Update Workflows

Update actions to the latest versions.
Format documents.

Author: elliot-huffman

.github/workflows/Deploy.yml

@@ -42,7 +42,7 @@ jobs:
     runs-on: ubuntu-latest
 
     # Require the test step to complete before creating the artifact
-    needs: [ Test-Unit, Test-Lint ]
+    needs: [Test-Unit, Test-Lint]
 
     # Sets the scopes available to the github_token injected to the GH Actions runner
     permissions:
@@ -58,7 +58,7 @@ jobs:
 
       # Set up NodeJS on the build host with caching support to optimize execution
       - name: Setup Node.JS Runtime
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: 22
           cache: npm
@@ -78,7 +78,7 @@ jobs:
 
       # Create an attestation for the compiled package and upload it to the internal system for health tracking
       - name: Attest Compiled Package
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-path: package.zip
 
@@ -116,7 +116,7 @@ jobs:
     steps:
       # Set up NodeJS on the build host with caching support to optimize execution
       - name: Set up Node.JS Runtime
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: 22
           registry-url: https://registry.npmjs.org

.github/workflows/Security-AdvancedSecretScan.yml

@@ -3,81 +3,81 @@ name: Static Analysis - Advanced Secret Scan
 
 # When this workflow triggers
 on:
-    # Allows you to run this workflow manually from the Actions tab
-    workflow_dispatch:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
-    # Allow this workflow to be called from another workflow
-    workflow_call:
+  # Allow this workflow to be called from another workflow
+  workflow_call:
 
-    # Run the unit tests on every change
-    push:
-        branches: [ main ]
-    pull_request:
-        branches: [ main ]
+  # Run the unit tests on every change
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 # Define each session of execution that should be executed
 jobs:
-    SecretScan:
-        # Display name of the job
-        name: Scan for Secrets
+  SecretScan:
+    # Display name of the job
+    name: Scan for Secrets
 
-        # Operating system filter for the runners
-        runs-on: ubuntu-latest
+    # Operating system filter for the runners
+    runs-on: ubuntu-latest
 
-        # Sets the scopes available to the github_token injected to the GH Actions runner
-        permissions:
-            contents: read
+    # Sets the scopes available to the github_token injected to the GH Actions runner
+    permissions:
+      contents: read
 
-        steps:
-            # Calculate the depth and branch for checkout optimization
-            - name: Calculate Checkout Depth and Branch
-              shell: bash
-              env:
-                # Untrusted inputs passed via env (no use inside the run script of ${{ }}).
-                UNTRUST_PR_REF: ${{ github.event.pull_request.head.ref }}
-                UNTRUST_PR_COMMITS_COUNT: ${{ github.event.pull_request.commits }}
-                UNTRUST_PUSH_COMMIT_LIST_JSON: ${{ toJson(github.event.commits) }}
-              run: |
-                # Exit on error (-e), treat unset variables as errors (-u), and fail on pipeline errors (-o pipefail)
-                set -euo pipefail
+    steps:
+      # Calculate the depth and branch for checkout optimization
+      - name: Calculate Checkout Depth and Branch
+        shell: bash
+        env:
+          # Untrusted inputs passed via env (no use inside the run script of ${{ }}).
+          UNTRUST_PR_REF: ${{ github.event.pull_request.head.ref }}
+          UNTRUST_PR_COMMITS_COUNT: ${{ github.event.pull_request.commits }}
+          UNTRUST_PUSH_COMMIT_LIST_JSON: ${{ toJson(github.event.commits) }}
+        run: |
+          # Exit on error (-e), treat unset variables as errors (-u), and fail on pipeline errors (-o pipefail)
+          set -euo pipefail
 
