cds-snc · bryan-robitaille · Aug 9, 2023 · Aug 9, 2023
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -31,7 +31,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
+        uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -42,7 +42,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
+        uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -56,4 +56,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
+        uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
diff --git a/.github/workflows/docker-vulnerability-scan.yml b/.github/workflows/docker-vulnerability-scan.yml
@@ -14,15 +14,15 @@ jobs:
     steps:
       - name: Configure Staging AWS credentials
         id: aws-form-viewer
-        uses: aws-actions/configure-aws-credentials@3c981da079c1adfee00f5067fc0659875b5c1253
+        uses: aws-actions/configure-aws-credentials@746d33e7c1cc7b6e40a836b0f2ef033136aa6b2a
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ca-central-1
 
       - name: Login to Staging Amazon ECR
         id: login-ecr-staging
-        uses: aws-actions/amazon-ecr-login@cb49db397c8fc9041b3647f3bfc2a31e4ff01e3c
+        uses: aws-actions/amazon-ecr-login@3abf7ae7fae088234d143783a3c4cf47234b2bc6
 
       - name: Docker vulnerability scan
         uses: cds-snc/security-tools/.github/actions/docker-scan@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3

diff --git a/.github/workflows/pr-review-sync-env-vars.yml b/.github/workflows/pr-review-sync-env-vars.yml
@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@3c981da079c1adfee00f5067fc0659875b5c1253
+        uses: aws-actions/configure-aws-credentials@746d33e7c1cc7b6e40a836b0f2ef033136aa6b2a
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

diff --git a/.github/workflows/prod-build-push-container.yml b/.github/workflows/prod-build-push-container.yml
@@ -30,15 +30,15 @@ jobs:
 
       - name: Configure Production AWS credentials
         id: aws-form-viewer
-        uses: aws-actions/configure-aws-credentials@3c981da079c1adfee00f5067fc0659875b5c1253
+        uses: aws-actions/configure-aws-credentials@746d33e7c1cc7b6e40a836b0f2ef033136aa6b2a
         with:
           aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
           aws-region: ca-central-1
 
       - name: Login to Production Amazon ECR
         id: login-ecr-production
-        uses: aws-actions/amazon-ecr-login@cb49db397c8fc9041b3647f3bfc2a31e4ff01e3c
+        uses: aws-actions/amazon-ecr-login@3abf7ae7fae088234d143783a3c4cf47234b2bc6
 
       - name: Tag Images for Production
         env:

diff --git a/.github/workflows/release_generator.yml b/.github/workflows/release_generator.yml
@@ -13,7 +13,7 @@ jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
-      - uses: google-github-actions/release-please-action@8016a6649226f2ec88ed05441c11bb5410a22d29 # v3.7.10
+      - uses: google-github-actions/release-please-action@ca6063f4ed81b55db15b8c42d1b6f7925866342d # v3.7.11
         with:
           command: manifest
           token: ${{secrets.RELEASE_GENERATOR_TOKEN}}

diff --git a/.github/workflows/staging-build-push-container.yml b/.github/workflows/staging-build-push-container.yml
@@ -31,15 +31,15 @@ jobs:
 
       - name: Configure Staging AWS credentials
         id: aws-form-viewer
-        uses: aws-actions/configure-aws-credentials@3c981da079c1adfee00f5067fc0659875b5c1253
+        uses: aws-actions/configure-aws-credentials@746d33e7c1cc7b6e40a836b0f2ef033136aa6b2a
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ca-central-1
 
       - name: Login to Staging Amazon ECR
         id: login-ecr-staging
-        uses: aws-actions/amazon-ecr-login@cb49db397c8fc9041b3647f3bfc2a31e4ff01e3c
+        uses: aws-actions/amazon-ecr-login@3abf7ae7fae088234d143783a3c4cf47234b2bc6
 
       - name: Tag Images for Staging
         env:

diff --git a/.github/workflows/staging-deploy.yml b/.github/workflows/staging-deploy.yml
@@ -26,7 +26,7 @@ jobs:
 
       - name: Configure AWS credentials
         # v1 as of Jan 28 2021
-        uses: aws-actions/configure-aws-credentials@3c981da079c1adfee00f5067fc0659875b5c1253
+        uses: aws-actions/configure-aws-credentials@746d33e7c1cc7b6e40a836b0f2ef033136aa6b2a
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -35,7 +35,7 @@ jobs:
       - name: Login to Amazon ECR
         id: login-ecr
         # v1 as of Jan 28 2021
-        uses: aws-actions/amazon-ecr-login@cb49db397c8fc9041b3647f3bfc2a31e4ff01e3c
+        uses: aws-actions/amazon-ecr-login@3abf7ae7fae088234d143783a3c4cf47234b2bc6
 
       - name: Get Cluster Name
         id: cluster
@@ -51,7 +51,7 @@ jobs:
       - name: Render image for form viewer service
         id: taskdef-form-viewer
         # v1.0.10
-        uses: aws-actions/amazon-ecs-render-task-definition@e052d95da29b1feb39e0eedef1a93c6920dfc0f2
+        uses: aws-actions/amazon-ecs-render-task-definition@02b7050c90d5766ff6f26cacf312523f72e85c01
         with:
           task-definition: form_viewer.json
           container-name: ${{ steps.download-taskdef-form-viewer.outputs.container_name }}
@@ -67,7 +67,7 @@ jobs:
       - name: Deploy image for Form Viewer
         timeout-minutes: 10
         # v1.4.11
-        uses: aws-actions/amazon-ecs-deploy-task-definition@31040ef486f72f9cc8a21d4329deaa4a683c5107
+        uses: aws-actions/amazon-ecs-deploy-task-definition@165127b3a1064a693b930f1b0d2d7f40fca1afec
         with:
           task-definition: ${{ steps.taskdef-form-viewer.outputs.task-definition }}
           service: form-viewer