Updating versions

ministryofjustice · Dec 9, 2024 · 93b3f15 · 93b3f15
1 parent fc01410
commit 93b3f15
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,19 +1,35 @@
 ## 0.1
+
 First release
 
 ## 0.2
+
 Finessing of workflows - better Sarif file for typescript reports
 
 If no Slack channel is included, no messages will be sent.
 
-
 ## v0.3
+
 Semantic versioning
 
 This also uses inherited secrets in the template workflows to avoid having to add the local secrets to each one.
 
 ## v0.7
+
 Inline python scripts to avoid having to run them locally (benefit: keeps any fixes/improvements inside the shared actions)
 
 ## v0.7.1
-Change to `.github/workflows/security_veracode_policy_scan.yml`. Updated scan identifier string so it now includes the github action ID, github branch, github commit sha. This makes it easier to link the veracode scan results with a commit in the dev portal.
+
+Change to `.github/workflows/security_veracode_policy_scan.yml`. Updated scan identifier string so it now includes the github action ID, github branch, github commit sha. This makes it easier to link the veracode scan results with a commit in the dev portal.
+
+## v1
+
+Initial release
+
+## v2.0.0
+
+Node version for node related tasks now derive versions based on a [version file](https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#node-version-file).
+This defaults to `.nvmrc`.
+
+There is a non-backwards compatible change included in this release which is the removal of the ability to specify a given node version using the `node_version` option. 
+
diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ These workflows are called by other repositories. Templates to call these are in
 Workflows and actions are referred to by the tags associated with the current release, eg:
 
 ```
-    - uses: ministryofjustice/hmpps-github-actions/.github/actions/security_owasp_reports@v1 # WORKFLOW_VERSION
+    - uses: ministryofjustice/hmpps-github-actions/.github/actions/security_owasp_reports@v2 # WORKFLOW_VERSION
 ```
 
 When a new release is issued, all of these referred workflows (as well as the calling ones within applications) will need to be updated as well.

diff --git a/templates/workflows/security_npm_dependency.yml b/templates/workflows/security_npm_dependency.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   security-npm-dependency-check:
     name: Project security npm dependency check
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_npm_dependency.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_npm_dependency.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit
diff --git a/templates/workflows/security_owasp.yml b/templates/workflows/security_owasp.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   security-kotlin-owasp-check:
     name: Kotlin security OWASP dependency check
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_owasp.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_owasp.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}      
     secrets: inherit

diff --git a/templates/workflows/security_trivy.yml b/templates/workflows/security_trivy.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   security-trivy-check:
     name: Project security trivy dependency check
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

diff --git a/templates/workflows/security_veracode_pipeline_scan.yml b/templates/workflows/security_veracode_pipeline_scan.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   security-veracode-pipeline-scan:
     name: Project security veracode pipeline scan
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit
diff --git a/templates/workflows/security_veracode_policy_scan.yml b/templates/workflows/security_veracode_policy_scan.yml
@@ -8,7 +8,7 @@ on:
 jobs:
   security-veracode-policy-check:
     name: Project security veracode policy scan
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit