From 581664db8fd58e5b985be73243bf89540e153492 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 07:01:02 +0000 Subject: [PATCH 1/3] Renovate update Github Actions --- .github/workflows/analysis-trivy.yml | 4 ++-- .../workflows/workflow_destroy_on_merge.yml | 2 +- .github/workflows/workflow_path_to_live.yml | 12 ++++++------ .github/workflows/workflow_pr.yml | 18 +++++++++--------- .github/workflows/workflow_weekly_refresh.yml | 6 +++--- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/analysis-trivy.yml b/.github/workflows/analysis-trivy.yml index 33348710b6..0b603201c1 100644 --- a/.github/workflows/analysis-trivy.yml +++ b/.github/workflows/analysis-trivy.yml @@ -56,13 +56,13 @@ jobs: - name: ecr login id: login_ecr - uses: aws-actions/amazon-ecr-login@292c88581676a2a6d95f1312c0517f24577eca53 # pin@v1.5.1 + uses: aws-actions/amazon-ecr-login@21a7588699d87a47d51abd55e077cb0fcf66fe7c # pin@v1.5.1 with: registries: 311462405659 - name: Run Trivy vulnerability scanner for Code if: steps.filter.outputs.check == 'true' - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 + uses: aquasecurity/trivy-action@a11da62073708815958ea6d84f5650c78a3ef85b env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TRIVY_DB_REPOSITORY: ${{ steps.login_ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2 diff --git a/.github/workflows/workflow_destroy_on_merge.yml b/.github/workflows/workflow_destroy_on_merge.yml index 02f1ac961a..8b1c1776ba 100644 --- a/.github/workflows/workflow_destroy_on_merge.yml +++ b/.github/workflows/workflow_destroy_on_merge.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Set safe branch name id: safe_branch_name - uses: ministryofjustice/opg-github-actions/.github/actions/branch-name@v3.1.0 + uses: ministryofjustice/opg-github-actions/.github/actions/branch-name@v3.1.1 if: github.event.pull_request.merged == true cleanup_workspace: diff --git a/.github/workflows/workflow_path_to_live.yml b/.github/workflows/workflow_path_to_live.yml index e89040dbbb..ee082ab26b 100644 --- a/.github/workflows/workflow_path_to_live.yml +++ b/.github/workflows/workflow_path_to_live.yml @@ -89,7 +89,7 @@ jobs: name: TF Preproduction - Account needs: - set_variables - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 with: terraform_version: ${{ needs.set_variables.outputs.account_terraform_version }} terraform_workspace: preproduction @@ -105,7 +105,7 @@ jobs: terraform_region_preproduction: name: TF Preproduction - Region - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - set_variables with: @@ -123,7 +123,7 @@ jobs: terraform_environment_preproduction: name: TF Preproduction - Environment - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 with: terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} terraform_workspace: preproduction @@ -323,7 +323,7 @@ jobs: terraform_account_production: name: TF Production - Account - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - slack_msg_production_deploy_begin - set_variables @@ -342,7 +342,7 @@ jobs: terraform_region_production: name: TF Production - Region - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - slack_msg_production_deploy_begin - set_variables @@ -361,7 +361,7 @@ jobs: terraform_environment_production: name: TF Production - Environment - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 with: terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }} terraform_workspace: production diff --git a/.github/workflows/workflow_pr.yml b/.github/workflows/workflow_pr.yml index 675cb2005a..7306531d68 100644 --- a/.github/workflows/workflow_pr.yml +++ b/.github/workflows/workflow_pr.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Set safe branch name id: safe_branch_name - uses: ministryofjustice/opg-github-actions/.github/actions/branch-name@v3.1.0 + uses: ministryofjustice/opg-github-actions/.github/actions/branch-name@v3.1.1 - name: Set workspace name id: set_workspace_name @@ -77,7 +77,7 @@ jobs: name: TF - Lint needs: - workflow_variables - uses: ministryofjustice/opg-github-workflows/.github/workflows/linting-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/linting-infrastructure-terraform.yml@v3.5.0 with: terraform_version: ${{ needs.workflow_variables.outputs.environment_terraform_version }} @@ -97,7 +97,7 @@ jobs: terraform_account_development: name: TF Development - Account - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - terraform_lint - workflow_variables @@ -118,7 +118,7 @@ jobs: terraform_region_development: name: TF Development - Region - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - terraform_lint - workflow_variables @@ -139,7 +139,7 @@ jobs: terraform_email_development: name: TF Development - Email - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - terraform_lint - workflow_variables @@ -160,7 +160,7 @@ jobs: terraform_environment_development: name: TF Development - Environment - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - docker_build_scan_push - phpunit_tests @@ -188,7 +188,7 @@ jobs: terraform_account_preproduction: name: TF Preproduction Plan - Account - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - workflow_variables - terraform_lint @@ -209,7 +209,7 @@ jobs: terraform_region_preproduction: name: TF Preproduction Plan - Region - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - workflow_variables - terraform_lint @@ -230,7 +230,7 @@ jobs: terraform_environment_preproduction: name: TF Preproduction Plan - Environment - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - workflow_variables - terraform_lint diff --git a/.github/workflows/workflow_weekly_refresh.yml b/.github/workflows/workflow_weekly_refresh.yml index a60c140517..0496cc3836 100644 --- a/.github/workflows/workflow_weekly_refresh.yml +++ b/.github/workflows/workflow_weekly_refresh.yml @@ -127,7 +127,7 @@ jobs: terraform_account_production: name: TF Production - Account - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - slack_msg_production_deploy_begin - set_variables @@ -146,7 +146,7 @@ jobs: terraform_region_production: name: TF Production - Region - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - slack_msg_production_deploy_begin - set_variables @@ -165,7 +165,7 @@ jobs: terraform_environment_production: name: TF Production - Environment - uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0 + uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.5.0 needs: - docker_build_scan_push - slack_msg_production_deploy_begin From 10cde9ad80f5c8c721d6d361d3ad95fb014db666 Mon Sep 17 00:00:00 2001 From: Nick Davis Date: Mon, 3 Feb 2025 09:57:06 +0000 Subject: [PATCH 2/3] upgrade upload and download artifact to specific version --- .github/workflows/cypress_tests.yml | 4 ++-- .github/workflows/locust_tests.yml | 2 +- .github/workflows/phpunit.yml | 4 ++-- .github/workflows/workflow_path_to_live.yml | 4 ++-- .github/workflows/workflow_pr.yml | 2 +- .github/workflows/workflow_start_task.yml | 2 +- .github/workflows/workflow_weekly_refresh.yml | 2 +- Makefile | 4 ++-- service-admin/composer.lock | 2 +- 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cypress_tests.yml b/.github/workflows/cypress_tests.yml index e0e3022911..f11ac83206 100644 --- a/.github/workflows/cypress_tests.yml +++ b/.github/workflows/cypress_tests.yml @@ -57,7 +57,7 @@ jobs: pip install -r scripts/pipeline/ci_ingress/requirements.txt - name: Download Terraform Task definition - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 + uses: actions/download-artifact@v4.1.8 with: name: terraform-artifact path: /tmp/ @@ -106,7 +106,7 @@ jobs: - name: Upload Screenshot Artifact if: failure() - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 + uses: actions/upload-artifact@v4.6.0 with: name: cypress-screenshots path: cypress/screenshots/ diff --git a/.github/workflows/locust_tests.yml b/.github/workflows/locust_tests.yml index d0193b0324..dc47c35cae 100644 --- a/.github/workflows/locust_tests.yml +++ b/.github/workflows/locust_tests.yml @@ -49,7 +49,7 @@ jobs: pip install -r scripts/pipeline/ci_ingress/requirements.txt - name: Download Terraform Task definition - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 + uses: actions/download-artifact@v4.1.8 with: name: terraform-artifact path: /tmp/ diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index e56e4aa4a3..315dbc11e4 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -58,7 +58,7 @@ jobs: - name: Check coverage run: php ../scripts/pipeline/php_coverage/check_coverage.php ./coverage-xml/index.xml ${{ matrix.scan.minCoverage }} - name: Upload Coverage Artifacts - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 + uses: actions/upload-artifact@v4.6.0 with: name: coverage-html path: ${{ matrix.scan.path }}/coverage-html/ @@ -104,7 +104,7 @@ jobs: - name: Check coverage run: php ../scripts/pipeline/php_coverage/check_coverage.php ./coverage-xml/index.xml ${{ matrix.scan.minCoverage }} - name: Upload Coverage Artifacts - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 + uses: actions/upload-artifact@v4.6.0 with: name: coverage-html path: ${{ matrix.scan.path }}/coverage-html/ diff --git a/.github/workflows/workflow_path_to_live.yml b/.github/workflows/workflow_path_to_live.yml index ee082ab26b..56868b1fb8 100644 --- a/.github/workflows/workflow_path_to_live.yml +++ b/.github/workflows/workflow_path_to_live.yml @@ -166,7 +166,7 @@ jobs: uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Download Terraform Task definition - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 + uses: actions/download-artifact@v4.1.8 with: name: terraform-artifact path: /tmp/ @@ -395,7 +395,7 @@ jobs: uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Download Terraform Task definition - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 + uses: actions/download-artifact@v4.1.8 with: name: terraform-artifact path: /tmp/ diff --git a/.github/workflows/workflow_pr.yml b/.github/workflows/workflow_pr.yml index 7306531d68..074a8bf120 100644 --- a/.github/workflows/workflow_pr.yml +++ b/.github/workflows/workflow_pr.yml @@ -275,7 +275,7 @@ jobs: uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Download Terraform Task definition - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 + uses: actions/download-artifact@v4.1.8 with: name: terraform-artifact path: /tmp/ diff --git a/.github/workflows/workflow_start_task.yml b/.github/workflows/workflow_start_task.yml index 10ae5133a7..3e2e2e3a35 100644 --- a/.github/workflows/workflow_start_task.yml +++ b/.github/workflows/workflow_start_task.