Skip to content

Commit f55ad3f

Browse files
authored
Merge pull request #2089 from release/2026.07.1
Release 2026.07.1
2 parents 637e872 + 195d7f6 commit f55ad3f

19 files changed

Lines changed: 103 additions & 24 deletions

.github/codeql/codeql-config.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: "Custom CodeQL Config"
2+
3+
# Specify which queries to run
4+
queries:
5+
- uses: security-extended
6+
- uses: security-and-quality
7+
8+
# Paths to exclude from analysis
9+
paths-ignore:
10+
- node_modules
11+
- dist
12+
- build
13+
- coverage
14+
- '**/test_*.py'
15+
16+
17+
# Paths to include in analysis
18+
paths:
19+
- src

.github/dependabot.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,15 @@
11
version: 2
22
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/" # Location of package manifests
5+
schedule:
6+
interval: "weekly"
7+
commit-message:
8+
prefix: "[GHA] Dependabot:"
9+
prefix-development: "[GHA-dev] Dependabot:"
10+
pull-request-branch-name:
11+
separator: "-"
12+
313
- package-ecosystem: "uv"
414
directory: "/"
515
schedule:

.github/workflows/_build.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,12 +55,12 @@ jobs:
5555
image-sha: ${{ steps.sha.outputs.SHORT_SHA }}
5656
steps:
5757
- name: Checkout repository
58-
uses: actions/checkout@v6
58+
uses: actions/checkout@v7
5959
with:
6060
ref: ${{ inputs.git-ref }}
6161

6262
- name: Set up Docker Buildx
63-
uses: docker/setup-buildx-action@v3
63+
uses: docker/setup-buildx-action@v4
6464

6565
- name: configure aws credentials
6666
uses: aws-actions/configure-aws-credentials@v6

.github/workflows/_deploy.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ jobs:
105105
needs:
106106
- deploy
107107
steps:
108-
- uses: actions/checkout@v6
108+
- uses: actions/checkout@v7
109109
- name: "Send Slack message on failure"
110110
uses: rtCamp/action-slack-notify@v2
111111
env:

.github/workflows/_migrations.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ jobs:
108108
needs:
109109
- run-migration
110110
steps:
111-
- uses: actions/checkout@v6
111+
- uses: actions/checkout@v7
112112
- name: "Send Slack message on failure"
113113
uses: rtCamp/action-slack-notify@v2
114114
env:
@@ -124,7 +124,7 @@ jobs:
124124
needs:
125125
- run-migration
126126
steps:
127-
- uses: actions/checkout@v6
127+
- uses: actions/checkout@v7
128128
- name: "Send Slack message on success"
129129
uses: rtCamp/action-slack-notify@v2
130130
env:

.github/workflows/_notify-jira.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
runs-on: ubuntu-latest
2828
steps:
2929
- name: Checkout devops
30-
uses: actions/checkout@v6
30+
uses: actions/checkout@v7
3131
with:
3232
repository: ChildMindInstitute/cmiml-devops
3333
ssh-key: ${{ secrets.devops-repo-key }}

.github/workflows/_uat-jira.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323
runs-on: ubuntu-latest
2424
steps:
2525
- name: Checkout devops
26-
uses: actions/checkout@v6
26+
uses: actions/checkout@v7
2727
with:
2828
repository: ChildMindInstitute/cmiml-devops
2929
ssh-key: ${{ secrets.devops-repo-key }}

.github/workflows/code_quality.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,13 @@ jobs:
44
build:
55
runs-on: ubuntu-latest
66
steps:
7-
- uses: actions/checkout@v6
7+
- uses: actions/checkout@v7
88
with:
99
repository: "awslabs/git-secrets"
1010
ref: "master"
1111
- name: Install git-secrets
1212
run: sudo make install
13-
- uses: actions/checkout@v6
13+
- uses: actions/checkout@v7
1414
- uses: actions/setup-python@v3
1515
with:
1616
python-version: "3.13"

.github/workflows/codeql.yml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
# .github/workflows/codeql.yml
2+
name: "CodeQL"
3+
4+
on:
5+
workflow_dispatch: {}
6+
push:
7+
branches: [ "main", "develop" ]
8+
pull_request:
9+
branches: [ "develop" ]
10+
types: [opened, synchronize, reopened]
11+
# schedule:
12+
# # Run at 2:30 AM UTC every day
13+
# - cron: '30 2 * * *'
14+
15+
jobs:
16+
analyze:
17+
name: Analyze
18+
runs-on: ubuntu-latest
19+
permissions:
20+
actions: read
21+
contents: read
22+
security-events: write
23+
24+
strategy:
25+
fail-fast: false
26+
matrix:
27+
language: [ 'python' ]
28+
# CodeQL supports: 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'
29+
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
30+
31+
steps:
32+
- name: Checkout repository
33+
uses: actions/checkout@v7
34+
35+
- name: Initialize CodeQL
36+
uses: github/codeql-action/init@v3
37+
with:
38+
languages: ${{ matrix.language }}
39+
config-file: ./.github/codeql/codeql-config.yml
40+
# If you wish to specify custom queries, you can do so here or in a config file.
41+
# By default, queries listed here will override any specified in a config file.
42+
# Prefix the list here with "+" to use these queries and those in the config file.
43+
44+
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
45+
# queries: security-extended,security-and-quality
46+
47+
- name: Perform CodeQL Analysis
48+
uses: github/codeql-action/analyze@v3
49+
with:
50+
category: "/language:${{matrix.language}}"

.github/workflows/coverage.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
coverage:
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: actions/checkout@v6
15+
- uses: actions/checkout@v7
1616
- uses: KengoTODA/actions-setup-docker-compose@v1
1717
with:
1818
version: '2.23.3'

0 commit comments

Comments
 (0)