From 177fe7644c689fb8a07165859184aeff17228314 Mon Sep 17 00:00:00 2001 From: damientobin1 Date: Fri, 29 May 2026 10:25:59 +0100 Subject: [PATCH 1/2] CCM-18143: Updating_Github_Actions_Validation --- .github/actions/build-docs/action.yml | 10 ++--- .github/workflows/cicd-1-pull-request.yaml | 2 +- .github/workflows/cicd-3-deploy.yaml | 8 ++-- .github/workflows/cicd-4-pr-title-check.yaml | 2 +- .../scheduled-repository-template-sync.yaml | 6 +-- .github/workflows/scorecard.yml | 8 ++-- .github/workflows/stage-1-commit.yaml | 44 +++++++++---------- .github/workflows/stage-2-test.yaml | 14 +++--- .github/workflows/stage-3-build.yaml | 8 ++-- .github/workflows/stage-4-acceptance.yaml | 36 +++++++-------- 10 files changed, 69 insertions(+), 69 deletions(-) diff --git a/.github/actions/build-docs/action.yml b/.github/actions/build-docs/action.yml index f9d9cd23..4f6f39f0 100644 --- a/.github/actions/build-docs/action.yml +++ b/.github/actions/build-docs/action.yml @@ -8,8 +8,8 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 18 - name: Install docs node dependencies @@ -17,7 +17,7 @@ runs: run: pnpm --ignore-workspace install --frozen-lockfile shell: bash - name: Setup Ruby - uses: ruby/setup-ruby@4eb9f110bac952a8b68ecf92e3b5c7a987594ba6 # v1.292.0 + uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0 with: ruby-version: "3.2" # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically @@ -25,7 +25,7 @@ runs: working-directory: "./docs" - name: Setup Pages id: pages - uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - name: Build with Jekyll working-directory: ./docs # Outputs to the './_site' directory by default @@ -38,7 +38,7 @@ runs: VERSION: ${{ inputs.version }} - name: Upload artifact # Automatically uploads an artifact from the './_site' directory by default - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: "docs/_site/" name: jekyll-docs-${{ inputs.version }} diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index 233da7e3..c2dda30c 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -33,7 +33,7 @@ jobs: # skip_trivy_package: ${{ steps.skip_trivy.outputs.skip_trivy_package }} steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set CI/CD variables" id: variables run: | diff --git a/.github/workflows/cicd-3-deploy.yaml b/.github/workflows/cicd-3-deploy.yaml index c1c4a567..f6718d4c 100644 --- a/.github/workflows/cicd-3-deploy.yaml +++ b/.github/workflows/cicd-3-deploy.yaml @@ -38,7 +38,7 @@ jobs: # tag: ${{ steps.variables.outputs.tag }} steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set CI/CD variables" id: variables run: | @@ -73,7 +73,7 @@ jobs: needs: metadata steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Get version" id: get-asset-version shell: bash @@ -108,13 +108,13 @@ jobs: run: | gh release download "$RELEASE_VERSION" -p jekyll-docs-*.tar --output artifact.tar - - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}} path: artifact.tar - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 with: artifact_name: jekyll-docs-${{steps.get-asset-version.outputs.release_version}} diff --git a/.github/workflows/cicd-4-pr-title-check.yaml b/.github/workflows/cicd-4-pr-title-check.yaml index 50c6182e..a4990dbb 100644 --- a/.github/workflows/cicd-4-pr-title-check.yaml +++ b/.github/workflows/cicd-4-pr-title-check.yaml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - name: "Check PR title format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@v4.0.5 with: title: ${{ github.event.pull_request.title }} diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml index 64d79543..264a71c4 100644 --- a/.github/workflows/scheduled-repository-template-sync.yaml +++ b/.github/workflows/scheduled-repository-template-sync.yaml @@ -16,9 +16,9 @@ jobs: steps: - name: Check out the repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check out external repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: NHSDigital/nhs-notify-repository-template path: nhs-notify-repository-template @@ -31,7 +31,7 @@ jobs: - name: Create Pull Request if: ${{ !env.ACT }} - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Drift from template diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d5b977aa..55684cf7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,12 +33,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -69,6 +69,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: results.sarif diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 40169b06..9c7900e8 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -48,33 +48,33 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to scan all commits - name: "Scan secrets" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@v4.0.5 check-file-format: name: "Check file format" runs-on: ubuntu-latest timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check file format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@v4.0.5 check-markdown-format: name: "Check Markdown format" runs-on: ubuntu-latest timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check Markdown format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@v4.0.5 terraform-docs: name: "Run terraform-docs" runs-on: ubuntu-latest @@ -84,7 +84,7 @@ jobs: contents: write steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check to see if Terraform Docs are up-to-date" @@ -105,22 +105,22 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check English usage" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@v4.0.5 check-todo-usage: name: "Check TODO usage" runs-on: ubuntu-latest timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check TODO usage" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@v4.0.5 detect-terraform-changes: name: "Detect Terraform Changes" runs-on: ubuntu-latest @@ -128,7 +128,7 @@ jobs: terraform_changed: ${{ steps.check.outputs.terraform_changed }} steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Check for Terraform changes" id: check @@ -152,11 +152,11 @@ jobs: if: needs.detect-terraform-changes.outputs.terraform_changed == 'true' steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup ASDF" uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4.0.1 - name: "Lint Terraform" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@v4.0.5 #TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549 # trivy-iac: # name: "Trivy IaC Scan" @@ -168,9 +168,9 @@ jobs: # if: needs.detect-terraform-changes.outputs.terraform_changed == 'true' # steps: # - name: "Checkout code" - # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Setup ASDF" - # uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 + # uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0 # - name: "Trivy IaC Scan" # uses: NHSDigital/nhs-notify-shared-modules/.github/actions/trivy-iac@3.1.2 # trivy-package: @@ -182,9 +182,9 @@ jobs: # timeout-minutes: 10 # steps: # - name: "Checkout code" - # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + # uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # - name: "Setup ASDF" - # uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 + # uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302 # v4.0.0 # - name: "Trivy Package Scan" # uses: NHSDigital/nhs-notify-shared-modules/.github/actions/trivy-package@3.1.2 count-lines-of-code: @@ -196,9 +196,9 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Count lines of code" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@v4.0.5 with: build_datetime: "${{ inputs.build_datetime }}" build_timestamp: "${{ inputs.build_timestamp }}" @@ -215,9 +215,9 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Scan dependencies" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@v4.0.5 with: build_datetime: "${{ inputs.build_datetime }}" build_timestamp: "${{ inputs.build_timestamp }}" diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index 6623e5b3..ce6b5e5b 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -43,14 +43,14 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true - name: "Use Node.js" - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: '.tool-versions' cache: 'pnpm' @@ -69,7 +69,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Run linting" run: | make test-lint @@ -83,7 +83,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Run test coverage check" run: | make test-coverage @@ -100,7 +100,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Full history is needed to improving relevancy of reporting - name: "Download coverage report for SONAR" @@ -108,7 +108,7 @@ jobs: with: name: code-coverage-report - name: "Perform static analysis" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@v4.0.3 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@v4.0.5 with: sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}" sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}" diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml index 3d80be32..27e4ffad 100644 --- a/.github/workflows/stage-3-build.yaml +++ b/.github/workflows/stage-3-build.yaml @@ -43,9 +43,9 @@ jobs: timeout-minutes: 3 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -59,7 +59,7 @@ jobs: timeout-minutes: 3 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build artefact 1" run: | echo "Building artefact 1 ..." @@ -76,7 +76,7 @@ jobs: timeout-minutes: 3 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Build artefact n" run: | echo "Building artefact n ..." diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 7e2b7b21..eb0a2bec 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -43,9 +43,9 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -65,9 +65,9 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -84,9 +84,9 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -103,9 +103,9 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -122,9 +122,9 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -141,9 +141,9 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -160,9 +160,9 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -179,9 +179,9 @@ jobs: timeout-minutes: 10 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true @@ -208,9 +208,9 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Setup pnpm" - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 with: version: "${{ inputs.pnpm_version }}" cache: true From 6427a03df36c6d874d9414ddde728e3d1c0abe35 Mon Sep 17 00:00:00 2001 From: damientobin1 Date: Wed, 3 Jun 2026 10:53:24 +0100 Subject: [PATCH 2/2] CCM-18143: Updating_Github_Actions_Validation --- .github/workflows/cicd-4-pr-title-check.yaml | 2 +- .github/workflows/stage-1-commit.yaml | 16 ++++++++-------- .github/workflows/stage-2-test.yaml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cicd-4-pr-title-check.yaml b/.github/workflows/cicd-4-pr-title-check.yaml index a4990dbb..41b29d91 100644 --- a/.github/workflows/cicd-4-pr-title-check.yaml +++ b/.github/workflows/cicd-4-pr-title-check.yaml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - name: "Check PR title format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-pr-title-format@4.0.5 with: title: ${{ github.event.pull_request.title }} diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 9c7900e8..685c982b 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -52,7 +52,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to scan all commits - name: "Scan secrets" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-secrets@4.0.5 check-file-format: name: "Check file format" runs-on: ubuntu-latest @@ -63,7 +63,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check file format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-file-format@4.0.5 check-markdown-format: name: "Check Markdown format" runs-on: ubuntu-latest @@ -74,7 +74,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check Markdown format" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-markdown-format@4.0.5 terraform-docs: name: "Run terraform-docs" runs-on: ubuntu-latest @@ -109,7 +109,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check English usage" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-english-usage@4.0.5 check-todo-usage: name: "Check TODO usage" runs-on: ubuntu-latest @@ -120,7 +120,7 @@ jobs: with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check TODO usage" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/check-todo-usage@4.0.5 detect-terraform-changes: name: "Detect Terraform Changes" runs-on: ubuntu-latest @@ -156,7 +156,7 @@ jobs: - name: "Setup ASDF" uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4.0.1 - name: "Lint Terraform" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/lint-terraform@4.0.5 #TODO - Re-visit Trivy usage https://nhsd-jira.digital.nhs.uk/browse/CCM-15549 # trivy-iac: # name: "Trivy IaC Scan" @@ -198,7 +198,7 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Count lines of code" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/create-lines-of-code-report@4.0.5 with: build_datetime: "${{ inputs.build_datetime }}" build_timestamp: "${{ inputs.build_timestamp }}" @@ -217,7 +217,7 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Scan dependencies" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/scan-dependencies@4.0.5 with: build_datetime: "${{ inputs.build_datetime }}" build_timestamp: "${{ inputs.build_timestamp }}" diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index ce6b5e5b..71108755 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -108,7 +108,7 @@ jobs: with: name: code-coverage-report - name: "Perform static analysis" - uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@v4.0.5 + uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@4.0.5 with: sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}" sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"