From da185b398d1ad2f8964b2230524b21a3c776a1f3 Mon Sep 17 00:00:00 2001
From: Matt Dean <matt.dean3@nhs.net>
Date: Tue, 5 May 2026 16:06:54 +0100
Subject: [PATCH 1/2] NRL-2229 Update poetry version to match lockfile

---
 .tool-versions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.tool-versions b/.tool-versions
index 73edd1618..fb0d81d85 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -2,7 +2,7 @@ allure 2.34.0
 awscli 2.27.20
 jq 1.7.1
 k6 1.0.0
-poetry 1.8.5
+poetry 2.2.1
 python 3.12.10
 terraform 1.9.8
 yq 4.45.4

From a529e3109ca530a00bfa04c8821caa6b894dd921 Mon Sep 17 00:00:00 2001
From: Matt Dean <matt.dean3@nhs.net>
Date: Tue, 5 May 2026 16:53:31 +0100
Subject: [PATCH 2/2] NRL-2229 Add codebuild image definition to PR workflows.
 Update codebuild image version to 2026-05-05

---
 .github/workflows/pr-checks.yml               |  4 +++-
 .github/workflows/pr-env-deploy.yml           | 20 ++++++++++++++-----
 .github/workflows/pr-env-destroy.yml          |  8 ++++++--
 .../account-wide-infrastructure/mgmt/vars.tf  |  2 +-
 4 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index 817d98d98..25b9a06a9 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -8,7 +8,9 @@ on:
 jobs:
   build:
     name: Build and test
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     environment: pull-request
     permissions:
       contents: read
diff --git a/.github/workflows/pr-env-deploy.yml b/.github/workflows/pr-env-deploy.yml
index 37c0b4c46..265f4db9a 100644
--- a/.github/workflows/pr-env-deploy.yml
+++ b/.github/workflows/pr-env-deploy.yml
@@ -12,7 +12,9 @@ concurrency:
 jobs:
   set-environment-id:
     name: Set Environment ID
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     environment: pull-request
     steps:
       - name: Set a ID based on the branch name
@@ -39,7 +41,9 @@ jobs:
 
   build:
     name: Build Application
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     environment: pull-request
     permissions:
       id-token: write
@@ -107,7 +111,9 @@ jobs:
 
   deploy:
     name: Deploy PR Environment
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     environment: pull-request
     needs: [set-environment-id, build]
     permissions:
@@ -199,7 +205,9 @@ jobs:
     name: Run Integration Tests
     needs: [set-environment-id, deploy]
     environment: pull-request
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     permissions:
       id-token: write
       contents: read
@@ -278,7 +286,9 @@ jobs:
     name: Run Performance Tests
     needs: [set-environment-id, integration-test]
     environment: pull-request
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     permissions:
       id-token: write
       contents: read
diff --git a/.github/workflows/pr-env-destroy.yml b/.github/workflows/pr-env-destroy.yml
index 0eed2a184..f6872af03 100644
--- a/.github/workflows/pr-env-destroy.yml
+++ b/.github/workflows/pr-env-destroy.yml
@@ -13,7 +13,9 @@ concurrency:
 jobs:
   set-environment-id:
     name: Set Environment ID
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     steps:
       - name: Set a ID based on the branch name
         env:
@@ -42,7 +44,9 @@ jobs:
     name: Destroy PR Environment
     needs: [set-environment-id]
     environment: pull-request
-    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+    runs-on:
+      - codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:custom-linux-${{ vars.CODEBUILD_IMAGE_NAME }}:2026-05-05
     permissions:
       id-token: write
       contents: read
diff --git a/terraform/account-wide-infrastructure/mgmt/vars.tf b/terraform/account-wide-infrastructure/mgmt/vars.tf
index 8ccff7df5..523ca6085 100644
--- a/terraform/account-wide-infrastructure/mgmt/vars.tf
+++ b/terraform/account-wide-infrastructure/mgmt/vars.tf
@@ -32,5 +32,5 @@ variable "vpc_cidr_block" {
 variable "ci_image_tag" {
   description = "Tag for the CI image in ECR"
   type        = string
-  default     = "2026-04-09"
+  default     = "2026-05-05"
 }