From c661cb214dcfd539a5f32e96abed13c5b845b1bd Mon Sep 17 00:00:00 2001 From: Daphne Gold Date: Wed, 3 Jul 2024 14:38:57 -0700 Subject: [PATCH 1/2] Change checkout@v3 => checkout@v4 --- .github/workflows/check-ci-cd-auth.yml | 2 +- .github/workflows/ci-docs.yml | 7 +++--- .github/workflows/ci-infra-service.yml | 29 ++++++++++------------- .github/workflows/ci-infra.yml | 12 +++++----- .github/workflows/database-migrations.yml | 2 +- .github/workflows/deploy.yml | 2 +- .github/workflows/vulnerability-scans.yml | 8 +++---- 7 files changed, 29 insertions(+), 33 deletions(-) diff --git a/.github/workflows/check-ci-cd-auth.yml b/.github/workflows/check-ci-cd-auth.yml index 58f5f6a5..4a54b9e9 100644 --- a/.github/workflows/check-ci-cd-auth.yml +++ b/.github/workflows/check-ci-cd-auth.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v3 with: diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml index 8ce042be..0a28f1d7 100644 --- a/.github/workflows/ci-docs.yml +++ b/.github/workflows/ci-docs.yml @@ -6,15 +6,14 @@ on: - main pull_request: - jobs: lint-markdown: name: Lint markdown runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 # This is the GitHub Actions-friendly port of the linter used in the Makefile. - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 with: - use-quiet-mode: 'yes' # errors only. - config-file: '.github/workflows/markdownlint-config.json' + use-quiet-mode: "yes" # errors only. + config-file: ".github/workflows/markdownlint-config.json" diff --git a/.github/workflows/ci-infra-service.yml b/.github/workflows/ci-infra-service.yml index 6e3bed7c..9ce6b6fd 100644 --- a/.github/workflows/ci-infra-service.yml +++ b/.github/workflows/ci-infra-service.yml @@ -1,21 +1,18 @@ name: CI Infra Service Checks on: - # !! Uncomment to trigger automated infra tests once dev environment is set up - # push: - # branches: - # - main - # paths: - # - infra/*/service/** - # - infra/modules/** - # - infra/test/** - # - .github/workflows/ci-infra-service.yml - # pull_request: - # paths: - # - infra/*/service/** - # - infra/modules/** - # - infra/test/** - # - .github/workflows/ci-infra-service.yml + push: + branches: + - main + paths: + - infra/*/service/** + - infra/test/** + - .github/workflows/ci-infra-service.yml + pull_request: + paths: + - infra/*/service/** + - infra/test/** + - .github/workflows/ci-infra-service.yml workflow_dispatch: jobs: @@ -28,7 +25,7 @@ jobs: id-token: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v2 with: diff --git a/.github/workflows/ci-infra.yml b/.github/workflows/ci-infra.yml index f7f9a4bf..d9e4698d 100644 --- a/.github/workflows/ci-infra.yml +++ b/.github/workflows/ci-infra.yml @@ -21,7 +21,7 @@ jobs: name: Lint GitHub Actions workflows runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Download actionlint id: get_actionlint run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) @@ -33,14 +33,14 @@ jobs: name: Lint scripts runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Shellcheck run: make infra-lint-scripts check-terraform-format: name: Check Terraform format runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v2 with: terraform_version: 1.8.3 @@ -53,7 +53,7 @@ jobs: name: Validate Terraform modules runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v2 with: terraform_version: 1.8.3 @@ -64,7 +64,7 @@ jobs: name: Check compliance with checkov runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.10" @@ -88,7 +88,7 @@ jobs: pull-requests: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Run tfsec check uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0 with: diff --git a/.github/workflows/database-migrations.yml b/.github/workflows/database-migrations.yml index dc61e264..aa228c72 100644 --- a/.github/workflows/database-migrations.yml +++ b/.github/workflows/database-migrations.yml @@ -31,7 +31,7 @@ jobs: id-token: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Configure AWS credentials uses: ./.github/actions/configure-aws-credentials diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c5b4b6e0..e46b8767 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -31,7 +31,7 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Configure AWS credentials uses: ./.github/actions/configure-aws-credentials diff --git a/.github/workflows/vulnerability-scans.yml b/.github/workflows/vulnerability-scans.yml index 53e5968f..232f34b6 100644 --- a/.github/workflows/vulnerability-scans.yml +++ b/.github/workflows/vulnerability-scans.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 # Scans Dockerfile for any bad practices or issues - name: Scan Dockerfile by hadolint @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build and tag Docker image for scanning id: build-image @@ -67,7 +67,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build and tag Docker image for scanning id: build-image @@ -91,7 +91,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build and tag Docker image for scanning id: build-image From 04a79b53c1d0a050b0841e76564d31cfd26fb89e Mon Sep 17 00:00:00 2001 From: Daphne Gold Date: Wed, 3 Jul 2024 14:56:34 -0700 Subject: [PATCH 2/2] Fix things that shouldn't have been copied over from platform-test, and things that only exist in template-infra --- .github/workflows/ci-infra-service.yml | 27 +++++++++++--------- .github/workflows/template-only-cd.yml | 4 +-- .github/workflows/template-only-ci-app.yml | 2 +- .github/workflows/template-only-ci-infra.yml | 4 +-- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci-infra-service.yml b/.github/workflows/ci-infra-service.yml index 9ce6b6fd..7c486c99 100644 --- a/.github/workflows/ci-infra-service.yml +++ b/.github/workflows/ci-infra-service.yml @@ -1,18 +1,21 @@ name: CI Infra Service Checks on: - push: - branches: - - main - paths: - - infra/*/service/** - - infra/test/** - - .github/workflows/ci-infra-service.yml - pull_request: - paths: - - infra/*/service/** - - infra/test/** - - .github/workflows/ci-infra-service.yml + # !! Uncomment to trigger automated infra tests once dev environment is set up + # push: + # branches: + # - main + # paths: + # - infra/*/service/** + # - infra/modules/** + # - infra/test/** + # - .github/workflows/ci-infra-service.yml + # pull_request: + # paths: + # - infra/*/service/** + # - infra/modules/** + # - infra/test/** + # - .github/workflows/ci-infra-service.yml workflow_dispatch: jobs: diff --git a/.github/workflows/template-only-cd.yml b/.github/workflows/template-only-cd.yml index a00e680a..261a8004 100644 --- a/.github/workflows/template-only-cd.yml +++ b/.github/workflows/template-only-cd.yml @@ -22,11 +22,11 @@ jobs: - navapbc/platform-test-nextjs steps: - name: Checkout template-infra repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: template-infra - name: Checkout project repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: project-repo repository: ${{ matrix.project_repo }} diff --git a/.github/workflows/template-only-ci-app.yml b/.github/workflows/template-only-ci-app.yml index dd2025cf..67f7fe70 100644 --- a/.github/workflows/template-only-ci-app.yml +++ b/.github/workflows/template-only-ci-app.yml @@ -19,6 +19,6 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Run build run: make release-build diff --git a/.github/workflows/template-only-ci-infra.yml b/.github/workflows/template-only-ci-infra.yml index 37bf248d..d8538bdd 100644 --- a/.github/workflows/template-only-ci-infra.yml +++ b/.github/workflows/template-only-ci-infra.yml @@ -24,7 +24,7 @@ jobs: name: Lint template scripts runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Shellcheck run: make -f template-only.mak lint-template-scripts test: @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: hashicorp/setup-terraform@v2 with: terraform_version: 1.8.3