Update CI/CD (major) (#2188)

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [Gr1N/setup-poetry](https://redirect.github.com/Gr1N/setup-poetry) | action | major | `v8` -> `v9` | | [actions/cache](https://redirect.github.com/actions/cache) | action | major | `v3` -> `v4` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v3` -> `v4` | | [actions/configure-pages](https://redirect.github.com/actions/configure-pages) | action | major | `v2` -> `v5` | | [actions/deploy-pages](https://redirect.github.com/actions/deploy-pages) | action | major | `v1` -> `v4` | | [actions/labeler](https://redirect.github.com/actions/labeler) | action | major | `v4` -> `v5` | | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | major | `v3` -> `v5` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | major | `v3` -> `v4` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | major | `v4` -> `v5` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | major | `v3` -> `v4` | | [actions/upload-pages-artifact](https://redirect.github.com/actions/upload-pages-artifact) | action | major | `v1` -> `v3` | | [anchore/scan-action](https://redirect.github.com/anchore/scan-action) | action | major | `v3` -> `v4` | | [aws-actions/configure-aws-credentials](https://redirect.github.com/aws-actions/configure-aws-credentials) | action | major | `v3` -> `v4` | | [hashicorp/setup-terraform](https://redirect.github.com/hashicorp/setup-terraform) | action | major | `v2` -> `v3` | --- ### Release Notes <details> <summary>Gr1N/setup-poetry (Gr1N/setup-poetry)</summary> ### [`v9`](https://redirect.github.com/Gr1N/setup-poetry/releases/tag/v9) [Compare Source](https://redirect.github.com/Gr1N/setup-poetry/compare/v8...v9) - Action updated to use Node 20 - Support for Python 3.12 - **Breaking Change**, removed support for Python 3.7 </details> <details> <summary>actions/cache (actions/cache)</summary> ### [`v4`](https://redirect.github.com/actions/cache/compare/v3...v4) [Compare Source](https://redirect.github.com/actions/cache/compare/v3...v4) </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://redirect.github.com/actions/checkout/compare/v3...v4) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://redirect.github.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://redirect.github.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://redirect.github.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://redirect.github.com/actions/checkout/pull/1776) </details> <details> <summary>actions/configure-pages (actions/configure-pages)</summary> ### [`v5`](https://redirect.github.com/actions/configure-pages/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/configure-pages/compare/v4...v5) ### [`v4`](https://redirect.github.com/actions/configure-pages/compare/v3...v4) [Compare Source](https://redirect.github.com/actions/configure-pages/compare/v3...v4) ### [`v3`](https://redirect.github.com/actions/configure-pages/compare/v2...v3) [Compare Source](https://redirect.github.com/actions/configure-pages/compare/v2...v3) </details> <details> <summary>actions/deploy-pages (actions/deploy-pages)</summary> ### [`v4`](https://redirect.github.com/actions/deploy-pages/compare/v3...v4) [Compare Source](https://redirect.github.com/actions/deploy-pages/compare/v3...v4) ### [`v3`](https://redirect.github.com/actions/deploy-pages/compare/v2...v3) [Compare Source](https://redirect.github.com/actions/deploy-pages/compare/v2...v3) ### [`v2`](https://redirect.github.com/actions/deploy-pages/compare/v1...v2) [Compare Source](https://redirect.github.com/actions/deploy-pages/compare/v1...v2) </details> <details> <summary>actions/labeler (actions/labeler)</summary> ### [`v5`](https://redirect.github.com/actions/labeler/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/labeler/compare/v4...v5) </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5`](https://redirect.github.com/actions/setup-go/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v4...v5) ### [`v4`](https://redirect.github.com/actions/setup-go/compare/v3...v4) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v3...v4) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4`](https://redirect.github.com/actions/setup-node/compare/v3...v4) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v3...v4) </details> <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v5`](https://redirect.github.com/actions/setup-python/compare/v4...v5) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v4...v5) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4`](https://redirect.github.com/actions/upload-artifact/compare/v3...v4) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v3...v4) </details> <details> <summary>actions/upload-pages-artifact (actions/upload-pages-artifact)</summary> ### [`v3`](https://redirect.github.com/actions/upload-pages-artifact/compare/v2...v3) [Compare Source](https://redirect.github.com/actions/upload-pages-artifact/compare/v2...v3) ### [`v2`](https://redirect.github.com/actions/upload-pages-artifact/compare/v1...v2) [Compare Source](https://redirect.github.com/actions/upload-pages-artifact/compare/v1...v2) </details> <details> <summary>anchore/scan-action (anchore/scan-action)</summary> ### [`v4`](https://redirect.github.com/anchore/scan-action/compare/v3...v4) [Compare Source](https://redirect.github.com/anchore/scan-action/compare/v3...v4) </details> <details> <summary>aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)</summary> ### [`v4`](https://redirect.github.com/aws-actions/configure-aws-credentials/releases/tag/v4) [Compare Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v3...v4) This tag tracks the latest v4.x.x release </details> <details> <summary>hashicorp/setup-terraform (hashicorp/setup-terraform)</summary> ### [`v3`](https://redirect.github.com/hashicorp/setup-terraform/compare/v2...v3) [Compare Source](https://redirect.github.com/hashicorp/setup-terraform/compare/v2...v3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the 2nd and 4th day instance on sunday after 9pm" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/HHS/simpler-grants-gov).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
HHS · Sep 27, 2024 · c397c9e · c397c9e
1 parent ecee322
commit c397c9e
Show file tree

