Merge branch 'main' into dependabot/github_actions/actions/download-artifact-7.0.0

Author: acabarbaye

.github/workflows/build-and-test.yml

@@ -31,7 +31,7 @@ jobs:
     steps:
       # we want the head of the branch that triggered this, not the reference of the commit, this is so we get updated go versions etc.
       - name: Check out [${{ inputs.branch || github.ref }}]
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: ${{ inputs.branch || github.ref }}
       - name: Update Go env version

.github/workflows/ci.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Checkout with full history for to allow compare with base branch
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - uses: actions/setup-python@v6
@@ -52,7 +52,7 @@ jobs:
     - uses: actions/setup-python@v6
     - name: Install tools
       run: pip install detect-secrets[gibberish]==1.5.0 && pip list
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         fetch-depth: 0
     # FIXME: GitLeaks requires a licence now

.github/workflows/dependabot.yml

@@ -21,7 +21,7 @@ jobs:
     needs: update-client
     steps:
       # Checkout with full history for to allow compare with base branch
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - uses: actions/setup-python@v6

.github/workflows/release.yml

@@ -19,7 +19,7 @@ jobs:
     outputs:
       changes: ${{ steps.check.outputs.changes }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Check if changes directory contains files
         id: check
         run: |
@@ -33,7 +33,7 @@ jobs:
     needs: [ check-for-changes ]
     if: needs.check-for-changes.outputs.changes
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           # Get the full history as this is required by goreleaser
           fetch-depth: 0

.github/workflows/scorecard.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v4.1.1
         with:
           persist-credentials: false
 
@@ -59,7 +59,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
+        uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           sarif_file: results.sarif

.github/workflows/update-client.yml

@@ -27,14 +27,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout API-Uniform-Contract repo
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         token: ${{ secrets.GIT_SECRET }}
         repository: Arm-Debug/API-Uniform-Contract
         path: API-Uniform-Contract
         ref: main
         # FIXME set to `production`
-    - uses: actions/upload-artifact@v5.0.0
+    - uses: actions/upload-artifact@v6.0.0
       with:
         name: all-service-flat
         path: API-Uniform-Contract/all/1/
@@ -44,13 +44,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: update-client
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         # So that we have correct GIT_TOKEN to push back to branch as we need workflow permissions
         token: ${{ secrets.GIT_SECRET }}
         ref: ${{ inputs.branch || github.head_ref || github.ref }}
     - name: Checkout Update Go action
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         repository: Arm-Debug/update-go-action
         ref: refs/tags/latest
@@ -75,7 +75,7 @@ jobs:
     - name: Install continuous-delivery-scripts
       run: |
         pip install continuous-delivery-scripts
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         ref: ${{ inputs.branch || github.head_ref || github.ref }}
     - name: Download all-service-flat artefact
@@ -113,7 +113,7 @@ jobs:
         ls -l ${{ env.go_module }}/*
     - name: Upload extensions
       if: ${{ env.EXTENSIONS_EXISTS == 'true' }}
-      uses: actions/upload-artifact@v5.0.0
+      uses: actions/upload-artifact@v6.0.0
       with:
         name: extensions
         path: extensions/
@@ -155,7 +155,7 @@ jobs:
     needs:
       - build-and-test
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Trigger release
       if: contains(${{ inputs.branch || github.head_ref || github.ref }} , 'main')
       run: gh workflow run release.yml -f release_type=release

.secrets.baseline

@@ -132,8 +132,7 @@
         ".*\\.properties$",
         "^\\.git[\\\\/]",
         ".*go\\.sum$",
-        ".*codegen.*",
-        "workflows/.*"
+        "^workflows/.*"
       ]
     }
   ],
@@ -153,7 +152,7 @@
         "filename": "client/docs/FPGAJobsAPI.md",
         "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
         "is_verified": false,
-        "line_number": 204
+        "line_number": 277
       }
     ],
     "client/docs/WorkspaceAPI.md": [
@@ -164,7 +163,184 @@
         "is_verified": false,
         "line_number": 505
       }
+    ],
+    "generator/codegen/testdata/collections/test-all-redacted.json": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/collections/test-all-redacted.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      }
+    ],
+    "generator/codegen/testdata/collections/test-some-redacted.json": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/collections/test-some-redacted.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      }
+    ],
+    "generator/codegen/testdata/collections/test-x-no-pagination.json": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/collections/test-x-no-pagination.json",
+        "hashed_secret": "923aa0e1ab5acd10fc414b54d9d53e3803948e89",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/collections/test-x-no-pagination.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/collections/test-x-no-pagination.json",
+        "hashed_secret": "b6c30ab47db0e58093620b979821ff3a0f14226d",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/collections/test-x-no-pagination.json",
+        "hashed_secret": "fdde1bd360789412444733526da9cc4278c8242a",
+        "is_verified": false,
+        "line_number": 1
+      }
+    ],
+    "generator/codegen/testdata/collections/test.json": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/collections/test.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      }
+    ],
+    "generator/codegen/testdata/jobs/test-all-redacted.json": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-all-redacted.json",
+        "hashed_secret": "923aa0e1ab5acd10fc414b54d9d53e3803948e89",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-all-redacted.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-all-redacted.json",
+        "hashed_secret": "b6c30ab47db0e58093620b979821ff3a0f14226d",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-all-redacted.json",
+        "hashed_secret": "fdde1bd360789412444733526da9cc4278c8242a",
+        "is_verified": false,
+        "line_number": 1
+      }
+    ],
+    "generator/codegen/testdata/jobs/test-some-redacted.json": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-some-redacted.json",
+        "hashed_secret": "923aa0e1ab5acd10fc414b54d9d53e3803948e89",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-some-redacted.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-some-redacted.json",
+        "hashed_secret": "b6c30ab47db0e58093620b979821ff3a0f14226d",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test-some-redacted.json",
+        "hashed_secret": "fdde1bd360789412444733526da9cc4278c8242a",
+        "is_verified": false,
+        "line_number": 1
+      }
+    ],
+    "generator/codegen/testdata/jobs/test.json": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test.json",
+        "hashed_secret": "923aa0e1ab5acd10fc414b54d9d53e3803948e89",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test.json",
+        "hashed_secret": "b6c30ab47db0e58093620b979821ff3a0f14226d",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/jobs/test.json",
+        "hashed_secret": "fdde1bd360789412444733526da9cc4278c8242a",
+        "is_verified": false,
+        "line_number": 1
+      }
+    ],
+    "generator/codegen/testdata/linkfollowers/test.json": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/linkfollowers/test.json",
+        "hashed_secret": "923aa0e1ab5acd10fc414b54d9d53e3803948e89",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Hex High Entropy String",
+        "filename": "generator/codegen/testdata/linkfollowers/test.json",
+        "hashed_secret": "a971ecb6f8d59edcdb891d80bc3965504aa1f6ec",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/linkfollowers/test.json",
+        "hashed_secret": "b6c30ab47db0e58093620b979821ff3a0f14226d",
+        "is_verified": false,
+        "line_number": 1
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "generator/codegen/testdata/linkfollowers/test.json",
+        "hashed_secret": "fdde1bd360789412444733526da9cc4278c8242a",
+        "is_verified": false,
+        "line_number": 1
+      }
     ]
   },
-  "generated_at": "2025-10-17T16:43:56Z"
+  "generated_at": "2025-12-23T16:24:30Z"
 }