diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ed83406..198ecf4 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Dependency review - uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0 \ No newline at end of file + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 \ No newline at end of file diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 970936a..6e23e66 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -13,13 +13,13 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2.2.2 id: sre-app-token with: app-id: ${{ secrets.CDS_RELEASE_BOT_APP_ID }} private-key: ${{ secrets.CDS_RELEASE_BOT_PRIVATE_KEY }} - - uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 + - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 with: token: ${{ steps.sre-app-token.outputs.token }} config-file: release-please-config.json diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index fd55a51..be92429 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -8,7 +8,7 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Shellcheck run: | .github/workflows/scripts/run-shellcheck.sh diff --git a/.github/workflows/terraform-apply-production.yml b/.github/workflows/terraform-apply-production.yml index 8e68064..5f4d135 100644 --- a/.github/workflows/terraform-apply-production.yml +++ b/.github/workflows/terraform-apply-production.yml @@ -26,17 +26,17 @@ jobs: steps: - name: Audit DNS requests - uses: cds-snc/dns-proxy-action@a0d442834e9028e22d0f919e48a5eb92de712976 + uses: cds-snc/dns-proxy-action@bbde31a2b9ad6eb93565a5c14c5be905af626c41 env: DNS_PROXY_FORWARDTOSENTINEL: "true" DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup terraform tools - uses: cds-snc/terraform-tools-setup@cc15ce9039f6c37c592fb9930b70466b229d2e9b # v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 - name: Configure aws credentials using OIDC uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 diff --git a/.github/workflows/terraform-apply-user-testing.yml b/.github/workflows/terraform-apply-user-testing.yml index 8f92334..8ab5bc1 100644 --- a/.github/workflows/terraform-apply-user-testing.yml +++ b/.github/workflows/terraform-apply-user-testing.yml @@ -28,17 +28,17 @@ jobs: steps: - name: Audit DNS requests - uses: cds-snc/dns-proxy-action@a0d442834e9028e22d0f919e48a5eb92de712976 + uses: cds-snc/dns-proxy-action@bbde31a2b9ad6eb93565a5c14c5be905af626c41 env: DNS_PROXY_FORWARDTOSENTINEL: "true" DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup terraform tools - uses: cds-snc/terraform-tools-setup@cc15ce9039f6c37c592fb9930b70466b229d2e9b # v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 - name: Configure aws credentials using OIDC uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 diff --git a/.github/workflows/terraform-plan-production.yml b/.github/workflows/terraform-plan-production.yml index 3486707..5889a1e 100644 --- a/.github/workflows/terraform-plan-production.yml +++ b/.github/workflows/terraform-plan-production.yml @@ -29,17 +29,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Audit DNS requests - uses: cds-snc/dns-proxy-action@a0d442834e9028e22d0f919e48a5eb92de712976 + uses: cds-snc/dns-proxy-action@bbde31a2b9ad6eb93565a5c14c5be905af626c41 env: DNS_PROXY_FORWARDTOSENTINEL: "true" DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup terraform tools - uses: cds-snc/terraform-tools-setup@cc15ce9039f6c37c592fb9930b70466b229d2e9b # v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 - name: Configure aws credentials using OIDC uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 @@ -49,7 +49,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Terraform plan - uses: cds-snc/terraform-plan@e710cb1446e5dfe69a0182603fb06b5282d7eb07 # v3.4.3 + uses: cds-snc/terraform-plan@39b0058bcf977fbd8b067b84d5a9f6165e356c32 # v3.7.0 with: comment-delete: true comment-title: "Production" diff --git a/.github/workflows/terraform-plan-user-testing.yml b/.github/workflows/terraform-plan-user-testing.yml index b57bf30..f58870b 100644 --- a/.github/workflows/terraform-plan-user-testing.yml +++ b/.github/workflows/terraform-plan-user-testing.yml @@ -27,17 +27,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Audit DNS requests - uses: cds-snc/dns-proxy-action@a0d442834e9028e22d0f919e48a5eb92de712976 + uses: cds-snc/dns-proxy-action@bbde31a2b9ad6eb93565a5c14c5be905af626c41 env: DNS_PROXY_FORWARDTOSENTINEL: "true" DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup terraform tools - uses: cds-snc/terraform-tools-setup@cc15ce9039f6c37c592fb9930b70466b229d2e9b # v1 + uses: cds-snc/terraform-tools-setup@5a19984bcb888600ad646e0caf5c6f4d0a54c165 # v1.2.0 - name: Configure aws credentials using OIDC uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 @@ -47,7 +47,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - name: Terraform plan - uses: cds-snc/terraform-plan@e710cb1446e5dfe69a0182603fb06b5282d7eb07 # v3.4.3 + uses: cds-snc/terraform-plan@39b0058bcf977fbd8b067b84d5a9f6165e356c32 # v3.7.0 with: comment-delete: true comment-title: "User Testing" diff --git a/.github/workflows/terraform-security-scan.yml b/.github/workflows/terraform-security-scan.yml index fc5487a..d3ba89e 100644 --- a/.github/workflows/terraform-security-scan.yml +++ b/.github/workflows/terraform-security-scan.yml @@ -20,10 +20,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Trivy Terraform Security Scan - uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2 + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 with: scan-type: config scan-ref: terraform/aws