Merge branch 'main' into UML-3013-kick-off-one-login-process

ministryofjustice · Oct 30, 2023 · 13d5fa4 · 13d5fa4
2 parents 1a26695 + d402505
commit 13d5fa4
Show file tree

Hide file tree

Showing 22 changed files with 65 additions and 63 deletions.
diff --git a/.github/workflows/_build-and-push.yml b/.github/workflows/_build-and-push.yml
@@ -71,11 +71,11 @@ jobs:
             run_integration_tests: 'false'
             artifact_to_dl: ''
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
 
       - name: cache node modules
         id: cache-npm
-        uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 # [email protected]
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # [email protected]
         env:
           cache-name: cache-node-modules
         with:
@@ -94,7 +94,7 @@ jobs:
           inputs.specific_path == 'all' || inputs.specific_path == matrix.svc_prefix
 
       - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@375a690dc0af3921541e5f427167f333d7e85f67 # [email protected]
+        uses: aws-actions/configure-aws-credentials@e6c766a518826746395987edb73a1a5767d0b602 # [email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
@@ -148,7 +148,7 @@ jobs:
 
       - name: ecr login
         id: login_ecr
-        uses: aws-actions/amazon-ecr-login@b5f9031d829ac39b7fd26092019aeca3ee6b3ebd # [email protected]
+        uses: aws-actions/amazon-ecr-login@f8672cc4c5410eabbb9df3d9bb4c7ad01fc4cc3e # [email protected]
         with:
           registries: 311462405659
         if: |
@@ -214,7 +214,7 @@ jobs:
           (inputs.specific_path == 'all' || inputs.specific_path == matrix.svc_prefix)
 
       - name: archive test results
-        uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 # [email protected]
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # [email protected]
         with:
           name: service-${{ matrix.svc_prefix }}
           path: build/service-${{ matrix.svc_prefix }}

diff --git a/.github/workflows/_codecov.yml b/.github/workflows/_codecov.yml
@@ -15,7 +15,7 @@ jobs:
   code_coverage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
       - name: download artifact for front tests
         uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
         with:

diff --git a/.github/workflows/_ecr-scanning.yml b/.github/workflows/_ecr-scanning.yml
@@ -15,10 +15,10 @@ jobs:
   ecr-scan-results:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
 
       - name: configure AWS credentials ECR scan results
-        uses: aws-actions/configure-aws-credentials@375a690dc0af3921541e5f427167f333d7e85f67 # [email protected]
+        uses: aws-actions/configure-aws-credentials@e6c766a518826746395987edb73a1a5767d0b602 # [email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
@@ -27,7 +27,7 @@ jobs:
           role-session-name: OPGUseAnLPAECRScanGithubAction
 
       - name: install python
-        uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # [email protected]
+        uses: actions/setup-python@e8111cec9d3dc15220d8a3b638f08419f57b906a # [email protected]
         with:
           python-version: '3.10'
           cache: 'pip'

diff --git a/.github/workflows/_lint-terraform.yml b/.github/workflows/_lint-terraform.yml
@@ -20,14 +20,14 @@ jobs:
           - folder: 'environment'
           - folder: 'account'
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
 
       - uses: hashicorp/setup-terraform@8fa54e78fa196965551aa8c4a4eae3aee5568620 # [email protected]
         with:
           terraform_version: 1.5.6
 
       - name: configure AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@375a690dc0af3921541e5f427167f333d7e85f67 # [email protected]
+        uses: aws-actions/configure-aws-credentials@e6c766a518826746395987edb73a1a5767d0b602 # [email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

diff --git a/.github/workflows/_node-build.yml b/.github/workflows/_node-build.yml
@@ -11,13 +11,13 @@ jobs:
   build-web:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
-      - uses: actions/setup-node@869f4dd0c7f320ae834c2724d92a364de3893c24 # [email protected]
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # [email protected]
         with:
           node-version-file: '.nvmrc'
       - name: cache node modules
         id: cache-npm
-        uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 # [email protected]
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # [email protected]
         env:
           cache-name: cache-node-modules
         with:
@@ -33,7 +33,7 @@ jobs:
           cd service-front/web/
           npm run build
       - name: archive dist
-        uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 # [email protected]
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # [email protected]
         with:
           name: dist-web
           path: service-front/web/dist/
diff --git a/.github/workflows/_node-test.yml b/.github/workflows/_node-test.yml
@@ -11,13 +11,13 @@ jobs:
   unit-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
-      - uses: actions/setup-node@869f4dd0c7f320ae834c2724d92a364de3893c24 # [email protected]
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # [email protected]
         with:
           node-version-file: '.nvmrc'
       - name: cache node modules
         id: cache-npm
-        uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146 # [email protected]
+        uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # [email protected]
         env:
           cache-name: cache-node-modules
         with:

diff --git a/.github/workflows/_run-behat-tests.yml b/.github/workflows/_run-behat-tests.yml
@@ -16,10 +16,10 @@ jobs:
   build-web:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
 
