From 5d2979edd59b2b61518a38161e26b0630bb8dbc0 Mon Sep 17 00:00:00 2001 From: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com> Date: Fri, 14 Nov 2025 16:48:04 +0000 Subject: [PATCH] use common workflows --- .github/actions/mark_jira_released/action.yml | 2 +- .../actions/update_confluence_jira/action.yml | 6 +- .github/workflows/ci.yml | 6 +- .github/workflows/combine-dependabot-prs.yml | 151 ------------------ .../delete_old_cloudformation_stacks.yml | 10 +- .../dependabot_auto_approve_and_merge.yml | 49 ------ .github/workflows/pr-link.yml | 46 ------ .github/workflows/pull_request.yml | 16 +- .github/workflows/release.yml | 6 +- .github/workflows/sam_package_code.yml | 6 +- .github/workflows/sam_release_code.yml | 12 +- 11 files changed, 35 insertions(+), 275 deletions(-) delete mode 100644 .github/workflows/combine-dependabot-prs.yml delete mode 100644 .github/workflows/dependabot_auto_approve_and_merge.yml delete mode 100644 .github/workflows/pr-link.yml diff --git a/.github/actions/mark_jira_released/action.yml b/.github/actions/mark_jira_released/action.yml index 62a9348c..c2f43ab3 100644 --- a/.github/actions/mark_jira_released/action.yml +++ b/.github/actions/mark_jira_released/action.yml @@ -12,7 +12,7 @@ runs: using: "composite" steps: - name: connect to dev account - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 with: aws-region: eu-west-2 role-to-assume: ${{ inputs.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} diff --git a/.github/actions/update_confluence_jira/action.yml b/.github/actions/update_confluence_jira/action.yml index 3d1a91ba..41018125 100644 --- a/.github/actions/update_confluence_jira/action.yml +++ b/.github/actions/update_confluence_jira/action.yml @@ -28,7 +28,7 @@ runs: using: "composite" steps: - name: connect to target account - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 with: aws-region: eu-west-2 role-to-assume: ${{ inputs.TARGET_CLOUD_FORMATION_CHECK_VERSION_ROLE }} @@ -42,7 +42,7 @@ runs: run: ./get_target_deployed_tag.sh - name: connect to dev account - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 with: aws-region: eu-west-2 role-to-assume: ${{ inputs.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }} @@ -54,7 +54,7 @@ runs: run: ./get_current_dev_tag.sh - name: connect to dev account to run release notes lambda - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 with: aws-region: eu-west-2 role-to-assume: ${{ inputs.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e90f1d63..3854f4a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Get asdf version id: asdf-version @@ -26,7 +26,7 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.4 + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@a7daff06de7b695f601d9b1723ca184daca7d898 needs: [get_asdf_version] secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -46,7 +46,7 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f3d071da30cd01dc0e4472ac0e2d7452db78d1c7 + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@a7daff06de7b695f601d9b1723ca184daca7d898 with: dry_run: true asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/combine-dependabot-prs.yml b/.github/workflows/combine-dependabot-prs.yml deleted file mode 100644 index ca832081..00000000 --- a/.github/workflows/combine-dependabot-prs.yml +++ /dev/null @@ -1,151 +0,0 @@ -name: 'Combine PRs' - -# Controls when the action will run - in this case triggered manually -on: - workflow_dispatch: - inputs: - branchPrefix: - description: 'Branch prefix to find combinable PRs based on' - required: true - default: 'dependabot' - mustBeGreen: - description: 'Only combine PRs that are green (status is success)' - required: true - default: "true" - combineBranchName: - description: 'Name of the branch to combine PRs into' - required: true - default: 'combine-dependabot-PRs' - ignoreLabel: - description: 'Exclude PRs with this label' - required: true - default: 'nocombine' - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "combine-prs" - combine-prs: - # The type of runner that the job will run on - runs-on: ubuntu-22.04 - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - - uses: actions/github-script@v8 - id: create-combined-pr - name: Create Combined PR - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const pulls = await github.paginate('GET /repos/:owner/:repo/pulls', { - owner: context.repo.owner, - repo: context.repo.repo - }); - let branchesAndPRStrings = []; - let baseBranch = null; - let baseBranchSHA = null; - for (const pull of pulls) { - const branch = pull['head']['ref']; - console.log('Pull for branch: ' + branch); - if (branch.startsWith('${{ github.event.inputs.branchPrefix }}')) { - console.log('Branch matched prefix: ' + branch); - let statusOK = true; - if(${{ github.event.inputs.mustBeGreen }}) { - console.log('Checking green status: ' + branch); - const stateQuery = `query($owner: String!, $repo: String!, $pull_number: Int!) { - repository(owner: $owner, name: $repo) { - pullRequest(number:$pull_number) { - commits(last: 1) { - nodes { - commit { - statusCheckRollup { - state - } - } - } - } - } - } - }` - const vars = { - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: pull['number'] - }; - const result = await github.graphql(stateQuery, vars); - const [{ commit }] = result.repository.pullRequest.commits.nodes; - const state = commit.statusCheckRollup.state - console.log('Validating status: ' + state); - if(state != 'SUCCESS') { - console.log('Discarding ' + branch + ' with status ' + state); - statusOK = false; - } - } - console.log('Checking labels: ' + branch); - const labels = pull['labels']; - for(const label of labels) { - const labelName = label['name']; - console.log('Checking label: ' + labelName); - if(labelName == '${{ github.event.inputs.ignoreLabel }}') { - console.log('Discarding ' + branch + ' with label ' + labelName); - statusOK = false; - } - } - if (statusOK) { - console.log('Adding branch to array: ' + branch); - const prString = '#' + pull['number'] + ' ' + pull['title']; - branchesAndPRStrings.push({ branch, prString }); - baseBranch = pull['base']['ref']; - baseBranchSHA = pull['base']['sha']; - } - } - } - if (branchesAndPRStrings.length == 0) { - core.setFailed('No PRs/branches matched criteria'); - return; - } - try { - await github.rest.git.createRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: 'refs/heads/' + '${{ github.event.inputs.combineBranchName }}', - sha: baseBranchSHA - }); - } catch (error) { - console.log(error); - core.setFailed('Failed to create combined branch - maybe a branch by that name already exists?'); - return; - } - - let combinedPRs = []; - let mergeFailedPRs = []; - for(const { branch, prString } of branchesAndPRStrings) { - try { - await github.rest.repos.merge({ - owner: context.repo.owner, - repo: context.repo.repo, - base: '${{ github.event.inputs.combineBranchName }}', - head: branch, - }); - console.log('Merged branch ' + branch); - combinedPRs.push(prString); - } catch (error) { - console.log('Failed to merge branch ' + branch); - mergeFailedPRs.push(prString); - } - } - - console.log('Creating combined PR'); - const combinedPRsString = combinedPRs.join('\n'); - let body = '✅ This PR was created by the Combine PRs action by combining the following PRs:\n' + combinedPRsString; - if(mergeFailedPRs.length > 0) { - const mergeFailedPRsString = mergeFailedPRs.join('\n'); - body += '\n\n⚠️ The following PRs were left out due to merge conflicts:\n' + mergeFailedPRsString - } - await github.rest.pulls.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: 'Combined PR', - head: '${{ github.event.inputs.combineBranchName }}', - base: baseBranch, - body: body - }); diff --git a/.github/workflows/delete_old_cloudformation_stacks.yml b/.github/workflows/delete_old_cloudformation_stacks.yml index 3cd70cea..3228f7c7 100644 --- a/.github/workflows/delete_old_cloudformation_stacks.yml +++ b/.github/workflows/delete_old_cloudformation_stacks.yml @@ -1,4 +1,4 @@ -name: 'Delete old cloudformation stacks' +name: "Delete old cloudformation stacks" # Controls when the action will run - in this case triggered manually on: @@ -13,20 +13,20 @@ jobs: # The type of runner that the job will run on runs-on: ubuntu-22.04 permissions: - id-token: write - contents: read + id-token: write + contents: read # Steps represent a sequence of tasks that will be executed as part of the job steps: - name: Checkout local github scripts - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: ref: ${{ env.BRANCH_NAME }} sparse-checkout: | .github/scripts - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 with: aws-region: eu-west-2 role-to-assume: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} diff --git a/.github/workflows/dependabot_auto_approve_and_merge.yml b/.github/workflows/dependabot_auto_approve_and_merge.yml deleted file mode 100644 index 152af500..00000000 --- a/.github/workflows/dependabot_auto_approve_and_merge.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Dependabot auto-approve -on: pull_request - -permissions: - pull-requests: write - contents: write - -jobs: - dependabot: - runs-on: ubuntu-22.04 - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Get token from Github App - id: get_app_token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ secrets.AUTOMERGE_APP_ID }} - private-key: ${{ secrets.AUTOMERGE_PEM }} - - name: Dependabot metadata - id: dependabot-metadata - uses: dependabot/fetch-metadata@v2 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - name: Approve patch and minor updates - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} - run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - - name: Approve major updates of development dependencies - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}} - run: gh pr review "$PR_URL" --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - - name: Comment on major updates of non-development dependencies - if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}} - run: | - gh pr comment "$PR_URL" --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**" - gh pr edit "$PR_URL" --add-label "requires-manual-qa" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} - # enable auto merge on all dependabot prs - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{ steps.get_app_token.outputs.token }} diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml deleted file mode 100644 index 01584af5..00000000 --- a/.github/workflows/pr-link.