Skip to content

Commit c840185

Browse files
acarriedevacarriedev
authored
Merge pull request #206 from NHSDigital/mesh-2530-dependency-updates
MESH-2530 Address action vulnerability
2 parents b29aa00 + b6395ad commit c840185

File tree

3 files changed

+30
-24
lines changed

3 files changed

+30
-24
lines changed

.github/workflows/pr-lint.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,18 @@ jobs:
55
runs-on: ubuntu-latest
66
steps:
77
- name: Check ticket name conforms to requirements
8-
run: echo ${{ github.event.pull_request.head.ref }} | grep -i -E -q "((apm|mesh|mesh2cloud|spinecore|spii|apmspii|amp)-[0-9]+)|(dependabot\/)"
8+
env:
9+
PR_REF: ${{ github.event.pull_request.head.ref }}
10+
run: |
11+
echo "$PR_REF" | grep -i -E -q "((apm|mesh|mesh2cloud|spinecore|spii|apmspii|amp)-[0-9]+)|(dependabot\/)"
912
1013
- name: Grab ticket name
1114
if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'mesh-') || contains(github.event.pull_request.head.ref, 'MESH-') || contains(github.event.pull_request.head.ref, 'mesh2cloud-') || contains(github.event.pull_request.head.ref, 'MESH2CLOUD-') || contains(github.event.pull_request.head.ref, 'spii-') || contains(github.event.pull_request.head.ref, 'SPII-') || contains(github.event.pull_request.head.ref, 'spinecore-') || contains(github.event.pull_request.head.ref, 'SPINECORE-')
12-
run: echo ::set-env name=TICKET_NAME::$(echo ${{ github.event.pull_request.head.ref }} | grep -i -o '\(\(apm\|mesh\|mesh2cloud\|spinecore\|spii\|apmspii\|amp\)-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')
1315
env:
14-
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
16+
PR_REF: ${{ github.event.pull_request.head.ref }}
17+
run: |
18+
TICKET_NAME=$(echo "$PR_REF" | grep -i -o '\(\(apm\|mesh\|mesh2cloud\|spinecore\|spii\|apmspii\|amp\)-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')
19+
echo "TICKET_NAME=$TICKET_NAME" >> $GITHUB_ENV
1520
1621
- name: Comment on PR
1722
if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'mesh-') || contains(github.event.pull_request.head.ref, 'MESH-') || contains(github.event.pull_request.head.ref, 'mesh2cloud-') || contains(github.event.pull_request.head.ref, 'MESH2CLOUD-') || contains(github.event.pull_request.head.ref, 'spii-') || contains(github.event.pull_request.head.ref, 'SPII-') || contains(github.event.pull_request.head.ref, 'spinecore-') || contains(github.event.pull_request.head.ref, 'SPINECORE-')

poetry.lock

Lines changed: 21 additions & 20 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ gitpython = "^3.1.45"
3131

3232

3333
[tool.poetry.dev-dependencies]
34-
ruff = "^0.9.0"
34+
ruff = "^0.12.10"
3535
black = "^24.4.2"
3636
pip-licenses = "^4.3.3"
3737
jinja2 = "^3.1.6"

0 commit comments

Comments
 (0)