Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency python to 3.13 #2433

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency python to 3.13 #2433

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 13, 2025
edited by github-actions bot
Loading

This PR contains the following updates:

Package Type Update Change
python uses-with minor 3.10 -> 3.13

Release Notes

actions/python-versions (python)

v3.13.2: 3.13.2

Compare Source

Python 3.13.2

v3.13.1: 3.13.1

Compare Source

Python 3.13.1

v3.13.0: 3.13.0

Compare Source

Python 3.13.0

v3.12.9: 3.12.9

Compare Source

Python 3.12.9

v3.12.8: 3.12.8

Compare Source

Python 3.12.8

v3.12.7: 3.12.7

Compare Source

Python 3.12.7

v3.12.6: 3.12.6

Compare Source

Python 3.12.6

v3.12.5: 3.12.5

Compare Source

Python 3.12.5

v3.12.4: 3.12.4

Compare Source

Python 3.12.4

v3.12.3: 3.12.3

Compare Source

Python 3.12.3

v3.12.2: 3.12.2

Compare Source

Python 3.12.2

v3.12.1: 3.12.1

Compare Source

Python 3.12.1

v3.12.0: 3.12.0

Compare Source

Python 3.12.0

v3.11.11: 3.11.11

Compare Source

Python 3.11.11

v3.11.10: 3.11.10

Compare Source

Python 3.11.10

v3.11.9: 3.11.9

Compare Source

Python 3.11.9

v3.11.8: 3.11.8

Compare Source

Python 3.11.8

v3.11.7: 3.11.7

Compare Source

Python 3.11.7

v3.11.6: 3.11.6

Compare Source

Python 3.11.6

v3.11.5: 3.11.5

Compare Source

Python 3.11.5

v3.11.4: 3.11.4

Compare Source

Python 3.11.4

v3.11.3: 3.11.3

Compare Source

Python 3.11.3

v3.11.2: 3.11.2

Compare Source

Python 3.11.2

v3.11.1: 3.11.1

Compare Source

Python 3.11.1

v3.11.0: 3.11.0

Compare Source

Python 3.11.0

Configuration

📅 Schedule: Branch creation - "after 7am and before 11am every weekday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

🤖AEP PR SUMMARY🤖

  • Updated file: .github/workflows/pre-commit.yml
  • Updated Python version from 3.10 to 3.13 for setup-python action.

@renovate renovate bot requested a review from a team as a code owner March 13, 2025 08:49
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Mar 13, 2025
@renovate renovate bot enabled auto-merge (squash) March 13, 2025 08:49
@github-actions GitHub Actions
Copy link

Review of Git Diff in .github/workflows/pre-commit.yml

  1. Python Version Update:
    Updating Python to 3.13 is a forward-thinking move; however, ensure that all the dependencies of your project are compatible with this newer version. Python releases can introduce changes that might break compatibility with existing packages.

  2. yq version:

    • It's commendable that you're specifying a version for yq (v4.44.2), which is a good practice to ensure consistent behavior across runs. However, always verify that this is the latest stable release or the most compatible with your project requirements. For security and feature enhancements, staying updated is crucial.

  3. Cache dependencies to improve performance and reduce costs:
    Consider adding steps to cache Python packages to speed up the workflow execution. This could also reduce costs (when GitHub Actions usage is over the free tier) and decrease unnecessary downloads, indirectly reducing carbon footprint. Example:

yaml

  • name: Cache Python packages
    uses: actions/cache@v3
    with:
    path: |
    /.cache/pip
    !    /.cache/pip/log
    key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
    restore-keys: |
    ${{ runner.os }}-pip-

4. **Specifying exact version vs. minimal version for actions:**
   For GitHub actions like `actions/setup-python@v4`, consider whether specifying an exact minor version (e.g., `v4.0`) that has been tested with your workflow offers stability benefits vs. always using the latest minor version for possibly getting the latest features and patches.

