diff --git a/.github/workflows/database_migration_production_manual.yaml b/.github/workflows/database_migration_production_manual.yaml index a2ff83852..57b5a39ca 100644 --- a/.github/workflows/database_migration_production_manual.yaml +++ b/.github/workflows/database_migration_production_manual.yaml @@ -38,7 +38,7 @@ jobs: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-apply role-session-name: NotifyManifestsApply @@ -58,7 +58,7 @@ jobs: fetch-depth: 0 - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -71,7 +71,7 @@ jobs: sudo apt install -y openvpn openvpn-systemd-resolved - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 diff --git a/.github/workflows/database_migration_staging_manual.yaml b/.github/workflows/database_migration_staging_manual.yaml index ac805d653..4737c735c 100644 --- a/.github/workflows/database_migration_staging_manual.yaml +++ b/.github/workflows/database_migration_staging_manual.yaml @@ -34,7 +34,7 @@ jobs: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-apply role-session-name: NotifyManifestsApply @@ -47,7 +47,7 @@ jobs: fetch-depth: 0 - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -65,7 +65,7 @@ jobs: sudo dpkg -i 1pass.deb - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 diff --git a/.github/workflows/deploy_dev.yaml b/.github/workflows/deploy_dev.yaml index f7127ea08..4d4a653ec 100644 --- a/.github/workflows/deploy_dev.yaml +++ b/.github/workflows/deploy_dev.yaml @@ -30,7 +30,7 @@ jobs: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-k8s-lambda-apply-main-branch role-session-name: NotifyManifestsApply @@ -55,7 +55,7 @@ jobs: fi - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -73,7 +73,7 @@ jobs: sudo dpkg -i 1pass.deb - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 diff --git a/.github/workflows/helmfile_production_apply.yaml b/.github/workflows/helmfile_production_apply.yaml index 2ad5b25cb..d931e8c18 100644 --- a/.github/workflows/helmfile_production_apply.yaml +++ b/.github/workflows/helmfile_production_apply.yaml @@ -36,7 +36,7 @@ jobs: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-apply role-session-name: NotifyManifestsApply @@ -49,7 +49,7 @@ jobs: fetch-depth: 0 - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -62,7 +62,7 @@ jobs: sudo apt install -y openvpn openvpn-systemd-resolved - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 diff --git a/.github/workflows/helmfile_production_plan.yaml b/.github/workflows/helmfile_production_plan.yaml index 31154d889..8d2a07db3 100644 --- a/.github/workflows/helmfile_production_plan.yaml +++ b/.github/workflows/helmfile_production_plan.yaml @@ -28,7 +28,7 @@ jobs: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-helmfile-diff role-session-name: NotifyManifestsHelmfileDiff @@ -41,7 +41,7 @@ jobs: fetch-depth: 0 - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -59,7 +59,7 @@ jobs: sudo apt install -y openvpn openvpn-systemd-resolved - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 diff --git a/.github/workflows/helmfile_staging_apply.yaml b/.github/workflows/helmfile_staging_apply.yaml index 4f2953985..ee01f881c 100644 --- a/.github/workflows/helmfile_staging_apply.yaml +++ b/.github/workflows/helmfile_staging_apply.yaml @@ -36,7 +36,7 @@ jobs: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-apply role-session-name: NotifyManifestsApply @@ -49,7 +49,7 @@ jobs: fetch-depth: 0 - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -67,7 +67,7 @@ jobs: sudo dpkg -i 1pass.deb - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 @@ -174,7 +174,7 @@ jobs: fetch-depth: 0 - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-apply role-session-name: NotifyManifestsApply diff --git a/.github/workflows/helmfile_staging_apply_specific_app.yaml b/.github/workflows/helmfile_staging_apply_specific_app.yaml index dc418fe13..7d2e9744b 100644 --- a/.github/workflows/helmfile_staging_apply_specific_app.yaml +++ b/.github/workflows/helmfile_staging_apply_specific_app.yaml @@ -53,7 +53,7 @@ jobs: fetch-depth: 0 - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -66,7 +66,7 @@ jobs: sudo apt install -y openvpn openvpn-systemd-resolved - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 diff --git a/.github/workflows/helmfile_staging_plan.yaml b/.github/workflows/helmfile_staging_plan.yaml index 876e35114..5044c22f3 100644 --- a/.github/workflows/helmfile_staging_plan.yaml +++ b/.github/workflows/helmfile_staging_plan.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-helmfile-diff role-session-name: NotifyManifestsHelmfileDiff @@ -32,7 +32,7 @@ jobs: # Fetches entire history, so we can analyze commits since last tag fetch-depth: 0 - name: Setup helmfile - uses: mamezou-tech/setup-helmfile@fd46979d2984c886929c416fbdf859b1c5efa0ea # v2.1.0 + uses: mamezou-tech/setup-helmfile@c04e83ec7650bf2ec910864bcb409479cf56d8e6 # v2.2.0 with: install-kubectl: yes install-helm: yes @@ -50,7 +50,7 @@ jobs: sudo dpkg -i 1pass.deb - name: Setup Terraform tools - uses: cds-snc/terraform-tools-setup@v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 env: # In case you want to override default versions CONFTEST_VERSION: 0.30.0 TERRAFORM_VERSION: 1.9.5 diff --git a/.github/workflows/smoke_test_production.yaml b/.github/workflows/smoke_test_production.yaml index e93d5b185..f5dbf3f70 100644 --- a/.github/workflows/smoke_test_production.yaml +++ b/.github/workflows/smoke_test_production.yaml @@ -40,15 +40,15 @@ jobs: repository: cds-snc/notification-api - name: Set up Python - uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0 + uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1 with: - python-version: "3.12" + python-version: "3.14" - name: Upgrade pip run: python -m pip install --upgrade pip - name: Get packages from cache - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ~/.local key: poetry-${{ runner.os }}-${{ env.PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }} @@ -64,7 +64,7 @@ jobs: run: poetry install - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-apply role-session-name: NotifyManifestsApply diff --git a/.github/workflows/smoke_test_staging.yaml b/.github/workflows/smoke_test_staging.yaml index 2645d9aa2..3d53b049d 100644 --- a/.github/workflows/smoke_test_staging.yaml +++ b/.github/workflows/smoke_test_staging.yaml @@ -35,13 +35,13 @@ jobs: - name: Set up Python uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1 with: - python-version: "3.12" + python-version: "3.14" - name: Upgrade pip run: python -m pip install --upgrade pip - name: Get packages from cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ~/.local key: poetry-${{ runner.os }}-${{ env.PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }} @@ -57,7 +57,7 @@ jobs: run: poetry install - name: Configure credentials to Notify using OIDC - uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 + uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 with: role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-manifests-staging-smoke-test role-session-name: NotifyManifestsStagingSmokeTest