[nc] revert ref bak to @main until all the initial actions are correct

Signed-off-by: Nic Cheneweth <[email protected]>

.github/workflows/job-container-dev-release.yaml

@@ -240,7 +240,7 @@ on:
         description: default is latest
         type: string
         required: false
-        default: "twdps/gha-container-builder:0.1.0"
+        default: "latest"
 
 jobs:
 
@@ -257,7 +257,7 @@ jobs:
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29      # v4.1.6
 
       - name: install dev-release dependencies
-        uses: ThoughtWorks-DPS/gha-tools-action/install@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/install@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           op-version: ${{ inputs.op-version }}
           teller-version: ${{ inputs.teller-version }}
@@ -275,15 +275,15 @@ jobs:
           instance: ${{ inputs.before-static-analysis }}
 
       - name: hadolint dockerfile
-        uses: ThoughtWorks-DPS/gha-tools-action/hadolint@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/hadolint@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           path: ${{ inputs.path }}
           dockerfile: ${{ inputs.dockerfile }}
           hadolint-additional-args: ${{ inputs.hadolint-additional-args }}
 
       - name: confirm registry credentials and access
-        uses: ThoughtWorks-DPS/gha-tools-action/confirm-registry@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/confirm-registry@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           registry: ${{ inputs.registry }}
 
@@ -295,14 +295,14 @@ jobs:
 
       - name: set org.opencontainer creation date and version labels
         if: ${{ inputs.opencontainer-labels == 'true' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/set-labels@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/set-labels@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           path: ${{ inputs.path }}
           dockerfile: ${{ inputs.dockerfile }}
 
       - name: build gha container image
-        uses: ThoughtWorks-DPS/gha-tools-action/build@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/build@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -314,7 +314,7 @@ jobs:
 
       - name: perform snyk cve scan
         if: ${{ inputs.snyk-scan == 'true' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/snyk-scan@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/snyk-scan@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -330,7 +330,7 @@ jobs:
 
       - name: perform trivy image scan
         if: ${{ inputs.trivy-scan == 'true' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/trivy-scan@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/trivy-scan@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -341,7 +341,7 @@ jobs:
 
       - name: perform grype image scan
         if: ${{ inputs.grype-scan == 'true' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/grype-scan@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/grype-scan@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -352,7 +352,7 @@ jobs:
 
       - name: run bats test against running container
         if: ${{ inputs.bats-test == 'true' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/bats-test@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/bats-test@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry }}
@@ -369,7 +369,7 @@ jobs:
           instance: ${{ inputs.after-build }}
 
       - name: push image to container registry
-        uses: ThoughtWorks-DPS/gha-tools-action/push@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/push@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}

.github/workflows/publish-container.yaml

@@ -156,11 +156,18 @@ on:
         type: string
         default: "false"
 
+      builder-image-version:
+        description: default is latest
+        type: string
+        required: false
+        default: "latest"
+
 jobs:
 
   publish-container:
     name: publish job container to registry
     runs-on: ubuntu-latest
+    container: ${{ inputs.builder-image-version }}
 
     env:
       OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
@@ -170,7 +177,7 @@ jobs:
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29      # v4.1.6
 
       - name: install publish dependencies
-        uses: ThoughtWorks-DPS/gha-tools-action/install@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/install@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           op-version: ${{ inputs.op-version }}
           teller-version: ${{ inputs.teller-version }}
@@ -186,20 +193,20 @@ jobs:
           instance: ${{ inputs.before-publish }}
 
       - name: confirm registry credentials and access
-        uses: ThoughtWorks-DPS/gha-tools-action/confirm-registry@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/confirm-registry@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           registry: ${{ inputs.registry }}
 
       - name: pull image to be published
-        uses: ThoughtWorks-DPS/gha-tools-action/pull@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/pull@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
           image: ${{ inputs.image }}
           tag: ${{ inputs.pull-tag }}
 