5. **Security Practices:**
   - Always audit your use of third-party actions like `mikefarah/[email protected]` for security vulnerabilities or consider using a SHA pinning method for an added layer of security. Though not always practical for fast-moving projects, it can safeguard against compromised versions. Example:

```yaml
uses: mikefarah/yq@sha256:45ghk...abc123
  1. Documentation and Comments:
    Adding comments to your YAML file could aid in maintaining this workflow by providing clarity on why specific versions or steps are used, especially updates or deviations from defaults.

Estimated Pricing Impact & Carbon Usage Adjustments:

  • Caching: Implementing caching for Python packages could decrease build time and reduce the number of downloads from package repositories, saving costs when running many workflows (beyond GitHub Actions' free tier) and slightly reducing carbon usage.
  • Security Practices: No direct cost impact but improves security posture with minimal to no performance impact.
  • Version Pinning: Generally has no cost impact but can affect maintainability and security which indirectly might save time (and thus cost) dealing with broken dependencies or compromised tools.

@hmcts-platform-operations
Copy link

Plan Result (sbox_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (sbox_apim - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

hmcts-platform-operations commented Mar 13, 2025
edited
Loading

Plan Result (sbox_global - TerraformPlanApply)

Plan: 0 to add, 1 to change, 0 to destroy.
  • Update
    • module.premium_front_door.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
Change Result (Click me) 
  # module.premium_front_door.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/lz-sbox-rg/providers/Microsoft.Cdn/profiles/hmcts-sbox|fd-log-analytics-logs-sa"
        name                           = "fd-log-analytics-logs-sa"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

@hmcts-platform-operations
Copy link

Plan Result (sbox_apim_appgw - TerraformPlanApply)

Plan: 0 to add, 2 to change, 0 to destroy.
  • Update
    • module.app-gw.azurerm_application_gateway.ag[0]
    • module.app-gw.azurerm_monitor_diagnostic_setting.diagnostic_settings[0]
Change Result (Click me) 
  # module.app-gw.data.azurerm_monitor_diagnostic_categories.diagnostic_categories will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
      + id                  = (known after apply)
      + log_category_groups = (known after apply)
      + log_category_types  = (known after apply)
      + logs                = (known after apply)
      + metrics             = (known after apply)
      + resource_id         = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw"
    }

  # module.app-gw.azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw"
        name                              = "cft-apim00-sandbox-agw"
        tags                              = {
            "application"  = "core"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "cft-api-mgmt-appgw.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw/probes/cft-api-mgmt-appgw-probe" -> null
          - interval                                  = 10 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "cft-api-mgmt-appgw-probe" -> null
          - path                                      = "/status-0123456789abcdef" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "cft-api-mgmt-appgw.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 10
          + minimum_servers                           = 0
          + name                                      = "cft-api-mgmt-appgw-probe"
          + path                                      = "/status-0123456789abcdef"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (15 unchanged blocks hidden)
    }

  # module.app-gw.azurerm_monitor_diagnostic_setting.diagnostic_settings[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostic_settings" {
        id                             = "/subscriptions/ea3a8c1e-af9d-4108-bc86-a7e2d267f49c/resourceGroups/hmcts-hub-sbox-int/providers/Microsoft.Network/applicationGateways/cft-apim00-sandbox-agw|AppGw"
        name                           = "AppGw"
        # (5 unchanged attributes hidden)

      ~ metric (known after apply)
      - metric {
          - category = "AllMetrics" -> null
          - enabled  = true -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = true -> null
            }
        }

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

@hmcts-platform-operations
Copy link

hmcts-platform-operations commented Mar 13, 2025
edited
Loading

Plan Result (sbox_shutter_webapp - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

⚠️ Errors

@hmcts-platform-operations
Copy link

hmcts-platform-operations commented Mar 13, 2025
edited
Loading

Plan Result (sbox_frontendappgateway - TerraformPlanApply)

Plan: 0 to add, 2 to change, 0 to destroy.
  • Update
    • module.frontendappgateway.azurerm_application_gateway.ag[0]
    • module.frontendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
Change Result (Click me) 
  # module.frontendappgateway.azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw"
        name                              = "cft-aks-fe-00-sbox-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "cft-api-mgmt.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/cft-api-mgmt" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "cft-api-mgmt" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "frontdoor.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/plumclassic" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "plumclassic" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "hmcts-access.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/hmcts-access" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "hmcts-access" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "hmi-apim.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/hmi-apim" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "hmi-apim" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-user-dashboard.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/idam-user-dashboard" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-user-dashboard" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-web-public.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/idam-web-public" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-web-public" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "plum.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/plum" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "plum" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "reformscan.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw/probes/reformscan" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "reformscan" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      + probe {
          + host                                      = "cft-api-mgmt.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "cft-api-mgmt"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "frontdoor.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "plumclassic"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "hmcts-access.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "hmcts-access"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "hmi-apim.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "hmi-apim"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-user-dashboard.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-user-dashboard"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-web-public.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-web-public"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "plum.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "plum"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "reformscan.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "reformscan"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (40 unchanged blocks hidden)
