diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 8d84b6a..2491920 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -17,7 +17,7 @@ jobs: tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Get asdf version id: asdf-version diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml index d9db5e4..bed95c2 100644 --- a/.github/workflows/quality-checks.yml +++ b/.github/workflows/quality-checks.yml @@ -28,14 +28,14 @@ jobs: quality_checks: runs-on: ubuntu-22.04 steps: - - uses: actions/setup-java@v5 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 if: ${{ inputs.install_java }} with: java-version: "21" distribution: "corretto" - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: ref: ${{ env.BRANCH_NAME }} fetch-depth: 0 @@ -79,7 +79,7 @@ jobs: asdf_version: ${{ inputs.asdfVersion }} - name: Cache asdf - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 with: path: | ~/.asdf @@ -196,10 +196,10 @@ jobs: run: make lint - name: actionlint - uses: raven-actions/actionlint@v2 + uses: raven-actions/actionlint@3a24062651993d40fed1019b58ac6fbdfbf276cc - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 with: ignore_paths: >- *test* @@ -302,9 +302,9 @@ jobs: done - name: Download terraform plans - uses: actions/download-artifact@v5 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: - pattern: '*_terraform_plan' + pattern: "*_terraform_plan" path: terraform_plans/ merge-multiple: true @@ -319,7 +319,7 @@ jobs: ls -l terraform_plans/ echo "terraform_plans_exist=true" >> "$GITHUB_OUTPUT" fi - + - name: Run cfn-guard script for terraform plans if: steps.check_terraform_plans.outputs.terraform_plans_exist == 'true' run: | @@ -343,13 +343,13 @@ jobs: - name: Upload cfn_guard_output if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with: name: cfn_guard_output path: cfn_guard_output - name: Generate and check SBOMs - uses: NHSDigital/eps-action-sbom@main + uses: NHSDigital/eps-action-sbom@efc65411a5d69d617c9ba15d633a18f7b9896859 - name: "check is SONAR_TOKEN exists" env: @@ -362,7 +362,7 @@ jobs: run: mvn sonar:sonar -Dsonar.login=${{ secrets.SONAR_TOKEN }} - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@master + uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 if: ${{ steps.check_java.outputs.uses_java == 'false' && env.SONAR_TOKEN_EXISTS == 'true' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6047db5..98b5e96 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Get asdf version id: asdf-version