Hide file tree

Showing 23 changed files with 67 additions and 67 deletions.
diff --git a/.github/actions/configure-aws-credentials/action.yml b/.github/actions/configure-aws-credentials/action.yml
@@ -61,7 +61,7 @@ runs:
         echo "AWS_REGION=$AWS_REGION" >> "$GITHUB_ENV"
       shell: bash
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v3
+      uses: aws-actions/configure-aws-credentials@v4
       with:
         role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
         aws-region: ${{ env.AWS_REGION }}
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -42,7 +42,7 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 

diff --git a/.github/workflows/cd-analytics-infra.yml b/.github/workflows/cd-analytics-infra.yml
@@ -20,8 +20,8 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false
@@ -49,8 +49,8 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false

diff --git a/.github/workflows/cd-api-infra.yml b/.github/workflows/cd-api-infra.yml
@@ -20,8 +20,8 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false
@@ -48,8 +48,8 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false

diff --git a/.github/workflows/cd-frontend-infra.yml b/.github/workflows/cd-frontend-infra.yml
@@ -20,8 +20,8 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false
@@ -48,8 +48,8 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false

diff --git a/.github/workflows/cd-storybook.yml b/.github/workflows/cd-storybook.yml
@@ -26,15 +26,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 18
           cache-dependency-path: ./frontend/package-lock.json # or yarn.lock
           cache: npm # or yarn
       - name: Setup Pages
-        uses: actions/configure-pages@v2
+        uses: actions/configure-pages@v5
         id: pages_config
       - name: Install dependencies
         run: npm ci
@@ -43,7 +43,7 @@ jobs:
         run: NEXT_PUBLIC_BASE_PATH=${{ steps.pages_config.outputs.base_path }} npm run storybook-build
         working-directory: ./frontend
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v1
+        uses: actions/upload-pages-artifact@v3
         with:
           path: ./frontend/storybook-static
 
@@ -56,4 +56,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: hosting
-        uses: actions/deploy-pages@v1
+        uses: actions/deploy-pages@v4
diff --git a/.github/workflows/check-infra-auth.yml b/.github/workflows/check-infra-auth.yml
@@ -21,9 +21,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v3
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: ${{ inputs.aws_region }}
           role-to-assume: ${{ inputs.role_to_assume }}

diff --git a/.github/workflows/ci-analytics.yml b/.github/workflows/ci-analytics.yml
@@ -22,13 +22,13 @@ jobs:
       ACTION: show-results # show results, but don't post them to slack
     steps:
       # set up python
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.12"
 
       # install poetry
-      - uses: Gr1N/setup-poetry@v8
+      - uses: Gr1N/setup-poetry@v9
 
       - name: Install analytics package using poetry
         run: make install

diff --git a/.github/workflows/ci-api.yml b/.github/workflows/ci-api.yml
@@ -16,7 +16,7 @@ jobs:
     name: API Lint, Format & Tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Initialize the docker containers
         run: make init

diff --git a/.github/workflows/ci-erd-diagrams.yml b/.github/workflows/ci-erd-diagrams.yml
@@ -25,7 +25,7 @@ jobs:
   update-database-erd:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # Checkout the feature branch associated with the pull request
           ref: ${{ github.head_ref }}

diff --git a/.github/workflows/ci-frontend-a11y.yml b/.github/workflows/ci-frontend-a11y.yml
@@ -67,7 +67,7 @@ jobs:
 
