Renovate Update GitHub Actions (#1667)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ministryofjustice · Sep 10, 2024 · 8de10db · 8de10db
1 parent b27eb53
commit 8de10db
Show file tree

Hide file tree

Showing 19 changed files with 47 additions and 47 deletions.
diff --git a/.github/workflows/_build-and-push.yml b/.github/workflows/_build-and-push.yml
@@ -57,7 +57,7 @@ jobs:
             sub_folder: "lambdas/functions/synchronisation"
             docker_file: "Dockerfile"
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: set up docker buildx
         uses: docker/setup-buildx-action@edfb0fe6204400c56fbfd3feba3fe9ad1adfa345
@@ -84,7 +84,7 @@ jobs:
         uses: unfor19/install-aws-cli-action@46282f151073130d90347412d9c4ef0640177f22 # pin@v1.0.3
 
       - name: configure OIDC AWS credentials for ECR push
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24 # pin@v1.7.0
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277 # pin@v1.7.0
         with:
           role-to-assume: arn:aws:iam::311462405659:role/digideps-gh-actions-ecr-push
           role-session-name: github-actions-ecr-push
@@ -155,7 +155,7 @@ jobs:
 
       - name: ecr login
         id: login_ecr
-        uses: aws-actions/amazon-ecr-login@dd9f68fefdcebff7afef315476c0ad889e8897ff # pin@v1.5.1
+        uses: aws-actions/amazon-ecr-login@00e8074ea5f4936907c7b26611e2b9b4691c2784 # pin@v1.5.1
         with:
           registries: 311462405659
 

diff --git a/.github/workflows/_codecov.yml b/.github/workflows/_codecov.yml
@@ -11,7 +11,7 @@ jobs:
   code_coverage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
       - name: download artifact for client tests
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
         with:

diff --git a/.github/workflows/_cycle-secrets.yml b/.github/workflows/_cycle-secrets.yml
@@ -9,9 +9,9 @@ jobs:
   cycle_secrets_for_env:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc
 
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
+      - uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a
         with:
           python-version: "3.11"
 
@@ -20,7 +20,7 @@ jobs:
         run: pip3 install -r requirements.txt
 
       - name: configure OIDC AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: "arn:aws:iam::631181914621:role/oidc-digideps-${{ inputs.account_environment }}"
           role-session-name: github-actions-cycle-secrets

diff --git a/.github/workflows/_ecr-scanning.yml b/.github/workflows/_ecr-scanning.yml
@@ -15,18 +15,18 @@ jobs:
   ecr-scan-results:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: configure OIDC AWS credentials for ECR scanning
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: arn:aws:iam::311462405659:role/digideps-gh-actions-ecr-scan
           role-session-name: github-actions-ecr-scan
           role-duration-seconds: 1800
           aws-region: eu-west-1
 
       - name: install python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # pin@v4.2.0
+        uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a # pin@v4.2.0
         with:
           python-version: "3.10"
           cache: "pip"

diff --git a/.github/workflows/_latest-deployed-image.yml b/.github/workflows/_latest-deployed-image.yml
@@ -23,7 +23,7 @@ jobs:
     outputs:
       image_tag: ${{ steps.export_tag.outputs.image_tag }}
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
         with:
           fetch-depth: "0"
 
@@ -46,7 +46,7 @@ jobs:
           terraform_wrapper: false
 
       - name: configure OIDC AWS credentials for latest deployment
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: arn:aws:iam::631181914621:role/oidc-digideps-${{ inputs.account_name }}
           role-session-name: github-actions-slack-notifier

diff --git a/.github/workflows/_lint-terraform.yml b/.github/workflows/_lint-terraform.yml
@@ -20,7 +20,7 @@ jobs:
           - folder: "environment"
           - folder: "account"
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - id: terraform_version
         name: get terraform version
@@ -34,7 +34,7 @@ jobs:
           terraform_wrapper: false
 
       - name: configure OIDC AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: arn:aws:iam::631181914621:role/oidc-digideps-development
           role-session-name: github-actions-terraform

diff --git a/.github/workflows/_run-task.yml b/.github/workflows/_run-task.yml
@@ -30,7 +30,7 @@ jobs:
   run-task:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - uses: unfor19/install-aws-cli-action@46282f151073130d90347412d9c4ef0640177f22 # pin@v1.0.3
 
