From 51182451da19cdbc7577653baf590155c286780d Mon Sep 17 00:00:00 2001
From: Katherine Chen <katherine.chen@thetradedesk.com>
Date: Thu, 21 Mar 2024 13:15:55 +1100
Subject: [PATCH] Update automatic scan to HIGH level

---
 .github/workflows/build-and-test.yaml          | 2 +-
 .github/workflows/check-stable-dependency.yaml | 2 +-
 .github/workflows/release-docker-image.yaml    | 4 ++--
 .github/workflows/validate-image.yaml          | 8 ++++----
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
index 7d13279..4aad7e5 100644
--- a/.github/workflows/build-and-test.yaml
+++ b/.github/workflows/build-and-test.yaml
@@ -3,5 +3,5 @@ on: [pull_request, push, workflow_dispatch]
 
 jobs:
   build:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@main
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v2
     secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/check-stable-dependency.yaml b/.github/workflows/check-stable-dependency.yaml
index c288be3..8af1681 100644
--- a/.github/workflows/check-stable-dependency.yaml
+++ b/.github/workflows/check-stable-dependency.yaml
@@ -3,5 +3,5 @@ on: [pull_request, workflow_dispatch]
 
 jobs:
   check_dependency:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@main
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v2
     secrets: inherit
diff --git a/.github/workflows/release-docker-image.yaml b/.github/workflows/release-docker-image.yaml
index 2061c40..49f34b6 100644
--- a/.github/workflows/release-docker-image.yaml
+++ b/.github/workflows/release-docker-image.yaml
@@ -36,9 +36,9 @@ on:
         type: string
         default: main
       vulnerability_severity:
-        description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between).
+        description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'HIGH' or 'MEDIUM'].
         type: string
-        default: 'CRITICAL,HIGH'
+        default: 'HIGH'
 
 jobs:
   Image:
diff --git a/.github/workflows/validate-image.yaml b/.github/workflows/validate-image.yaml
index 2e86d1c..f709fbf 100644
--- a/.github/workflows/validate-image.yaml
+++ b/.github/workflows/validate-image.yaml
@@ -5,7 +5,7 @@ on:
       failure_severity:
         description: 'Must be one of CRITICAL, HIGH, MEDIUM'
         required: false
-        default: CRITICAL
+        default: HIGH
       fail_on_error:
         description: 'If true, will fail the build if vulnerabilities are found'
         required: true
@@ -16,14 +16,14 @@ on:
 
 jobs:
   build-publish-docker-default:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@main
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
     with: 
       failure_severity: ${{ inputs.failure_severity || 'CRITICAL'}}
       fail_on_error: ${{ inputs.fail_on_error || true }}
       cloud_provider: 'default'
     secrets: inherit
   build-publish-docker-aws:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@main
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
     with: 
       failure_severity: ${{ inputs.failure_severity || 'CRITICAL'}}
       fail_on_error: ${{ inputs.fail_on_error || true }}
@@ -31,7 +31,7 @@ jobs:
     secrets: inherit
     needs: [build-publish-docker-default]
   build-publish-docker-gcp:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@main
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
     with: 
       failure_severity: ${{ inputs.failure_severity || 'CRITICAL'}}
       fail_on_error: ${{ inputs.fail_on_error || true }}