NHSDigital
diff --git a/‎.github/actions/acceptance-tests/action.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/actions/acceptance-tests/action.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/build-docs/action.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/actions/build-docs/action.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/actions/build-libraries/action.yml‎
Lines changed: 9 additions & 10 deletions b/‎.github/actions/build-libraries/action.yml‎
Lines changed: 9 additions & 10 deletions
diff --git a/‎.github/actions/build-oas-spec/action.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/actions/build-oas-spec/action.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/actions/build-proxies/action.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/actions/build-proxies/action.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/actions/build-sandbox/action.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/actions/build-sandbox/action.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/actions/build-sdk/action.yml‎
Lines changed: 9 additions & 9 deletions b/‎.github/actions/build-sdk/action.yml‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎.github/actions/build-server/action.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/actions/build-server/action.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/actions/node-install/action.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/actions/node-install/action.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/cicd-1-pull-request.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/cicd-1-pull-request.yaml‎
Lines changed: 1 addition & 1 deletion
@@ -24,7 +24,7 @@ runs:
 
   steps:
     - name: Fetch terraform output
-      uses: actions/download-artifact@v5
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
       with:
         name: terraform-output-${{ inputs.targetComponent }}
 
 
@@ -11,8 +11,8 @@ runs:
   using: "composite"
   steps:
     - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       with:
         node-version: 22
         registry-url: 'https://npm.pkg.github.com'
@@ -23,15 +23,15 @@ runs:
       run: npm ci
       shell: bash
     - name: Setup Ruby
-      uses: ruby/setup-ruby@v1.180.1
+      uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
       with:
         ruby-version: "3.2" # Not needed with a .ruby-version file
         bundler-cache: true # runs 'bundle install' and caches installed gems automatically
         cache-version: 0 # Increment this number if you need to re-download cached gems
         working-directory: "./docs"
     - name: Setup Pages
       id: pages
-      uses: actions/configure-pages@v5
+      uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
     - name: Build with Jekyll
       working-directory: ./docs
       # Outputs to the './_site' directory by default
@@ -43,7 +43,7 @@ runs:
 
     - name: Upload artifact
       # Automatically uploads an artifact from the './_site' directory by default
-      uses: actions/upload-pages-artifact@v3
+      uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
       with:
         path: "docs/_site/"
         name: jekyll-docs-${{ inputs.version }}
@@ -11,8 +11,8 @@ runs:
   using: "composite"
   steps:
     - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       with:
         node-version: 22
         registry-url: 'https://npm.pkg.github.com'
@@ -31,41 +31,40 @@ runs:
         make build VERSION="${{ inputs.version }}"
 
     - name: Upload abstractions artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "src/server/abstractions/bin/Release"
         name: libs-abstractions-${{ inputs.version }}
         include-hidden-files: true
 
     - name: Upload data artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "src/server/data/bin/Release"
         name: libs-data-${{ inputs.version }}
         include-hidden-files: true
 
     - name: Upload letter artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "src/server/letter/bin/Release"
         name: libs-letter-${{ inputs.version }}
         include-hidden-files: true
 
     - name: Upload host artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "src/server/host/bin/Release"
         name: libs-host-${{ inputs.version }}
         include-hidden-files: true
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
     - run: mkdir -p ${{ runner.temp }}/myimage
       shell: bash
 
     - name: Build and export
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
       with:
         context: src/server
         file: src/server/Dockerfile
@@ -75,7 +74,7 @@ runs:
         outputs: type=docker,dest=${{ runner.temp }}/myimage/myimage.tar
 
     - name: Upload artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         name: libs-host-docker-${{ inputs.version }}
         path: ${{ runner.temp }}/myimage
@@ -24,14 +24,14 @@ runs:
 
   steps:
     - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       with:
         node-version: ${{ inputs.nodejs_version }}
         registry-url: 'https://npm.pkg.github.com'
 
     - name: "Cache node_modules"
-      uses: actions/cache@v4
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
       with:
         path: |
           **/node_modules
@@ -68,7 +68,7 @@ runs:
         fi
 
     - name: Upload API OAS specification artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "build"
         name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }}
@@ -36,7 +36,7 @@ runs:
   steps:
     - name: Download OAS Spec artifact from workflow
       if: ${{ inputs.isRelease == 'false' }}
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
       with:
         name: api-oas-specification-${{ inputs.apimEnv }}${{ inputs.version != '' && format('-{0}', inputs.version) || '' }}
         path: ./build
@@ -96,7 +96,7 @@ runs:
         echo "APIM_ENV=$APIM_ENV" >> $GITHUB_ENV
 
     - name: Upload OAS Spec
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         name: ${{ env.APIM_ENV }}-build-output
         path: ./build
 
@@ -13,8 +13,8 @@ runs:
 
   steps:
     - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       with:
         node-version: 22
         registry-url: 'https://npm.pkg.github.com'
 
@@ -11,8 +11,8 @@ runs:
   using: "composite"
   steps:
     - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       with:
         node-version: 22
         registry-url: 'https://npm.pkg.github.com'
@@ -56,43 +56,43 @@ runs:
         make build VERSION="${{ inputs.version }}"
 
     - name: Upload html artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "sdk/html"
         name: sdk-html-${{ inputs.version }}
 
     - name: Upload swagger artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "sdk/swagger"
         name: sdk-swagger-${{ inputs.version }}
 
     - name: Upload ts artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "sdk/typescript"
         name: sdk-ts-${{ inputs.version }}
 
     - name: Upload python artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "sdk/python"
         name: sdk-python-${{ inputs.version }}
 
     - name: Upload csharp artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "sdk/csharp"
         name: sdk-csharp-${{ inputs.version }}
 
     - name: Upload artifact
-      uses: actions/upload-pages-artifact@v3
+      uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
       with:
         path: "sdk/html/"
         name: sdk-html-docs-${{ inputs.version }}
 
     - name: Upload swagger pages artifact
-      uses: actions/upload-pages-artifact@v3
+      uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
       with:
         path: "sdk/swagger/"
         name: sdk-swagger-docs-${{ inputs.version }}
@@ -11,8 +11,8 @@ runs:
   using: "composite"
   steps:
     - name: Checkout
-      uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+    - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
       with:
         node-version: 22
         registry-url: 'https://npm.pkg.github.com'
@@ -36,13 +36,13 @@ runs:
         make build VERSION="${{ inputs.version }}"
 
     - name: Upload csharp-server artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "server/csharp-server"
         name: server-csharp-${{ inputs.version }}
 
     - name: Upload csharp-server docker artifact
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
       with:
         path: "server/Dockerfile"
         name: server-csharp-docker-${{ inputs.version }}
@@ -10,7 +10,7 @@ runs:
   using: 'composite'
   steps:
     - name: 'Use Node.js'
-      uses: actions/setup-node@v6
+      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
       with:
         node-version-file: '.tool-versions'
         registry-url: 'https://npm.pkg.github.com'
 
@@ -33,7 +33,7 @@ jobs:
       deploy_proxy: ${{ steps.deploy_proxy.outputs.deploy_proxy }}
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
       - name: "Set CI/CD variables"
         id: variables
         run: |