       - name: install python
-        uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # [email protected]
+        uses: actions/setup-python@e8111cec9d3dc15220d8a3b638f08419f57b906a # [email protected]
         with:
           python-version: '3.10'
           cache: 'pip'
@@ -51,7 +51,7 @@ jobs:
           path: terraform/environment
 
       - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@375a690dc0af3921541e5f427167f333d7e85f67 # [email protected]
+        uses: aws-actions/configure-aws-credentials@e6c766a518826746395987edb73a1a5767d0b602 # [email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
@@ -86,7 +86,7 @@ jobs:
             vendor/bin/behat
 
       - name: archive failed test screenshots
-        uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 # [email protected]
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # [email protected]
         with:
           name: behat-screenshots
           path: tests/smoke/failed_step_screenshots

diff --git a/.github/workflows/_run-terraform.yml b/.github/workflows/_run-terraform.yml
@@ -58,7 +58,7 @@ jobs:
             echo "admin-tag=$(echo ${TAG})" >> $GITHUB_OUTPUT
           fi
 
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
         with:
           fetch-depth: '0'
 
@@ -69,7 +69,7 @@ jobs:
           terraform_version: 1.5.6
 
       - name: configure AWS credentials for getting pagerduty token
-        uses: aws-actions/configure-aws-credentials@375a690dc0af3921541e5f427167f333d7e85f67 # [email protected]
+        uses: aws-actions/configure-aws-credentials@e6c766a518826746395987edb73a1a5767d0b602 # [email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
@@ -86,7 +86,7 @@ jobs:
           echo TF_VAR_pagerduty_token=$TF_VAR_pagerduty_token >> $GITHUB_ENV
 
       - name: configure AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@375a690dc0af3921541e5f427167f333d7e85f67 # [email protected]
+        uses: aws-actions/configure-aws-credentials@e6c766a518826746395987edb73a1a5767d0b602 # [email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
@@ -145,7 +145,7 @@ jobs:
 
       - name: upload environment cluster config file
         if: inputs.terraform_path == 'environment'
-        uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05 # [email protected]
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # [email protected]
         with:
           name: environment_config_file
           path: terraform/environment/cluster_config.json
diff --git a/.github/workflows/_seed-database.yml b/.github/workflows/_seed-database.yml
@@ -5,12 +5,12 @@ jobs:
   terraform_workflow:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
         with:
           fetch-depth: '0'
 
       - name: configure AWS credentials for terraform
-        uses: aws-actions/configure-aws-credentials@375a690dc0af3921541e5f427167f333d7e85f67 # [email protected]
+        uses: aws-actions/configure-aws-credentials@e6c766a518826746395987edb73a1a5767d0b602 # [email protected]
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
@@ -25,7 +25,7 @@ jobs:
           path: terraform/environment
 
       - name: install python
-        uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # [email protected]
+        uses: actions/setup-python@e8111cec9d3dc15220d8a3b638f08419f57b906a # [email protected]
         with:
           python-version: '3.10'
           cache: 'pip'

diff --git a/.github/workflows/_slack-notification.yml b/.github/workflows/_slack-notification.yml
@@ -24,10 +24,10 @@ jobs:
   send-slack-notification:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
 
       - name: install python
-        uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # [email protected]
+        uses: actions/setup-python@e8111cec9d3dc15220d8a3b638f08419f57b906a # [email protected]
         with:
           python-version: '3.10'
           cache: 'pip'

diff --git a/.github/workflows/path-to-live.yml b/.github/workflows/path-to-live.yml
@@ -31,7 +31,7 @@ jobs:
     outputs:
       short_sha:  ${{ steps.variables.outputs.short_sha }}
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
       - name: extract variables for workflow
         id: variables
         run: |
@@ -79,7 +79,7 @@ jobs:
       - workflow_variables
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
       - name: download artifact for front tests
         uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
         with:
@@ -187,7 +187,7 @@ jobs:
     needs:
       - terraform_apply_production
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
         with:
           fetch-depth: '0'
       - name: download cluster_config

diff --git a/.github/workflows/pull-request-path.yml b/.github/workflows/pull-request-path.yml
@@ -1,4 +1,4 @@
-name: "[Workflow] All branch based pushes"
+name: "[Workflow] PR Environment"
 
