From c94b4e14a39f9ea4e6552b27c31c45092b1d9b57 Mon Sep 17 00:00:00 2001 From: MEspositoE14s <133133846+MEspositoE14s@users.noreply.github.com> Date: Tue, 21 Apr 2026 14:52:23 -0400 Subject: [PATCH 1/7] Bump broken-link-check GHA --- .github/workflows/broken-link-check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index b84e2dbe..c6477eaa 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -13,14 +13,14 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.3.0 - name: "Check for broken links" - uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1 + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0 id: lychee with: jobSummary: true args: --no-progress --accept '200..=299, 401, 403, 405' . - name: "Send Slack alert" if: ${{ failure() }} - uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: method: chat.postMessage token: ${{ secrets.SLACK_BOT_TOKEN }} From 25ff66a40d7c148c419f514e03305746e1ed32f3 Mon Sep 17 00:00:00 2001 From: MEspositoE14s <133133846+MEspositoE14s@users.noreply.github.com> Date: Tue, 21 Apr 2026 16:11:30 -0400 Subject: [PATCH 2/7] Pull in main --- .github/workflows/broken-link-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index c6477eaa..3b259574 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -13,7 +13,7 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.3.0 - name: "Check for broken links" - uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0 + uses: lycheeverse/82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1 id: lychee with: jobSummary: true From db7e31751831c5f64c1b79cc8ea4cb4d39598ec0 Mon Sep 17 00:00:00 2001 From: MEspositoE14s <133133846+MEspositoE14s@users.noreply.github.com> Date: Tue, 21 Apr 2026 16:13:24 -0400 Subject: [PATCH 3/7] Typo in broken-link-check.yml --- .github/workflows/broken-link-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index 3b259574..191501a4 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -13,7 +13,7 @@ jobs: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.3.0 - name: "Check for broken links" - uses: lycheeverse/82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1 + uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1 id: lychee with: jobSummary: true From c6fb094cca8de3095a45d833bb91fc09df437e65 Mon Sep 17 00:00:00 2001 From: MEspositoE14s <133133846+MEspositoE14s@users.noreply.github.com> Date: Tue, 21 Apr 2026 16:16:55 -0400 Subject: [PATCH 4/7] Bump check_508_compliance.yml GHA --- .github/workflows/check_508_compliance.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check_508_compliance.yml b/.github/workflows/check_508_compliance.yml index b7063f00..f016df60 100644 --- a/.github/workflows/check_508_compliance.yml +++ b/.github/workflows/check_508_compliance.yml @@ -35,7 +35,7 @@ jobs: TARGETS_TO_SCAN="${TARGETS_TO_SCAN} ${TARGET_BASE_URL}/docsV2.html" TARGETS_TO_SCAN="${TARGETS_TO_SCAN} ${TARGET_BASE_URL}/updates.html" docker run --init --rm --cap-add=SYS_ADMIN mcp/puppeteer:latest@sha256:11bacd79778b42ebe041a9e2fc18a8c3500bf1362e5bca5bf2ae9dd011be5847 $TARGETS_TO_SCAN - - uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 + - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 name: Slack Success with: method: chat.postMessage @@ -48,7 +48,7 @@ jobs: text: "SUCCESS: <${{ github.server_url}}/${{ github.repository}}/actions/runs/${{ github.run_id }}|Static Site 508 Compliance> completed against `${{ steps.target-base.outputs.TARGET_BASE_URL }}`" mrkdown_in: - text - - uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 + - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 name: Slack failure if: ${{ failure() }} with: From 9187e4bf586027ef80fcbd5d8eab9bf0fce3a42f Mon Sep 17 00:00:00 2001 From: MEspositoE14s <133133846+MEspositoE14s@users.noreply.github.com> Date: Tue, 21 Apr 2026 16:21:23 -0400 Subject: [PATCH 5/7] Add text param to Slack call in check_508_compliance.yml --- .github/workflows/check_508_compliance.