Skip to content
This repository has been archived by the owner on Jun 27, 2024. It is now read-only.

Bump ministryofjustice/github-actions from 9 to 10 #40

Merged
merged 1 commit into from
Jan 12, 2023
Merged

Bump ministryofjustice/github-actions from 9 to 10 #40

merged 1 commit into from
Jan 12, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 11, 2023

Bumps ministryofjustice/github-actions from 9 to 10.

Release notes

Sourced from ministryofjustice/github-actions's releases.

v10

What's Changed

Full Changelog: ministryofjustice/github-actions@v9...v10

Commits
  • 15729e2 Merge pull request #174 from ministryofjustice/feature/bump-debian-version
  • a792de1 Updated debian version for static analysis, removed python version pin
  • 458cb73 Merge pull request #173 from ministryofjustice/dependabot/github_actions/mini...
  • a1b7b3d Bump ministryofjustice/github-actions from 8 to 9
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ministryofjustice/github-actions from 9 to 10
5b0764c 
Bumps [ministryofjustice/github-actions](https://github.com/ministryofjustice/github-actions) from 9 to 10.
- [Release notes](https://github.com/ministryofjustice/github-actions/releases)
- [Commits](ministryofjustice/github-actions@389abf6...15729e2)

---
updated-dependencies:
- dependency-name: ministryofjustice/github-actions
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner January 11, 2023 16:26
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 11, 2023
@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018
  timings
  ──────────────────────────────────────────
  disk i/o             46.499µs
  parsing              723.995µs
  adaptation           353.598µs
  checks               13.488912ms
  total                14.613004ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     13
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              28
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 30, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 110, Failed checks: 2, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: permissions
	File: /.github/workflows/documentation.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: permissions
	File: /.github/workflows/go-terratest.yml:0-1

checkov_exitcode=1

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 12, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@davidkelliott davidkelliott reopened this Jan 12, 2023
@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output 
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018
  timings
  ──────────────────────────────────────────
  disk i/o             59.102µs
  parsing              921.03µs
  adaptation           372.512µs
  checks               21.276789ms
  total                22.629433ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    1
  blocks processed     13
  files read           4

  results
  ──────────────────────────────────────────
  passed               2
  ignored              28
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Failed

Show Output 
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
terraform scan results:

Passed checks: 30, Failed checks: 0, Skipped checks: 0

github_actions scan results:

Passed checks: 110, Failed checks: 2, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: permissions
	File: /.github/workflows/go-terratest.yml:0-1
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: permissions
	File: /.github/workflows/documentation.yml:0-1

checkov_exitcode=1

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

@davidkelliott davidkelliott merged commit 644de51 into main Jan 12, 2023
@davidkelliott davidkelliott deleted the dependabot/github_actions/ministryofjustice/github-actions-10 branch January 12, 2023 15:02
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@davidkelliott davidkelliott davidkelliott approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@davidkelliott