diff --git a/.github/actions/acceptance-tests-components/action.yml b/.github/actions/acceptance-tests-components/action.yml index 833966699..0071d20d1 100644 --- a/.github/actions/acceptance-tests-components/action.yml +++ b/.github/actions/acceptance-tests-components/action.yml @@ -29,7 +29,7 @@ runs: GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} - name: Fetch terraform output - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: terraform-output-${{ inputs.targetComponent }} diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index 386f7799e..cbf607d7e 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -11,8 +11,8 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 registry-url: 'https://npm.pkg.github.com' @@ -23,7 +23,7 @@ runs: run: npm ci shell: bash - name: Setup Ruby - uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1 + uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0 with: ruby-version: "3.2" # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically @@ -31,7 +31,7 @@ runs: working-directory: "./docs" - name: Setup Pages id: pages - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - name: Build with Jekyll working-directory: ./docs # Outputs to the './_site' directory by default @@ -43,7 +43,7 @@ runs: - name: Upload artifact # Automatically uploads an artifact from the './_site' directory by default - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: "docs/_site/" name: jekyll-docs-${{ inputs.version }} diff --git a/.github/actions/build-libraries/action.yml b/.github/actions/build-libraries/action.yml index d6adf3f22..4e44bef36 100644 --- a/.github/actions/build-libraries/action.yml +++ b/.github/actions/build-libraries/action.yml @@ -11,8 +11,8 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 registry-url: 'https://npm.pkg.github.com' @@ -31,40 +31,40 @@ runs: make build VERSION="${{ inputs.version }}" - name: Upload abstractions artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "src/server/abstractions/bin/Release" name: libs-abstractions-${{ inputs.version }} include-hidden-files: true - name: Upload data artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "src/server/data/bin/Release" name: libs-data-${{ inputs.version }} include-hidden-files: true - name: Upload letter artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "src/server/letter/bin/Release" name: libs-letter-${{ inputs.version }} include-hidden-files: true - name: Upload host artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "src/server/host/bin/Release" name: libs-host-${{ inputs.version }} include-hidden-files: true - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - run: mkdir -p ${{ runner.temp }}/myimage shell: bash - name: Build and export - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: src/server file: src/server/Dockerfile @@ -74,7 +74,7 @@ runs: outputs: type=docker,dest=${{ runner.temp }}/myimage/myimage.tar - name: Upload artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: libs-host-docker-${{ inputs.version }} path: ${{ runner.temp }}/myimage diff --git a/.github/actions/build-oas-spec/action.yml b/.github/actions/build-oas-spec/action.yml index 157f15783..242adffd3 100644 --- a/.github/actions/build-oas-spec/action.yml +++ b/.github/actions/build-oas-spec/action.yml @@ -24,14 +24,14 @@ runs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ inputs.nodejs_version }} registry-url: 'https://npm.pkg.github.com' - name: "Cache node_modules" - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | **/node_modules @@ -68,7 +68,7 @@ runs: fi - name: Upload API OAS specification artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "build" name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }} diff --git a/.github/actions/build-proxies/action.yml b/.github/actions/build-proxies/action.yml index a7c2739f0..d00f1a30d 100644 --- a/.github/actions/build-proxies/action.yml +++ b/.github/actions/build-proxies/action.yml @@ -36,7 +36,7 @@ runs: steps: - name: Download OAS Spec artifact from workflow if: ${{ inputs.isRelease == 'false' }} - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }} path: ./build @@ -83,7 +83,7 @@ runs: echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV - name: Upload OAS Spec - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ env.APIM_ENV }}-build-output path: ./build diff --git a/.github/actions/build-sandbox/action.yml b/.github/actions/build-sandbox/action.yml index dd4d947e8..c945d06e3 100644 --- a/.github/actions/build-sandbox/action.yml +++ b/.github/actions/build-sandbox/action.yml @@ -13,8 +13,8 @@ runs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 registry-url: 'https://npm.pkg.github.com' diff --git a/.github/actions/build-sdk/action.yml b/.github/actions/build-sdk/action.yml index b3fa35572..883fd023b 100644 --- a/.github/actions/build-sdk/action.yml +++ b/.github/actions/build-sdk/action.yml @@ -11,8 +11,8 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 registry-url: 'https://npm.pkg.github.com' @@ -56,43 +56,43 @@ runs: make build VERSION="${{ inputs.version }}" - name: Upload html artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "sdk/html" name: sdk-html-${{ inputs.version }} - name: Upload swagger artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "sdk/swagger" name: sdk-swagger-${{ inputs.version }} - name: Upload ts artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "sdk/typescript" name: sdk-ts-${{ inputs.version }} - name: Upload python artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "sdk/python" name: sdk-python-${{ inputs.version }} - name: Upload csharp artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "sdk/csharp" name: sdk-csharp-${{ inputs.version }} - name: Upload artifact - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: "sdk/html/" name: sdk-html-docs-${{ inputs.version }} - name: Upload swagger pages artifact - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: "sdk/swagger/" name: sdk-swagger-docs-${{ inputs.version }} diff --git a/.github/actions/build-server/action.yml b/.github/actions/build-server/action.yml index 4f27610e2..042dda422 100644 --- a/.github/actions/build-server/action.yml +++ b/.github/actions/build-server/action.yml @@ -11,8 +11,8 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 