGPU IPC Framework"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.3%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-13
+  - id: CVE-2022-25235
+    statement: "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-25236
+    statement: "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-26485
+    statement: "Mozilla: Use-after-free in XSLT parameter processing"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-26486
+    statement: "Mozilla: Use-after-free in WebGPU IPC Framework"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=arm64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-25235
+    statement: "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-25236
+    statement: "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-26485
+    statement: "Mozilla: Use-after-free in XSLT parameter processing"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16
+  - id: CVE-2022-26486
+    statement: "Mozilla: Use-after-free in WebGPU IPC Framework"
+    purls:
+      - "pkg:deb/ubuntu/firefox@147.0.4%2Bbuild1-0ubuntu0.22.04.1~mt1?arch=amd64&distro=ubuntu-22.04"
+    expired_at: 2026-08-16

src/projects/eps-storage-terraform/trivy.yaml

@@ -0,0 +1 @@
+ignorefile: "src/projects/eps-storage-terraform/.trivyignore_combined.yaml"