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: PR Link ticket -on: - pull_request: - types: [opened] -jobs: - link-ticket: - runs-on: ubuntu-22.04 - env: - REF: ${{ github.event.pull_request.head.ref }} - steps: - - name: Check ticket name conforms to requirements - run: echo "$REF" | grep -i -E -q "(aea-[0-9]+)|(apm-[0-9]+)|(apmspii-[0-9]+)|(adz-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" - continue-on-error: true - - - name: Grab ticket name - if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - continue-on-error: true - run: | - # Match ticket name patterns - REGEX=' - (aea-[0-9]+)| - (apm-[0-9]+)| - (apmspii-[0-9]+)| - (adz-[0-9]+)| - (amb-[0-9]+) - ' - - # Remove whitespace and newlines from the regex - REGEX=$(echo "$REGEX" | tr -d '[:space:]') - - # Extract the ticket name and convert to uppercase - TICKET_NAME=$(echo "$REF" | grep -i -E -o "$REGEX" | tr '[:lower:]' '[:upper:]') - - # Set the environment variable - echo "TICKET_NAME=$TICKET_NAME" >> "$GITHUB_ENV" - - - name: Comment on PR with link to JIRA ticket - if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - continue-on-error: true - uses: unsplash/comment-on-pr@b5610c6125a7197eaec80072ea35ef53e1fc6035 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - msg: | - This branch is work on a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }}) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 2d6888ab..b284d2b4 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -8,6 +8,12 @@ env: BRANCH_NAME: ${{ github.event.pull_request.head.ref }} jobs: + dependabot-auto-approve-and-merge: + needs: quality_checks + uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@a7daff06de7b695f601d9b1723ca184daca7d898 + secrets: + AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }} + AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }} get_asdf_version: runs-on: ubuntu-22.04 outputs: @@ -15,7 +21,7 @@ jobs: tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Get asdf version id: asdf-version @@ -26,7 +32,7 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.4 + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@a7daff06de7b695f601d9b1723ca184daca7d898 needs: [get_asdf_version] with: asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} @@ -35,7 +41,7 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} pr_title_format_check: - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@f3d071da30cd01dc0e4472ac0e2d7452db78d1c7 + uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@a7daff06de7b695f601d9b1723ca184daca7d898 get_issue_number: runs-on: ubuntu-22.04 @@ -44,7 +50,7 @@ jobs: issue_number: ${{steps.get_issue_number.outputs.result}} steps: - - uses: actions/github-script@v8 + - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd name: get issue number id: get_issue_number with: @@ -66,7 +72,7 @@ jobs: tag_release: needs: [get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f3d071da30cd01dc0e4472ac0e2d7452db78d1c7 + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@a7daff06de7b695f601d9b1723ca184daca7d898 with: dry_run: true asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ff240f0a..ed4e4f90 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Get asdf version id: asdf-version @@ -25,7 +25,7 @@ jobs: TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v5.1.4 + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@a7daff06de7b695f601d9b1723ca184daca7d898 needs: [get_asdf_version] secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -45,7 +45,7 @@ jobs: tag_release: needs: [quality_checks, get_commit_id, get_asdf_version] - uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/tag-release.yml@f3d071da30cd01dc0e4472ac0e2d7452db78d1c7 + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@a7daff06de7b695f601d9b1723ca184daca7d898 with: dry_run: false asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} diff --git a/.github/workflows/sam_package_code.yml b/.github/workflows/sam_package_code.yml index c4248a1b..6b2c41df 100644 --- a/.github/workflows/sam_package_code.yml +++ b/.github/workflows/sam_package_code.yml @@ -16,7 +16,7 @@ jobs: java-version: "21" distribution: "adopt" - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: ref: ${{ env.BRANCH_NAME }} - name: Get asdf version @@ -30,7 +30,7 @@ jobs: asdf_version: ${{ steps.asdf-version.outputs.version }} - name: Cache asdf - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 with: path: | ~/.asdf @@ -58,7 +58,7 @@ jobs: cp Makefile .aws-sam/build/ cp samconfig_package_and_deploy.toml .aws-sam/build/ - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 name: upload build artifact with: name: packaged_code diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml index 333468d0..50969351 100644 --- a/.github/workflows/sam_release_code.yml +++ b/.github/workflows/sam_release_code.yml @@ -53,7 +53,7 @@ on: required: false DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: required: false - + jobs: sam_release_code: runs-on: ubuntu-22.04 @@ -64,7 +64,7 @@ jobs: steps: - name: Checkout local github actions - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: ref: ${{ env.BRANCH_NAME }} fetch-depth: 0 @@ -84,14 +84,14 @@ jobs: DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v5 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 with: aws-region: eu-west-2 role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }} role-session-name: fhir-validator-lambda-release-code - name: download build artifact - uses: actions/download-artifact@v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: name: ${{ inputs.BUILD_ARTIFACT }} path: . @@ -141,11 +141,11 @@ jobs: DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} - name: Checkout gh-pages - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: ref: gh-pages path: gh-pages - + - name: update release tag in github pages if: ${{ inputs.TARGET_ENVIRONMENT != 'dev-pr' }} run: |