NHSDigital
diff --git a/‎.trivyignore‎
Lines changed: 1 addition & 0 deletions b/‎.trivyignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎infrastructure/terraform/components/examplecomponent/pre.sh‎
Lines changed: 37 additions & 3 deletions b/‎infrastructure/terraform/components/examplecomponent/pre.sh‎
Lines changed: 37 additions & 3 deletions
@@ -0,0 +1 @@
+CVE-2026-26996 # https://avd.aquasec.com/nvd/cve-2026-26996 - minimatch - used by several dependencies, most notably eslint. Fix version has introduced breaking changes. Ticket to backport fixes: https://nhsd-jira.digital.nhs.uk/browse/CCM-14784
@@ -1,9 +1,43 @@
 # # This script is run before the Terraform apply command.
 # # It ensures all Node.js dependencies are installed, generates any required dependencies,
 # # and builds all Lambda functions in the workspace before Terraform provisions infrastructure.
+# pre.sh runs in the same shell as terraform.sh, not in a subshell
+# any variables set or changed, any change of directory will persist once this script exits and returns control to terraform.sh
+# REGION=$1
+# ENVIRONMENT=$2
+# ACTION=$3
 
-# npm ci
+# # Helper function for error handling
+# run_or_fail() {
+#   "$@"
+#   if [ $? -ne 0 ]; then
+#     echo "$* failed!" >&2
+#     exit 1
+#   fi
+# }
 
-# npm run generate-dependencies --workspaces --if-present
+# echo "Running app pre.sh"
+# echo "REGION=$REGION"
+# echo "ENVIRONMENT=$ENVIRONMENT"
+# echo "ACTION=$ACTION"
 
-# npm run lambda-build --workspaces --if-present
+## Required logic for building and pushing Lambda container images to ECR before Terraform provisions infrastructure.
+# GIT_TAG="$(git describe --tags --exact-match 2>/dev/null || true)"
+# if [ -n "${GIT_TAG}" ]; then
+#   RELEASE_VERSION="${GIT_TAG#v}"
+#   export TF_VAR_container_image_tag_suffix="release-${RELEASE_VERSION}-$(git rev-parse --short HEAD)"
+#   echo "On tag: $GIT_TAG, image tag suffixes will be: release-${RELEASE_VERSION}-$(git rev-parse --short HEAD)"
+# else
+#   export TF_VAR_container_image_tag_suffix="sha-$(git rev-parse --short HEAD)"
+#   echo "Not on a tag, image tag suffix will be: sha-$(git rev-parse --short HEAD)"
+# fi
+
+# # change to monorepo root
+# cd $(git rev-parse --show-toplevel)
+
+# run_or_fail npm ci
+# run_or_fail npm run generate-dependencies --workspaces --if-present
+# run_or_fail npm run lambda-build --workspaces --if-present
+
+# # revert back to original directory
+# cd -
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+CVE-2026-26996 # https://avd.aquasec.com/nvd/cve-2026-26996 - minimatch - used by several dependencies, most notably eslint. Fix version has introduced breaking changes. Ticket to backport fixes: https://nhsd-jira.digital.nhs.uk/browse/CCM-14784`