From c6c2fabeca5bd4774343bda6ca5c649cfa38e91c Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:43:39 +0100 Subject: [PATCH 1/9] build: update actions/checkout --- .github/actions/publish-image/action.yml | 2 +- .github/workflows/actions.yml | 30 ++++++++++++------------ 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index 1077f23f0..dbec623f4 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -20,7 +20,7 @@ runs: using: 'composite' steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index cb4ea6324..24885d935 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 @@ -45,7 +45,7 @@ jobs: needs: [secret-scan] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache ############################################################################### @@ -57,7 +57,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Install uv @@ -73,7 +73,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Scan for vulnerabilities @@ -90,7 +90,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run linters @@ -107,7 +107,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Check architectural constraints @@ -124,7 +124,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run unit tests @@ -141,7 +141,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run integration tests @@ -158,7 +158,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run system tests @@ -175,7 +175,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run migration tests @@ -192,7 +192,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Evaluate test coverage @@ -209,7 +209,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build main API Docker image run: docker build -t be-main-test -f Dockerfile . @@ -278,7 +278,7 @@ jobs: if: ${{ github.ref == 'refs/heads/main' }} steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build and publish docker image uses: ./.github/actions/publish-image with: @@ -306,7 +306,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build and publish docker image uses: ./.github/actions/publish-image with: @@ -328,7 +328,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Generate ephemeral deployment token id: generate-deployment-token From baef9818aa7e56ebe7badea68c5e64d1292f24a8 Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:49:18 +0100 Subject: [PATCH 2/9] build: update actions/setup-python --- .github/actions/install-cache/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install-cache/action.yml b/.github/actions/install-cache/action.yml index 713064247..fe9f75241 100644 --- a/.github/actions/install-cache/action.yml +++ b/.github/actions/install-cache/action.yml @@ -6,7 +6,7 @@ runs: using: 'composite' steps: - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 - name: Cache dependencies uses: actions/cache@v4 id: cache From e9062a6d2444048eac6181bcde886fda82eff9d3 Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:49:28 +0100 Subject: [PATCH 3/9] build: update actions/cache --- .github/actions/install-cache/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install-cache/action.yml b/.github/actions/install-cache/action.yml index fe9f75241..5aaa05ac9 100644 --- a/.github/actions/install-cache/action.yml +++ b/.github/actions/install-cache/action.yml @@ -8,7 +8,7 @@ runs: - name: Set up Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae id: cache # Using the native `setup-python` `cache` interface only caches dependencies # as opposed to the build itself. From 4cf633b0a417a4bd614e4c763c7c65bb0450258d Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:50:45 +0100 Subject: [PATCH 4/9] build: update docker/setup-qemu-action --- .github/actions/publish-image/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index dbec623f4..49d8e2cd0 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -26,7 +26,7 @@ runs: uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 From f4ff6c3776281285477924e27ae74a6637f0da89 Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:51:20 +0100 Subject: [PATCH 5/9] build: update docker/setup-qemu-action --- .github/actions/publish-image/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index 49d8e2cd0..fbd5d5b9d 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -23,7 +23,7 @@ runs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 From 0e5eca01df159f1d17a2fd8df989f5314c1bb42b Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:52:07 +0100 Subject: [PATCH 6/9] build: update aws-actions/configure-aws-credentials --- .github/actions/publish-image/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index fbd5d5b9d..bff900a1e 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -29,7 +29,7 @@ runs: uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@99214aa6889fcddfa57764031d71add364327e59 with: role-to-assume: ${{ inputs.role-to-assume }} aws-region: ${{ env.AWS_REGION }} From 0a65913ec0962c39f03aa1062408f199ae649638 Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:52:47 +0100 Subject: [PATCH 7/9] build: update aws-actions/amazon-ecr-login --- .github/actions/publish-image/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index bff900a1e..ca17ebe71 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -36,7 +36,7 @@ runs: - name: Login to Amazon ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 - name: Build, tag, and push image to AWS ECR env: From e2da31ebece147cee9e9ce05c4a80fda5b482b38 Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:55:05 +0100 Subject: [PATCH 8/9] build: update astral-sh/setup-uv --- .github/workflows/actions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 24885d935..bb60b62b4 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -61,7 +61,7 @@ jobs: - uses: ./.github/actions/install-cache - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b - name: Scan dependencies run: | From 38d079d579784494002e5a02c6beae8b57a91719 Mon Sep 17 00:00:00 2001 From: Josh Humphries Date: Fri, 29 May 2026 15:56:45 +0100 Subject: [PATCH 9/9] build: update actions/create-github-app-token --- .github/workflows/actions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index bb60b62b4..3ed4cb4d5 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -332,7 +332,7 @@ jobs: - name: Generate ephemeral deployment token id: generate-deployment-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 with: app-id: ${{ secrets.DEPLOYMENT_TOKEN_FACTORY_APP_ID }} private-key: ${{ secrets.DEPLOYMENT_TOKEN_FACTORY_PRIVATE_KEY }}