diff --git a/.github/workflows/check_rds_cluster_update.yml b/.github/workflows/check_rds_cluster_update.yml index db256e39e..43a80ec93 100644 --- a/.github/workflows/check_rds_cluster_update.yml +++ b/.github/workflows/check_rds_cluster_update.yml @@ -18,10 +18,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: arn:aws:iam::239043911459:role/notification-terraform-apply role-session-name: RDSClusterUpdateCheck diff --git a/.github/workflows/terraform_static_analysis.yml b/.github/workflows/terraform_static_analysis.yml index d179ccbd1..a3b2e6763 100644 --- a/.github/workflows/terraform_static_analysis.yml +++ b/.github/workflows/terraform_static_analysis.yml @@ -29,6 +29,6 @@ jobs: config_file: ./aws/.checkov.yml - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@dc021d495cb77b369e4d9d04a501700fd83b8c51 # v2.24.0 with: sarif_file: results.sarif diff --git a/.github/workflows/terragrunt_plan_production.yml b/.github/workflows/terragrunt_plan_production.yml index af7893d54..50a015668 100644 --- a/.github/workflows/terragrunt_plan_production.yml +++ b/.github/workflows/terragrunt_plan_production.yml @@ -72,7 +72,7 @@ jobs: echo "INFRASTRUCTURE_VERSION=$INFRASTRUCTURE_VERSION" >> $GITHUB_ENV - name: Terragrunt plan common - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/common" comment-delete: "true" @@ -81,7 +81,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ECR - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/ecr" comment-delete: "true" @@ -90,7 +90,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ses_receiving_emails - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/ses_receiving_emails" comment-delete: "true" @@ -99,7 +99,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ses_to_sqs_email_callbacks - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/ses_to_sqs_email_callbacks" comment-delete: "true" @@ -108,7 +108,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan sns_to_sqs_sms_callbacks - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/sns_to_sqs_sms_callbacks" comment-delete: "true" @@ -117,7 +117,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan dns - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/dns" comment-delete: "true" @@ -126,7 +126,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan ses_validation_dns_entries - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/ses_validation_dns_entries" comment-delete: "true" @@ -135,7 +135,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan eks - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/eks" comment-delete: "true" @@ -144,7 +144,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan elasticache - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/elasticache" comment-delete: "true" @@ -153,7 +153,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan rds - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/rds" comment-delete: "true" @@ -162,7 +162,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan cloudfront - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/cloudfront" comment-delete: "true" @@ -171,7 +171,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan lambda-api - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/lambda-api" comment-delete: "true" @@ -180,7 +180,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan heartbeat - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/heartbeat" comment-delete: "true" @@ -189,7 +189,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan database-tools - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/database-tools" comment-delete: "true" @@ -198,7 +198,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan quicksight - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/quicksight" comment-delete: "true" @@ -207,7 +207,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan lambda-google-cidr - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/lambda-google-cidr" comment-delete: "true" @@ -216,7 +216,7 @@ jobs: terragrunt: "true" - name: Terragrunt plan system_status - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/system_status" comment-delete: "true" @@ -226,7 +226,7 @@ jobs: skip-conftest: "true" - name: Terragrunt plan system_status_static_site - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/production/system_status_static_site" comment-delete: "true" diff --git a/.github/workflows/terragrunt_plan_staging.yml b/.github/workflows/terragrunt_plan_staging.yml