registry-url: 'https://npm.pkg.github.com' @@ -36,13 +36,13 @@ runs: make build VERSION="${{ inputs.version }}" - name: Upload csharp-server artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "server/csharp-server" name: server-csharp-${{ inputs.version }} - name: Upload csharp-server docker artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: "server/Dockerfile" name: server-csharp-docker-${{ inputs.version }} diff --git a/.github/actions/node-install/action.yaml b/.github/actions/node-install/action.yaml index 22e92f0fb..ccb34f399 100644 --- a/.github/actions/node-install/action.yaml +++ b/.github/actions/node-install/action.yaml @@ -10,7 +10,7 @@ runs: using: 'composite' steps: - name: 'Use Node.js' - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: '.tool-versions' registry-url: 'https://npm.pkg.github.com' diff --git a/.github/workflows/cicd-4-pr-title-check.yaml b/.github/workflows/cicd-4-pr-title-check.yaml index eeba8796f..41b29d916 100644 --- a/.github/workflows/cicd-4-pr-title-check.yaml +++ b/.github/workflows/cicd-4-pr-title-check.yaml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - name: "Check PR title format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # 4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@4.0.5 with: title: ${{ github.event.pull_request.title }} diff --git a/.github/workflows/deploy-dynamic-env-proxy.yaml b/.github/workflows/deploy-dynamic-env-proxy.yaml index a61b3035d..1f441fbd8 100644 --- a/.github/workflows/deploy-dynamic-env-proxy.yaml +++ b/.github/workflows/deploy-dynamic-env-proxy.yaml @@ -20,7 +20,7 @@ jobs: name: Deploy proxy to dynamic PR environment steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install dependencies uses: ./.github/actions/node-install diff --git a/.github/workflows/deploy-supplier-api.yaml b/.github/workflows/deploy-supplier-api.yaml index c7d96d9eb..d62dcdbbc 100644 --- a/.github/workflows/deploy-supplier-api.yaml +++ b/.github/workflows/deploy-supplier-api.yaml @@ -201,7 +201,7 @@ jobs: needs: validate steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Deploy backend environment env: @@ -224,7 +224,7 @@ jobs: needs: [ validate, deploy-backend ] steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Resolve nodejs version id: toolversions diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml index c47e37268..01f240090 100644 --- a/.github/workflows/scheduled-repository-template-sync.yaml +++ b/.github/workflows/scheduled-repository-template-sync.yaml @@ -18,7 +18,7 @@ jobs: - name: Check out the repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Sync repository template - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/sync-template-repo@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/sync-template-repo@4.0.5 with: github_token: ${{ github.token }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e586a6656..ef6dca1db 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: results.sarif diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 0e55f1e81..45fda48eb 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -51,7 +51,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to scan all commits - name: "Scan secrets" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@4.0.5 check-file-format: name: "Check file format" runs-on: ubuntu-latest @@ -62,7 +62,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check file format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@4.0.5 check-markdown-format: name: "Check Markdown format" runs-on: ubuntu-latest @@ -73,7 +73,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check Markdown format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@4.0.5 terraform-docs: name: "Run terraform-docs" runs-on: ubuntu-latest @@ -108,7 +108,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check English usage" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@4.0.5 check-todo-usage: name: "Check TODO usage" runs-on: ubuntu-latest @@ -119,7 +119,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check TODO usage" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@4.0.5 detect-terraform-changes: name: "Detect Terraform Changes" runs-on: ubuntu-latest @@ -152,9 +152,9 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup ASDF" - uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 + uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4.0.1 - name: "Lint Terraform" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@4.0.5 # TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549 # trivy-iac: # name: "Trivy IaC Scan" @@ -169,9 +169,9 @@ jobs: # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # steps: # - name: "Checkout code" - # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Setup ASDF" - # uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 + # uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4.0.1 # - name: "Trivy IaC Scan" # uses: ./.github/actions/trivy-iac # trivy-package: @@ -184,9 +184,9 @@ jobs: # timeout-minutes: 10 # steps: # - name: "Checkout code" - # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Setup ASDF" - # uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 + # uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4.0.1 # - name: "Trivy Package Scan" # uses: ./.github/actions/trivy-package count-lines-of-code: @@ -200,7 +200,7 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Count lines of code" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@4.0.5 with: build_datetime: "${{ inputs.build_datetime }}" build_timestamp: "${{ inputs.build_timestamp }}" @@ -219,7 +219,7 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Scan dependencies" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@5be2f2e952a6f439fb673e04aac5f5b7afcc2c2f # v4.0.1 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@4.0.5 with: build_datetime: "${{ inputs.build_datetime }}" build_timestamp: "${{ inputs.build_timestamp }}" @@ -239,7 +239,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -274,7 +274,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check schema versions run: | source scripts/is_valid_increment.sh diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index 613f3fe7e..c4f68a19a 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -105,14 +105,14 @@ jobs: run: | make