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check_508_compliance.yml b/.github/workflows/check_508_compliance.yml index f016df60..f27b6a69 100644 --- a/.github/workflows/check_508_compliance.yml +++ b/.github/workflows/check_508_compliance.yml @@ -48,6 +48,7 @@ jobs: text: "SUCCESS: <${{ github.server_url}}/${{ github.repository}}/actions/runs/${{ github.run_id }}|Static Site 508 Compliance> completed against `${{ steps.target-base.outputs.TARGET_BASE_URL }}`" mrkdown_in: - text + text: "Static site 508 compliance check successful" - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 name: Slack failure if: ${{ failure() }} @@ -62,3 +63,4 @@ jobs: text: "FAILURE: <${{ github.server_url}}/${{ github.repository}}/actions/runs/${{ github.run_id }}|Static Site 508 Compliance> completed against `${{ steps.target-base.outputs.TARGET_BASE_URL }}`" mrkdown_in: - text + text: "Static site 508 compliance check failed" From 9f135c6b16507b2b24b520192f76fdf244fa2705 Mon Sep 17 00:00:00 2001 From: MEspositoE14s <133133846+MEspositoE14s@users.noreply.github.com> Date: Tue, 21 Apr 2026 16:27:39 -0400 Subject: [PATCH 6/7] Bump Node GHA in ci-workflow.yml --- .github/workflows/ci-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml index a876eb8c..aa3f735f 100644 --- a/.github/workflows/ci-workflow.yml +++ b/.github/workflows/ci-workflow.yml @@ -45,7 +45,7 @@ jobs: with: node-version: 24 - name: Run quality gate scan - uses: sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 + uses: sonarsource/sonarqube-scan-action@299e4b793aaa83bf2aba7c9c14bedbb485688ec4 # 7.1.0 with: args: -Dsonar.projectKey=bcda-dpc-static-site From 3172155a15f4c827127d0877cb0c0c3a754e4f2c Mon Sep 17 00:00:00 2001 From: MEspositoE14s <133133846+MEspositoE14s@users.noreply.github.com> Date: Tue, 21 Apr 2026 16:32:54 -0400 Subject: [PATCH 7/7] Bump GHA in deploy.yml --- .github/workflows/deploy.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f1279e0e..ece7ce00 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -93,7 +93,7 @@ jobs: - name: Run quality gate scan if: ${{ inputs.env == 'stage' }} - uses: sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 + uses: sonarsource/sonarqube-scan-action@299e4b793aaa83bf2aba7c9c14bedbb485688ec4 # 7.1.0 with: args: -Dsonar.projectKey=bcda-dpc-static-site @@ -103,6 +103,7 @@ jobs: -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }} -Dsonar.qualitygate.wait=true -Dsonar.ci.autoconfig.disabled=true + -Dsonar.branch.target=${{ github.base_ref }} - name: "Sync _site" run: aws s3 sync _site/ s3://"$TARGET_BUCKET"/ $(["${{ inputs.target_environment }}" == 'prod'] && echo "--delete") @@ -118,7 +119,7 @@ jobs: DISTRIBUTION_ID=`aws cloudfront list-distributions --query "DistributionList.Items[].{Id:Id, OriginId: Origins.Items[0].Id}[?OriginId=='$TARGET_BUCKET'].Id" --output text` aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths '/*' - - uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 + - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 name: Slack Success with: method: chat.postMessage @@ -131,8 +132,9 @@ jobs: text: "SUCCESS: <${{ github.server_url}}/${{ github.repository}}/actions/runs/${{ github.run_id }}|static site version> `${{ inputs.static_repo_ref }}` deployed to ${{ inputs.env }} environment." mrkdown_in: - text + text: "SUCCESS: <${{ github.server_url}}/${{ github.repository}}/actions/runs/${{ github.run_id }}|static site version> `${{ inputs.static_repo_ref }}` deployed to ${{ inputs.env }} environment." - - uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 + - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 name: Slack failure if: ${{ failure() }} with: @@ -146,3 +148,4 @@ jobs: text: "FAILURE: <${{ github.server_url}}/${{ github.repository}}/actions/runs/${{ github.run_id }}|static site version> `${{ inputs.static_repo_ref }}` deployed to ${{ inputs.env }} environment." mrkdown_in: - text + text: "FAILURE: <${{ github.server_url}}/${{ github.repository}}/actions/runs/${{ github.run_id }}|static site version> `${{ inputs.static_repo_ref }}` deployed to ${{ inputs.env }} environment."