       - name: Upload screenshots to artifacts
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: screenshots
           path: ./frontend/screenshots-output
diff --git a/.github/workflows/ci-frontend-e2e.yml b/.github/workflows/ci-frontend-e2e.yml
@@ -26,10 +26,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: ${{ env.PACKAGE_MANAGER }}
@@ -53,7 +53,7 @@ jobs:
       - name: Run E2E Tests
         run: npm run test:e2e
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: always()
         with:
           name: playwright-report

diff --git a/.github/workflows/ci-frontend.yml b/.github/workflows/ci-frontend.yml
@@ -26,8 +26,8 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache-dependency-path: ${{ env.LOCKFILE_PATH }}
@@ -61,15 +61,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache-dependency-path: ${{ env.LOCKFILE_PATH }}
           cache: ${{ env.PACKAGE_MANAGER }}
 
       # https://nextjs.org/docs/advanced-features/ci-build-caching
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             ~/.npm
@@ -89,8 +89,8 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache-dependency-path: ${{ env.LOCKFILE_PATH }}

diff --git a/.github/workflows/ci-infra.yml b/.github/workflows/ci-infra.yml
@@ -21,7 +21,7 @@ jobs:
     name: Lint GitHub Actions workflows
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Download actionlint
         id: get_actionlint
         run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
@@ -33,15 +33,15 @@ jobs:
     name: Lint scripts
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Shellcheck
         run: make infra-lint-scripts
   check-terraform-format:
     name: Check Terraform format
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false
@@ -53,8 +53,8 @@ jobs:
     name: Validate Terraform modules
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: hashicorp/setup-terraform@v2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false
@@ -64,8 +64,8 @@ jobs:
     name: Check compliance with checkov
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.10"
       - name: Run Checkov check
@@ -88,7 +88,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run tfsec check
         uses: aquasecurity/tfsec-pr-commenter-action@v1.3.1
         with:

diff --git a/.github/workflows/ci-openapi.yml b/.github/workflows/ci-openapi.yml
@@ -24,7 +24,7 @@ jobs:
   update-openapi-docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # Checkout the feature branch associated with the pull request
           ref: ${{ github.head_ref }}

diff --git a/.github/workflows/ci-project-linters.yml b/.github/workflows/ci-project-linters.yml
@@ -18,7 +18,7 @@ jobs:
     env:
       GH_TOKEN: ${{ secrets.GH_TOKEN_PROJECT_ACCESS }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Dry run - Close open issues marked as "Done" in Sprint Board
         run: |

diff --git a/.github/workflows/ci-wiki-links.yml b/.github/workflows/ci-wiki-links.yml
@@ -18,7 +18,7 @@ jobs:
     name: Check wiki links in SUMMARY.md
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Check all wiki files are linked in SUMMARY.md
         run: ./scripts/check-wiki-pages-linked-to-summary.sh
diff --git a/.github/workflows/database-migrations.yml b/.github/workflows/database-migrations.yml
@@ -32,7 +32,7 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Configure AWS credentials
         uses: ./.github/actions/configure-aws-credentials

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -31,7 +31,7 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Configure AWS credentials
         uses: ./.github/actions/configure-aws-credentials

diff --git a/.github/workflows/infra-service.yml b/.github/workflows/infra-service.yml
@@ -18,14 +18,14 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: hashicorp/setup-terraform@v2
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.8.2
           terraform_wrapper: false
 
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v5
         with:
           go-version: ">=1.19.0"
 

diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -20,4 +20,4 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@v4
+    - uses: actions/labeler@v5
diff --git a/.github/workflows/lint-close-done-issues.yml b/.github/workflows/lint-close-done-issues.yml
@@ -16,7 +16,7 @@ jobs:
     env:
       GH_TOKEN: ${{ secrets.GH_TOKEN_PROJECT_ACCESS }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Close open issues marked as "Done" in Sprint Board
         run: |