diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index d9cf8f1..aa4aa0d 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -19,9 +19,16 @@ jobs: pull-requests: write steps: + - name: Generate token from GitHub App + id: generate-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + with: + client-id: ${{ secrets.SHARED_MERGE_AND_WRITEBACK_APP_ID }} + private-key: ${{ secrets.SHARED_MERGE_AND_WRITEBACK_APP_PRIVATE_KEY }} + - name: Fetch Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 #v3.0.0 + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -34,4 +41,4 @@ jobs: run: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} diff --git a/.github/workflows/merge-develop.yml b/.github/workflows/merge-develop.yml index e15b231..60b9f18 100644 --- a/.github/workflows/merge-develop.yml +++ b/.github/workflows/merge-develop.yml @@ -11,17 +11,17 @@ jobs: if: github.repository == 'NHSDigital/mesh-client' && !contains(github.event.head_commit.message, 'tag release version:') steps: - name: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: setup python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: 'pyproject.toml' - name: setup poetry - uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 + uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4 with: poetry-version: 2.1.3 @@ -50,14 +50,14 @@ jobs: - name: code coverage report if: ${{ github.event_name == 'pull_request' }} - uses: orgoro/coverage@71cf993a407154ad9d8dd027c88a374b0ed002a9 + uses: orgoro/coverage@71cf993a407154ad9d8dd027c88a374b0ed002a9 # v3.3 with: coverageFile: reports/coverage.xml token: ${{ secrets.GITHUB_TOKEN }} thresholdAll: 0.70 - name: setup java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: "corretto" java-version: "17" diff --git a/.github/workflows/merge-release.yml b/.github/workflows/merge-release.yml index 9186967..68850d7 100644 --- a/.github/workflows/merge-release.yml +++ b/.github/workflows/merge-release.yml @@ -11,7 +11,7 @@ jobs: if: github.repository == 'NHSDigital/mesh-client' && github.actor != 'dependabot[bot]' steps: - name: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -21,12 +21,12 @@ jobs: find . -type f | xargs chmod g+w - name: setup python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: 'pyproject.toml' - name: setup poetry - uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 + uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4 with: poetry-version: 2.1.3 @@ -48,7 +48,7 @@ jobs: - name: create release id: create_release - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 continue-on-error: false env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -60,5 +60,3 @@ jobs: uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: password: ${{ secrets.PYPI_TOKEN }} - - diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 10a9f70..a621fd8 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -15,7 +15,7 @@ jobs: if: github.repository == 'NHSDigital/mesh-client' steps: - name: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -41,7 +41,7 @@ jobs: git merge --ff-only "${{ github.event.pull_request.head.sha }}" - name: setup python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} @@ -67,7 +67,7 @@ jobs: if: github.repository == 'NHSDigital/mesh-client' steps: - name: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -96,12 +96,12 @@ jobs: git merge --ff-only "${{ github.event.pull_request.head.sha }}" - name: setup python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: 'pyproject.toml' - name: setup poetry - uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 + uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4 with: poetry-version: 2.1.3 @@ -133,14 +133,14 @@ jobs: - name: code coverage report if: ${{ github.event_name == 'pull_request' }} - uses: orgoro/coverage@71cf993a407154ad9d8dd027c88a374b0ed002a9 + uses: orgoro/coverage@71cf993a407154ad9d8dd027c88a374b0ed002a9 # v3.3 with: coverageFile: reports/coverage.xml token: ${{ secrets.GITHUB_TOKEN }} thresholdAll: 0.70 - name: setup java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: "corretto" java-version: "17" @@ -190,7 +190,7 @@ jobs: if: github.repository == 'NHSDigital/mesh-client' steps: - name: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -211,12 +211,12 @@ jobs: git merge --ff-only "${{ github.event.pull_request.head.sha }}" - name: setup python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: 'pyproject.toml' - name: setup poetry - uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 + uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4 with: poetry-version: 2.1.3 @@ -247,7 +247,7 @@ jobs: run: make mypy - name: shellcheck - uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: ignore_paths: .venv build ignore_names: git-secrets @@ -270,7 +270,7 @@ jobs: - tox steps: - name: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -296,12 +296,12 @@ jobs: git merge --ff-only "${{ github.event.pull_request.head.sha }}" - name: setup python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: 'pyproject.toml' - name: setup poetry - uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 + uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4 with: poetry-version: 2.1.3