chore(ci): drop allowlisted pins (#534)

DerekRoberts · web-flow · commit 6c6b5878ca74 · 2025-10-27T17:14:56.000-07:00
diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml
@@ -8,7 +8,7 @@ on:
         description: Autoscaling enabled or not for the deployments
         required: false
         type: string
-        default: 'true'
+        default: "true"
       environment:
         description: Environment name; omit for PRs
         required: false
@@ -50,16 +50,14 @@ on:
         required: false
         type: string
 
-
 jobs:
-  
   deploys:
     name: Helm
     environment: ${{ inputs.environment }}
     runs-on: ubuntu-24.04
     timeout-minutes: ${{ inputs.timeout-minutes }}
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@v5
       - name: Stop pre-existing deployments on PRs (status = pending-upgrade)
         if: github.event_name == 'pull_request'
         uses: bcgov/action-oc-runner@f900830adadd4d9eef3ca6ff80103e839ba8b7c0 # v1.3.0
diff --git a/.github/workflows/.tests.yml b/.github/workflows/.tests.yml
@@ -17,14 +17,14 @@ jobs:
       matrix:
         browser: [chrome]
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@v5
       - uses: cypress-io/github-action@v5
         name: Cypress run
         with:
           config: pageLoadTimeout=30000,baseUrl=https://pubcode-${{ inputs.target }}.apps.silver.devops.gov.bc.ca/
           working-directory: ./frontend
           browser: ${{ matrix.browser }}
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: cypress-screenshots
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -21,10 +21,10 @@ jobs:
     if: github.event_name != 'pull_request' || !github.event.pull_request.draft
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@v5
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        uses: aquasecurity/trivy-action@0.33.1
         with:
           format: "sarif"
           output: "trivy-results.sarif"
@@ -34,6 +34,6 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -19,24 +19,24 @@ jobs:
     runs-on: ubuntu-24.04
     timeout-minutes: 1
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@v5
       - name: Conventional Changelog Update
         uses: TriPSs/conventional-changelog-action@84dadaf2c367cb52af02737cd9c7e888807219e7 # v6.2.0
         id: changelog
         with:
           github-token: ${{ github.token }}
-          output-file: 'CHANGELOG.md'
-          skip-version-file: 'true'
-          skip-commit: 'true'
-          skip-on-empty: 'false'
-          git-push: 'true'
+          output-file: "CHANGELOG.md"
+          skip-version-file: "true"
+          skip-commit: "true"
+          skip-on-empty: "false"
+          git-push: "true"
 
   retag-images:
-    needs: [ semantic-version ]
+    needs: [semantic-version]
     runs-on: ubuntu-24.04
     strategy:
       matrix:
-        package: [ api, database, frontend ]
+        package: [api, database, frontend]
     steps:
       - name: Tag Docker Images
         uses: shrink/actions-docker-registry-tag@f04afd0559f66b288586792eb150f45136a927fa # v4
@@ -77,7 +77,7 @@ jobs:
       tag: ${{ needs.semantic-version.outputs.semanticVersion }}
       release_name: pubcode
       params: --set-string api.containers[0].tag="${{ needs.semantic-version.outputs.tag }}" --set-string frontend.containers[0].tag="${{ needs.semantic-version.outputs.tag }}"
-  github_release:    
+  github_release:
     name: Create Release
     needs: [semantic-version, deploys-prod]
     runs-on: ubuntu-24.04
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
@@ -46,7 +46,7 @@ jobs:
       matrix:
         package: [api, frontend]
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@v5
       - uses: bcgov/action-builder-ghcr@1e4295b9766963ca36612b78560db6235120b80f # 4.1.1
         with:
           package: ${{ matrix.package }}
@@ -71,19 +71,19 @@ jobs:
       tag: ${{ github.event.number }}
       release_name: pubcode-${{ github.event.number }}
       params: |
-            --set-string global.repository=${{ github.repository }}  \
-            --set-string api.containers[0].tag="${{ github.sha }}" \
-            --set-string api.containers[0].resources.requests.cpu="30m" \
-            --set-string api.containers[0].resources.requests.memory="50Mi" \
-            --set-string frontend.containers[0].tag="${{ github.sha }}" \
-            --set-string frontend.containers[0].resources.requests.cpu="30m" \
-            --set-string frontend.containers[0].resources.requests.memory="50Mi" \
-            --set-string database.containers[0].resources.requests.cpu="30m" \
-            --set-string database.containers[0].resources.requests.memory="50Mi" \
-            --set-string database.initContainers[0].resources.requests.cpu="30m" \
-            --set-string database.initContainers[0].resources.requests.memory="50Mi" \
-            --set-string database.pvc.size="350Mi" \
-            --set-string global.env.VITE_SCHEMA_BRANCH=${{ github.event.pull_request.head.ref }} \
+        --set-string global.repository=${{ github.repository }}  \
+        --set-string api.containers[0].tag="${{ github.sha }}" \
+        --set-string api.containers[0].resources.requests.cpu="30m" \
+        --set-string api.containers[0].resources.requests.memory="50Mi" \
+        --set-string frontend.containers[0].tag="${{ github.sha }}" \
+        --set-string frontend.containers[0].resources.requests.cpu="30m" \
+        --set-string frontend.containers[0].resources.requests.memory="50Mi" \
+        --set-string database.containers[0].resources.requests.cpu="30m" \
+        --set-string database.containers[0].resources.requests.memory="50Mi" \
+        --set-string database.initContainers[0].resources.requests.cpu="30m" \
+        --set-string database.initContainers[0].resources.requests.memory="50Mi" \
+        --set-string database.pvc.size="350Mi" \
+        --set-string global.env.VITE_SCHEMA_BRANCH=${{ github.event.pull_request.head.ref }} \
 
   tests:
     name: Tests
diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
@@ -23,23 +23,23 @@ jobs:
         working-directory: crawler
     steps:
       - name: Check out repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        uses: actions/checkout@v5
 
       - name: Add Node.js
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
+        uses: actions/setup-node@v6
         with:
           node-version: "22.x"
       - name: Install Dependencies
         run: npm ci
 
-      - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+      - uses: actions/cache@v4
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-node-
 
-      - uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
+      - uses: redhat-actions/openshift-tools-installer@v1
         with:
           oc: "4"
 
@@ -64,17 +64,17 @@ jobs:
         working-directory: schema/script
     steps:
       - name: Check out repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        uses: actions/checkout@v5
 
       - name: Add Node.js
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
+        uses: actions/setup-node@v6
         with:
           node-version: "22.x"
 
       - name: Install Dependencies
         run: npm ci
 
-      - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+      - uses: actions/cache@v4
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -107,23 +107,23 @@ jobs:
     environment: prod
     steps:
       - name: Check out repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        uses: actions/checkout@v5
 
       - name: Add Node.js
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
+        uses: actions/setup-node@v6
         with:
           node-version: "22.x"
       - name: Install Dependencies
         run: npm ci
 
-      - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+      - uses: actions/cache@v4
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-node-
 
-      - uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
+      - uses: redhat-actions/openshift-tools-installer@v1
         with:
           oc: "4"
 
