From 8e25a9ec9c093546da9322fb9ae68ccaf144989a Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Tue, 20 Jan 2026 13:41:09 +0000
Subject: [PATCH 1/2] fix security

---
 .github/workflows/sam_release_code.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml
index 3a6d9bb2..57395059 100644
--- a/.github/workflows/sam_release_code.yml
+++ b/.github/workflows/sam_release_code.yml
@@ -151,12 +151,15 @@ jobs:
         run: |
           cd gh-pages
           NOW=$(date +'%Y-%m-%dT%H:%M:%S')
-          echo "tag,release_datetime" > _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
-          echo "${{ inputs.VERSION_NUMBER }},${NOW}" >> _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
-          echo "${{ inputs.VERSION_NUMBER }},${NOW}" >> _data/${{ inputs.TARGET_ENVIRONMENT }}_deployments.csv
+          echo "tag,release_datetime" > _data/${TARGET_ENVIRONMENT}_latest.csv
+          echo "${VERSION_NUMBER},${NOW}" >> _data/${TARGET_ENVIRONMENT}_latest.csv
+          echo "${VERSION_NUMBER},${NOW}" >> _data/${TARGET_ENVIRONMENT}_deployments.csv
           git config user.name github-actions
           git config user.email github-actions@github.com
-          git add _data/${{ inputs.TARGET_ENVIRONMENT }}_latest.csv
-          git add _data/${{ inputs.TARGET_ENVIRONMENT }}_deployments.csv
-          git commit -m 'update releases for ${{ inputs.TARGET_ENVIRONMENT }}'
+          git add _data/${TARGET_ENVIRONMENT}_latest.csv
+          git add _data/${TARGET_ENVIRONMENT}_deployments.csv
+          git commit -m 'update releases for ${TARGET_ENVIRONMENT}'
           parallel --retries 10 --delay 3 ::: "git pull --rebase && git push"
+        env:
+          VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
+          TARGET_ENVIRONMENT: ${{ inputs.TARGET_ENVIRONMENT }}

From 2f7d064d49ceb80988c7b0cee98b0f18d532bc6e Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Tue, 27 Jan 2026 10:54:17 +0000
Subject: [PATCH 2/2] update actionlint

---
 .github/workflows/sam_release_code.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/sam_release_code.yml b/.github/workflows/sam_release_code.yml
index baed7084..00bbb9ec 100644
--- a/.github/workflows/sam_release_code.yml
+++ b/.github/workflows/sam_release_code.yml
@@ -151,14 +151,14 @@ jobs:
         run: |
           cd gh-pages
           NOW=$(date +'%Y-%m-%dT%H:%M:%S')
-          echo "tag,release_datetime" > _data/${TARGET_ENVIRONMENT}_latest.csv
-          echo "${VERSION_NUMBER},${NOW}" >> _data/${TARGET_ENVIRONMENT}_latest.csv
-          echo "${VERSION_NUMBER},${NOW}" >> _data/${TARGET_ENVIRONMENT}_deployments.csv
+          echo "tag,release_datetime" > "_data/${TARGET_ENVIRONMENT}_latest.csv"
+          echo "${VERSION_NUMBER},${NOW}" >> "_data/${TARGET_ENVIRONMENT}_latest.csv"
+          echo "${VERSION_NUMBER},${NOW}" >> "_data/${TARGET_ENVIRONMENT}_deployments.csv"
           git config user.name github-actions
           git config user.email github-actions@github.com
-          git add _data/${TARGET_ENVIRONMENT}_latest.csv
-          git add _data/${TARGET_ENVIRONMENT}_deployments.csv
-          git commit -m 'update releases for ${TARGET_ENVIRONMENT}'
+          git add "_data/${TARGET_ENVIRONMENT}_latest.csv"
+          git add "_data/${TARGET_ENVIRONMENT}_deployments.csv"
+          git commit -m "update releases for ${TARGET_ENVIRONMENT}"
           parallel --retries 10 --delay 3 ::: "git pull --rebase && git push"
         env:
           VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}