    }

  # module.frontendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks-fe-00-sbox-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (5 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

⚠️ Errors

@hmcts-platform-operations
Copy link

hmcts-platform-operations commented Mar 13, 2025
edited
Loading

Plan Result (sbox_backendappgateway - TerraformPlanApply)

Plan: 0 to add, 2 to change, 0 to destroy.
  • Update
    • module.backendappgateway.azurerm_application_gateway.ag[0]
    • module.backendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0]
Change Result (Click me) 
  # module.backendappgateway.azurerm_application_gateway.ag[0] will be updated in-place
  ~ resource "azurerm_application_gateway" "ag" {
        id                                = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw"
        name                              = "cft-aks00-sandbox-agw"
        tags                              = {
            "application"  = "core"
            "autoShutdown" = "true"
            "builtFrom"    = "hmcts/azure-platform-terraform"
            "businessArea" = "CFT"
            "criticality"  = "Low"
            "environment"  = "sandbox"
            "expiresAfter" = "3000-01-01"
            "startupMode"  = "always"
        }
        # (8 unchanged attributes hidden)

      - probe {
          - host                                      = "bulk-scan-orchestrator-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-orchestrator" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-orchestrator" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "bulk-scan-payment-processor-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-payment-processor" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-payment-processor" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "bulk-scan-processor-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-processor" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-processor" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "bulk-scan-sample-app-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/bulk-scan-sample-app" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "bulk-scan-sample-app" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "div-emca-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/div-emca" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "div-emca" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "docmosis.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/dg-docmosis" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "dg-docmosis" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "draft-store-service-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/draft-store-service" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "draft-store-service" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "fpl-case-service-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/fpl-case-service" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "fpl-case-service" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-bail-case-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-bail-case-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-bail-case-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-case-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-case-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-case-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-case-documents-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-case-documents-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-case-documents-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-case-notifications-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-case-notifications-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-case-notifications-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "ia-hearings-api-sandbox.service.core-compute-sandbox.internal" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/ia-hearings-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "ia-hearings-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-api-sprod.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/idam-api-sprod" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-api-sprod" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-api.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/idam-api" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-api" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold                       = 3 -> null

          - match {
              - status_code = [
                  - "200-399",
                ] -> null
                # (1 unchanged attribute hidden)
            }
        }
      - probe {
          - host                                      = "idam-hmcts-access.sandbox.platform.hmcts.net" -> null
          - id                                        = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw/probes/idam-hmcts-access" -> null
          - interval                                  = 20 -> null
          - minimum_servers                           = 0 -> null
          - name                                      = "idam-hmcts-access" -> null
          - path                                      = "/health/liveness" -> null
          - pick_host_name_from_backend_http_settings = false -> null
          - port                                      = 0 -> null
          - protocol                                  = "Http" -> null
          - timeout                                   = 15 -> null
          - unhealthy_threshold  

# ...
# ... The maximum length of GitHub Comment is 65536, so the content is omitted by tfcmt.
# ...

        + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "ia-case-documents-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "ia-case-documents-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "ia-case-notifications-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "ia-case-notifications-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "ia-hearings-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "ia-hearings-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-api-sprod.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-api-sprod"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-api.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-hmcts-access.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-hmcts-access"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-testing-support-api.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-testing-support-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-user-dashboard.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-user-dashboard"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-user-profile-bridge.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-user-profile-bridge"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-web-admin-sprod.