-                # If this run was triggered by a push event
-                if [ "$GITHUB_EVENT_NAME" = "push" ]; then
-                  # Count how many commits are in the push event using jq (a JSON parser)
-                  raw_depth=$(printf '%s' "$UNTRUST_PUSH_COMMIT_LIST_JSON" | jq 'length')
-                  # Make sure the depth is a valid number; if not, default to 0
-                  if ! [[ "$raw_depth" =~ ^[0-9]+$ ]]; then raw_depth=0; fi
-                  # Add a small buffer (+2) so we have enough history for scanning
-                  depth=$(( raw_depth + 2 ))
-                  # Save the computed depth into the GitHub Actions environment for later steps
-                  printf 'depth=%s\n' "$depth" | tr -d '\n\r' >> "$GITHUB_ENV"
-                  # Use the branch name from the push event, cleaned of any stray characters
-                  safe_branch=$(printf '%s' "$GITHUB_REF_NAME" | tr -d '\n\r')
-                  # Save the branch name into the environment for later steps
-                  printf 'branch=%s\n' "$safe_branch" >> "$GITHUB_ENV"
-                elif [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then
-                  # Read the number of commits in the PR; default to 0 if missing
-                  pr_commits="${UNTRUST_PR_COMMITS_COUNT:-0}"
-                  # Validate that the commit count is a number; if not, set to 0
-                  if ! [[ "$pr_commits" =~ ^[0-9]+$ ]]; then pr_commits=0; fi
-                  # Add a small buffer (+2) so we have enough history for scanning
-                  depth=$(( pr_commits + 2 ))
-                  # Use the incoming PR branch name, cleaned of any stray characters
-                  safe_branch=$(printf '%s' "$UNTRUST_PR_REF" | tr -d '\n\r')
-                  # Save the computed depth into the environment for later steps
-                  printf 'depth=%s\n' "$depth" | tr -d '\n\r' >> "$GITHUB_ENV"
-                  # Save the branch name into the environment for later steps
-                  printf 'branch=%s\n' "$safe_branch" >> "$GITHUB_ENV"
-                fi
+          # If this run was triggered by a push event
+          if [ "$GITHUB_EVENT_NAME" = "push" ]; then
+            # Count how many commits are in the push event using jq (a JSON parser)
+            raw_depth=$(printf '%s' "$UNTRUST_PUSH_COMMIT_LIST_JSON" | jq 'length')
+            # Make sure the depth is a valid number; if not, default to 0
+            if ! [[ "$raw_depth" =~ ^[0-9]+$ ]]; then raw_depth=0; fi
+            # Add a small buffer (+2) so we have enough history for scanning
+            depth=$(( raw_depth + 2 ))
+            # Save the computed depth into the GitHub Actions environment for later steps
+            printf 'depth=%s\n' "$depth" | tr -d '\n\r' >> "$GITHUB_ENV"
+            # Use the branch name from the push event, cleaned of any stray characters
+            safe_branch=$(printf '%s' "$GITHUB_REF_NAME" | tr -d '\n\r')
+            # Save the branch name into the environment for later steps
+            printf 'branch=%s\n' "$safe_branch" >> "$GITHUB_ENV"
+          elif [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then
+            # Read the number of commits in the PR; default to 0 if missing
+            pr_commits="${UNTRUST_PR_COMMITS_COUNT:-0}"
+            # Validate that the commit count is a number; if not, set to 0
+            if ! [[ "$pr_commits" =~ ^[0-9]+$ ]]; then pr_commits=0; fi
+            # Add a small buffer (+2) so we have enough history for scanning
+            depth=$(( pr_commits + 2 ))
+            # Use the incoming PR branch name, cleaned of any stray characters
+            safe_branch=$(printf '%s' "$UNTRUST_PR_REF" | tr -d '\n\r')
+            # Save the computed depth into the environment for later steps
+            printf 'depth=%s\n' "$depth" | tr -d '\n\r' >> "$GITHUB_ENV"
+            # Save the branch name into the environment for later steps
+            printf 'branch=%s\n' "$safe_branch" >> "$GITHUB_ENV"
+          fi
 
-            # Downloads the repo at the specified depth calculated previously
-            - uses: actions/checkout@v5
-              with:
-                ref: ${{env.branch}}
-                fetch-depth: ${{env.depth}}
+      # Downloads the repo at the specified depth calculated previously
+      - uses: actions/checkout@v5
+        with:
+          ref: ${{env.branch}}
+          fetch-depth: ${{env.depth}}
 
-            # Run TruffleHog Scan against the downloaded repo
-            - name: Scan for Secrets
-              uses: trufflesecurity/trufflehog@0f58ae7c5036094a1e3e750d18772af92821b503
-              with:
-                extra_args: --results=verified,unknown
+      # Run TruffleHog Scan against the downloaded repo
+      - name: Scan for Secrets
+        uses: trufflesecurity/trufflehog@ad6fc8fb446b8fafbf7ea8193d2d6bfd42f45690
+        with:
+          extra_args: --results=verified,unknown

