Skip to content

Commit cf7e25b

Browse files
james-bradley-nhsjames-bradley-nhs
authored
Merge pull request #208 from NHSDigital/mesh-2092-dependabot-combined
MESH-2092 Combined Dependabot PRs
2 parents e518b9d + 7a8df7c commit cf7e25b

5 files changed

Lines changed: 836 additions & 702 deletions

File tree

.github/workflows/merge-develop.yml

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,18 +4,17 @@ on:
44
branches:
55
- develop
66

7-
permissions:
8-
contents: write
9-
checks: write
10-
pull-requests: write
11-
127
jobs:
138
coverage:
149
runs-on: ubuntu-latest
10+
permissions:
11+
contents: write
12+
checks: write
13+
pull-requests: write
1514
if: github.repository == 'NHSDigital/mesh-sandbox' && !contains(github.event.head_commit.message, 'tag release version:')
1615
steps:
1716
- name: checkout
18-
uses: actions/checkout@v5
17+
uses: actions/checkout@v6
1918
with:
2019
fetch-depth: 0
2120

@@ -34,7 +33,7 @@ jobs:
3433
poetry self add "poetry-dynamic-versioning[plugin]"
3534
3635
- name: cache virtualenv
37-
uses: actions/cache@v4
36+
uses: actions/cache@v5
3837
with:
3938
path: |
4039
.venv
@@ -83,7 +82,7 @@ jobs:
8382
if: github.actor != 'dependabot[bot]' && (success() || failure())
8483
run: |
8584
export SONAR_VERSION="4.7.0.2747"
86-
wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
85+
wget -q --max-redirect=0 "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
8786
unzip -q ./sonar-scanner.zip
8887
mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner
8988
scripts/sonar_tests.py
@@ -99,7 +98,7 @@ jobs:
9998

10099
- name: publish junit reports
101100
if: success() || failure()
102-
uses: mikepenz/action-junit-report@3585e9575db828022551b4231f165eb59a0e74e3
101+
uses: mikepenz/action-junit-report@a294a61c909bd8a4b563024a2faa28897fd53ebc
103102
with:
104103
check_name: junit reports
105104
report_paths: reports/junit/*.xml
@@ -110,10 +109,14 @@ jobs:
110109

111110
publish:
112111
runs-on: ubuntu-latest
112+
permissions:
113+
contents: write
114+
checks: write
115+
pull-requests: write
113116
if: github.repository == 'NHSDigital/mesh-sandbox' && github.actor != 'dependabot[bot]' && !contains(github.event.head_commit.message, 'tag release version:')
114117
steps:
115118
- name: checkout
116-
uses: actions/checkout@v5
119+
uses: actions/checkout@v6
117120
with:
118121
fetch-depth: 0
119122

.github/workflows/pull-request.yml

Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,18 +4,17 @@ on:
44
branches:
55
- develop
66

7-
permissions:
8-
contents: write
9-
checks: write
10-
pull-requests: write
11-
127
jobs:
138
coverage:
149
runs-on: ubuntu-latest
10+
permissions:
11+
contents: write
12+
checks: write
13+
pull-requests: write
1514
if: github.repository == 'NHSDigital/mesh-sandbox'
1615
steps:
1716
- name: checkout
18-
uses: actions/checkout@v5
17+
uses: actions/checkout@v6
1918
with:
2019
fetch-depth: 0
2120

@@ -61,7 +60,7 @@ jobs:
6160
poetry self add "poetry-dynamic-versioning[plugin]"
6261
6362
- name: cache virtualenv
64-
uses: actions/cache@v4
63+
uses: actions/cache@v5
6564
with:
6665
path: |
6766
.venv
@@ -113,7 +112,7 @@ jobs:
113112
if: github.actor != 'dependabot[bot]' && (success() || failure())
114113
run: |
115114
export SONAR_VERSION="4.7.0.2747"
116-
wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
115+
wget -q --max-redirect=0 "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
117116
unzip -q ./sonar-scanner.zip
118117
mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner
119118
scripts/sonar_tests.py
@@ -134,14 +133,14 @@ jobs:
134133

135134
- name: archive reports
136135
if: success() || failure()
137-
uses: actions/upload-artifact@v4
136+
uses: actions/upload-artifact@v6
138137
with:
139138
name: reports
140139
path: reports/**/*
141140

142141
- name: publish junit reports
143142
if: success() || failure()
144-
uses: mikepenz/action-junit-report@3585e9575db828022551b4231f165eb59a0e74e3
143+
uses: mikepenz/action-junit-report@a294a61c909bd8a4b563024a2faa28897fd53ebc
145144
with:
146145
check_name: junit reports
147146
report_paths: reports/junit/*.xml
@@ -152,10 +151,14 @@ jobs:
152151

153152
lint:
154153
runs-on: ubuntu-latest
154+
permissions:
155+
contents: write
156+
checks: write
157+
pull-requests: write
155158
if: github.repository == 'NHSDigital/mesh-sandbox'
156159
steps:
157160
- name: checkout
158-
uses: actions/checkout@v5
161+
uses: actions/checkout@v6
159162
with:
160163
fetch-depth: 0
161164

@@ -193,7 +196,7 @@ jobs:
193196
poetry self add "poetry-dynamic-versioning[plugin]"
194197
195198
- name: cache virtualenv
196-
uses: actions/cache@v4
199+
uses: actions/cache@v5
197200
with:
198201
path: |
199202
.venv
@@ -231,13 +234,17 @@ jobs:
231234

232235
publish:
233236
runs-on: ubuntu-latest
237+
permissions:
238+
contents: write
239+
checks: write
240+
pull-requests: write
234241
if: github.repository == 'NHSDigital/mesh-sandbox' && github.actor != 'dependabot[bot]'
235242
needs:
236243
- coverage
237244
- lint
238245
steps:
239246
- name: checkout
240-
uses: actions/checkout@v5
247+
uses: actions/checkout@v6
241248
with:
242249
fetch-depth: 0
243250

@@ -280,7 +287,7 @@ jobs:
280287
poetry self add "poetry-dynamic-versioning[plugin]"
281288
282289
- name: cache virtualenv
283-
uses: actions/cache@v4
290+
uses: actions/cache@v5
284291
with:
285292
path: |
286293
.venv

0 commit comments

Comments
 (0)