Skip to content

Commit 60fde54

Browse files
damientobin1damientobin1
committed
CCM-18143: Updating_Github_Actions_Validation
1 parent 0eef9c0 commit 60fde54

10 files changed

Lines changed: 69 additions & 69 deletions

.github/actions/build-docs/action.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,24 +8,24 @@ runs:
88
using: "composite"
99
steps:
1010
- name: Checkout
11-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
12-
- uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
11+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
12+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
1313
with:
1414
node-version: 18
1515
- name: Install docs node dependencies
1616
working-directory: ./docs
1717
run: pnpm --ignore-workspace install --frozen-lockfile
1818
shell: bash
1919
- name: Setup Ruby
20-
uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6 # v1.292.0
20+
uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0
2121
with:
2222
ruby-version: "3.2" # Not needed with a .ruby-version file
2323
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
2424
cache-version: 0 # Increment this number if you need to re-download cached gems
2525
working-directory: "./docs"
2626
- name: Setup Pages
2727
id: pages
28-
uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6
28+
uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
2929
- name: Build with Jekyll
3030
working-directory: ./docs
3131
# Outputs to the './_site' directory by default
@@ -38,7 +38,7 @@ runs:
3838
VERSION: ${{ inputs.version }}
3939
- name: Upload artifact
4040
# Automatically uploads an artifact from the './_site' directory by default
41-
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
41+
uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
4242
with:
4343
path: "docs/_site/"
4444
name: jekyll-docs-${{ inputs.version }}

.github/workflows/cicd-1-pull-request.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
# skip_trivy_package: ${{ steps.skip_trivy.outputs.skip_trivy_package }}
3434
steps:
3535
- name: "Checkout code"
36-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
36+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3737
- name: "Set CI/CD variables"
3838
id: variables
3939
run: |

.github/workflows/cicd-3-deploy.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
# tag: ${{ steps.variables.outputs.tag }}
3939
steps:
4040
- name: "Checkout code"
41-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
41+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4242
- name: "Set CI/CD variables"
4343
id: variables
4444
run: |
@@ -73,7 +73,7 @@ jobs:
7373
needs: metadata
7474
steps:
7575
- name: "Checkout code"
76-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
76+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7777
- name: "Get version"
7878
id: get-asset-version
7979
shell: bash
@@ -108,13 +108,13 @@ jobs:
108108
run: |
109109
gh release download "$RELEASE_VERSION" -p jekyll-docs-*.tar --output artifact.tar
110110
111-
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
111+
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
112112
with:
113113
name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}
114114
path: artifact.tar
115115

116116
- name: Deploy to GitHub Pages
117117
id: deployment
118-
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5
118+
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
119119
with:
120120
artifact_name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}}

.github/workflows/cicd-4-pr-title-check.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,6 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- name: "Check PR title format"
18-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@v4.0.3
18+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@v4.0.5
1919
with:
2020
title: ${{ github.event.pull_request.title }}

.github/workflows/scheduled-repository-template-sync.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ jobs:
1616

1717
steps:
1818
- name: Check out the repository
19-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
19+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020
- name: Check out external repository
21-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
21+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222
with:
2323
repository: NHSDigital/nhs-notify-repository-template
2424
path: nhs-notify-repository-template
@@ -31,7 +31,7 @@ jobs:
3131
3232
- name: Create Pull Request
3333
if: ${{ !env.ACT }}
34-
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
34+
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
3535
with:
3636
token: ${{ secrets.GITHUB_TOKEN }}
3737
commit-message: Drift from template

.github/workflows/scorecard.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,12 @@ jobs:
3333

3434
steps:
3535
- name: "Checkout code"
36-
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
36+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3737
with:
3838
persist-credentials: false
3939

4040
- name: "Run analysis"
41-
uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
41+
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
4242
with:
4343
results_file: results.sarif
4444
results_format: sarif
@@ -60,7 +60,7 @@ jobs:
6060
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
6161
# format to the repository Actions tab.
6262
- name: "Upload artifact"
63-
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
63+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
6464
with:
6565
name: SARIF file
6666
path: results.sarif
@@ -69,6 +69,6 @@ jobs:
6969
# Upload the results to GitHub's code scanning dashboard (optional).
7070
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
7171
- name: "Upload to code-scanning"
72-
uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
72+
uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
7373
with:
7474
sarif_file: results.sarif

.github/workflows/stage-1-commit.yaml

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -48,33 +48,33 @@ jobs:
4848
timeout-minutes: 5
4949
steps:
5050
- name: "Checkout code"
51-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
51+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5252
with:
5353
fetch-depth: 0 # Full history is needed to scan all commits
5454
- name: "Scan secrets"
55-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@v4.0.3
55+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@v4.0.5
5656
check-file-format:
5757
name: "Check file format"
5858
runs-on: ubuntu-latest
5959
timeout-minutes: 5
6060
steps:
6161
- name: "Checkout code"
62-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
62+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6363
with:
6464
fetch-depth: 0 # Full history is needed to compare branches
6565
- name: "Check file format"
66-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@v4.0.3
66+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@v4.0.5
6767
check-markdown-format:
6868
name: "Check Markdown format"
6969
runs-on: ubuntu-latest
7070
timeout-minutes: 5
7171
steps:
7272
- name: "Checkout code"
73-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
73+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7474
with:
7575
fetch-depth: 0 # Full history is needed to compare branches
7676
- name: "Check Markdown format"
77-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@v4.0.3
77+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@v4.0.5
7878
terraform-docs:
7979
name: "Run terraform-docs"
8080
runs-on: ubuntu-latest
@@ -84,7 +84,7 @@ jobs:
8484
contents: write
8585
steps:
8686
- name: "Checkout code"
87-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
87+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8888
with:
8989
fetch-depth: 0 # Full history is needed to compare branches
9090
- name: "Check to see if Terraform Docs are up-to-date"
@@ -105,30 +105,30 @@ jobs:
105105
timeout-minutes: 5
106106
steps:
107107
- name: "Checkout code"
108-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
108+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
109109
with:
110110
fetch-depth: 0 # Full history is needed to compare branches
111111
- name: "Check English usage"
112-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@v4.0.3
112+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@v4.0.5
113113
check-todo-usage:
114114
name: "Check TODO usage"
115115
runs-on: ubuntu-latest
116116
timeout-minutes: 5
117117
steps:
118118
- name: "Checkout code"
119-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
119+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
120120
with:
121121
fetch-depth: 0 # Full history is needed to compare branches
122122
- name: "Check TODO usage"
123-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@v4.0.3
123+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@v4.0.5
124124
detect-terraform-changes:
125125
name: "Detect Terraform Changes"
126126
runs-on: ubuntu-latest
127127
outputs:
128128
terraform_changed: ${{ steps.check.outputs.terraform_changed }}
129129
steps:
130130
- name: "Checkout code"
131-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
131+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
132132