.github/workflows/Test-Build.yml

@@ -3,48 +3,48 @@ name: Dynamic Analysis - Build Project
 
 # When this workflow triggers
 on:
-    # Allows you to run this workflow manually from the Actions tab
-    workflow_dispatch:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
-    # Allow this workflow to be called from another workflow
-    workflow_call:
+  # Allow this workflow to be called from another workflow
+  workflow_call:
 
-    # Run the linting checks on every change
-    push:
-        branches: [ main ]
-    pull_request:
-        branches: [ main ]
+  # Run the linting checks on every change
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 # Define each session of execution that should be executed
 jobs:
-    Build:
-        # Display name of the job
-        name: Test Build Project
-
-        # Operating system filter for the runners
-        runs-on: ubuntu-latest
-
-        # Sets the scopes available to the github_token injected to the GH Actions runner
-        permissions:
-          contents: read
-
-        # Set of execution steps to perform
-        steps:
-            # Checks-out your repository under $GITHUB_WORKSPACE
-            - uses: actions/checkout@v5
-
-            # Set up NodeJS on the build host
-            - name: Setup Node.JS Environment
-              uses: actions/setup-node@v4
-              with:
-                node-version: 22
-                cache: npm
-                cache-dependency-path: package-lock.json
-
-            # Install all of the dependencies
-            - name: Install All of the Project Dependencies
-              run: npm install
-
-            # Compile the Typescript files to JS
-            - name: Build Server
-              run: npm run-script build:Dev
+  Build:
+    # Display name of the job
+    name: Test Build Project
+
+    # Operating system filter for the runners
+    runs-on: ubuntu-latest
+
+    # Sets the scopes available to the github_token injected to the GH Actions runner
+    permissions:
+      contents: read
+
+    # Set of execution steps to perform
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE
+      - uses: actions/checkout@v5
+
+      # Set up NodeJS on the build host
+      - name: Setup Node.JS Environment
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      # Install all of the dependencies
+      - name: Install All of the Project Dependencies
+        run: npm install
+
+      # Compile the Typescript files to JS
+      - name: Build Server
+        run: npm run-script build:Dev

.github/workflows/Test-Lint.yml

@@ -3,52 +3,52 @@ name: Static Analysis - Lint
 
 # When this workflow triggers
 on:
-    # Allows this workflow to be manually run
-    workflow_dispatch:
+  # Allows this workflow to be manually run
+  workflow_dispatch:
 
-    # Allow this workflow to be called from another workflow
-    workflow_call:
+  # Allow this workflow to be called from another workflow
+  workflow_call:
 
-    # Run the linting checks on every change
-    push:
-        branches: [ main ]
-    pull_request:
-        branches: [ main ]
+  # Run the linting checks on every change
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 # Define each session of execution that should be executed
 jobs:
-    Lint:
-        # Display name of the job
-        name: Lint
-
-        # Operating system filter for the runners
-        runs-on: ubuntu-latest
-
-        # Sets the scopes available to the github_token injected to the GH Actions runner
-        permissions:
-          contents: read
-
-        # Set of steps to run to lint the project
-        steps:
-            # Checks-out your repository under $GITHUB_WORKSPACE
-            - uses: actions/checkout@v5
-
-            # Set up NodeJS on the build host
-            - name: Setup Node.js environment
-              uses: actions/setup-node@v4
-              with:
-                node-version: 22
-                cache: npm
-                cache-dependency-path: package-lock.json
-
-            # Install all of the dependencies
-            - name: Install All of the Project Dependencies
-              run: npm install
-
-            # Compile the Typescript files to JS
-            - name: Build Project
-              run: npm run-script build:Dev
-
-            # Lint the Source code to ensure project standardization and best practices
-            - name: Lint Source Code
-              run: npm run-script lint
+  Lint:
+    # Display name of the job
+    name: Lint
+
+    # Operating system filter for the runners
+    runs-on: ubuntu-latest
+
+    # Sets the scopes available to the github_token injected to the GH Actions runner
+    permissions:
+      contents: read
+
+    # Set of steps to run to lint the project
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE
+      - uses: actions/checkout@v5
+
+      # Set up NodeJS on the build host
+      - name: Setup Node.js environment
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      # Install all of the dependencies
+      - name: Install All of the Project Dependencies
+        run: npm install
+
+      # Compile the Typescript files to JS
+      - name: Build Project
+        run: npm run-script build:Dev
+
+      # Lint the Source code to ensure project standardization and best practices
+      - name: Lint Source Code
+        run: npm run-script lint