diff --git a/.github/workflows/build_docker_images.yml b/.github/workflows/build_docker_images.yml index 32511b64bc..5d03041484 100644 --- a/.github/workflows/build_docker_images.yml +++ b/.github/workflows/build_docker_images.yml @@ -1,11 +1,11 @@ --- name: Docker build -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy pull_request: branches: - main - - 'feature/**' + - "feature/**" workflow_dispatch: # for each ref (branch/pr) run just the most recent, cancel @@ -27,12 +27,12 @@ jobs: path: ${{ github.event_path }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Filter changes - uses: dorny/paths-filter@v2 + uses: dorny/paths-filter@v3 id: filter with: filters: | @@ -105,7 +105,7 @@ jobs: if: | (steps.filter.outputs.api == 'true' || github.event_name == 'workflow_dispatch') - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./api_app/ file: ./api_app/Dockerfile @@ -116,7 +116,7 @@ jobs: - name: "Check pytest failure file existence" id: check_api_test_result - uses: andstor/file-existence-action@v2 + uses: andstor/file-existence-action@v3 with: files: "test-results/pytest_api_unit_failed" @@ -125,7 +125,7 @@ jobs: (steps.filter.outputs.api == 'true' || github.event_name == 'workflow_dispatch') && steps.check_api_test_result.outputs.files_exists == 'false' - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./api_app/ file: ./api_app/Dockerfile @@ -136,7 +136,7 @@ jobs: if: | (steps.filter.outputs.resource_processor == 'true' || github.event_name == 'workflow_dispatch') - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./resource_processor file: ./resource_processor/vmss_porter/Dockerfile @@ -147,7 +147,7 @@ jobs: if: | (steps.filter.outputs.guacamole_server == 'true' || github.event_name == 'workflow_dispatch') - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./templates/workspace_services/guacamole/guacamole-server file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile @@ -158,7 +158,7 @@ jobs: - name: "Check maven failure file existence" id: check_maven_test_result - uses: andstor/file-existence-action@v2 + uses: andstor/file-existence-action@v3 with: files: "test-results/guacamole_package_failed" @@ -167,7 +167,7 @@ jobs: (steps.filter.outputs.guacamole_server == 'true' || github.event_name == 'workflow_dispatch') && steps.check_maven_test_result.outputs.files_exists == 'false' - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./templates/workspace_services/guacamole/guacamole-server file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile @@ -178,7 +178,7 @@ jobs: if: | (steps.filter.outputs.gitea == 'true' || github.event_name == 'workflow_dispatch') - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./templates/shared_services/gitea/docker file: ./templates/shared_services/gitea/docker/Dockerfile @@ -195,7 +195,7 @@ jobs: if: | (steps.filter.outputs.airlock_processor == 'true' || github.event_name == 'workflow_dispatch') - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./airlock_processor/ file: ./airlock_processor/Dockerfile @@ -206,7 +206,7 @@ jobs: - name: "Check pytest failure file existence" id: check_airlock_processor_test_result - uses: andstor/file-existence-action@v2 + uses: andstor/file-existence-action@v3 with: files: "test-results/pytest_airlock_processor_unit_failed" @@ -215,7 +215,7 @@ jobs: (steps.filter.outputs.airlock_processor == 'true' || github.event_name == 'workflow_dispatch') && steps.check_airlock_processor_test_result.outputs.files_exists == 'false' - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: context: ./airlock_processor/ file: ./airlock_processor/Dockerfile diff --git a/.github/workflows/build_docs.yml b/.github/workflows/build_docs.yml index 8cbfc132a7..8256aafad1 100644 --- a/.github/workflows/build_docs.yml +++ b/.github/workflows/build_docs.yml @@ -6,7 +6,7 @@ on: types: [published] push: paths: - - 'docs/**' + - "docs/**" - mkdocs.yml branches: - main @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout main - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 persist-credentials: true @@ -27,7 +27,7 @@ jobs: run: | pip install -r docs/requirements.txt - name: Configure Git User - # Required by mike for the commit it does to the gh-pages branch + # Required by mike for the commit it does to the gh-pages branch run: | git config user.name "ci-docs" git config user.email "ci-docs@dummy.com" diff --git a/.github/workflows/build_validation_develop.yml b/.github/workflows/build_validation_develop.yml index b1f1b563bc..d0f20a8315 100644 --- a/.github/workflows/build_validation_develop.yml +++ b/.github/workflows/build_validation_develop.yml @@ -1,11 +1,11 @@ --- name: Build Validation -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy pull_request: branches: - main - - 'feature/**' + - "feature/**" # for each ref (branch/pr) run just the most recent, # cancel other pending/running ones @@ -19,14 +19,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # Full git history is needed to get a proper list of # changed files within `super-linter` fetch-depth: 0 persist-credentials: false - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@v3 id: filter with: filters: | diff --git a/.github/workflows/clean_validation_envs.yml b/.github/workflows/clean_validation_envs.yml index 7bcfb689ff..d473df0949 100644 --- a/.github/workflows/clean_validation_envs.yml +++ b/.github/workflows/clean_validation_envs.yml @@ -14,7 +14,7 @@ jobs: environment: CICD timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # This is CRITICAL since we're making decisions based on branch existence fetch-depth: 0 diff --git a/.github/workflows/cli-package.yml b/.github/workflows/cli-package.yml index 862057d824..a7127952c5 100644 --- a/.github/workflows/cli-package.yml +++ b/.github/workflows/cli-package.