Pavan-Microsoft · Pavan-Microsoft · Jan 2, 2026 · Jan 2, 2026 · Jan 9, 2026 · Jan 11, 2026
diff --git a/.github/workflows/bicep-audit.yml b/.github/workflows/bicep-audit.yml
@@ -29,7 +29,7 @@ jobs:
           tools: templateanalyzer
 
       - name: Upload alerts to Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: github.repository_owner == 'Azure-Samples'
         with:
           sarif_file: ${{ steps.msdo.outputs.sarifFile }}
diff --git a/.github/workflows/broken-links-checker.yml b/.github/workflows/broken-links-checker.yml
@@ -28,13 +28,11 @@ jobs:
         with:
           files: |
             **/*.md
-
-
       # For PR: Check broken links only in changed files
       - name: Check Broken Links in Changed Markdown Files
         id: lychee-check-pr
         if: github.event_name == 'pull_request' && steps.changed-markdown-files.outputs.any_changed == 'true'
-        uses: lycheeverse/lychee-action@v2.4.1
+        uses: lycheeverse/lychee-action@v2.7.0
         with:
           args: >
             --verbose --exclude-mail --no-progress --exclude ^https?://
@@ -47,7 +45,7 @@ jobs:
       - name: Check Broken Links in All Markdown Files in Entire Repo (Manual Trigger)
         id: lychee-check-manual
         if: github.event_name == 'workflow_dispatch'
-        uses: lycheeverse/lychee-action@v2.6.1
+        uses: lycheeverse/lychee-action@v2.7.0
         with:
           args: >
             --verbose --exclude-mail --no-progress --exclude ^https?://

diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     - name: Docker Login to cwydcontainerreg (Main)
       if: ${{ inputs.push == true && github.ref_name == 'main' }}

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -416,7 +416,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Destroy resources
         uses: devcontainers/ci@v0.3

diff --git a/.github/workflows/comment_coverage.yml b/.github/workflows/comment_coverage.yml
@@ -18,7 +18,7 @@ jobs:
       github.event.workflow_run.conclusion != 'cancelled'
     steps:
       - name: Download artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v7
         with:
           name: coverage
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -39,7 +39,7 @@ jobs:
             return response.data[0]?.number ?? "";
           retries: 3
       - name: Comment coverage
-        uses: MishaKav/pytest-coverage-comment@13d3c18e21895566c746187c9ea74736372e5e91
+        uses: MishaKav/pytest-coverage-comment@ae0e8a539a3f310aefb3bfb6a2209778a21fa42b
         with:
           pytest-xml-coverage-path: coverage.xml
           junitxml-path: coverage-junit.xml

diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.workflow_run.head_sha }}
 

diff --git a/.github/workflows/scheduled-Dependabot-PRs-Auto-Merge.yml b/.github/workflows/scheduled-Dependabot-PRs-Auto-Merge.yml
@@ -36,7 +36,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Install GitHub CLI
         run: |
@@ -96,7 +96,7 @@ jobs:
               echo "✅ PR #$pr_number is mergeable. Skipping rebase."
             fi
           done < matched_prs.txt
-          
+
       - name: Auto-Merge PRs using available strategy
         if: success()
         env:
@@ -149,4 +149,4 @@ jobs:
             if [[ "$mergeable" != "MERGEABLE" && "$mergeable" != "CONFLICTING" ]]; then
               echo "❌ Mergeability undetermined after $max_attempts attempts. Skipping PR #$pr_number"
             fi
-          done < matched_prs.txt || echo "⚠️ Completed loop with some errors, but continuing gracefully."
+          done < matched_prs.txt || echo "⚠️ Completed loop with some errors, but continuing gracefully."
diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml
@@ -24,16 +24,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Fetch full history for accurate branch checks
       - name: Fetch All Branches
         run: git fetch --all --prune
       - name: List Merged Branches With No Activity in Last 3 Months
         run: |
-          
+
           echo "Branch Name,Last Commit Date,Committer,Committed In Branch,Action" > merged_branches_report.csv
-          
+
           for branch in $(git for-each-ref --format '%(refname:short) %(committerdate:unix)' refs/remotes/origin | awk -v date=$(date -d '3 months ago' +%s) '$2 < date {print $1}'); do
             if [[ "$branch" != "origin/main" && "$branch" != "origin/dev" ]]; then
               branch_name=${branch#origin/}
@@ -47,7 +47,7 @@ jobs:
           done
       - name: List PR Approved and Merged Branches Older Than 30 Days
         run: |
-          
+
           for branch in $(gh api repos/${{ github.repository }}/pulls --jq '.[] | select(.merged_at != null and (.base.ref == "main" or .base.ref == "dev")) | select(.merged_at | fromdateiso8601 < (now - 2592000)) | .head.ref'); do
             # Ensure the branch exists locally before getting last commit date
             git fetch origin "$branch" || echo "Could not fetch branch: $branch"
@@ -60,7 +60,7 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: List Open PR Branches With No Activity in Last 3 Months
         run: |
-          
+
           for branch in $(gh api repos/${{ github.repository }}/pulls --state open --jq '.[] | select(.base.ref == "main" or .base.ref == "dev") | .head.ref'); do
             # Ensure the branch exists locally before getting last commit date
             git fetch origin "$branch" || echo "Could not fetch branch: $branch"
@@ -75,7 +75,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload CSV Report of Inactive Branches
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: merged-branches-report
           path: merged_branches_report.csv

diff --git a/.github/workflows/test-automation.yml b/.github/workflows/test-automation.yml
@@ -20,10 +20,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.13'
 
@@ -69,7 +69,7 @@ jobs:
 
       - name: Upload test report
         id: upload_report
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         if: ${{ !cancelled() }}
         with:
           name: cwyd-test-report

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -1,6 +1,7 @@
 name: Test Workflow with Coverage
 
 on:
+  workflow_dispatch:
   push:
     branches: [main, dev, demo]
     paths:
@@ -30,7 +31,7 @@ jobs:
     name: Tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Install Poetry
         run: pip install poetry
       - name: Setup python
@@ -70,7 +71,7 @@ jobs:
           result-encoding: string
           retries: 3
       - name: Download main coverage artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v7
         if: github.event_name == 'pull_request' && steps.coverage-artifact.outputs.result != ''
         continue-on-error: true # There is a chance that the artifact doesn't exist, or has expired
         with:
@@ -90,8 +91,8 @@ jobs:
 
           echo "MIN_COVERAGE=$MIN_COVERAGE" >> "$GITHUB_OUTPUT"
       - name: Run Python Tests
-        run: make python-test optional_args="--junitxml=coverage-junit.xml --cov=. --cov-report xml:coverage.xml --cov-fail-under ${{ steps.coverage-value.outputs.MIN_COVERAGE }} ./code/tests"
-      - uses: actions/upload-artifact@v4
+        run: make python-test optional_args="--junitxml=coverage-junit.xml --cov=code --cov-report=term-missing --cov-report=xml:coverage.xml --cov-fail-under=${{ steps.coverage-value.outputs.MIN_COVERAGE }} ./code/tests"
+      - uses: actions/upload-artifact@v6
         if: ${{ !cancelled() }}
         with:
           name: coverage
@@ -100,7 +101,7 @@ jobs:
             coverage.xml
           if-no-files-found: error
       - name: Setup node
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v6
         with:
           node-version: 20
           cache: "npm"