leplusorg · thomasleplus · Nov 22, 2025 · Nov 21, 2025 · Nov 21, 2025 · Nov 22, 2025
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -46,6 +46,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
 
       # Add any setup steps before running the `github/codeql-action/init` action.

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -14,6 +14,7 @@ jobs:
       - name: "Checkout Repository"
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: "Dependency Review"
         uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
@@ -30,6 +30,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16

diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
@@ -10,6 +10,9 @@ on:
 
 permissions: {}
 
+env:
+  DOCKER_BUILDKIT: 1
+
 jobs:
   docker-build-push:
     if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
@@ -28,6 +31,7 @@ jobs:
           echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: Set SOURCE_DATE_EPOCH
         run: |
@@ -71,6 +75,8 @@ jobs:
           provenance: mode=max
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - name: Sign the Docker image
         if: github.ref == 'refs/heads/main'
         working-directory: ${{ env.IMAGE }}

diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -7,6 +7,9 @@ on:
 
 permissions: {}
 
+env:
+  DOCKER_BUILDKIT: 1
+
 jobs:
   docker-release:
     if: startsWith(github.ref, 'refs/tags/')
@@ -25,6 +28,7 @@ jobs:
           echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: Set SOURCE_DATE_EPOCH
         run: |
@@ -62,6 +66,8 @@ jobs:
           provenance: mode=max
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - name: Sign the Docker image
         working-directory: ${{ env.IMAGE }}
         env:

diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml
@@ -26,6 +26,7 @@ jobs:
           echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: Pull the ${{ matrix.tag }} ${{ matrix.platform }} image
         shell: bash

diff --git a/.github/workflows/msdo.yml b/.github/workflows/msdo.yml
@@ -28,6 +28,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: Run Microsoft Security DevOps scanner
         id: scan

diff --git a/.github/workflows/pipx-check-versions.yml b/.github/workflows/pipx-check-versions.yml
@@ -19,6 +19,7 @@ jobs:
       - name: Check out
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: Set up Python
         uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -28,6 +28,7 @@ jobs:
       - name: "Checkout code"
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
+          fetch-depth: 1
           persist-credentials: false
       - name: "Run analysis"
         uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3

diff --git a/aws-cli/requirements.txt b/aws-cli/requirements.txt
@@ -1,4 +1,4 @@
-aws-sam-cli==1.146.0
+aws-sam-cli==1.148.0
 cfn-lint==1.41.0
 cfn-policy-validator==0.0.36
 checkov==3.2.494