133133
- name: "Check for Terraform changes"
134134
id: check
@@ -152,11 +152,11 @@ jobs:
152152
if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
153153
steps:
154154
- name: "Checkout code"
155-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
155+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
156156
- name: "Setup ASDF"
157157
uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4.0.1
158158
- name: "Lint Terraform"
159-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@v4.0.3
159+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@v4.0.5
160160
#TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549
161161
# trivy-iac:
162162
# name: "Trivy IaC Scan"
@@ -168,9 +168,9 @@ jobs:
168168
# if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
169169
# steps:
170170
# - name: "Checkout code"
171-
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
171+
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
172172
# - name: "Setup ASDF"
173-
# uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
173+
# uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
174174
# - name: "Trivy IaC Scan"
175175
# uses: NHSDigital/nhs-notify-shared-modules/.github/actions/trivy-iac@3.1.2
176176
# trivy-package:
@@ -182,9 +182,9 @@ jobs:
182182
# timeout-minutes: 10
183183
# steps:
184184
# - name: "Checkout code"
185-
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
185+
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
186186
# - name: "Setup ASDF"
187-
# uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
187+
# uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0
188188
# - name: "Trivy Package Scan"
189189
# uses: NHSDigital/nhs-notify-shared-modules/.github/actions/trivy-package@3.1.2
190190
count-lines-of-code:
@@ -196,9 +196,9 @@ jobs:
196196
timeout-minutes: 5
197197
steps:
198198
- name: "Checkout code"
199-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
199+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
200200
- name: "Count lines of code"
201-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@v4.0.3
201+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@v4.0.5
202202
with:
203203
build_datetime: "${{ inputs.build_datetime }}"
204204
build_timestamp: "${{ inputs.build_timestamp }}"
@@ -215,9 +215,9 @@ jobs:
215215
timeout-minutes: 5
216216
steps:
217217
- name: "Checkout code"
218-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
218+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
219219
- name: "Scan dependencies"
220-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@v4.0.3
220+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@v4.0.5
221221
with:
222222
build_datetime: "${{ inputs.build_datetime }}"
223223
build_timestamp: "${{ inputs.build_timestamp }}"

.github/workflows/stage-2-test.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -43,14 +43,14 @@ jobs:
4343
timeout-minutes: 5
4444
steps:
4545
- name: "Checkout code"
46-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
46+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4747
- name: "Setup pnpm"
48-
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
48+
uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
4949
with:
5050
version: "${{ inputs.pnpm_version }}"
5151
cache: true
5252
- name: "Use Node.js"
53-
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
53+
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
5454
with:
5555
node-version-file: '.tool-versions'
5656
cache: 'pnpm'
@@ -69,7 +69,7 @@ jobs:
6969
timeout-minutes: 5
7070
steps:
7171
- name: "Checkout code"
72-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
72+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7373
- name: "Run linting"
7474
run: |
7575
make test-lint
@@ -83,7 +83,7 @@ jobs:
8383
timeout-minutes: 5
8484
steps:
8585
- name: "Checkout code"
86-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
86+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8787
- name: "Run test coverage check"
8888
run: |
8989
make test-coverage
@@ -100,15 +100,15 @@ jobs:
100100
timeout-minutes: 5
101101
steps:
102102
- name: "Checkout code"
103-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
103+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
104104
with:
105105
fetch-depth: 0 # Full history is needed to improving relevancy of reporting
106106
- name: "Download coverage report for SONAR"
107107
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
108108
with:
109109
name: code-coverage-report
110110
- name: "Perform static analysis"
111-
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@v4.0.3
111+
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@v4.0.5
112112
with:
113113
sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
114114
sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"

.github/workflows/stage-3-build.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,9 +43,9 @@ jobs:
4343
timeout-minutes: 3
4444
steps:
4545
- name: "Checkout code"
46-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
46+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4747
- name: "Setup pnpm"
48-
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
48+
uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
4949
with:
5050
version: "${{ inputs.pnpm_version }}"
5151
cache: true
@@ -59,7 +59,7 @@ jobs:
5959
timeout-minutes: 3
6060
steps:
6161
- name: "Checkout code"
62-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
62+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6363
- name: "Build artefact 1"
6464
run: |
6565
echo "Building artefact 1 ..."
@@ -76,7 +76,7 @@ jobs:
7676
timeout-minutes: 3
7777
steps:
7878
- name: "Checkout code"
79-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
79+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8080
- name: "Build artefact n"
8181
run: |
8282
echo "Building artefact n ..."

0 commit comments

Comments
 (0)