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout (GitHub) - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build and run dev container task uses: ./.github/actions/devcontainer_run_command diff --git a/.github/workflows/deploy_tre_reusable.yml b/.github/workflows/deploy_tre_reusable.yml index ba8033d1b3..1bb7f4bb17 100644 --- a/.github/workflows/deploy_tre_reusable.yml +++ b/.github/workflows/deploy_tre_reusable.yml @@ -185,7 +185,7 @@ jobs: details_url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -279,7 +279,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -303,7 +303,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -327,7 +327,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -443,7 +443,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -505,7 +505,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -567,7 +567,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -649,7 +649,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -706,7 +706,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -740,7 +740,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -789,7 +789,7 @@ jobs: environment: ${{ inputs.environmentName }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -820,7 +820,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) @@ -864,7 +864,7 @@ jobs: timeout-minutes: 300 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # if the following values are missing (i.e. not triggered via comment workflow) diff --git a/.github/workflows/flag_external_pr.yml b/.github/workflows/flag_external_pr.yml index 8e1ac68996..382839fbd8 100644 --- a/.github/workflows/flag_external_pr.yml +++ b/.github/workflows/flag_external_pr.yml @@ -1,6 +1,6 @@ name: flag_external_pr -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy pull_request_target: types: [opened] # only run on new PRs # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment @@ -15,13 +15,13 @@ jobs: steps: # Ensure we have the script file for the github-script action to use - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - id: check_command name: Check for a command using GitHub script - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: result-encoding: string script: | diff --git a/.github/workflows/lets_encrypt.yml b/.github/workflows/lets_encrypt.yml index 768ca0619a..aa3b28c0ec 100644 --- a/.github/workflows/lets_encrypt.yml +++ b/.github/workflows/lets_encrypt.yml @@ -1,7 +1,7 @@ --- name: Renew Lets Encrypt Certificates -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy schedule: # 3am each month https://crontab.guru/#0_3_1_*_* - cron: "0 3 1 * *" @@ -13,8 +13,8 @@ concurrency: letsencrypt env: USE_ENV_VARS_NOT_FILES: true - TF_INPUT: 0 # interactive is off - TF_IN_AUTOMATION: 1 # Run in headless mode + TF_INPUT: 0 # interactive is off + TF_IN_AUTOMATION: 1 # Run in headless mode jobs: renew_letsencrypt_certs: @@ -23,12 +23,12 @@ jobs: environment: CICD steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Install Terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 with: terraform_version: 1.2.9 terraform_wrapper: false @@ -41,8 +41,7 @@ jobs: ARM_SUBSCRIPTION_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).tenantId }} ARM_TENANT_ID: ${{ fromJSON(secrets.AZURE_CREDENTIALS).subscriptionId }} TRE_ID: ${{ secrets.TRE_ID }} - TERRAFORM_STATE_CONTAINER_NAME: - ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME && secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }} + TERRAFORM_STATE_CONTAINER_NAME: ${{ secrets.TERRAFORM_STATE_CONTAINER_NAME && secrets.TERRAFORM_STATE_CONTAINER_NAME || 'tfstate' }} MGMT_RESOURCE_GROUP_NAME: ${{ secrets.MGMT_RESOURCE_GROUP_NAME }} MGMT_STORAGE_ACCOUNT_NAME: ${{ secrets.MGMT_STORAGE_ACCOUNT_NAME }} run: | diff --git a/.github/workflows/pr_comment_bot.yml b/.github/workflows/pr_comment_bot.yml index 040e28d396..165b0834a0 100644 --- a/.github/workflows/pr_comment_bot.yml +++ b/.github/workflows/pr_comment_bot.yml @@ -32,14 +32,14 @@ jobs: steps: # Ensure we have the script file for the github-script action to use - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # Determine whether the comment is a command - id: check_command name: Check for a command using GitHub script - uses: actions/github-script@v6 + uses: actions/github-script@v7 with: script: | const script = require('./.github/scripts/build.js') @@ -79,7 +79,7 @@ jobs: steps: # Ensure we have the script files - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -115,7 +115,7 @@ jobs: steps: # Ensure we have the script files - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false