Update missing references and add release notes

.github/actions/build-test-and-deploy/cloud-platform-deploy/action.yml

@@ -29,7 +29,7 @@ runs:
   steps:
     - uses: actions/checkout@v4
     - name: Authenticate
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/cloud-platform-auth@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/cloud-platform-auth@v2 # WORKFLOW_VERSION
       with:
         api: ${{ inputs.api }}
         cert: ${{ inputs.cert }}

.github/actions/slack_failure_results/action.yml

@@ -15,7 +15,7 @@ runs:
   using: "composite"
   steps:
     - name: process slack message results # returns SLACK_TXT
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_prepare_results@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_prepare_results@v2 # WORKFLOW_VERSION
       id: slack_message_result 
       with:
         input_file: ${{ inputs.input_file }}

.github/workflows/deploy_env.yml

@@ -29,7 +29,7 @@ jobs:
         id: install
         with:
           version: latest
-      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/cloud-platform-deploy@v1 # WORKFLOW_VERSION
+      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/cloud-platform-deploy2 # WORKFLOW_VERSION
         id: deploy
         with:
           environment: ${{ inputs.environment }}
@@ -44,7 +44,7 @@ jobs:
       # Notification bit - always send prod releases to dps-releases - CVA3MKDTR
       - if: ${{  inputs.environment == 'prod' || inputs.environment == 'production' }} 
         id: prod-dps-slack
-        uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_release_results@v1 # WORKFLOW_VERSION
+        uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_release_results@v2 # WORKFLOW_VERSION
         with:
           channel_id: 'CVA3MKDTR'
           environment: ${{ inputs.environment }}
@@ -56,7 +56,7 @@ jobs:
       # Optional prod releases slack channel (using PROD_RELEASES_SLACK_CHANNEL variable)
       - if: ${{ ( inputs.environment == 'prod' || inputs.environment == 'production' ) && vars.PROD_RELEASES_SLACK_CHANNEL != '' }}
         id: prod-slack
-        uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_release_results@v1 # WORKFLOW_VERSION
+        uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_release_results@v2 # WORKFLOW_VERSION
         with:
           channel_id: ${{ vars.PROD_RELEASES_SLACK_CHANNEL }}
           environment: ${{ inputs.environment }}
@@ -67,7 +67,7 @@ jobs:
       # Optional non-prod releases slack channel (using NONPROD_RELEASES_SLACK_CHANNEL variable)
       - if: ${{ (inputs.environment != 'prod' && inputs.environment != 'production') &&  vars.NONPROD_RELEASES_SLACK_CHANNEL != '' }}
         id: nonprod-slack
-        uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_release_results@v1 # WORKFLOW_VERSION
+        uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_release_results@v2 # WORKFLOW_VERSION
         with:
           channel_id: ${{ vars.NONPROD_RELEASES_SLACK_CHANNEL }}
           environment: ${{ inputs.environment }}

.github/workflows/docker_build.yml

@@ -49,8 +49,8 @@ jobs:
     steps:
       - id: app_version
         name: Application version creators
-        uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/create_app_version@v1 # WORKFLOW_VERSION
-      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_docker@v1 # WORKFLOW_VERSION
+        uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/create_app_version@v2 # WORKFLOW_VERSION
+      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_docker@v2 # WORKFLOW_VERSION
         if: ${{ ( inputs.docker_registry  == 'ghcr.io' ) && ( ! inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}
@@ -60,7 +60,7 @@ jobs:
           push: ${{ inputs.push }}
           app_version: ${{ steps.app_version.outputs.version }}
 
-      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_docker@v1 # WORKFLOW_VERSION
+      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_docker@v2 # WORKFLOW_VERSION
         if: ${{ ( inputs.docker_registry  == 'quay.io' ) && ( ! inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}
@@ -74,7 +74,7 @@ jobs:
           # git_head_ref: ${{ github.head_ref }}
           # git_branch_ref: ${{ github.ref_name }}
 
-      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_multiplatform_docker@v1 # WORKFLOW_VERSION
+      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_multiplatform_docker@v2 # WORKFLOW_VERSION
         if: ${{ ( inputs.docker_registry  == 'ghcr.io' ) && ( inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}
@@ -84,7 +84,7 @@ jobs:
           push: ${{ inputs.push }}
           app_version: ${{ steps.app_version.outputs.version }}
 
-      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_multiplatform_docker@v1 # WORKFLOW_VERSION
+      - uses: ministryofjustice/hmpps-github-actions/.github/actions/build-test-and-deploy/build_multiplatform_docker@v2 # WORKFLOW_VERSION
         if: ${{ ( inputs.docker_registry  == 'quay.io' ) && ( inputs.docker_multiplatform )}}
         with:
           repository_name: ${{ github.event.repository.name }}

.github/workflows/security_npm_dependency.yml

@@ -174,11 +174,11 @@ jobs:
     - name: Process slack message results from npm better audit # returns SLACK_TXT
       id: slack-message-result
       if: steps.npm-better.outcome == 'failure' && inputs.channel_id != 'NO_SLACK'
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_prepare_results@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_prepare_results@v2 # WORKFLOW_VERSION
       with:
         input_file: npm-security-check-reports.txt
     - name: npm audit slack notification
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_codescan_notification@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_codescan_notification@v2 # WORKFLOW_VERSION
       if: (failure() || steps.npm.outcome == 'failure' || steps.npm-better.outcome == 'failure') && inputs.channel_id != 'NO_SLACK'
       with:
         title: "npm dependency scan"

.github/workflows/security_npm_outdated.yml

@@ -53,7 +53,7 @@ jobs:
         id: npm
         run: npm outdated ${{ inputs.dependencies_to_check }} > npm-outdated-reports.txt
         continue-on-error: true
-      - uses: ministryofjustice/hmpps-github-actions/.github/actions/security_npm_outdated@v1 # WORKFLOW_VERSION
+      - uses: ministryofjustice/hmpps-github-actions/.github/actions/security_npm_outdated@v2 # WORKFLOW_VERSION
         if: steps.npm.outcome == 'failure'
         with:
           channel_id: ${{ inputs.channel_id }}

.github/workflows/security_owasp.yml

@@ -49,7 +49,7 @@ jobs:
         name: gradle-owasp-dependency-check-${{ inputs.subproject == '' && github.event.repository.name || inputs.subproject }}
         path: ${{ inputs.subproject == '' && '.' || inputs.subproject }}/build/reports/dependency-check-report.html
     - name: Gradle OWASP slack notification
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_codescan_notification@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_codescan_notification@v2 # WORKFLOW_VERSION
       if: (failure() || steps.owasp-analyse.outcome == 'failure') && inputs.channel_id != 'NO_SLACK'
       with:
         title: "Gradle OWASP"

.github/workflows/security_trivy.yml

@@ -61,7 +61,7 @@ jobs:
         sarif_file: 'trivy-results.sarif'
         category: trivy-dependency-check
     - name: Trivy slack notification
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_codescan_notification@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_codescan_notification@v2 # WORKFLOW_VERSION
       if: (failure() || steps.trivy-analyse.outcome == 'failure') && inputs.channel_id != 'NO_SLACK'
       with:
         title: "Trivy"

.github/workflows/security_veracode_pipeline_scan.yml

@@ -65,7 +65,7 @@ jobs:
         java-version: '21'
         distribution: 'temurin'
     - name: prepare assets
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/security_veracode_prepare_artifacts@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/security_veracode_prepare_artifacts@v2 # WORKFLOW_VERSION
     - name: "Download/Extract pipeline scanner"
       shell: bash
       run: |
@@ -138,7 +138,7 @@ jobs:
         path: results.txt
     - name: send a failure slack message
       if: steps.veracode-pipeline-scan.outcome == 'failure' && inputs.channel_id != 'NO_SLACK'
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_failure_results@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_failure_results@v2 # WORKFLOW_VERSION
       with:
         SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SRE_SLACK_BOT_TOKEN }}
         channel_id: ${{ inputs.channel_id }}

.github/workflows/security_veracode_policy_scan.yml

@@ -70,7 +70,7 @@ jobs:
         java-version: '21'
         distribution: 'temurin'
     - name: prepare assets
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/security_veracode_prepare_artifacts@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/security_veracode_prepare_artifacts@v2 # WORKFLOW_VERSION
     - name: "Download/Extract veracode agent"
       run: wget https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/22.9.10.3/vosp-api-wrappers-java-22.9.10.3.jar -O VeracodeJavaAPI.jar
     - name: "Upload to Veracode"
@@ -113,7 +113,7 @@ jobs:
         path: output.txt
     - name: send a failure slack message
       if: failure()  && inputs.channel_id != 'NO_SLACK'
-      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_failure_results@v1 # WORKFLOW_VERSION
+      uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_failure_results@v2 # WORKFLOW_VERSION
       with:
         SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SRE_SLACK_BOT_TOKEN }}
         channel_id: ${{ inputs.channel_id }}

README.md

@@ -46,6 +46,17 @@ Workflows and actions are referred to by the tags associated with the current re
 
 When a new release is issued, all of these referred workflows (as well as the calling ones within applications) will need to be updated as well.
 
+### Releasing
+
+To perform a release:
+
+* Update the WORKFLOW_VERSION across the project
+* Ensure the `CHANGELOG.md` has been updated
+* Create a pull request and get it merged
+* Create tags for `vx`, `vx.y` and `vx.y.z`, e.g: `git tag v2`, `v2.0` and `v2.0.1`
+* Force push all three tags to the repo
+* Create a github release from the `vx.y.z` tag
+
 ### TODO
 
 - Update the discovery tool to scan the version of Github Actions Workflows