NHSDigital · tstephen-nhs · Mar 19, 2026 · Mar 20, 2026 · Mar 24, 2026 · Mar 24, 2026
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -41,7 +41,8 @@
         "mkhl.direnv",
         "github.vscode-github-actions",
         "Orta.vscode-jest",
-        "jebbs.plantuml"
+        "jebbs.plantuml",
+        "sonarsource.sonarlint-vscode"
       ],
       "settings": {
         "python.defaultInterpreterPath": "/workspaces/prescriptionsforpatients/.venv/bin/python",

diff --git a/.github/actions/install_dependencies/action.yml b/.github/actions/install_dependencies/action.yml
@@ -0,0 +1,35 @@
+name: "Install dependencies"
+description: "Install dependencies including caching of npm packages"
+
+inputs:
+  npm-required:
+    description: "Set to true if npm dependencies are already installed"
+    required: false
+    default: "true"
+  GITHUB_TOKEN:
+    description: "GitHub token to access private npm packages"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setting up .npmrc
+      if: ${{ inputs.npm-required == 'true' }}
+      env:
+        NODE_AUTH_TOKEN: ${{ inputs.GITHUB_TOKEN }}
+      shell: bash
+      run: |
+        echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
+        echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
+
+    - name: Cache npm dependencies
+      if: ${{ inputs.npm-required == 'true' }}
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7
+      with:
+        path: ./node_modules
+        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+
+    - name: make install
+      if: ${{ inputs.npm-required == 'true' }}
+      shell: bash
+      run: make install
@@ -0,0 +1,69 @@
+name: cdk package code
+
+on:
+  workflow_call:
+    inputs:
+      pinned_image:
+        type: string
+        required: true
+
+permissions: {}
+
+jobs:
+  package_code:
+    runs-on: ubuntu-22.04
+    container:
+      image: ${{ inputs.pinned_image }}
+      options: --user 1001:1001 --group-add 128
+    defaults:
+      run:
+        shell: bash
+    permissions:
+      id-token: write
+      contents: read
+      packages: read
+    steps:
+      - name: copy .tool-versions
+        run: |
+          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
+          cp /home/vscode/.tool-versions ./.tool-versions
+
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
+          persist-credentials: false
+
+      - name: Setting up .npmrc
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
+          echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
+
+      - name: make install and compile
+        run: |
+          make install
+          make compile
+
+      - name: download the get secrets lambda layer
+        run: |
+          make download-get-secrets-layer
+
+      - name: Tar files
+        run: |
+          tar -cf artifact.tar \
+            .github \
+            packages \
+            node_modules \
+            package.json \
+            package-lock.json \
+            tsconfig.defaults.json \
+            tsconfig.build.json \
+            Makefile
+
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        name: upload build artifact
+        with:
+          name: build_artifact
+          path: artifact.tar