NHSDigital · jamesthompson26-nhs · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
@@ -391,8 +391,8 @@ rm -rf ${component_path}/.terraform;
 
 # Run global pre.sh
 if [ -f "pre.sh" ]; then
-  source pre.sh "${region}" "${environment}" "${action}" \
-    || error_and_die "Global pre script execution failed with exit code ${?}";
+  PROJECT="${project}" AWS_REGION="${region}" COMPONENT="${component}" AWS_ACCOUNT_ID="${aws_account_id}" ENVIRONMENT="${environment}" ACTION="${action}" GITHUB_TOKEN="${GITHUB_TOKEN}" \
+    source pre.sh || error_and_die "Global pre script execution failed with exit code ${?}";
 fi;
 
 # Make sure we're running in the component directory
@@ -427,8 +427,8 @@ fi;
 
 # Run pre.sh
 if [ -f "pre.sh" ]; then
-  source pre.sh "${region}" "${environment}" "${action}" \
-    || error_and_die "Component pre script execution failed with exit code ${?}";
+  PROJECT="${project}" AWS_REGION="${region}" COMPONENT="${component}" AWS_ACCOUNT_ID="${aws_account_id}" ENVIRONMENT="${environment}" ACTION="${action}" GITHUB_TOKEN="${GITHUB_TOKEN}" \
+    source pre.sh || error_and_die "Component pre script execution failed with exit code ${?}";
 fi;
 
 # Pull down secret TFVAR file from S3

@@ -1,8 +1,35 @@
+#!/bin/bash
+
+# This script is run before Terraform executable commands.
+# It ensures all Node.js dependencies are installed, generates any required dependencies,
+# and builds all Lambda functions in the workspace before Terraform provisions infrastructure.
 # pre.sh runs in the same shell as terraform.sh, not in a subshell
-# any variables set or changed, any change of directory will persist once this script exits and returns control to terraform.sh
-REGION=$1
-ENVIRONMENT=$2
-ACTION=$3
+
+: "${PROJECT:?PROJECT is required}"
+: "${AWS_REGION:?AWS_REGION is required}"
+: "${COMPONENT:?COMPONENT is required}"
+: "${ENVIRONMENT:?ENVIRONMENT is required}"
+: "${AWS_ACCOUNT_ID:?AWS_ACCOUNT_ID is required}"
+: "${ACTION:?ACTION is required}"
+
+echo "Running app pre.sh"
+echo "ENVIRONMENT=$ENVIRONMENT"
+echo "ACTION=$ACTION"
+echo "PROJECT=$PROJECT"
+echo "COMPONENT=$COMPONENT"
+echo "AWS_REGION=$AWS_REGION"
+echo "AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID"
+
+# Calculate container image prefix from PROJECT, ENVIRONMENT, COMPONENT
+CONTAINER_IMAGE_PREFIX="${PROJECT}-${ENVIRONMENT}-${COMPONENT}"
+echo "CONTAINER_IMAGE_PREFIX: ${CONTAINER_IMAGE_PREFIX}"
+
+# Translate ACTION to PUBLISH_CONTAINER_IMAGE (build)
+if [ "${ACTION}" = "plan" ]; then
+  PUBLISH_CONTAINER_IMAGE="false"
+else
+  PUBLISH_CONTAINER_IMAGE="true"
+fi
 
 # Helper function for error handling
 run_or_fail() {
@@ -13,28 +40,36 @@ run_or_fail() {
   fi
 }
 
-echo "Running app pre.sh"
-echo "REGION=$REGION"
-echo "ENVIRONMENT=$ENVIRONMENT"
-echo "ACTION=$ACTION"
+# Switch to repo root
+pushd "$(git rev-parse --show-toplevel)" || exit 1
 
+# Calculate git-based version suffix
+SHORT_SHA="$(git rev-parse --short HEAD)"
 GIT_TAG="$(git describe --tags --exact-match 2>/dev/null || true)"
+
 if [ -n "${GIT_TAG}" ]; then
   RELEASE_VERSION="${GIT_TAG#v}"
-  export TF_VAR_container_image_tag_suffix="release-${RELEASE_VERSION}-$(git rev-parse --short HEAD)"
-  echo "On tag: $GIT_TAG, image tag suffixes will be: release-${RELEASE_VERSION}-$(git rev-parse --short HEAD)"
+  CONTAINER_IMAGE_SUFFIX="release-${RELEASE_VERSION}-${SHORT_SHA}"
+  echo "On tag: $GIT_TAG, image suffix: ${CONTAINER_IMAGE_SUFFIX}"
 else
-  export TF_VAR_container_image_tag_suffix="sha-$(git rev-parse --short HEAD)"
-  echo "Not on a tag, image tag suffix will be: sha-$(git rev-parse --short HEAD)"
+  CONTAINER_IMAGE_SUFFIX="sha-${SHORT_SHA}"
+  echo "Not on a tag, image suffix: ${CONTAINER_IMAGE_SUFFIX}"
 fi
 
-# change to monorepo root
-cd $(git rev-parse --show-toplevel)
+# Export for Terraform
+export TF_VAR_container_image_tag_suffix="${CONTAINER_IMAGE_SUFFIX}"
 
 run_or_fail npm ci
 run_or_fail npm run generate-dependencies --workspaces --if-present
 run_or_fail npm run lambda-build --workspaces --if-present
+run_or_fail env \
+  CONTAINER_IMAGE_PREFIX="${CONTAINER_IMAGE_PREFIX}" \
+  CONTAINER_IMAGE_SUFFIX="${CONTAINER_IMAGE_SUFFIX}" \
+  AWS_ACCOUNT_ID="${AWS_ACCOUNT_ID}" \
+  AWS_REGION="${AWS_REGION}" \
+  GITHUB_TOKEN="${GITHUB_TOKEN}" \
+  PUBLISH_CONTAINER_IMAGE="${PUBLISH_CONTAINER_IMAGE}" \
+  npm run build:container --workspaces --if-present
 run_or_fail lambdas/layers/pdfjs/build.sh
 
-# revert back to original directory
-cd -
+popd || exit 1 # Return to working directory
@@ -1,8 +1,35 @@
+#!/bin/bash
+
+# This script is run before Terraform executable commands.
+# It ensures all Node.js dependencies are installed, generates any required dependencies,
+# and builds all Lambda functions in the workspace before Terraform provisions infrastructure.
 # pre.sh runs in the same shell as terraform.sh, not in a subshell
-# any variables set or changed, and change of directory will persist once this script exits and returns control to terraform.sh
-REGION=$1
-ENVIRONMENT=$2
-ACTION=$3
+
+: "${PROJECT:?PROJECT is required}"
+: "${AWS_REGION:?AWS_REGION is required}"
+: "${COMPONENT:?COMPONENT is required}"
+: "${ENVIRONMENT:?ENVIRONMENT is required}"
+: "${AWS_ACCOUNT_ID:?AWS_ACCOUNT_ID is required}"
+: "${ACTION:?ACTION is required}"
+
+echo "Running sbx pre.sh"
+echo "ENVIRONMENT=$ENVIRONMENT"
+echo "ACTION=$ACTION"
+echo "PROJECT=$PROJECT"
+echo "COMPONENT=$COMPONENT"
+echo "AWS_REGION=$AWS_REGION"
+echo "AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID"
+
+# Calculate container image prefix from PROJECT, ENVIRONMENT, COMPONENT
+CONTAINER_IMAGE_PREFIX="${PROJECT}-${ENVIRONMENT}-${COMPONENT}"
+echo "CONTAINER_IMAGE_PREFIX: ${CONTAINER_IMAGE_PREFIX}"
+
+# Translate ACTION to PUBLISH_CONTAINER_IMAGE (build)
+if [ "${ACTION}" = "plan" ]; then
+  PUBLISH_CONTAINER_IMAGE="false"
+else
+  PUBLISH_CONTAINER_IMAGE="true"
+fi
 