test-unit - name: "Save the result of fast test suite" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: unit-tests path: "**/.reports/unit" include-hidden-files: true if: always() - name: "Save the result of code coverage" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: code-coverage-report path: ".reports/lcov.info" @@ -241,11 +241,11 @@ jobs: with: fetch-depth: 0 # Full history is needed to improving relevancy of reporting - name: "Download coverage report for SONAR" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: code-coverage-report - name: "Perform static analysis" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@4.0.0 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@4.0.5 with: sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}" sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}" diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 1966b3a7d..e34ae64b3 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -51,7 +51,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Use Node.js" - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "${{ inputs.nodejs_version }}" registry-url: "https://npm.pkg.github.com" diff --git a/.github/workflows/stage-5-publish.yaml b/.github/workflows/stage-5-publish.yaml index 1626732d0..df5192a8f 100644 --- a/.github/workflows/stage-5-publish.yaml +++ b/.github/workflows/stage-5-publish.yaml @@ -48,57 +48,57 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Get the artefacts 1" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/jekyll-docs-${{ inputs.version }} name: jekyll-docs-${{ inputs.version }} - name: "Get the artefacts 2" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/sdk-html-docs-${{ inputs.version }} name: sdk-html-docs-${{ inputs.version }} - name: "Get the artefacts 3" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/sdk-swagger-docs-${{ inputs.version }} name: sdk-swagger-docs-${{ inputs.version }} - name: "Get the artefacts 4" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/sdk-html-${{ inputs.version }} name: sdk-html-${{ inputs.version }} - name: "Get the artefacts 5" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/sdk-ts-${{ inputs.version }} name: sdk-ts-${{ inputs.version }} - name: "Get the artefacts 6" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/sdk-python-${{ inputs.version }} name: sdk-python-${{ inputs.version }} - name: "Get the artefacts 7" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/sdk-csharp-${{ inputs.version }} name: sdk-csharp-${{ inputs.version }} # Take out for now - might add again in the future # - name: "Get the artefacts 9" - # uses: actions/download-artifact@v8 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: ./artifacts/server-csharp-${{ inputs.version }} # name: server-csharp-${{ inputs.version }} - name: "Create release" id: create_release - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -110,7 +110,7 @@ jobs: prerelease: ${{ inputs.is_version_prerelease == 'true'}} - name: "Upload jekyll docs release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -120,7 +120,7 @@ jobs: asset_content_type: "application/gzip" - name: "Upload sdk html docs release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -130,7 +130,7 @@ jobs: asset_content_type: "application/gzip" - name: "Upload sdk swagger docs release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -146,7 +146,7 @@ jobs: shell: bash - name: "Upload sdk html release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -162,7 +162,7 @@ jobs: shell: bash - name: "Upload sdk ts release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -178,7 +178,7 @@ jobs: shell: bash - name: "Upload sdk python release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -194,7 +194,7 @@ jobs: shell: bash - name: "Upload sdk csharp release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -234,7 +234,7 @@ jobs: apimEnv: [internal-dev, int, ref, prod] steps: - name: "Download OAS spec artifact" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./artifacts/api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} name: api-oas-specification-${{ matrix.apimEnv }}-${{ inputs.version }} @@ -245,7 +245,7 @@ jobs: shell: bash - name: "Upload OAS specification release asset" - uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -265,12 +265,12 @@ jobs: # contents: read # steps: # - name: "Get the artefacts csharp docker" - # uses: actions/download-artifact@v8 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: . # name: server-csharp-docker-${{ inputs.version }} # - name: "Get the artefacts csharp server" - # uses: actions/download-artifact@v8 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: ./csharp-server # name: server-csharp-${{ inputs.version }} @@ -292,7 +292,7 @@ jobs: contents: read steps: - name: "Get the artefacts" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: . name: sdk-csharp-${{ inputs.version }} @@ -348,11 +348,11 @@ jobs: contents: read steps: - name: "Get the artefacts" - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: . name: sdk-ts-${{ inputs.version }} - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.3" registry-url: "https://npm.pkg.github.com" @@ -396,7 +396,7 @@ jobs: # contents: read # steps: # - name: "Get the artefacts" - # uses: actions/download-artifact@v5 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: . # name: libs-abstractions-${{ inputs.version }} @@ -452,7 +452,7 @@ jobs: # contents: read # steps: # - name: "Get the artefacts" - # uses: actions/download-artifact@v8 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: . # name: libs-letter-${{ inputs.version }} @@ -508,7 +508,7 @@ jobs: # contents: read # steps: # - name: "Get the artefacts" - # uses: actions/download-artifact@v5 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: . # name: libs-data-${{ inputs.version }} @@ -564,7 +564,7 @@ jobs: # contents: read # steps: # - name: "Get the artefacts" - # uses: actions/download-artifact@v5 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: . # name: libs-host-${{ inputs.version }} @@ -620,7 +620,7 @@ jobs: # contents: read # steps: # - name: "Get the artefacts" - # uses: actions/download-artifact@v5 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # with: # path: . # name: libs-host-docker-${{ inputs.version }}