Merge pull request #2259 from ministryofjustice/renovate-github-actions

Renovate update Github Actions
ministryofjustice · Feb 3, 2025 · 63067ba · 63067ba
2 parents 9530434 + a99c48b
commit 63067ba
Show file tree

Hide file tree

Showing 11 changed files with 50 additions and 47 deletions.
diff --git a/.github/workflows/analysis-trivy.yml b/.github/workflows/analysis-trivy.yml
@@ -56,13 +56,13 @@ jobs:
 
       - name: ecr login
         id: login_ecr
-        uses: aws-actions/amazon-ecr-login@292c88581676a2a6d95f1312c0517f24577eca53 # [email protected]
+        uses: aws-actions/amazon-ecr-login@21a7588699d87a47d51abd55e077cb0fcf66fe7c # [email protected]
         with:
           registries: 311462405659
 
       - name: Run Trivy vulnerability scanner for Code
         if: steps.filter.outputs.check == 'true'
-        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0
+        uses: aquasecurity/trivy-action@a11da62073708815958ea6d84f5650c78a3ef85b
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TRIVY_DB_REPOSITORY: ${{ steps.login_ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2

diff --git a/.github/workflows/cypress_tests.yml b/.github/workflows/cypress_tests.yml
@@ -57,7 +57,7 @@ jobs:
           pip install -r scripts/pipeline/ci_ingress/requirements.txt
 
       - name: Download Terraform Task definition
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2
+        uses: actions/download-artifact@v4.1.8
         with:
           name: terraform-artifact
           path: /tmp/
@@ -104,12 +104,13 @@ jobs:
           npm install .
           ./cypress/cypress_start.sh
 
-      - name: Upload Screenshot Artifact
-        if: failure()
-        uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1
-        with:
-          name: cypress-screenshots
-          path: cypress/screenshots/
+      # Note - V 3 of upload-artifact is deprecated but V 4 disallows uploading artifact of the same name. Commented for now but needs rework
+      #- name: Upload Screenshot Artifact
+      #  if: failure()
+      #  uses: actions/[email protected]
+      #  with:
+      #    name: cypress-screenshots
+      #    path: cypress/screenshots/
 
       - name: Configure AWS Credentials
         if: always()

diff --git a/.github/workflows/locust_tests.yml b/.github/workflows/locust_tests.yml
@@ -49,7 +49,7 @@ jobs:
           pip install -r scripts/pipeline/ci_ingress/requirements.txt
 
       - name: Download Terraform Task definition
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2
+        uses: actions/download-artifact@v4.1.8
         with:
           name: terraform-artifact
           path: /tmp/

diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml
@@ -57,11 +57,12 @@ jobs:
         run: XDEBUG_MODE=coverage php ./vendor/bin/phpunit --coverage-html ./coverage-html --coverage-xml ./coverage-xml
       - name: Check coverage
         run: php ../scripts/pipeline/php_coverage/check_coverage.php ./coverage-xml/index.xml ${{ matrix.scan.minCoverage }}
-      - name: Upload Coverage Artifacts
-        uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1
-        with:
-          name: coverage-html
-          path: ${{ matrix.scan.path }}/coverage-html/
+      # Note - V 3 of upload-artifact is deprecated but V 4 disallows uploading artifact of the same name. Commented for now but needs rework
+      #- name: Upload Coverage Artifacts
+      #  uses: actions/[email protected]
+      #  with:
+      #    name: coverage-html
+      #    path: ${{ matrix.scan.path }}/coverage-html/
   phpunit_all_services:
     name: phpunit
     runs-on: ubuntu-latest
@@ -103,8 +104,9 @@ jobs:
         run: XDEBUG_MODE=coverage php ./vendor/bin/phpunit --coverage-html ./coverage-html --coverage-xml ./coverage-xml
       - name: Check coverage
         run: php ../scripts/pipeline/php_coverage/check_coverage.php ./coverage-xml/index.xml ${{ matrix.scan.minCoverage }}
-      - name: Upload Coverage Artifacts
-        uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1
-        with:
-          name: coverage-html
-          path: ${{ matrix.scan.path }}/coverage-html/
+      # Note - V 3 of upload-artifact is deprecated but V 4 disallows uploading artifact of the same name. Commented for now but needs rework
+      #- name: Upload Coverage Artifacts
+      #  uses: actions/[email protected]
+      #  with:
+      #    name: coverage-html
+      #    path: ${{ matrix.scan.path }}/coverage-html/
diff --git a/.github/workflows/workflow_destroy_on_merge.yml b/.github/workflows/workflow_destroy_on_merge.yml
@@ -38,7 +38,7 @@ jobs:
     steps:
       - name: Set safe branch name
         id: safe_branch_name
-        uses: ministryofjustice/opg-github-actions/.github/actions/[email protected].0
+        uses: ministryofjustice/opg-github-actions/.github/actions/[email protected].1
     if: github.event.pull_request.merged == true
 
   cleanup_workspace:

diff --git a/.github/workflows/workflow_path_to_live.yml b/.github/workflows/workflow_path_to_live.yml
@@ -89,7 +89,7 @@ jobs:
     name: TF Preproduction - Account
     needs:
       - set_variables
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     with:
       terraform_version: ${{ needs.set_variables.outputs.account_terraform_version }}
       terraform_workspace: preproduction
@@ -105,7 +105,7 @@ jobs:
 
   terraform_region_preproduction:
     name: TF Preproduction - Region
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - set_variables
     with:
@@ -123,7 +123,7 @@ jobs:
 
