Merge branch 'main' into fix-3950

ardole · Oct 4, 2024 · 804ffac · 804ffac
2 parents b9877dc + 612651b
commit 804ffac
Show file tree

Hide file tree

Showing 140 changed files with 19,463 additions and 10,661 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -27,16 +27,15 @@ updates:
       octokit:
         patterns:
           - "@octokit/*"
+      aws-powertools:
+        patterns:
+          - "@aws-lambda-powertools/*"
+
     ignore:
-      - dependency-name: "aws-sdk*"
-        update-types: ["version-update:semver-major"]
-      - dependency-name: "aws-lambda-powertools/*"
-        update-types: ["version-update:semver-major"]
       - dependency-name: "@middy/core"
         update-types: ["version-update:semver-major"]
-      - dependency-name: "@@octokit/*"
+      - dependency-name: "@octokit/*"
         update-types: ["version-update:semver-major"]
-      - dependency-name: "@@octokit/rest"
       - dependency-name: "eslint"
         update-types: ["version-update:semver-major"]
     commit-message:

diff --git a/.github/workflows/auto-approve-dependabot.yml b/.github/workflows/auto-approve-dependabot.yml
diff --git a/.github/workflows/lambda.yml b/.github/workflows/lambda.yml
@@ -19,7 +19,7 @@ jobs:
         working-directory: ./lambdas
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.2.0
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Install dependencies
         run: yarn install --frozen-lockfile
       - name: Run prettier
@@ -32,7 +32,7 @@ jobs:
       - name: Build distribution
         run: yarn build
       - name: Upload coverage report
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v31.2
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         if: ${{ failure() }}
         with:
           name: coverage-reports

diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml
@@ -16,7 +16,7 @@ jobs:
     name: Verify packer
     runs-on: ubuntu-latest
     container:
-      image: index.docker.io/hashicorp/packer@sha256:297bbbbbbf3ce9e0431ac1e8f02934b20e1197613f877b55dfdb1ebfd94eb748 # ratchet:index.docker.io/hashicorp/packer:1.8.6
+      image: index.docker.io/hashicorp/packer@sha256:12c441b8a3994e7df9f0e2692d9298f14c387e70bcc06139420977dbf80a137b # 1.11.2
     strategy:
       matrix:
         image: ["linux-al2023", "windows-core-2019", "windows-core-2022", "ubuntu-focal", "ubuntu-jammy", "ubuntu-jammy-arm64"]
@@ -25,7 +25,7 @@ jobs:
         working-directory: images/${{ matrix.image }}
     steps:
       - name: "Checkout"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: packer init
         run: packer init .
       - name: check packer formatting

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,29 +14,28 @@ jobs:
       contents: write
       actions: write
     steps:
-      - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         with:
           node-version: 20
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Build dist
         working-directory: lambdas
         run: yarn install --frozen-lockfile && yarn run test && yarn dist
       - name: Get installation token
-        uses: philips-software/app-token-action@9f5d57062c9f2beaffafaa9a34f66f824ead63a9 # ratchet:philips-software/app-token-action@v2.0.0
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         id: token
         with:
-          app_id: ${{ secrets.FOREST_RELEASER_APP_ID }}
-          app_base64_private_key: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY_BASE64 }}
-          auth_type: installation
+          app-id: ${{ secrets.FOREST_RELEASER_APP_ID }}
+          private-key: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY }}
       - name: Extract branch name
         id: branch
         shell: bash
         run: echo "name=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
       - name: Release
         id: release
-        uses: google-github-actions/release-please-action@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee # ratchet:google-github-actions/release-please-action@v3
+        uses: google-github-actions/release-please-action@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee # v4.1.1
         with:
-          default-branch: ${{ steps.branch.outputs.name }}
+          target-branch: ${{ steps.branch.outputs.name }}
           release-type: terraform-module
           token: ${{ steps.token.outputs.token }}
       - name: Upload Release Asset

diff --git a/.github/workflows/semantic-check.yml b/.github/workflows/semantic-check.yml
@@ -13,8 +13,8 @@ jobs:
     name: Semantic Commit Message Check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # ratchet:amannn/action-semantic-pull-request@v5
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
         name: Check PR for Semantic Commit Message
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -10,7 +10,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # ratchet:actions/stale@v7
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
         with:
           stale-issue-message: >
             This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs.  Thank you for your contributions.

diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -23,7 +23,7 @@ jobs:
       image: hashicorp/terraform:${{ matrix.terraform }}
     steps:
       - name: "Checkout"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: "Fake zip files" # Validate will fail if it cannot find the zip files
         run: |
           touch lambdas/functions/webhook/webhook.zip
@@ -89,7 +89,7 @@ jobs:
     container:
       image: hashicorp/terraform:${{ matrix.terraform }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: terraform init
         run: terraform init -get -backend=false -input=false
       - if: contains(matrix.terraform, '1.3.')
@@ -147,7 +147,7 @@ jobs:
     container:
       image: hashicorp/terraform:${{ matrix.terraform }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: terraform init
         run: terraform init -get -backend=false -input=false
       - if: contains(matrix.terraform, '1.5.')

diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml
@@ -12,37 +12,28 @@ permissions:
 
 jobs:
   docs:
-    # update docs after merge back to develop
     name: Auto update terraform docs
     runs-on: ubuntu-latest
     steps:
-      - uses: philips-software/app-token-action@9f5d57062c9f2beaffafaa9a34f66f824ead63a9 # v2.0.0
-        id: app
-        with:
-          app_id: ${{ vars.FOREST_PR_BOT_APP_ID }}
-          app_base64_private_key: ${{ secrets.FOREST_PR_BOT_APP_KEY_BASE64 }}
-          auth_type: installation
-          org: philips-labs
-
       - name: Checkout with GITHUB Action token
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
-          token: ${{ steps.app.outputs.token }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       # use an app to ensure CI is triggered
       - name: Generate TF docs
         if: github.repository_owner == 'philips-labs'
-        uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # ratchet:terraform-docs/gh-actions@v1.2.0
+        uses: terraform-docs/gh-actions@aeae0038ed47a547e0c0fca5c059d3335f48fb25 # v1.3.0
         with:
           find-dir: .
           git-commit-message: "docs: auto update terraform docs"
           git-push: ${{ github.ref != 'refs/heads/main' || github.repository_owner != 'philips-labs' }}
-          git-push-user-name: forest-pr|bot
-          git-push-user-email: "forest-pr[bot]@users.noreply.github.com"
+          git-push-user-name: philips-labs-pr|bot
+          git-push-user-email: "philips-labs-pr[bot]@users.noreply.github.com"
 
       - name: Generate TF docs (forks)
         if: github.repository_owner != 'philips-labs'
-        uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # ratchet:terraform-docs/gh-actions@v1.2.0
+        uses: terraform-docs/gh-actions@aeae0038ed47a547e0c0fca5c059d3335f48fb25 # v1.3.0
         with:
           find-dir: .
           git-commit-message: "docs: auto update terraform docs"
@@ -51,7 +42,7 @@ jobs:
       # change docs via PR in case of locked main branch
       - name: Create Pull Request (main branch only)
         if: github.ref == 'refs/heads/main' && github.repository_owner == 'philips-labs'
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # ratchet:peter-evans/create-pull-request@v6.1.0
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: "docs: auto update terraform docs"
@@ -65,16 +56,16 @@ jobs:
     needs: [docs]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/checkout@v4
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Configure Git Credentials
         run: |
           git config user.name github-actions[bot]
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
         with:
           python-version: 3.x
       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
-      - uses: actions/cache@v4
+      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           key: mkdocs-material-${{ env.cache_id }}
           path: .cache