diff --git a/.github/workflows/check_rds_cluster_update.yml b/.github/workflows/check_rds_cluster_update.yml index db256e39e..43a80ec93 100644 --- a/.github/workflows/check_rds_cluster_update.yml +++ b/.github/workflows/check_rds_cluster_update.yml @@ -18,10 +18,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::239043911459:role/notification-terraform-apply role-session-name: RDSClusterUpdateCheck diff --git a/.github/workflows/terraform_static_analysis.yml b/.github/workflows/terraform_static_analysis.yml index d179ccbd1..ecadbb419 100644 --- a/.github/workflows/terraform_static_analysis.yml +++ b/.github/workflows/terraform_static_analysis.yml @@ -29,6 +29,6 @@ jobs: config_file: ./aws/.checkov.yml - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@a82bad71823183e5b120ab52d521460ecb0585fe # v2.24.9 with: sarif_file: results.sarif diff --git a/.github/workflows/terragrunt_plan_production.yml b/.github/workflows/terragrunt_plan_production.yml index 5b57add72..9d651a497 100644 --- a/.github/workflows/terragrunt_plan_production.yml +++ b/.github/workflows/terragrunt_plan_production.yml @@ -75,7 +75,7 @@ jobs: echo "INFRASTRUCTURE_VERSION=$INFRASTRUCTURE_VERSION" >> $GITHUB_ENV - name: Terragrunt plan common - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/common" comment-delete: "true" @@ -84,7 +84,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ECR - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/ecr" comment-delete: "true" @@ -93,7 +93,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ses_receiving_emails - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/ses_receiving_emails" comment-delete: "true" @@ -102,7 +102,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ses_to_sqs_email_callbacks - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/ses_to_sqs_email_callbacks" comment-delete: "true" @@ -111,7 +111,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan sns_to_sqs_sms_callbacks - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/sns_to_sqs_sms_callbacks" comment-delete: "true" @@ -120,7 +120,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan dns - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/dns" comment-delete: "true" @@ -129,7 +129,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ses_validation_dns_entries - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/ses_validation_dns_entries" comment-delete: "true" @@ -138,7 +138,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan eks - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/eks" comment-delete: "true" @@ -147,7 +147,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan elasticache - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/elasticache" comment-delete: "true" @@ -156,7 +156,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan rds - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/rds" comment-delete: "true" @@ -165,7 +165,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan cloudfront - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/cloudfront" comment-delete: "true" @@ -174,7 +174,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan lambda-api - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/lambda-api" comment-delete: "true" @@ -183,7 +183,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan heartbeat - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/heartbeat" comment-delete: "true" @@ -192,7 +192,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan database-tools - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/database-tools" comment-delete: "true" @@ -201,7 +201,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan quicksight - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/quicksight" comment-delete: "true" @@ -210,7 +210,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan lambda-google-cidr - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/lambda-google-cidr" comment-delete: "true" @@ -219,7 +219,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan system_status - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/system_status" comment-delete: "true" @@ -229,7 +229,7 @@ jobs: skip-conftest: "true" - name: Terragrunt plan system_status_static_site - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/production/system_status_static_site" comment-delete: "true" diff --git a/.github/workflows/terragrunt_plan_staging.yml b/.github/workflows/terragrunt_plan_staging.yml index f249e97df..372dfaf98 100644 --- a/.github/workflows/terragrunt_plan_staging.yml +++ b/.github/workflows/terragrunt_plan_staging.yml @@ -76,7 +76,7 @@ jobs: TERRAGRUNT_VERSION: 0.44.4 TF_SUMMARIZE_VERSION: 0.2.3 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@7267a8516b6f92bdb098633497bad573efdbf271 # v2.12.0 id: filter with: filters: | @@ -146,7 +146,7 @@ jobs: - name: Terragrunt plan common if: ${{ steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/common" comment-delete: "true" @@ -156,7 +156,7 @@ jobs: - name: Terragrunt plan ECR if: ${{ steps.filter.outputs.ecr == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/ecr" comment-delete: "true" @@ -166,7 +166,7 @@ jobs: - name: Terragrunt plan ses_receiving_emails if: ${{ steps.filter.outputs.ses_receiving_emails == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/ses_receiving_emails" comment-delete: "true" @@ -176,7 +176,7 @@ jobs: - name: Terragrunt plan dns if: ${{ steps.filter.outputs.dns == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/dns" comment-delete: "true" @@ -186,7 +186,7 @@ jobs: - name: Terragrunt plan ses_validation_dns_entries if: ${{ steps.filter.outputs.ses_validation_dns_entries == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/ses_validation_dns_entries" comment-delete: "true" @@ -196,7 +196,7 @@ jobs: - name: Terragrunt plan eks if: ${{ steps.filter.outputs.eks == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/eks" comment-delete: "true" @@ -206,7 +206,7 @@ jobs: - name: Terragrunt plan elasticache if: ${{ steps.filter.outputs.elasticache == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/elasticache" comment-delete: "true" @@ -216,7 +216,7 @@ jobs: - name: Terragrunt plan rds if: ${{ steps.filter.outputs.rds == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/rds" comment-delete: "true" @@ -226,7 +226,7 @@ jobs: - name: Terragrunt plan cloudfront if: ${{ steps.filter.outputs.cloudfront == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/cloudfront" comment-delete: "true" @@ -236,7 +236,7 @@ jobs: - name: Terragrunt plan lambda-api if: ${{ steps.filter.outputs.lambda-api == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/lambda-api" comment-delete: "true" @@ -246,7 +246,7 @@ jobs: - name: Terragrunt plan lambda-admin-pr if: ${{ steps.filter.outputs.lambda-admin-pr == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/lambda-admin-pr" comment-delete: "true" @@ -256,7 +256,7 @@ jobs: - name: Terragrunt plan performance-test if: ${{ steps.filter.outputs.performance-test == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/performance-test" comment-delete: "true" @@ -266,7 +266,7 @@ jobs: - name: Terragrunt plan heartbeat if: ${{ steps.filter.outputs.heartbeat == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/heartbeat" comment-delete: "true" @@ -276,7 +276,7 @@ jobs: - name: Terragrunt plan database-tools if: ${{ steps.filter.outputs.database-tools == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/database-tools" comment-delete: "true" @@ -286,7 +286,7 @@ jobs: - name: Terragrunt plan quicksight if: ${{ steps.filter.outputs.quicksight == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/quicksight" comment-delete: "true" @@ -296,7 +296,7 @@ jobs: - name: Terragrunt plan lambda-google-cidr if: ${{ steps.filter.outputs.lambda-google-cidr == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/lambda-google-cidr" comment-delete: "true" @@ -306,7 +306,7 @@ jobs: - name: Terragrunt plan ses_to_sqs_email_callbacks if: ${{ steps.filter.outputs.ses_to_sqs_email_callbacks == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/ses_to_sqs_email_callbacks" comment-delete: "true" @@ -316,7 +316,7 @@ jobs: - name: Terragrunt plan sns_to_sqs_sms_callbacks if: ${{ steps.filter.outputs.sns_to_sqs_sms_callbacks == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/sns_to_sqs_sms_callbacks" comment-delete: "true" @@ -326,7 +326,7 @@ jobs: - name: Terragrunt plan system_status if: ${{ steps.filter.outputs.system_status == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/system_status" comment-delete: "true" @@ -336,7 +336,7 @@ jobs: - name: Terragrunt plan aws/system_status_static_site if: ${{ steps.filter.outputs.system_status_static_site == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 with: directory: "env/staging/system_status_static_site" comment-delete: "true"