index 9bc0cccee..5343dc4fd 100644 --- a/.github/workflows/terragrunt_plan_staging.yml +++ b/.github/workflows/terragrunt_plan_staging.yml @@ -73,7 +73,7 @@ jobs: TERRAGRUNT_VERSION: 0.44.4 TF_SUMMARIZE_VERSION: 0.2.3 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@7267a8516b6f92bdb098633497bad573efdbf271 # v2.12.0 id: filter with: filters: | @@ -143,7 +143,7 @@ jobs: - name: Terragrunt plan common if: ${{ steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/common" comment-delete: "true" @@ -153,7 +153,7 @@ jobs: - name: Terragrunt plan ECR if: ${{ steps.filter.outputs.ecr == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/ecr" comment-delete: "true" @@ -163,7 +163,7 @@ jobs: - name: Terragrunt plan ses_receiving_emails if: ${{ steps.filter.outputs.ses_receiving_emails == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/ses_receiving_emails" comment-delete: "true" @@ -173,7 +173,7 @@ jobs: - name: Terragrunt plan dns if: ${{ steps.filter.outputs.dns == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/dns" comment-delete: "true" @@ -183,7 +183,7 @@ jobs: - name: Terragrunt plan ses_validation_dns_entries if: ${{ steps.filter.outputs.ses_validation_dns_entries == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/ses_validation_dns_entries" comment-delete: "true" @@ -193,7 +193,7 @@ jobs: - name: Terragrunt plan eks if: ${{ steps.filter.outputs.eks == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/eks" comment-delete: "true" @@ -203,7 +203,7 @@ jobs: - name: Terragrunt plan elasticache if: ${{ steps.filter.outputs.elasticache == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/elasticache" comment-delete: "true" @@ -213,7 +213,7 @@ jobs: - name: Terragrunt plan rds if: ${{ steps.filter.outputs.rds == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/rds" comment-delete: "true" @@ -223,7 +223,7 @@ jobs: - name: Terragrunt plan cloudfront if: ${{ steps.filter.outputs.cloudfront == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/cloudfront" comment-delete: "true" @@ -233,7 +233,7 @@ jobs: - name: Terragrunt plan lambda-api if: ${{ steps.filter.outputs.lambda-api == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/lambda-api" comment-delete: "true" @@ -243,7 +243,7 @@ jobs: - name: Terragrunt plan lambda-admin-pr if: ${{ steps.filter.outputs.lambda-admin-pr == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/lambda-admin-pr" comment-delete: "true" @@ -253,7 +253,7 @@ jobs: - name: Terragrunt plan performance-test if: ${{ steps.filter.outputs.performance-test == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/performance-test" comment-delete: "true" @@ -263,7 +263,7 @@ jobs: - name: Terragrunt plan heartbeat if: ${{ steps.filter.outputs.heartbeat == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/heartbeat" comment-delete: "true" @@ -273,7 +273,7 @@ jobs: - name: Terragrunt plan database-tools if: ${{ steps.filter.outputs.database-tools == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/database-tools" comment-delete: "true" @@ -283,7 +283,7 @@ jobs: - name: Terragrunt plan quicksight if: ${{ steps.filter.outputs.quicksight == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/quicksight" comment-delete: "true" @@ -293,7 +293,7 @@ jobs: - name: Terragrunt plan lambda-google-cidr if: ${{ steps.filter.outputs.lambda-google-cidr == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/lambda-google-cidr" comment-delete: "true" @@ -303,7 +303,7 @@ jobs: - name: Terragrunt plan ses_to_sqs_email_callbacks if: ${{ steps.filter.outputs.ses_to_sqs_email_callbacks == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/ses_to_sqs_email_callbacks" comment-delete: "true" @@ -313,7 +313,7 @@ jobs: - name: Terragrunt plan sns_to_sqs_sms_callbacks if: ${{ steps.filter.outputs.sns_to_sqs_sms_callbacks == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/sns_to_sqs_sms_callbacks" comment-delete: "true" @@ -323,7 +323,7 @@ jobs: - name: Terragrunt plan system_status if: ${{ steps.filter.outputs.system_status == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/system_status" comment-delete: "true" @@ -333,7 +333,7 @@ jobs: - name: Terragrunt plan aws/system_status_static_site if: ${{ steps.filter.outputs.system_status_static_site == 'true' || steps.filter.outputs.common == 'true' }} - uses: cds-snc/terraform-plan@v3 + uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0 with: directory: "env/staging/system_status_static_site" comment-delete: "true"