diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 35b69924..70d588c4 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -33,7 +33,7 @@ jobs: deploy_proxy: ${{ steps.deploy_proxy.outputs.deploy_proxy }} steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set CI/CD variables" id: variables run: | diff --git a/.github/workflows/cicd-3-deploy.yaml b/.github/workflows/cicd-3-deploy.yaml index 6a46ed13..401da0fd 100644 --- a/.github/workflows/cicd-3-deploy.yaml +++ b/.github/workflows/cicd-3-deploy.yaml @@ -37,7 +37,7 @@ jobs: # tag: ${{ steps.variables.outputs.tag }} steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set CI/CD variables" id: variables run: | @@ -70,7 +70,7 @@ jobs: needs: metadata steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Get version" id: get-asset-version shell: bash diff --git a/.github/workflows/manual-proxy-environment-deploy.yaml b/.github/workflows/manual-proxy-environment-deploy.yaml index e2026495..b2aa2b1a 100644 --- a/.github/workflows/manual-proxy-environment-deploy.yaml +++ b/.github/workflows/manual-proxy-environment-deploy.yaml @@ -29,7 +29,7 @@ jobs: name: Deploy to Environment steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 with: node-version: 22 diff --git a/.github/workflows/pr_closed.yaml b/.github/workflows/pr_closed.yaml index a27a896b..dc30a0d1 100644 --- a/.github/workflows/pr_closed.yaml +++ b/.github/workflows/pr_closed.yaml @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Updating Main Environment env: APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }} @@ -74,7 +74,7 @@ jobs: packages: read steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup NodeJS uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: @@ -110,7 +110,7 @@ jobs: packages: read steps: - name: "Checkout code" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Repo setup" uses: ./.github/actions/node-install with: @@ -133,7 +133,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup NodeJS uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: diff --git a/.github/workflows/pr_destroy_dynamic_env.yaml b/.github/workflows/pr_destroy_dynamic_env.yaml index 4e8ac70f..b6354eea 100644 --- a/.github/workflows/pr_destroy_dynamic_env.yaml +++ b/.github/workflows/pr_destroy_dynamic_env.yaml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Trigger dynamic environment destruction env: @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Trigger dynamic proxy destruction env: diff --git a/.github/workflows/release_created.yaml b/.github/workflows/release_created.yaml index 47d9c855..9488cab8 100644 --- a/.github/workflows/release_created.yaml +++ b/.github/workflows/release_created.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Deploy Nonprod Environment env: APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }} @@ -57,7 +57,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build proxies" uses: ./.github/actions/build-proxies with: diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml index e8628786..e3189c32 100644 --- a/.github/workflows/scheduled-repository-template-sync.yaml +++ b/.github/workflows/scheduled-repository-template-sync.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: Check out the repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Sync repository template uses: NHSDigital/nhs-notify-shared-modules/.github/actions/sync-template-repo@3.0.8 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3dfb1507..e586a665 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4.2.2 with: persist-credentials: false diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 401b1946..0dd8d7c6 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to scan all commits - name: "Scan secrets" @@ -58,7 +58,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check file format" @@ -69,7 +69,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check Markdown format" @@ -83,7 +83,7 @@ jobs: contents: write steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check to see if Terraform Docs are up-to-date" @@ -104,7 +104,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check English usage" @@ -115,7 +115,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check TODO usage" @@ -127,7 +127,7 @@ jobs: terraform_changed: ${{ steps.check.outputs.terraform_changed }} steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Check for Terraform changes" id: check run: | @@ -150,7 +150,7 @@ jobs: if: needs.detect-terraform-changes.outputs.terraform_changed == 'true' steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup ASDF" uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 - name: "Lint Terraform" @@ -169,7 +169,7 @@ jobs: # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # steps: # - name: "Checkout code" - # uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Setup ASDF" # uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # - name: "Trivy IaC Scan" @@ -184,7 +184,7 @@ jobs: # timeout-minutes: 10 # steps: # - name: "Checkout code" - # uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Setup ASDF" # uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # - name: "Trivy Package Scan" @@ -198,7 +198,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Count lines of code" uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@3.0.8 with: @@ -217,7 +217,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Scan dependencies" uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@3.0.8 with: @@ -239,7 +239,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -274,7 +274,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check schema versions run: | source scripts/is_valid_increment.sh @@ -302,7 +302,7 @@ jobs: packages: read steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup NodeJS uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index 8bdf019d..d953283a 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -48,7 +48,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup NodeJS uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: @@ -79,7 +79,7 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup NodeJS uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: @@ -127,7 +127,7 @@ jobs: contents: read steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Cache node_modules" uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: @@ -155,7 +155,7 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup NodeJS uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: @@ -188,7 +188,7 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup NodeJS uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: @@ -220,7 +220,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Run test coverage check" run: | make test-coverage @@ -237,7 +237,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to improving relevancy of reporting - name: "Download coverage report for SONAR" diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 3d476c2d..baea4910 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -52,7 +52,7 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build docs" uses: ./.github/actions/build-docs with: @@ -70,7 +70,7 @@ jobs: apimEnv: [internal-dev-pr, internal-dev, int, ref, prod] steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build OAS spec" uses: ./.github/actions/build-oas-spec with: @@ -87,7 +87,7 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build proxies" uses: ./.github/actions/build-oas-spec with: @@ -104,7 +104,7 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build sdks" uses: ./.github/actions/build-sdk with: @@ -118,7 +118,7 @@ jobs: # timeout-minutes: 10 # steps: # - name: "Checkout code" - # uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Build servers" # uses: ./.github/actions/build-server # with: @@ -129,7 +129,7 @@ jobs: # timeout-minutes: 10 # steps: # - name: "Checkout code" - # uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Build servers" # uses: ./.github/actions/build-libraries # with: @@ -140,7 +140,7 @@ jobs: outputs: environment_name: ${{ steps.set-environment.outputs.environment_name }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set environment name id: set-environment run: echo "environment_name=${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}" >> $GITHUB_OUTPUT @@ -174,7 +174,7 @@ jobs: APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }} steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build proxies" uses: ./.github/actions/build-proxies with: diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 520adc26..a3903097 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -48,7 +48,7 @@ jobs: name: Run Acceptance Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Use Node.js" uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 @@ -87,7 +87,7 @@ jobs: runs-on: ubuntu-latest if: inputs.proxy_deployed == 'true' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Run e2e tests" #uses: ./.github/actions/e2e-tests diff --git a/.github/workflows/stage-5-publish.yaml b/.github/workflows/stage-5-publish.yaml index 4202d28f..f24a7de1 100644 --- a/.github/workflows/stage-5-publish.yaml +++ b/.github/workflows/stage-5-publish.yaml @@ -46,7 +46,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Get the artefacts 1" uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: