From 3daecb1b1c4b729402d710f912dfc65935a81ce2 Mon Sep 17 00:00:00 2001 From: Giovanni Fertuso <44156864+Giovanni007@users.noreply.github.com> Date: Mon, 27 Nov 2023 10:58:24 +0000 Subject: [PATCH] [AAE-18117] Use SHA for GitHub actions (#9113) * AAE-18117 - Add pre-checks job * AAE-18117 - Use pinned SHA * AAE-18117 - Update dependabot.yml --- .github/actions/artifact-append/action.yml | 6 +- .github/actions/artifact-extract/action.yml | 4 +- .../actions/artifact-initialize/action.yml | 4 +- .github/actions/e2e/action.yml | 2 +- .github/actions/setup/action.yml | 8 +-- .github/actions/slack-group-area/action.yml | 2 +- .github/dependabot.yml | 67 ++++++++++++++++++- .github/workflows/codeql-analysis.yml | 8 +-- .github/workflows/cron-e2e.yml | 2 +- .github/workflows/git-tag.yml | 4 +- .github/workflows/package_dispatch.yml | 2 +- .github/workflows/pull-request.yml | 39 ++++++----- .github/workflows/rebase.yml | 4 +- .github/workflows/release-branch.yml | 10 +-- .github/workflows/release.yml | 16 ++--- 15 files changed, 123 insertions(+), 55 deletions(-) diff --git a/.github/actions/artifact-append/action.yml b/.github/actions/artifact-append/action.yml index 83bffd1ec5e..db34b0da2f1 100644 --- a/.github/actions/artifact-append/action.yml +++ b/.github/actions/artifact-append/action.yml @@ -22,13 +22,13 @@ runs: - run: echo "Artifact Append" shell: bash - name: Download artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ inputs.artifact-name }} - run: ls shell: bash - name: Append content - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 env: contentFile: ${{ inputs.content }} fileName: ${{ inputs.file-name }} @@ -83,7 +83,7 @@ runs: } } - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.file-name }} diff --git a/.github/actions/artifact-extract/action.yml b/.github/actions/artifact-extract/action.yml index f9aa4a50a45..4f6b245f2c0 100644 --- a/.github/actions/artifact-extract/action.yml +++ b/.github/actions/artifact-extract/action.yml @@ -24,11 +24,11 @@ runs: using: "composite" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - run: echo "Artifact Extract" shell: bash - name: Download artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ inputs.artifact-name }} - id: extract diff --git a/.github/actions/artifact-initialize/action.yml b/.github/actions/artifact-initialize/action.yml index d329856fb16..009957885ee 100644 --- a/.github/actions/artifact-initialize/action.yml +++ b/.github/actions/artifact-initialize/action.yml @@ -19,14 +19,14 @@ runs: using: "composite" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Create empty artifact shell: bash run: echo "${{inputs.content}}" > ${{ inputs.file-name }} - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: ${{ inputs.artifact-name }} path: ${{ inputs.file-name }} diff --git a/.github/actions/e2e/action.yml b/.github/actions/e2e/action.yml index 116bb8c9c51..91a8f0274ce 100644 --- a/.github/actions/e2e/action.yml +++ b/.github/actions/e2e/action.yml @@ -184,7 +184,7 @@ runs: - name: upload artifacts on gh id: upload_gh if: ${{ steps.determine-affected.outputs.isAffected == 'true' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: e2e-artifact-output path: /home/runner/work/alfresco-ng2-components/alfresco-ng2-components/e2e-output-* diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 2dabe2ccea3..97148053a97 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -20,18 +20,18 @@ runs: using: "composite" steps: - name: install NPM - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 with: node-version-file: '.nvmrc' cache-dependency-path: package-lock.json - name: get latest tag sha id: tag-sha - uses: Alfresco/alfresco-build-tools/.github/actions/git-latest-tag@v1.29.0 + uses: Alfresco/alfresco-build-tools/.github/actions/git-latest-tag@d3b4d2e2e08dc33a5d1d60138e9e5989a3dd264c # v1.29.0 # CACHE - name: Node Modules cache id: node-modules-cache if: ${{ inputs.enable-node-modules-cache == 'true' }} - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 env: cache-name: node-modules-cache with: @@ -43,7 +43,7 @@ runs: node_modules-${{ runner.os }}-build- node_modules-${{ runner.os }}- - name: pip cache - uses: actions/cache@v3 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 if: ${{ inputs.enable-cache == 'true' }} with: path: ~/.cache/pip diff --git a/.github/actions/slack-group-area/action.yml b/.github/actions/slack-group-area/action.yml index d15aeb8a9c1..f66037b4c09 100644 --- a/.github/actions/slack-group-area/action.yml +++ b/.github/actions/slack-group-area/action.yml @@ -18,7 +18,7 @@ runs: steps: - name: Append group id: group - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 env: affectedLib: ${{ inputs.affected }} with: diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 114b24844f2..7513022509c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -24,8 +24,73 @@ updates: - label: "nrwl Updates" packages: - "@nrwl/*" - version: "widen" + version: "widen" ignore: - dependency-name: "pdfjs-dist" - dependency-name: "@types/*" - dependency-name: "typescript" + +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/artifact-append" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/artifact-extract" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/artifact-initialize" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/before-install" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/download-node-modules-and-artifacts" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/e2e" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/enable-dryrun" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/get-latest-tag-sha" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/npm-check-bundle" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/print-affected-libs" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/set-npm-tag" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/setup" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/setup-chrome" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/slack-group-area" + schedule: + interval: "weekly" +- package-ecosystem: "github-actions" + directory: "/.github/actions/upload-node-modules-and-artifacts" + schedule: + interval: "weekly" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c38a63c4e78..fa2e104e96c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. @@ -30,7 +30,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -39,7 +39,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -53,4 +53,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 diff --git a/.github/workflows/cron-e2e.yml b/.github/workflows/cron-e2e.yml index 965e16565d7..372f5618115 100644 --- a/.github/workflows/cron-e2e.yml +++ b/.github/workflows/cron-e2e.yml @@ -73,7 +73,7 @@ jobs: runs-on: ubuntu-latest name: Initialize artifacts steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - uses: ./.github/actions/artifact-initialize with: artifact-name: global-e2e-result diff --git a/.github/workflows/git-tag.yml b/.github/workflows/git-tag.yml index fcbfd2d2629..a7f3c07e112 100644 --- a/.github/workflows/git-tag.yml +++ b/.github/workflows/git-tag.yml @@ -96,13 +96,13 @@ jobs: GITHUB_TOKEN: $BOT_GITHUB_TOKEN steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - id: set-dryrun uses: ./.github/actions/enable-dryrun with: dry-run-flag: ${{ inputs.dry-run-flag }} - name: install NPM - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 with: node-version-file: '.nvmrc' - name: "Release tag" diff --git a/.github/workflows/package_dispatch.yml b/.github/workflows/package_dispatch.yml index 16306497d95..97a03d0d151 100644 --- a/.github/workflows/package_dispatch.yml +++ b/.github/workflows/package_dispatch.yml @@ -9,7 +9,7 @@ jobs: if: github.event.registry_package.package_type == 'npm' && github.event.registry_package.name == 'adf-core' steps: - name: Dispatch event to monorepo - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: github-token: ${{ secrets.PAT_WRITE_PKG }} retries: 3 diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index bb60c33eff2..b257fe554f8 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -94,11 +94,14 @@ env: PROXY_HOST_ECM: ${{ secrets.E2E_HOST }} jobs: - check-package-lock: + pre-checks: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Ensure SHA pinned actions + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b35f285b9bb7e80de0967367cee66d3b6d50ceca # v3.0.1 - name: Check package-lock.json version run: | @@ -113,15 +116,15 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Get branch name - uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v1.36.0 + uses: Alfresco/alfresco-build-tools/.github/actions/get-branch-name@7b0536b4e403e95365d83695c9ab3119b885ce36 # v1.36.0 - name: Save commit message - uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@v1.36.0 + uses: Alfresco/alfresco-build-tools/.github/actions/get-commit-message@7b0536b4e403e95365d83695c9ab3119b885ce36 # v1.36.0 - name: ci:force flag parser shell: bash @@ -136,7 +139,7 @@ jobs: - name: Get PR number if: ${{ github.event_name != 'schedule' }} - uses: kamatama41/get-pr-number-action@5c77b38a1b4974ebf8a9521a689f38a5898eadd6 + uses: kamatama41/get-pr-number-action@5c77b38a1b4974ebf8a9521a689f38a5898eadd6 # v0.7.0 id: action with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -193,10 +196,10 @@ jobs: timeout-minutes: 30 name: "Setup" runs-on: ubuntu-22.04 - needs: [check-if-pr-is-approved, check-package-lock] + needs: [check-if-pr-is-approved, pre-checks] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup @@ -232,7 +235,7 @@ jobs: exclude: "insights,core,extensions,content-services,process-services,eslint-plugin-eslint-angular,js-api" steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup @@ -249,7 +252,7 @@ jobs: needs: [setup] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup @@ -264,7 +267,7 @@ jobs: needs: [setup] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 # Fetch all history for all tags and branches - uses: ./.github/actions/setup @@ -281,7 +284,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 # Fetch all history for all - uses: ./.github/actions/setup @@ -424,7 +427,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 # Fetch all history for all - uses: ./.github/actions/setup @@ -454,12 +457,12 @@ jobs: steps: - id: checkoutRepo name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 1 - name: PR contains forbidden labels id: pr-forbidden - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: script: | const issueHasLabels = require('./scripts/github/update/check-issue-has-label.js'); @@ -479,9 +482,9 @@ jobs: if: ${{ always() }} runs-on: ubuntu-latest name: Final Results - needs: [check-if-pr-is-approved, check-package-lock, setup, unit-tests, lint, build-libs, e2e, e2e-storybook] + needs: [check-if-pr-is-approved, pre-checks, setup, unit-tests, lint, build-libs, e2e, e2e-storybook] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Log e2e result id: e2e-result if: ${{ github.event_name == 'schedule' }} @@ -495,7 +498,7 @@ jobs: uses: ./.github/actions/slack-group-area with: affected: ${{ steps.e2e-result.outputs.result }} - - uses: slackapi/slack-github-action@v1.23.0 + - uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0 name: Nofify QA failure if: ${{ github.event_name == 'schedule' && contains(needs.*.result, 'failure') }} env: diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index 9aef9c74550..4481c9ec487 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -9,10 +9,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the latest code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Automatic Rebase - uses: cirrus-actions/rebase@1.8 + uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml index 4764643511a..314160246ab 100644 --- a/.github/workflows/release-branch.yml +++ b/.github/workflows/release-branch.yml @@ -87,7 +87,7 @@ jobs: echo "Set TAG with name: ${TAG_NPM}" echo "TAG_NPM=${TAG_NPM}" >> $GITHUB_ENV - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - uses: ./.github/actions/setup @@ -110,7 +110,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - uses: ./.github/actions/setup @@ -128,7 +128,7 @@ jobs: ./scripts/update-version.sh -gnu || exit 1; npx nx affected:build $NX_CALCULATION_FLAGS --prod --exclude="demoshell" --skip-nx-cache npx nx affected $NX_CALCULATION_FLAGS --target=pretheme - - uses: actions/setup-node@v3 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 name: release libraries GH registry with: node-version-file: '.nvmrc' @@ -137,7 +137,7 @@ jobs: - run: npx nx affected --target=npm-publish $NX_CALCULATION_FLAGS --tag=branch|| exit 1 env: NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }} - - uses: actions/setup-node@v3 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 name: release libraries Npm registry with: node-version-file: '.nvmrc' @@ -153,5 +153,5 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - uses: ./.github/actions/npm-check-bundle diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d1888245282..de80d9fed8f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -88,7 +88,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - uses: ./.github/actions/setup @@ -109,7 +109,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 1 - run: git fetch --all @@ -135,7 +135,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 1 - run: git fetch --all @@ -165,7 +165,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - uses: ./.github/actions/setup @@ -183,7 +183,7 @@ jobs: ./scripts/github/build/bumpversion.sh npx nx affected:build $NX_CALCULATION_FLAGS --prod --exclude="demoshell" --skip-nx-cache npx nx affected $NX_CALCULATION_FLAGS --target=pretheme - - uses: actions/setup-node@v3 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 name: release libraries GH registry with: node-version-file: '.nvmrc' @@ -192,7 +192,7 @@ jobs: - run: npx nx affected --target=npm-publish $NX_CALCULATION_FLAGS --tag=$TAG_NPM || exit 1 env: NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }} - - uses: actions/setup-node@v3 + - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 name: release libraries Npm registry with: node-version-file: '.nvmrc' @@ -209,7 +209,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - uses: ./.github/actions/npm-check-bundle finalize: @@ -219,7 +219,7 @@ jobs: needs: [release-demoshell, release-storybook, release-npm, npm-check-bundle] steps: - - uses: slackapi/slack-github-action@v1.23.0 + - uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0 name: Nofify FE hxp-front-end-apps workflow failed if: ${{ contains(toJson(needs.*.result), 'failure') }} env: