diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml index e655345f5..81a7bb4cf 100644 --- a/.github/workflows/cicd-1-pull-request.yaml +++ b/.github/workflows/cicd-1-pull-request.yaml @@ -24,7 +24,7 @@ jobs: does_pull_request_exist: ${{ steps.pr_exists.outputs.does_pull_request_exist }} steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Set CI/CD variables" id: variables run: | diff --git a/.github/workflows/dispatch_internal_repo_workflow.yaml b/.github/workflows/dispatch_internal_repo_workflow.yaml index 0a7bc1d06..32306c6c2 100644 --- a/.github/workflows/dispatch_internal_repo_workflow.yaml +++ b/.github/workflows/dispatch_internal_repo_workflow.yaml @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v5.0.0 - name: Trigger nhs-notify-internal workflow shell: bash diff --git a/.github/workflows/reusable_internal_repo_build.yaml b/.github/workflows/reusable_internal_repo_build.yaml index cb7636f75..c9a778dd3 100644 --- a/.github/workflows/reusable_internal_repo_build.yaml +++ b/.github/workflows/reusable_internal_repo_build.yaml @@ -42,7 +42,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v5.0.0 - name: Trigger nhs-notify-internal static environment workflow deployment shell: bash diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml index cd4214e78..b8484e12a 100644 --- a/.github/workflows/scheduled-repository-template-sync.yaml +++ b/.github/workflows/scheduled-repository-template-sync.yaml @@ -16,10 +16,10 @@ jobs: steps: - name: Check out the repository - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: Check out external repository - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: repository: NHSDigital/nhs-notify-repository-template path: nhs-notify-repository-template diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 55cc16a80..16b448926 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml index 76337f318..94b99210e 100644 --- a/.github/workflows/stage-1-commit.yaml +++ b/.github/workflows/stage-1-commit.yaml @@ -39,7 +39,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: fetch-depth: 0 # Full history is needed to scan all commits - name: "Scan secrets" @@ -50,7 +50,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check file format" @@ -61,7 +61,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check Markdown format" @@ -75,7 +75,7 @@ jobs: contents: write steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check to see if Terraform Docs are up-to-date" @@ -96,7 +96,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check English usage" @@ -107,7 +107,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: fetch-depth: 0 # Full history is needed to compare branches - name: "Check TODO usage" @@ -119,7 +119,7 @@ jobs: terraform_changed: ${{ steps.check.outputs.terraform_changed }} steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Check for Terraform changes" id: check @@ -143,7 +143,7 @@ jobs: if: needs.detect-terraform-changes.outputs.terraform_changed == 'true' steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Lint Terraform" uses: ./.github/actions/lint-terraform trivy: @@ -154,7 +154,7 @@ jobs: if: needs.detect-terraform-changes.outputs.terraform_changed == 'true' steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Setup ASDF" uses: asdf-vm/actions/setup@v4 - name: "Perform Setup" @@ -170,7 +170,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Count lines of code" uses: ./.github/actions/create-lines-of-code-report with: @@ -189,7 +189,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Scan dependencies" uses: ./.github/actions/scan-dependencies with: diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml index e4d5d7fda..0d0dbfa58 100644 --- a/.github/workflows/stage-2-test.yaml +++ b/.github/workflows/stage-2-test.yaml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Repo setup" run: | npm ci @@ -61,7 +61,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Repo setup" run: | npm ci @@ -90,7 +90,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Repo setup" run: | npm ci @@ -106,7 +106,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Repo setup" run: | npm ci @@ -123,7 +123,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Run test coverage check" run: | make test-coverage @@ -140,7 +140,7 @@ jobs: timeout-minutes: 5 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 with: fetch-depth: 0 # Full history is needed to improving relevancy of reporting - name: "Download coverage report for SONAR" diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml index 159e46400..c16eb0447 100644 --- a/.github/workflows/stage-4-acceptance.yaml +++ b/.github/workflows/stage-4-acceptance.yaml @@ -16,7 +16,7 @@ jobs: timeout-minutes: 3 steps: - name: "Checkout code" - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.0 - name: "Get normalized branch name" id: normalize_branch_name uses: ./.github/actions/normalize-branch-name