Merge pull request #8 from cds-snc/repo-sync/site-reliability-engineering/default

chore: synced file(s) with cds-snc/site-reliability-engineering

.github/workflows/backstage-catalog-helper.yml

@@ -25,13 +25,14 @@ jobs:
           app_id: ${{ secrets.SRE_BOT_RW_APP_ID }}
           private_key: ${{ secrets.SRE_BOT_RW_PRIVATE_KEY }}
       - name: Create pull request
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # v7.0.3
         with:
           token: ${{ steps.generate_token.outputs.token}}
-          commit-message: "Add catalog-info.yaml"
+          sign-commits: true
-          branch: "backstage/catalog-info"
+          commit-message: 'Add catalog-info.yaml'
-          title: "Add catalog-info.yaml"
+          branch: 'backstage/catalog-info'
-          body: "Adding a basic catalog-info.yaml to start populating the backstage catalog with your components."
+          title: 'Add catalog-info.yaml'
-          labels: "backstage"
+          body: 'Adding a basic catalog-info.yaml to start populating the backstage catalog with your components.'
+          labels: 'backstage'
           add-paths: |
             catalog-info.yaml

.github/workflows/ossf-scorecard.yml

@@ -25,7 +25,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@fdeb02dc9c3fb721c82a431b2708514aca13dbeb
+        uses: ossf/scorecard-action@6c4912ed9e5f80cfda40164b92753f21f0892cab
         with:
           results_file: ossf-results.json
           results_format: json

.github/workflows/s3-backup.yml

@@ -8,31 +8,32 @@ jobs:
   s3-backup:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0 # retrieve all history
 
-      - name: Configure AWS credentials
+    - name: Checkout
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
+      with:
-          aws-access-key-id: ${{ secrets.AWS_S3_BACKUP_ACCESS_KEY_ID }}
+        fetch-depth: 0 # retrieve all history
-          aws-secret-access-key: ${{ secrets.AWS_S3_BACKUP_SECRET_ACCESS_KEY }}
-          aws-region: ca-central-1
 
-      - name: Create ZIP bundle
+    - name: Configure AWS credentials
-        run: |
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-          ZIP_FILE=`basename ${{ github.repository }}`-`date '+%Y-%m-%d'`.zip
+      with:
-          zip -rq "${ZIP_FILE}" .
+        aws-access-key-id: ${{ secrets.AWS_S3_BACKUP_ACCESS_KEY_ID }}
-          mkdir -p ${{ github.repository }}
+        aws-secret-access-key: ${{ secrets.AWS_S3_BACKUP_SECRET_ACCESS_KEY }}
-          mv "${ZIP_FILE}" ${{ github.repository }}
+        aws-region: ca-central-1
 
-      - name: Upload to S3 bucket
+    - name: Create ZIP bundle
-        run: |
+      run: |
-          aws s3 sync . s3://${{ secrets.AWS_S3_BACKUP_BUCKET }} --exclude='*' --include='${{ github.repository }}/*'
+        ZIP_FILE=`basename ${{ github.repository }}`-`date '+%Y-%m-%d'`.zip
+        zip -rq "${ZIP_FILE}" .
+        mkdir -p ${{ github.repository }}
+        mv "${ZIP_FILE}" ${{ github.repository }}
 
-      - name: Notify Slack channel if this job failed
+    - name: Upload to S3 bucket
-        if: ${{ failure() }}
+      run: |
-        run: |
+        aws s3 sync . s3://${{ secrets.AWS_S3_BACKUP_BUCKET }} --exclude='*' --include='${{ github.repository }}/*'
-          json='{"text":"S3 backup failed in <https://github.com/${{ github.repository }}>!"}'
+
-          curl -X POST -H 'Content-type: application/json' --data "$json"  ${{ secrets.SLACK_NOTIFY_WEBHOOK }}
+    - name: Notify Slack channel if this job failed
+      if: ${{ failure() }}
+      run: |
+        json='{"text":"S3 backup failed in <https://github.com/${{ github.repository }}>!"}'
+        curl -X POST -H 'Content-type: application/json' --data "$json"  ${{ secrets.SLACK_NOTIFY_WEBHOOK }}