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Download Terraform Task definition - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 + uses: actions/download-artifact@v4.1.8 with: name: terraform-artifact path: /tmp/ diff --git a/.github/workflows/workflow_weekly_refresh.yml b/.github/workflows/workflow_weekly_refresh.yml index 0496cc3836..90662e2717 100644 --- a/.github/workflows/workflow_weekly_refresh.yml +++ b/.github/workflows/workflow_weekly_refresh.yml @@ -200,7 +200,7 @@ jobs: uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Download Terraform Task definition - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # tag=v3.0.2 + uses: actions/download-artifact@v4.1.8 with: name: terraform-artifact path: /tmp/ diff --git a/Makefile b/Makefile index 9f08ec1090..ff0cbfa114 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ run-front-composer: .PHONY: run-pdf-composer run-pdf-composer: - @docker run --rm -v `pwd`/service-pdf/:/app/ composer:${COMPOSER_VERSION} composer install --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs + @docker run --rm -v `pwd`/service-pdf/:/app/ composer:${COMPOSER_VERSION} composer update tecnickcom/tcpdf --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs .PHONY: run-api-composer run-api-composer: @@ -42,7 +42,7 @@ run-api-composer: .PHONY: run-admin-composer run-admin-composer: - @docker run --rm -v `pwd`/service-admin/:/app/ composer:${COMPOSER_VERSION} composer install --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs + @docker run --rm -v `pwd`/service-admin/:/app/ composer:${COMPOSER_VERSION} composer update tecnickcom/tcpdf --prefer-dist --no-interaction --no-scripts --ignore-platform-reqs .PHONY: run-shared-composer run-shared-composer: diff --git a/service-admin/composer.lock b/service-admin/composer.lock index d2f5cb208f..ac33495297 100644 --- a/service-admin/composer.lock +++ b/service-admin/composer.lock @@ -9212,5 +9212,5 @@ "php": ">=8.2 <8.3.0" }, "platform-dev": [], - "plugin-api-version": "2.6.0" + "plugin-api-version": "2.3.0" } From a99c48bd2c1d88377a63830a7eb934c17c69bac9 Mon Sep 17 00:00:00 2001 From: Nick Davis Date: Mon, 3 Feb 2025 10:49:37 +0000 Subject: [PATCH 3/3] disable upload-artifact until can get a more satifactory solution --- .github/workflows/cypress_tests.yml | 13 +++++++------ .github/workflows/phpunit.yml | 22 ++++++++++++---------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cypress_tests.yml b/.github/workflows/cypress_tests.yml index f11ac83206..8c79415166 100644 --- a/.github/workflows/cypress_tests.yml +++ b/.github/workflows/cypress_tests.yml @@ -104,12 +104,13 @@ jobs: npm install . ./cypress/cypress_start.sh - - name: Upload Screenshot Artifact - if: failure() - uses: actions/upload-artifact@v4.6.0 - with: - name: cypress-screenshots - path: cypress/screenshots/ + # Note - V 3 of upload-artifact is deprecated but V 4 disallows uploading artifact of the same name. Commented for now but needs rework + #- name: Upload Screenshot Artifact + # if: failure() + # uses: actions/upload-artifact@v4.6.0 + # with: + # name: cypress-screenshots + # path: cypress/screenshots/ - name: Configure AWS Credentials if: always() diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index 315dbc11e4..8df4663a4b 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -57,11 +57,12 @@ jobs: run: XDEBUG_MODE=coverage php ./vendor/bin/phpunit --coverage-html ./coverage-html --coverage-xml ./coverage-xml - name: Check coverage run: php ../scripts/pipeline/php_coverage/check_coverage.php ./coverage-xml/index.xml ${{ matrix.scan.minCoverage }} - - name: Upload Coverage Artifacts - uses: actions/upload-artifact@v4.6.0 - with: - name: coverage-html - path: ${{ matrix.scan.path }}/coverage-html/ + # Note - V 3 of upload-artifact is deprecated but V 4 disallows uploading artifact of the same name. Commented for now but needs rework + #- name: Upload Coverage Artifacts + # uses: actions/upload-artifact@v4.6.0 + # with: + # name: coverage-html + # path: ${{ matrix.scan.path }}/coverage-html/ phpunit_all_services: name: phpunit runs-on: ubuntu-latest @@ -103,8 +104,9 @@ jobs: run: XDEBUG_MODE=coverage php ./vendor/bin/phpunit --coverage-html ./coverage-html --coverage-xml ./coverage-xml - name: Check coverage run: php ../scripts/pipeline/php_coverage/check_coverage.php ./coverage-xml/index.xml ${{ matrix.scan.minCoverage }} - - name: Upload Coverage Artifacts - uses: actions/upload-artifact@v4.6.0 - with: - name: coverage-html - path: ${{ matrix.scan.path }}/coverage-html/ + # Note - V 3 of upload-artifact is deprecated but V 4 disallows uploading artifact of the same name. Commented for now but needs rework + #- name: Upload Coverage Artifacts + # uses: actions/upload-artifact@v4.6.0 + # with: + # name: coverage-html + # path: ${{ matrix.scan.path }}/coverage-html/