 concurrency:
   group: ${{ github.ref }}-${{ github.workflow }}
@@ -8,15 +8,10 @@ defaults:
     shell: bash
 
 on:
-  push:
+  pull_request:
     branches:
-      - '*'              # matches every branch that doesn't contain a '/'
-      - '*/*'            # matches every branch containing a single '/'
-      - '**'             # matches every branch
-      - '!main'          # reverse match main
-      - '!dependabot/**' # reverse match dependabot PRs
-      - 'dependabot/docker/**' # match dependabot PRs that update docker
-      - 'dependabot/pip/**' # match dependabot PRs that update pip
+      - main
+
 
 permissions:
   contents: write
@@ -31,6 +26,9 @@ permissions:
   statuses: none
 
 jobs:
+  workspace_name:
+    uses: ministryofjustice/opg-github-workflows/.github/workflows/data-parse-workspace.yml@383650d409aad063a69ce6cc3a013ac538cc1508
+
   workflow_variables:
     runs-on: ubuntu-latest
     name: output workflow variables
@@ -39,18 +37,18 @@ jobs:
       short_sha:  ${{ steps.variables.outputs.short_sha }}
       specific_path: ${{ steps.variables.outputs.path }}
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
         with:
           fetch-depth: 2
       - name: get changed files in the admin folder
         id: changed-files-admin
-        uses: tj-actions/changed-files@6e4b6b77a3fd4d60bd02608dba69c7eae38a117f
+        uses: tj-actions/changed-files@1864dc5311069c2319e40ddda20ebf24336dcba9
         with:
           files: |
             service-admin/**
       - name: get changed files in the terraform folder
         id: changed-files-terraform
-        uses: tj-actions/changed-files@6e4b6b77a3fd4d60bd02608dba69c7eae38a117f
+        uses: tj-actions/changed-files@1864dc5311069c2319e40ddda20ebf24336dcba9
         with:
           files: |
             terraform/**
@@ -79,8 +77,9 @@ jobs:
     uses: ./.github/workflows/_lint-terraform.yml
     needs:
       - workflow_variables
+      - workspace_name
     with:
-      workspace: ${{ needs.workflow_variables.outputs.parsed_branch }}
+      workspace: ${{ needs.workspace_name.outputs.name }}
     secrets: inherit
     if: |
       always() &&
@@ -148,8 +147,9 @@ jobs:
       - docker_build_scan_push
       - terraform_lint
       - workflow_variables
+      - workspace_name
     with:
-      workspace: ${{ needs.workflow_variables.outputs.parsed_branch }}
+      workspace: ${{ needs.workspace_name.outputs.name }}
       terraform_path: environment
       container_version: ${{ needs.workflow_variables.outputs.parsed_branch }}-${{ needs.workflow_variables.outputs.short_sha }}
       apply: true
@@ -201,8 +201,9 @@ jobs:
     needs:
       - seed_dynamodb
       - workflow_variables
+      - workspace_name
     with:
-      workspace: ${{ needs.workflow_variables.outputs.parsed_branch }}
+      workspace: ${{ needs.workspace_name.outputs.name }}
     secrets: inherit
     if: |
       always() &&
@@ -259,12 +260,13 @@ jobs:
       - ecr_scan_results
       - slack_notify
       - workflow_variables
+      - workspace_name
     steps:
       - name: workflow has ended without issue
         run: |
           echo "${{ needs.workflow_variables.outputs.parsed_branch }} PR environment tested, built and deployed"
           echo "Tag Used: ${{ needs.workflow_variables.outputs.parsed_branch }}-${{ needs.workflow_variables.outputs.short_sha }}"
-          echo "URL: https://${{ needs.workflow_variables.outputs.parsed_branch }}.use-lasting-power-of-attorney.service.gov.uk"
+          echo "URL: https://${{ needs.workspace_name.outputs.name }}.use-lasting-power-of-attorney.service.gov.uk"
     if: |
       always() &&
       needs.ecr_scan_results.result == 'success' &&

diff --git a/.github/workflows/scheduled-codeql-analysis.yml b/.github/workflows/scheduled-codeql-analysis.yml
@@ -30,7 +30,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/scheduled-package-scan.yml b/.github/workflows/scheduled-package-scan.yml
@@ -9,5 +9,5 @@ jobs:
   run:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
       - uses: ministryofjustice/opg-repository-scanner@latest
diff --git a/.github/workflows/scheduled-tfsec.yml b/.github/workflows/scheduled-tfsec.yml
@@ -13,7 +13,7 @@ jobs:
       contents: read
       security-events: write
     steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222 # pin@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
         with:
           persist-credentials: false