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-web-admin-sprod"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "idam-web-admin.sandbox.platform.hmcts.net"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "idam-web-admin"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "labs-apps-njs-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "labs-apps-njs"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "labs-dj-khaled-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "labs-dj-khaled"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "payment-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "payment-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "plum-frontend-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "plum-frontend"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "probate-business-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "probate-business-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "probate-orchestrator-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "probate-orchestrator-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "probate-submit-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "probate-submit-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rd-professional-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rd-professional-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rd-profile-sync-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rd-profile-sync"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rd-user-profile-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rd-user-profile-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "reform-scan-blob-router-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "reform-scan-blob-router"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "reform-scan-notification-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "reform-scan-notification-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "rpe-send-letter-service-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "rpe-send-letter-service"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "sscs-evidence-share-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "sscs-evidence-share"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }
      + probe {
          + host                                      = "sscs-tribunals-api-sandbox.service.core-compute-sandbox.internal"
          + id                                        = (known after apply)
          + interval                                  = 20
          + minimum_servers                           = 0
          + name                                      = "sscs-tribunals-api"
          + path                                      = "/health/liveness"
          + pick_host_name_from_backend_http_settings = false
          + protocol                                  = "Http"
          + timeout                                   = 15
          + unhealthy_threshold                       = 3
        }

        # (193 unchanged blocks hidden)
    }

  # module.backendappgateway.azurerm_monitor_diagnostic_setting.diagnostics_access_logs_sa[0] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics_access_logs_sa" {
        id                             = "/subscriptions/b72ab7b7-723f-4b18-b6f6-03b0f2c6a1bb/resourceGroups/cft-sbox-network-rg/providers/Microsoft.Network/applicationGateways/cft-aks00-sandbox-agw|app-gw-storage-account"
        name                           = "app-gw-storage-account"
        # (6 unchanged attributes hidden)

      - metric {
          - category = "AllMetrics" -> null
          - enabled  = false -> null

          - retention_policy {
              - days    = 0 -> null
              - enabled = false -> null
            }
        }

        # (5 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

⚠️ Errors

@hmcts-platform-operations
Copy link

Plan Result (ithc_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (ithc_apim - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (test_cftapps_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

⚠️ Errors

@hmcts-platform-operations
Copy link

Plan Result (demo_apim - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

@hmcts-platform-operations
Copy link

Plan Result (prod_private_dns - TerraformPlanApply)

No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link

Review Recommendations for .github/workflows/pre-commit.yml

1. Specify Exact Python Version

  • Issue: Specifying '3.13' as the Python version might accidentally use patch releases you haven't tested against, if they get released.
  • Improvement: Use a full version specification to ensure consistency in your environment. e.g., '3.13.0' (Adjust based on the latest or required patch version).

2. Update yq to a More Recent or Fixed Version

  • Issue: The version v4.44.2 of mikefarah/yq might not be the latest, potentially missing out on performance improvements, bug fixes, or new features.
  • Improvement: Regularly check and update to the latest version (as long as it's stable for your use-case) e.g., uses: mikefarah/[email protected] (Confirm and use the latest stable version available).

3. Cache Dependencies to Improve Workflow Speed and Reduce Costs

  • Issue: Not caching your dependencies can lead to increased execution time and higher computational costs.

  • Improvement: Use GitHub Actions' cache mechanism to store and reuse dependencies. Example:

    yaml

    • name: Cache Python dependencies
      uses: actions/cache@v3
      with:
      path: |
      ~/.cache/pip
      key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
      restore-keys: |
      ${{ runner.os }}-pip-

Estimated Cost Savings: While exact savings depend on the frequency of runs and job duration, caching can significantly reduce the time spent in setup steps. With GitHub Actions, reduced execution time directly translates to lower costs, especially for private repositories where minutes are billed. Estimating savings without specifics is challenging, but for active projects, this can range from a few pounds to several hundred over time.

4. Monitor and Adjust Resource Allocation

  • Issue: This workflow file doesn't specify resource limits or needs.

  • Improvement: If later steps in the workflow (not shown here) are resource-intensive, consider setting explicit resource limits to avoid unnecessary costs or to optimize the execution time. Example for a job step:

    with:
  memory: 1GB
  cpu: 1

Note: The above syntax is hypothetical and meant to emphasize the point about resource management within workflows. GitHub Actions currently does not directly support this configuration, but equivalent configurations depend on the runner type or external tooling to control resource usage.

Carbon Usage Impact: Reducing computational resources and execution time indirectly results in lower carbon emissions associated with electricity usage for these computational tasks, contributing to more environmentally sustainable software development practices.

@renovate renovate bot force-pushed the renovate/python-3.x branch from 6320463 to b14115d Compare March 17, 2025 09:12
@github-actions GitHub Actions
Copy link

Recommendations for Improvements

1. Specify Exact Version for GitHub Actions

While updating the Python version to 3.13 is a good step forward to keep the environment up-to-date, it's also crucial to pin GitHub Actions to an exact version or a commit SHA to avoid unexpected failures if an action is updated. Using a tag as shown can lead to inconsistencies if the tag is moved or updated.

Example:

Instead of

yaml
uses: actions/setup-python@v4


Prefer specifying an exact version or commit SHA:

