diff --git a/.github/workflows/conventional-commit-lint.yml b/.github/workflows/conventional-commit-lint.yml index fa4f1f2e6..31349630f 100644 --- a/.github/workflows/conventional-commit-lint.yml +++ b/.github/workflows/conventional-commit-lint.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 diff --git a/.github/workflows/release_generator.yml b/.github/workflows/release_generator.yml index ad097d6c1..73cc1f756 100644 --- a/.github/workflows/release_generator.yml +++ b/.github/workflows/release_generator.yml @@ -13,7 +13,7 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@e995b4e40ace2eb5bf13137d9abe242c98f3aab6 # v1.6.0 + - uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1 id: sre_app_token with: app_id: ${{ secrets.SRE_APP_ID }} diff --git a/.github/workflows/request-lambda-functions-to-use-new-image/action.yml b/.github/workflows/request-lambda-functions-to-use-new-image/action.yml index 00265d3cd..1596fd87a 100644 --- a/.github/workflows/request-lambda-functions-to-use-new-image/action.yml +++ b/.github/workflows/request-lambda-functions-to-use-new-image/action.yml @@ -16,7 +16,7 @@ runs: using: "composite" steps: - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ inputs.aws-role-to-assume }} role-session-name: ${{ inputs.aws-role-session-name }} @@ -24,7 +24,7 @@ runs: - name: Login to Staging Amazon ECR id: login-ecr-staging - uses: aws-actions/amazon-ecr-login@v2 + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 - name: Update Lambda function image env: diff --git a/.github/workflows/tag-and-push-lambda-images/action.yml b/.github/workflows/tag-and-push-lambda-images/action.yml index 694ecddcc..90fdeb499 100644 --- a/.github/workflows/tag-and-push-lambda-images/action.yml +++ b/.github/workflows/tag-and-push-lambda-images/action.yml @@ -16,7 +16,7 @@ runs: using: "composite" steps: - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ inputs.aws-role-to-assume }} role-session-name: ${{ inputs.aws-role-session-name }} @@ -24,7 +24,7 @@ runs: - name: Login to Staging Amazon ECR id: login-ecr-staging - uses: aws-actions/amazon-ecr-login@v2 + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 - name: Tag and push docker images env: diff --git a/.github/workflows/terraform-variable-check.yml b/.github/workflows/terraform-variable-check.yml index 9e7fc6f33..ae239b3e3 100644 --- a/.github/workflows/terraform-variable-check.yml +++ b/.github/workflows/terraform-variable-check.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Check Terraform variables are defined correctly run: | diff --git a/.github/workflows/terragrunt-apply-production.yml b/.github/workflows/terragrunt-apply-production.yml index 138b7f49c..85a787191 100644 --- a/.github/workflows/terragrunt-apply-production.yml +++ b/.github/workflows/terragrunt-apply-production.yml @@ -41,7 +41,7 @@ jobs: version: ${{ steps.get-version.outputs.version }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Get version to deploy id: get-version @@ -57,7 +57,7 @@ jobs: VERSION: ${{ needs.get-version.outputs.version }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} @@ -66,7 +66,7 @@ jobs: uses: cds-snc/terraform-tools-setup@v1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-apply-release role-session-name: TFApply @@ -87,7 +87,7 @@ jobs: image: [audit-logs, audit-logs-archiver, cognito-email-sender, cognito-pre-sign-up, form-archiver, nagware, notify-slack, reliability, reliability-dlq-consumer, response-archiver, submission, vault-integrity] steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} @@ -114,7 +114,7 @@ jobs: VERSION: ${{ needs.get-version.outputs.version }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} @@ -123,7 +123,7 @@ jobs: uses: cds-snc/terraform-tools-setup@v1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-apply-release role-session-name: TFApply @@ -213,7 +213,7 @@ jobs: image: [audit-logs, audit-logs-archiver, cognito-email-sender, cognito-pre-sign-up, form-archiver, nagware, notify-slack, reliability, reliability-dlq-consumer, response-archiver, submission, vault-integrity] steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} diff --git a/.github/workflows/terragrunt-apply-staging.yml b/.github/workflows/terragrunt-apply-staging.yml index 736106eb6..1b6d4d724 100644 --- a/.github/workflows/terragrunt-apply-staging.yml +++ b/.github/workflows/terragrunt-apply-staging.yml @@ -44,13 +44,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup terraform tools uses: cds-snc/terraform-tools-setup@v1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-apply role-session-name: TFApply @@ -67,7 +67,7 @@ jobs: lambda-to-rebuild: ${{ steps.filter.outputs.changes }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Filter id: filter @@ -86,7 +86,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Build Lambda images uses: ./.github/workflows/build-lambda-images @@ -109,13 +109,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup terraform tools uses: cds-snc/terraform-tools-setup@v1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-apply role-session-name: TFApply @@ -211,7 +211,7 @@ jobs: image: ${{ fromJSON(needs.detect-lambda-changes.outputs.lambda-to-rebuild) }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Request Lambda functions to use new image uses: ./.github/workflows/request-lambda-functions-to-use-new-image diff --git a/.github/workflows/terragrunt-plan-all-staging.yml b/.github/workflows/terragrunt-plan-all-staging.yml index a7f6fae4d..5b39f0e10 100644 --- a/.github/workflows/terragrunt-plan-all-staging.yml +++ b/.github/workflows/terragrunt-plan-all-staging.yml @@ -36,14 +36,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 # Setup Terraform, Terragrunt, and Conftest - name: Setup terraform tools uses: cds-snc/terraform-tools-setup@v1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-plan role-session-name: TFPlan diff --git a/.github/workflows/terragrunt-plan-production-warn-release-exists.yml b/.github/workflows/terragrunt-plan-production-warn-release-exists.yml index ca5b764b6..6fe2c2b31 100644 --- a/.github/workflows/terragrunt-plan-production-warn-release-exists.yml +++ b/.github/workflows/terragrunt-plan-production-warn-release-exists.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Get version run: echo "version=v$(cat version.txt)" >> $GITHUB_ENV diff --git a/.github/workflows/terragrunt-plan-production.yml b/.github/workflows/terragrunt-plan-production.yml index c94e9b998..c1a8b802c 100644 --- a/.github/workflows/terragrunt-plan-production.yml +++ b/.github/workflows/terragrunt-plan-production.yml @@ -43,7 +43,7 @@ jobs: version: ${{ steps.get-version.outputs.version }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Get version to deploy id: get-version @@ -60,7 +60,7 @@ jobs: lambda-to-rebuild: ${{ steps.filter.outputs.changes }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} @@ -82,7 +82,7 @@ jobs: image: ${{ fromJSON(needs.detect-lambda-changes.outputs.lambda-to-rebuild) }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} @@ -104,7 +104,7 @@ jobs: image: ${{ fromJSON(needs.detect-lambda-changes.outputs.lambda-to-rebuild) }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} @@ -121,7 +121,7 @@ jobs: VERSION: ${{ needs.get-version.outputs.version }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ env.VERSION }} @@ -130,7 +130,7 @@ jobs: uses: cds-snc/terraform-tools-setup@v1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-plan role-session-name: TFPlan diff --git a/.github/workflows/terragrunt-plan-staging.yml b/.github/workflows/terragrunt-plan-staging.yml index 688b3f7b0..d7528531f 100644 --- a/.github/workflows/terragrunt-plan-staging.yml +++ b/.github/workflows/terragrunt-plan-staging.yml @@ -48,7 +48,7 @@ jobs: lambda-to-rebuild: ${{ steps.filter.outputs.changes }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Filter id: filter @@ -66,7 +66,7 @@ jobs: image: ${{ fromJSON(needs.detect-lambda-changes.outputs.lambda-to-rebuild) }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Test Lambda code uses: ./.github/workflows/test-lambda-code @@ -84,7 +84,7 @@ jobs: image: ${{ fromJSON(needs.detect-lambda-changes.outputs.lambda-to-rebuild) }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Build Lambda images uses: ./.github/workflows/build-lambda-images @@ -97,14 +97,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 # Setup Terraform, Terragrunt, and Conftest - name: Setup terraform tools uses: cds-snc/terraform-tools-setup@v1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-plan role-session-name: TFPlan