From 029063f43b57c31c354631ec32bf8abc9a129cbb Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Wed, 28 Aug 2024 09:17:19 +0100 Subject: [PATCH 1/6] Create dependabot.yml (#1737) --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..d4aa2a75d8 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 + +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" From 6f9977aa31f988436bd28dc6ad8f444b8a6dc4ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Aug 2024 09:23:16 +0100 Subject: [PATCH 2/6] Bump ossf/scorecard-action from 2.3.1 to 2.4.0 (#1742) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3be0fd2175..0b7add848a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif From 5e9ac5a5e75224779f49bd61efbdea3a70d7078d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Aug 2024 09:30:05 +0100 Subject: [PATCH 3/6] Bump azure/login from 1 to 2 (#1739) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/update-alz-tools.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-alz-tools.yml b/.github/workflows/update-alz-tools.yml index 35fb0b6426..a3f2979434 100644 --- a/.github/workflows/update-alz-tools.yml +++ b/.github/workflows/update-alz-tools.yml @@ -47,7 +47,7 @@ jobs: git config --global user.email "$github_email" - name: Azure login - uses: azure/login@v1 + uses: azure/login@v2 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} From d8d28c1629559e3a07de0fc32485cac904304c2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Aug 2024 09:40:04 +0100 Subject: [PATCH 4/6] Bump azure/powershell from 1 to 2 (#1741) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com> --- .github/workflows/test-portal.yml | 18 +++++++++--------- .github/workflows/update-alz-tools.yml | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/test-portal.yml b/.github/workflows/test-portal.yml index 527cb34412..755b700cbd 100644 --- a/.github/workflows/test-portal.yml +++ b/.github/workflows/test-portal.yml @@ -75,7 +75,7 @@ jobs: run: env | sort - name: List available pwsh modules - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: Get-Module -ListAvailable azPSVersion: "latest" @@ -89,7 +89,7 @@ jobs: enable-AzPSSession: true - name: Register subscriptions - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: | ./src/scripts/Invoke-ActionRegisterSubscriptions.ps1 @@ -99,14 +99,14 @@ jobs: BILLING_SCOPE: ${{ secrets.BILLING_SCOPE }} - name: Pre-process subscriptions - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: ./src/scripts/Invoke-ActionRemoveOrphanedRBAC.ps1 azPSVersion: "latest" - name: Generate eslzArm configuration id: config - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: | ./src/scripts/Invoke-ActionGenerateEslzArmConfig.ps1 @@ -116,19 +116,19 @@ jobs: DEPLOYMENT_LOCATION: ${{ secrets.DEPLOYMENT_LOCATION }} - name: Run eslzArm deployment (TEST) - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1 -Test azPSVersion: "latest" - name: Run eslzArm deployment (WHAT IF) - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1 -WhatIf azPSVersion: "latest" - name: Run eslzArm deployment (DEPLOY) - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1 azPSVersion: "latest" @@ -140,7 +140,7 @@ jobs: Update-AzConfig -DisplayBreakingChangeWarning $false - name: Pester Test for Policies - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: ./.github/actions-pester/PTF-TestPolicies.ps1 azPSVersion: "latest" @@ -150,7 +150,7 @@ jobs: TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - name: Run eslzArm deployment (DESTROY) - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: ./src/scripts/Invoke-ActionRunEslzArmDeployment.ps1 -Destroy azPSVersion: "9.4.0" diff --git a/.github/workflows/update-alz-tools.yml b/.github/workflows/update-alz-tools.yml index a3f2979434..7de40f70c9 100644 --- a/.github/workflows/update-alz-tools.yml +++ b/.github/workflows/update-alz-tools.yml @@ -71,7 +71,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.github_token }} - name: Update ProviderApiVersions - uses: azure/powershell@v1 + uses: azure/powershell@v2 with: inlineScript: src/Alz.Tools/scripts/Update-ProviderApiVersionsZip.ps1 azPSVersion: "latest" From 35a92d00dbb4a43afd55c165aa2befd0b306bf87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Aug 2024 09:50:46 +0100 Subject: [PATCH 5/6] Bump actions/upload-artifact from 3.pre.node20 to 4.3.6 (#1738) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0b7add848a..5212ec9ee0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif From 7f977fa621cc6c3602608a37e5c74b7c385be0ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Aug 2024 10:01:56 +0100 Subject: [PATCH 6/6] Bump actions/checkout from 3 to 4 (#1740) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/code-review.yml | 2 +- .github/workflows/gh-ado-sync.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/test-portal.yml | 2 +- .github/workflows/unit-test-policies.yml | 2 +- .github/workflows/update-alz-tools.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml index baeb83d33e..7766d5ce3d 100644 --- a/.github/workflows/code-review.yml +++ b/.github/workflows/code-review.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/gh-ado-sync.yml b/.github/workflows/gh-ado-sync.yml index 69268db91a..898f2eff8d 100644 --- a/.github/workflows/gh-ado-sync.yml +++ b/.github/workflows/gh-ado-sync.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5212ec9ee0..d3a4d62964 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 # v4.1.1 with: persist-credentials: false diff --git a/.github/workflows/test-portal.yml b/.github/workflows/test-portal.yml index 755b700cbd..f855e3feaf 100644 --- a/.github/workflows/test-portal.yml +++ b/.github/workflows/test-portal.yml @@ -65,7 +65,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/unit-test-policies.yml b/.github/workflows/unit-test-policies.yml index 6a8320a630..fc1c5fc7f1 100644 --- a/.github/workflows/unit-test-policies.yml +++ b/.github/workflows/unit-test-policies.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} diff --git a/.github/workflows/update-alz-tools.yml b/.github/workflows/update-alz-tools.yml index 7de40f70c9..eb62900c3b 100644 --- a/.github/workflows/update-alz-tools.yml +++ b/.github/workflows/update-alz-tools.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0