Chore: [AEA-0000] - add regression test project

src/projects/regression_tests/.devcontainer/.tool-versions

@@ -0,0 +1 @@
+allure 2.37.0

src/projects/regression_tests/.devcontainer/Dockerfile

@@ -0,0 +1,39 @@
+ARG BASE_VERSION_TAG=latest
+ARG BASE_IMAGE=ghcr.io/nhsdigital/eps-devcontainers/node_24_python_3_13:${BASE_VERSION_TAG}
+
+FROM ${BASE_IMAGE}
+
+ARG SCRIPTS_DIR=/usr/local/share/eps
+ARG CONTAINER_NAME
+ARG MULTI_ARCH_TAG
+ARG BASE_VERSION_TAG
+ARG IMAGE_TAG
+ARG TARGETARCH
+
+ENV SCRIPTS_DIR=${SCRIPTS_DIR}
+ENV CONTAINER_NAME=${CONTAINER_NAME}
+ENV MULTI_ARCH_TAG=${MULTI_ARCH_TAG}
+ENV BASE_VERSION_TAG=${BASE_VERSION_TAG}
+ENV IMAGE_TAG=${IMAGE_TAG}
+ENV TARGETARCH=${TARGETARCH}
+
+LABEL org.opencontainers.image.description="EPS devcontainer ${CONTAINER_NAME}:${IMAGE_TAG}"
+LABEL org.opencontainers.image.version=${IMAGE_TAG}
+LABEL org.opencontainers.image.base.name=${BASE_IMAGE}
+LABEL org.opencontainers.image.containerName=${CONTAINER_NAME}
+
+USER root
+COPY --chmod=755 scripts ${SCRIPTS_DIR}/${CONTAINER_NAME}
+WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
+RUN ./root_install.sh
+
+USER vscode
+
+WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
+COPY .tool-versions /tmp/.tool-versions
+RUN cat /tmp/.tool-versions >> /home/vscode/.tool-versions
+
+RUN ./vscode_install.sh
+
+# Switch back to root to install the devcontainer CLI globally
+USER root

src/projects/regression_tests/.devcontainer/devcontainer.json

@@ -0,0 +1,18 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
+{
+    "name": "EPS Devcontainer node_24 python_3.13",
+    // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+    "build": {
+      "dockerfile": "Dockerfile",
+      "args": {
+        "CONTAINER_NAME": "eps_devcontainer_${localEnv:CONTAINER_NAME}",
+        "MULTI_ARCH_TAG": "${localEnv:MULTI_ARCH_TAG}",
+        "BASE_VERSION_TAG": "${localEnv:BASE_VERSION_TAG}",
+        "IMAGE_TAG": "${localEnv:IMAGE_TAG}"
+      },
+      "context": "."
+    },
+    "features": {}
+  }
+

src/projects/regression_tests/.devcontainer/scripts/root_install.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+# clean up
+apt-get clean
+rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

src/projects/regression_tests/.devcontainer/scripts/vscode_install.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+# install allure using asdf
+asdf plugin add allure
+asdf install

src/projects/regression_tests/.trivyignore.yaml

@@ -0,0 +1,75 @@
+vulnerabilities:
+  - id: GHSA-72hv-8253-57qq
+    statement: "jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition"
+    purls:
+      - "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.21.0"
+    expired_at: 2026-09-12
+  - id: CVE-2026-25547
+    statement: "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion"
+    purls:
+      - "pkg:npm/%40isaacs/brace-expansion@5.0.0"
+    expired_at: 2026-09-12
+  - id: CVE-2025-64756
+    statement: "glob: glob: Command Injection Vulnerability via Malicious Filenames"
+    purls:
+      - "pkg:npm/glob@10.4.5"
+      - "pkg:npm/glob@11.0.3"
+    expired_at: 2026-09-12
+  - id: CVE-2026-26996
+    statement: "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
+    purls:
+      - "pkg:npm/minimatch@10.0.3"
+      - "pkg:npm/minimatch@9.0.5"
+    expired_at: 2026-09-12
+  - id: CVE-2026-27903
+    statement: "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns"
+    purls:
+      - "pkg:npm/minimatch@10.0.3"
+      - "pkg:npm/minimatch@9.0.5"
+    expired_at: 2026-09-12
+  - id: CVE-2026-27904
+    statement: "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
+    purls:
+      - "pkg:npm/minimatch@10.0.3"
+      - "pkg:npm/minimatch@9.0.5"
+    expired_at: 2026-09-12
+  - id: CVE-2026-23745
+    statement: "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-09-12
+  - id: CVE-2026-23950
+    statement: "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-09-12
+  - id: CVE-2026-24842
+    statement: "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-09-12
+  - id: CVE-2026-26960
+    statement: "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-09-12
+  - id: CVE-2026-29786
+    statement: "node-tar: hardlink path traversal via drive-relative linkpath"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-09-12
+  - id: CVE-2026-31802
+    statement: "node-tar Symlink Path Traversal via Drive-Relative Linkpath"
+    purls:
+      - "pkg:npm/tar@7.5.1"
+    expired_at: 2026-09-12
+  - id: CVE-2026-25679
+    statement: "url.Parse insufficiently validated the host/authority component and ac ..."
+    purls:
+      - "pkg:golang/stdlib@v1.25.6"
+    expired_at: 2026-09-12
+  - id: CVE-2026-27142
+    statement: "Actions which insert URLs into the content attribute of HTML meta tags ..."
+    purls:
+      - "pkg:golang/stdlib@v1.25.6"
+    expired_at: 2026-09-12

src/projects/regression_tests/trivy.yaml

@@ -0,0 +1 @@
+ignorefile: "src/projects/regression_tests/.trivyignore_combined.yaml"