@@ -46,7 +46,7 @@ jobs:
           terraform_wrapper: false
 
       - name: configure OIDC AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: "arn:aws:iam::631181914621:role/oidc-digideps-${{ inputs.account_name }}"
           role-session-name: github-actions-terraform-run-task

diff --git a/.github/workflows/_run-terraform.yml b/.github/workflows/_run-terraform.yml
@@ -33,13 +33,13 @@ jobs:
   terraform_workflow:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
         with:
           fetch-depth: "0"
 
       - uses: unfor19/install-aws-cli-action@46282f151073130d90347412d9c4ef0640177f22 # pin@v1.0.3
 
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
+      - uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a
         if: inputs.terraform_path == 'shared'
         with:
           python-version: "3.11"
@@ -61,7 +61,7 @@ jobs:
           terraform_wrapper: false
 
       - name: configure OIDC AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24 # pin@v1.7.0
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277 # pin@v1.7.0
         with:
           role-to-assume: "arn:aws:iam::631181914621:role/oidc-digideps-${{ inputs.account_name }}"
           role-session-name: github-actions-terraform

diff --git a/.github/workflows/_scale-services.yml b/.github/workflows/_scale-services.yml
@@ -21,15 +21,15 @@ jobs:
   terraform_workflow:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
         with:
           fetch-depth: "0"
 
       - name: install aws cli
         uses: unfor19/install-aws-cli-action@46282f151073130d90347412d9c4ef0640177f22 # pin@v1.0.3
 
       - name: configure OIDC AWS credentials for scaling services
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: "arn:aws:iam::${{ inputs.account_id }}:role/digideps-gh-actions-scale-infra"
           role-session-name: github-actions-scale-infra

diff --git a/.github/workflows/_slack-notification.yml b/.github/workflows/_slack-notification.yml
@@ -29,18 +29,18 @@ jobs:
   send-slack-notification:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: configure OIDC AWS credentials for slack notification
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24 # pin@v1.7.0
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277 # pin@v1.7.0
         with:
           role-to-assume: arn:aws:iam::${{ inputs.account }}:role/digideps-gh-actions-slack-notifier
           role-session-name: github-actions-slack-notifier
           role-duration-seconds: 900
           aws-region: eu-west-1
 
       - name: install python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # pin@v4.2.0
+        uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a # pin@v4.2.0
         with:
           python-version: "3.11"
           cache: "pip"

diff --git a/.github/workflows/_unit-tests-api.yml b/.github/workflows/_unit-tests-api.yml
@@ -19,7 +19,7 @@ jobs:
   api-unit-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: set up docker buildx
         uses: docker/setup-buildx-action@edfb0fe6204400c56fbfd3feba3fe9ad1adfa345
@@ -70,7 +70,7 @@ jobs:
           docker compose -f docker-compose.yml -f docker-compose.unit-tests-api.yml down
 
       - name: archive test results
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v3.1.0
+        uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 # pin@v3.1.0
         with:
           name: api-unit-tests-${{ inputs.selection }}
           path: api-unit-tests-${{ inputs.selection }}.xml
diff --git a/.github/workflows/_unit-tests-client.yml b/.github/workflows/_unit-tests-client.yml
@@ -11,7 +11,7 @@ jobs:
   client-unit-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: set up docker buildx
         uses: docker/setup-buildx-action@edfb0fe6204400c56fbfd3feba3fe9ad1adfa345
@@ -68,13 +68,13 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: archive pact results
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v3.1.0
+        uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 # pin@v3.1.0
         with:
           name: pact.json
           path: pact.json
 
