Merge pull request #136 from jim-deriv/jim/feq-2076/resolve-security-issues

habib-deriv · web-flow · commit e2a172208418 · 2024-04-16T12:49:14.000+08:00
[FEQ] Jim/FEQ-2076/resolve security issues
diff --git a/.github/actions/invalidate_master_cache/action.yml b/.github/actions/invalidate_master_cache/action.yml
@@ -4,7 +4,7 @@ runs:
   using: composite
   steps:
     - name: save_cache
-      uses: actions/cache/save@v3
+      uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2
       with:
         path: ./node_modules
         key: ${{ runner.os }}-node_modules-${{ hashFiles('./package-lock.json') }}
diff --git a/.github/actions/notify_slack/action.yml b/.github/actions/notify_slack/action.yml
diff --git a/.github/actions/tag/action.yml b/.github/actions/tag/action.yml
@@ -12,10 +12,12 @@ runs:
 
   steps:
     - name: Set Version
+      env:
+        RELEASE_TYPE: ${{ inputs.RELEASE_TYPE }}
       id: set_version
       run: |
         current_date=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-        version="${{ inputs.RELEASE_TYPE }}-GH_Run#:${{ github.run_number }}-Date:$current_date"
+        version="${RELEASE_TYPE}-GH_Run#:${{ github.run_number }}-Date:$current_date"
         echo "Setting version to: $version"
         echo "version=$version" >> $GITHUB_ENV
       shell: bash
diff --git a/.github/workflows/release_production.yml b/.github/workflows/release_production.yml
@@ -3,6 +3,8 @@ on:
   push:
     tags:
     - production_*
+env:
+  RELEASE_TYPE: Production
 jobs:
   build_test_and_publish:
     name: Build, Test and Publish to Cloudflare Pages Production
@@ -11,7 +13,7 @@ jobs:
       RELEASE_VERSION: ${{ steps.extract_version.outputs.RELEASE_VERSION }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
     - name: Install npm packages
       uses: "./.github/actions/npm_install_from_cache"
     - name: Build
@@ -38,11 +40,19 @@ jobs:
       needs: [build_test_and_publish]
       steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Conclusion
+        uses: technote-space/workflow-conclusion-action@45ce8e0eb155657ab8ccf346ade734257fd196a5
+      - name: Create Slack Message
+        id: create_slack_message
+        run: |
+          if [ $WORKFLOW_CONCLUSION == "success" ]; then
+            echo "MESSAGE=$RELEASE_TYPE Release succeeded for Sindabad with version ${{ needs.build_test_and_publish.outputs.RELEASE_VERSION }}" >> $GITHUB_OUTPUT
+          else
+            echo "MESSAGE=$RELEASE_TYPE Release failed for Sindabad with version ${{ needs.build_test_and_publish.outputs.RELEASE_VERSION }}" >> $GITHUB_OUTPUT
+          fi
       - name: Send Slack Notification
-        uses: "./.github/actions/send_slack_notifications"
+        uses: "deriv-com/shared-actions/.github/actions/send_slack_notification@master"
         with:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
-          status: ${{ env.WORKFLOW_CONCLUSION }}
-          release_type: Production
-          version: ${{ needs.build_test_and_publish.outputs.RELEASE_VERSION}}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+          MESSAGE: ${{ steps.create_slack_message.outputs.MESSAGE }}
diff --git a/.github/workflows/release_staging.yml b/.github/workflows/release_staging.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
     - name: Tag
       uses: "./.github/actions/tag"
     - name: Install npm packages