       - name: tag image with release version
-        uses: ThoughtWorks-DPS/gha-tools-action/tag@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/tag@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -209,7 +216,7 @@ jobs:
 
       - name: create additional release version tag
         if: ${{ inputs.release-tag != 'false' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/tag@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/tag@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -218,7 +225,7 @@ jobs:
           release-tag: ${{ inputs.release-tag }}
 
       - name: push image to container registry
-        uses: ThoughtWorks-DPS/gha-tools-action/push@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/push@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -227,7 +234,7 @@ jobs:
 
       - name: push additional release tag to container registry
         if: ${{ inputs.release-tag != 'false' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/push@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/push@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -242,7 +249,7 @@ jobs:
 
       - name: sign image using cosign
         if: ${{ inputs.sign-image == 'true' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/sign@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/sign@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
@@ -254,21 +261,21 @@ jobs:
 
       - name: generate sbom
         if: ${{ inputs.sign-image == 'true' }}
-        uses: ThoughtWorks-DPS/gha-tools-action/sbom@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/sbom@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           working-directory: ${{ inputs.working-directory }}
           registry: ${{ inputs.registry}}
           sbom-filename: ${{ inputs.sbom-filename }}
 
       - name: generate release notes
         if: ${{ inputs.gren == 'true' }}
-        uses: ThoughtWorks-DPS/common-actions/gren@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/common-actions/gren@4baf5677df945981d15017f0ffed8acaba1c6d8f     # v0.2.1
         with:
           gren-additional-args: ${{ inputs.gren-additional-args }}
 
       - name: post new release message
         if: ${{ inputs.release-message != 'false' }}
-        uses: ThoughtWorks-DPS/common-actions/slack-bot@b7cf3979fa5745551c5a62afa5e8e07f75ffa687    # v0.1.0
+        uses: ThoughtWorks-DPS/common-actions/slack-bot@f99d7641298c1d30a991c6bb51a5ce335901c47e      # v0.2.0
         with:
           channel: lab-events
           message: ${{ inputs.release-message }}

.github/workflows/release-version.yaml

@@ -66,7 +66,7 @@ jobs:
 
       - name: post new release message
         if: ${{ inputs.release-message != 'false' }}
-        uses: ThoughtWorks-DPS/common-actions/slack-bot@b7cf3979fa5745551c5a62afa5e8e07f75ffa687    # v0.1.0
+        uses: ThoughtWorks-DPS/common-actions/slack-bot@main
         with:
           channel: lab-events
           message: ${{ inputs.release-message }}

.github/workflows/static-code-analysis.yaml

@@ -109,10 +109,10 @@ jobs:
           instance: ${{ inputs.before-static-analysis }}
 
       - name: gha-tools-action/lint
-        uses: ThoughtWorks-DPS/gha-tools-action/lint@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/lint@main
 
       - name: gha-tools-action/check
-        uses: ThoughtWorks-DPS/gha-tools-action/check@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/check@main
         with:
           working-directory: ${{ inputs.working-directory }}
           shellcheck-version: ${{ inputs.shellcheck-version }}
@@ -126,7 +126,7 @@ jobs:
           shellcheck-format: ${{ inputs.shellcheck-format }}
 
       - name: gha-tools-action/scorecard
-        uses: ThoughtWorks-DPS/gha-tools-action/scorecard@62fed61ee4a732fb309006ef6c55f348b7db3441    # v0.2.0
+        uses: ThoughtWorks-DPS/gha-tools-action/scorecard@main
 
       - name: run custom after-static-analysis action
         if: ${{ inputs.after-static-analysis != 'false' }}

README.md

@@ -17,7 +17,7 @@ Provides four workflows:
 
 ### static-code-analysis workflow  
 
-Performs the following actions.  
+Performs the following static code analysis.  
 1. yamllint
 2. shellcheck
 3. ossf/scorecard and upload results to repo security dashboard