       - name: archive test results
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v3.1.0
+        uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 # pin@v3.1.0
         with:
           name: client-unit-tests
           path: client-unit-tests.xml
diff --git a/.github/workflows/_unit-tests-miscellaneous.yml b/.github/workflows/_unit-tests-miscellaneous.yml
@@ -11,9 +11,9 @@ jobs:
   miscellaneous-unit-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3
+      - uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a
         with:
           python-version: "3.11"
 

diff --git a/.github/workflows/_web-resources.yml b/.github/workflows/_web-resources.yml
@@ -11,11 +11,11 @@ jobs:
   build-web:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
       - name: create nvmrc file
         run: grep "FROM node:" Dockerfile | awk -F' ' '{print $2}' | sed 's/^node:\(.*\)-.*/\1/' > .nvmrc
         working-directory: client/docker/resources
-      - uses: actions/setup-node@26961cf329f22f6837d5f54c3efd76b480300ace # pin@v3.6.0
+      - uses: actions/setup-node@1c7b2db92075f828bee89d7e19d33a911d15e7b3 # pin@v3.6.0
         with:
           node-version-file: "client/docker/resources/.nvmrc"
       - name: cache node modules
@@ -46,7 +46,7 @@ jobs:
           NODE_ENV=production npm run build
         working-directory: client/resources
       - name: archive dist
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v3.1.0
+        uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 # pin@v3.1.0
         with:
           name: web-distribution
           path: client/resources/public
diff --git a/.github/workflows/scheduled-disaster-recovery-test.yml b/.github/workflows/scheduled-disaster-recovery-test.yml
@@ -23,16 +23,16 @@ jobs:
     runs-on: ubuntu-latest
     name: restore to a point in time
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: install python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # pin@v4.2.0
+        uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a # pin@v4.2.0
         with:
           python-version: "3.11"
           cache: "pip"
 
       - name: configure OIDC AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: "arn:aws:iam::631181914621:role/oidc-digideps-preproduction"
           role-session-name: github-actions-terraform-run-task
@@ -60,16 +60,16 @@ jobs:
     needs:
       - restore_to_point_in_time
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: install python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # pin@v4.2.0
+        uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a # pin@v4.2.0
         with:
           python-version: "3.11"
           cache: "pip"
 
       - name: configure OIDC AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: "arn:aws:iam::631181914621:role/oidc-digideps-preproduction"
           role-session-name: github-actions-terraform-run-task

diff --git a/.github/workflows/scheduled-workspace-cleanup.yml b/.github/workflows/scheduled-workspace-cleanup.yml
@@ -22,7 +22,7 @@ jobs:
   terraform_environment_cleanup:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - id: terraform_version
         name: get terraform version
@@ -40,7 +40,7 @@ jobs:
           ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}
 
       - name: configure AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24 # pin@v1.7.0
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277 # pin@v1.7.0
         with:
           role-to-assume: arn:aws:iam::631181914621:role/oidc-digideps-development
           role-session-name: github-actions-terraform
@@ -64,7 +64,7 @@ jobs:
         working-directory: terraform/environment
 
       - name: install python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # pin@v4.2.0
+        uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a # pin@v4.2.0
         with:
           python-version: "3.10"
           cache: "pip"

diff --git a/.github/workflows/workflow-destroy-on-merge.yml b/.github/workflows/workflow-destroy-on-merge.yml
@@ -31,7 +31,7 @@ jobs:
     outputs:
       build_identifier: ${{ steps.variables.outputs.build_identifier }}
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
       - name: extract variables for workflow
         id: variables
         env:
@@ -65,7 +65,7 @@ jobs:
           ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}
 
       - name: configure OIDC AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
+        uses: aws-actions/configure-aws-credentials@1ceaabc2d4208b18ff52a76e80c3a28df83f0277
         with:
           role-to-assume: arn:aws:iam::631181914621:role/oidc-digideps-development
           role-session-name: github-actions-terraform

diff --git a/.github/workflows/workflow-path-to-live.yml b/.github/workflows/workflow-path-to-live.yml
@@ -33,7 +33,7 @@ jobs:
       build_identifier: "main"
       version_tag: ${{ steps.semver_tag.outputs.created_tag }}
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
 
       - name: Generate build output using Markdown
         run: |

diff --git a/.github/workflows/workflow-pull-request-path.yml b/.github/workflows/workflow-pull-request-path.yml
@@ -34,7 +34,7 @@ jobs:
       build_identifier: ${{ steps.variables.outputs.build_identifier }}
       version_tag: ${{ steps.semver_tag.outputs.created_tag }}
     steps:
-      - uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # pin@v3
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # pin@v3
       - name: extract variables for workflow
         id: variables
         env: