diff --git a/.github/workflows/build_and_push_performance_test.yml b/.github/workflows/build_and_push_performance_test.yml index 75a666f2f2..87c04ff3d3 100644 --- a/.github/workflows/build_and_push_performance_test.yml +++ b/.github/workflows/build_and_push_performance_test.yml @@ -20,7 +20,7 @@ jobs: images: ${{ steps.filter.outputs.changes }} steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter @@ -41,7 +41,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Build container run: | @@ -61,7 +61,7 @@ jobs: - name: Login to ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0 + uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 - name: Push containers to ECR run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 36669e3ef4..0c20ffe4a7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,18 +24,18 @@ jobs: steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Initialize CodeQL - uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/init@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/autobuild@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/analyze@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docker-vulnerability-scan.yml b/.github/workflows/docker-vulnerability-scan.yml index e8f85ed882..43b3c05ee5 100644 --- a/.github/workflows/docker-vulnerability-scan.yml +++ b/.github/workflows/docker-vulnerability-scan.yml @@ -27,12 +27,12 @@ jobs: - name: Login to ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0 + uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 with: registry-type: public - name: Docker vulnerability scan - uses: cds-snc/security-tools/.github/actions/docker-scan@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3 + uses: cds-snc/security-tools/.github/actions/docker-scan@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4 with: docker_image: "${{ env.DOCKER_IMAGE }}:latest" dockerfile_path: "${{ env.DOCKERFILE_PATH }}" @@ -62,10 +62,10 @@ jobs: - name: Login to ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0 + uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 - name: Docker vulnerability scan - uses: cds-snc/security-tools/.github/actions/docker-scan@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3 + uses: cds-snc/security-tools/.github/actions/docker-scan@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4 with: docker_image: "${{ env.DOCKER_IMAGE }}:${{ env.IMAGE_TAG }}" dockerfile_path: "${{ env.DOCKERFILE_PATH }}" diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index e5470da1c6..f3f973ed3e 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest name: Build and push steps: - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Install AWS CLI run: | curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" @@ -43,7 +43,7 @@ jobs: - name: Login to ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0 + uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 with: registry-type: public @@ -90,7 +90,7 @@ jobs: TOKEN: ${{ steps.notify-pr-bot.outputs.token }} - name: Generate docker SBOM - uses: cds-snc/security-tools/.github/actions/generate-sbom@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3 + uses: cds-snc/security-tools/.github/actions/generate-sbom@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4 with: docker_image: "${{ env.DOCKER_SLUG }}:latest" dockerfile_path: "ci/Dockerfile" diff --git a/.github/workflows/lambda_production.yml b/.github/workflows/lambda_production.yml index c1ca0aa1ed..42b4e07bea 100644 --- a/.github/workflows/lambda_production.yml +++ b/.github/workflows/lambda_production.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Configure AWS credentials id: aws-creds @@ -43,14 +43,14 @@ jobs: - name: Login to ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0 + uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 - name: Push containers to ECR run: | docker push $REGISTRY/${{ matrix.image }}:$IMAGE_TAG - name: Generate docker SBOM - uses: cds-snc/security-tools/.github/actions/generate-sbom@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3 + uses: cds-snc/security-tools/.github/actions/generate-sbom@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4 with: docker_image: "${{ env.REGISTRY }}/${{ matrix.image }}:${{ env.IMAGE_TAG }}" dockerfile_path: "ci/Dockerfile.lambda" diff --git a/.github/workflows/lambda_staging.yml b/.github/workflows/lambda_staging.yml index 48a72b2cd5..da911cc3b6 100644 --- a/.github/workflows/lambda_staging.yml +++ b/.github/workflows/lambda_staging.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Configure AWS credentials id: aws-creds @@ -39,7 +39,7 @@ jobs: - name: Login to ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0 + uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 - name: Push containers to ECR run: | diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml index 67d9475956..d8c13e5d59 100644 --- a/.github/workflows/performance.yml +++ b/.github/workflows/performance.yml @@ -9,14 +9,14 @@ jobs: steps: - name: Install libcurl run: sudo apt-get update && sudo apt-get install libssl-dev libcurl4-openssl-dev - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Set up Python 3.10 - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: '3.10' - name: Upgrade pip run: python -m pip install --upgrade pip - - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9cd02ab128..10bfca14f3 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -18,14 +18,14 @@ jobs: steps: - name: Install libcurl run: sudo apt-get update && sudo apt-get install libssl-dev libcurl4-openssl-dev - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Set up Python 3.10 - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: '3.10' - name: Upgrade pip run: python -m pip install --upgrade pip - - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }} @@ -43,7 +43,7 @@ jobs: run: poetry run make test - name: Upload pytest logs on failure if: ${{ failure() }} - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: pytest-logs path: |