 # Helper function for error handling
 run_or_fail() {
@@ -13,23 +40,24 @@ run_or_fail() {
   fi
 }
 
-echo "Running sandbox pre.sh"
-echo "REGION=$REGION"
-echo "ENVIRONMENT=$ENVIRONMENT"
-echo "ACTION=$ACTION"
+# Switch to repo root
+pushd "$(git rev-parse --show-toplevel)" || exit 1
 
+# Calculate git-based version suffix
+SHORT_SHA="$(git rev-parse --short HEAD)"
 GIT_TAG="$(git describe --tags --exact-match 2>/dev/null || true)"
+
 if [ -n "${GIT_TAG}" ]; then
   RELEASE_VERSION="${GIT_TAG#v}"
-  export TF_VAR_container_image_tag_suffix="release-${RELEASE_VERSION}-$(git rev-parse --short HEAD)"
-  echo "On tag: $GIT_TAG, image tag suffixes will be: release-${RELEASE_VERSION}-$(git rev-parse --short HEAD)"
+  CONTAINER_IMAGE_SUFFIX="release-${RELEASE_VERSION}-${SHORT_SHA}"
+  echo "On tag: $GIT_TAG, image suffix: ${CONTAINER_IMAGE_SUFFIX}"
 else
-  export TF_VAR_container_image_tag_suffix="sha-$(git rev-parse --short HEAD)"
-  echo "Not on a tag, image tag suffix will be: sha-$(git rev-parse --short HEAD)"
+  CONTAINER_IMAGE_SUFFIX="sha-${SHORT_SHA}"
+  echo "Not on a tag, image suffix: ${CONTAINER_IMAGE_SUFFIX}"
 fi
 
-# change to monorepo root
-cd $(git rev-parse --show-toplevel)
+# Export for Terraform
+export TF_VAR_container_image_tag_suffix="${CONTAINER_IMAGE_SUFFIX}"
 
 case "${ACTION}" in
   apply)
@@ -44,6 +72,13 @@ case "${ACTION}" in
 
     run_or_fail npm run generate-dependencies --workspaces --if-present
     run_or_fail npm run lambda-build --workspaces --if-present
+    run_or_fail env \
+      CONTAINER_IMAGE_PREFIX="${CONTAINER_IMAGE_PREFIX}" \
+      CONTAINER_IMAGE_SUFFIX="${CONTAINER_IMAGE_SUFFIX}" \
+      AWS_ACCOUNT_ID="${AWS_ACCOUNT_ID}" \
+      AWS_REGION="${AWS_REGION}" \
+      PUBLISH_CONTAINER_IMAGE="${PUBLISH_CONTAINER_IMAGE}" \
+      npm run build:container --workspaces --if-present
     run_or_fail lambdas/layers/pdfjs/build.sh
     ;;
   plan)
@@ -54,5 +89,4 @@ case "${ACTION}" in
     ;;
 esac
 
-# revert back to original directory
-cd -
+popd || exit 1 # Return to working directory
@@ -30,7 +30,7 @@
   "name": "nhs-notify-templates-letter-preview-renderer",
   "private": true,
   "scripts": {
-    "lambda-build": "../../scripts/lambda-container-build/docker.sh --base-image ghcr.io/nhsdigital/nhs-notify/libreoffice-amet-node-22:latest",
+    "build:container": "cd ../.. && make docker-build-and-push base_image=ghcr.io/nhsdigital/nhs-notify/libreoffice-amet-node-22:latest dir=lambdas/letter-preview-renderer",
     "lint": "eslint .",
     "lint:fix": "eslint . --fix",
     "test:unit": "jest",