   terraform_environment_preproduction:
     name: TF Preproduction - Environment
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     with:
       terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }}
       terraform_workspace: preproduction
@@ -166,7 +166,7 @@ jobs:
       uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
     - name: Download Terraform Task definition
-      uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2
+      uses: actions/download-artifact@v4.1.8
       with:
         name: terraform-artifact
         path: /tmp/
@@ -323,7 +323,7 @@ jobs:
 
   terraform_account_production:
     name: TF Production - Account
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - slack_msg_production_deploy_begin
       - set_variables
@@ -342,7 +342,7 @@ jobs:
 
   terraform_region_production:
     name: TF Production - Region
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - slack_msg_production_deploy_begin
       - set_variables
@@ -361,7 +361,7 @@ jobs:
 
   terraform_environment_production:
     name: TF Production - Environment
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     with:
       terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }}
       terraform_workspace: production
@@ -395,7 +395,7 @@ jobs:
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Download Terraform Task definition
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2
+        uses: actions/download-artifact@v4.1.8
         with:
           name: terraform-artifact
           path: /tmp/

diff --git a/.github/workflows/workflow_pr.yml b/.github/workflows/workflow_pr.yml
@@ -40,7 +40,7 @@ jobs:
     steps:
       - name: Set safe branch name
         id: safe_branch_name
-        uses: ministryofjustice/opg-github-actions/.github/actions/[email protected].0
+        uses: ministryofjustice/opg-github-actions/.github/actions/[email protected].1
 
       - name: Set workspace name
         id: set_workspace_name
@@ -77,7 +77,7 @@ jobs:
     name: TF - Lint
     needs:
       - workflow_variables
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/linting-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/linting-infrastructure-terraform.yml@v3.5.0
     with:
       terraform_version: ${{ needs.workflow_variables.outputs.environment_terraform_version }}
 
@@ -97,7 +97,7 @@ jobs:
 
   terraform_account_development:
     name: TF Development - Account
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - terraform_lint
       - workflow_variables
@@ -118,7 +118,7 @@ jobs:
 
   terraform_region_development:
     name: TF Development - Region
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - terraform_lint
       - workflow_variables
@@ -139,7 +139,7 @@ jobs:
 
   terraform_email_development:
     name: TF Development - Email
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - terraform_lint
       - workflow_variables
@@ -160,7 +160,7 @@ jobs:
 
   terraform_environment_development:
     name: TF Development - Environment
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - docker_build_scan_push
       - phpunit_tests
@@ -188,7 +188,7 @@ jobs:
 
   terraform_account_preproduction:
     name: TF Preproduction Plan - Account
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - workflow_variables
       - terraform_lint
@@ -209,7 +209,7 @@ jobs:
 
   terraform_region_preproduction:
     name: TF Preproduction Plan - Region
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - workflow_variables
       - terraform_lint
@@ -230,7 +230,7 @@ jobs:
 
   terraform_environment_preproduction:
     name: TF Preproduction Plan - Environment
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - workflow_variables
       - terraform_lint
@@ -275,7 +275,7 @@ jobs:
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Download Terraform Task definition
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2
+        uses: actions/download-artifact@v4.1.8
         with:
           name: terraform-artifact
           path: /tmp/

diff --git a/.github/workflows/workflow_start_task.yml b/.github/workflows/workflow_start_task.yml
@@ -30,7 +30,7 @@ jobs:
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Download Terraform Task definition
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2
+        uses: actions/download-artifact@v4.1.8
         with:
           name: terraform-artifact
           path: /tmp/

diff --git a/.github/workflows/workflow_weekly_refresh.yml b/.github/workflows/workflow_weekly_refresh.yml
@@ -127,7 +127,7 @@ jobs:
 
   terraform_account_production:
     name: TF Production - Account
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - slack_msg_production_deploy_begin
       - set_variables
@@ -146,7 +146,7 @@ jobs:
 
   terraform_region_production:
     name: TF Production - Region
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - slack_msg_production_deploy_begin
       - set_variables
@@ -165,7 +165,7 @@ jobs:
 
   terraform_environment_production:
     name: TF Production - Environment
-    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0
     needs:
       - docker_build_scan_push
       - slack_msg_production_deploy_begin
@@ -200,7 +200,7 @@ jobs:
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Download Terraform Task definition
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2
+        uses: actions/download-artifact@v4.1.8
         with:
           name: terraform-artifact
           path: /tmp/

diff --git a/Makefile b/Makefile
@@ -34,15 +34,15 @@ run-front-composer:
 
 .PHONY: run-pdf-composer
 run-pdf-composer:
-	@docker run --rm -v `pwd`/service-pdf/:/app/ composer:${COMPOSER_VERSION} composer install --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs
+	@docker run --rm -v `pwd`/service-pdf/:/app/ composer:${COMPOSER_VERSION} composer update tecnickcom/tcpdf --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs
 
 .PHONY: run-api-composer
 run-api-composer:
 	@docker run --rm -v `pwd`/service-api/:/app/ composer:${COMPOSER_VERSION} composer install --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs
 
 .PHONY: run-admin-composer
 run-admin-composer:
-	@docker run --rm -v `pwd`/service-admin/:/app/ composer:${COMPOSER_VERSION} composer install --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs
+	@docker run --rm -v `pwd`/service-admin/:/app/ composer:${COMPOSER_VERSION} composer update tecnickcom/tcpdf --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs
 
 .PHONY: run-shared-composer
 run-shared-composer:

diff --git a/service-admin/composer.lock b/service-admin/composer.lock