```yaml
uses: actions/[email protected] # Assuming 4.10.0 is the latest stable version

Or

uses: actions/setup-python@abcdef1234567890abcdef1234567890abcdef12 # Example commit SHA

2. Caching Dependencies to Optimize Workflow Runs

To minimize the execution time and reduce cost, consider caching dependencies for the workflow. This is not directly visible from the provided diff but is a general improvement that can significantly affect both cost and c

@renovate renovate bot force-pushed the renovate/python-3.x branch from b14115d to 7fc34bb Compare March 17, 2025 10:40
@github-actions GitHub Actions
Copy link

Review: .github/workflows/pre-commit.yml

Python Version Update

  • Specific Improvement: While updating Python to 3.13 is generally a good practice to access the latest features and security updates, it is also important to ensure compatibility with existing dependencies and the project's codebase. Make sure to test the entire project with Python 3.13 in a separate development environment before merging this change into production.
    • Example: If there's a CI pipeline that runs tests, ensure it uses Python 3.13 as well to catch any compatibility issues early.

Using yq

  • Specific Improvement: When using third-party GitHub Actions like mikefarah/[email protected], always specify a SHA instead of a tag like v4.44.2 to ensure the action is locked to a specific version. This enhances security by protecting your workflow from potential malicious changes to the action.
    • Example: Instead of uses: mikefarah/[email protected], find the exact commit SHA for v4.44.2 and use it: uses: mikefarah/yq@sha256:<specific-commit-sha>. You can find the SHA on the GitHub page of the action under releases.

Caching Dependencies

  • Specific Improvement: The workflow does not seem to cache dependencies, which can lead to longer run times and unnecessary bandwidth consumption. Implement caching for Python packages to improve run times and reduce cost.
    • Example: Add steps to cache Python dependencies using the actions/cache GitHub Action. This can significantly reduce build time and cost.
      yaml
    • uses: actions/cache@v3
      with:
      path: |
      ~/.cache/pip
      key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
      restore-keys: |
      ${{ runner.os }}-pip-

General Workflow Optimization

  • Specific Improvement: Consider adding concurrency limits or conditions to prevent unnecessary workflow runs. This could help manage usage quotas, cost, and environmental impact by avoiding duplicate runs for simultaneous pushes.
    • Example: Limit concurrent workflow runs.
    concurrency: 
  group: ${{ github.head_ref }}
  cancel-in-progress: true

These enhancements focus on improving performance, security, and efficiency while also potentially lowering the associated costs and carbon footprint by reducing unnecessary compute loads.

@renovate renovate bot force-pushed the renovate/python-3.x branch from 7fc34bb to 95519d9 Compare March 17, 2025 14:21
@github-actions GitHub Actions
Copy link

Code Review Feedback on .github/workflows/pre-commit.yml Modifications

Python Version Specification

  • Improvement Suggestion: Upgrading the Python version from 3.10 to 3.13 as indicated in the diff is a proactive approach, especially for ensuring the latest features and security patches. However, Python 3.13 may not be available at the time given the knowledge cutoff in April 2023. Ensure that the version specified is released and stable for production use. If 3.13 is not yet released, consider using the latest stable version available (e.g., 3.11 or 3.12 if they are available and stable).

    • Example Change:

      yml
      with:
      python-version: '3.12' # assuming 3.12 is the latest stable version

Use of mikefarah/yq Action Version

  • Improvement Suggestion: Specifying a direct version (v4.44.2) for the mikefarah/yq action ensures predictability. However, it also means you might miss out on critical updates (including security patches) until you manually update the version in your workflow. Consider using a version expression that automatically includes patches by specifying only the major and minor version (e.g., v4.44).

  • Cost and Carbon Usage Consideration: No direct cost or carbon usage impact from the specific versioning of GitHub Actions themselves. However, keeping your actions up to date (especially tools like yq which may influence how you preprocess or handle data) can have indirect effects on efficiency and security, potentially sparing you from future costs related to addressing vulnerabilities or inefficiencies.

    • Example Change:

      uses: mikefarah/[email protected] # Automatically includes the latest patch version

General Best Practices for GitHub Actions

  1. Cache Dependencies: If your pre-commit hooks involve Python dependencies, leveraging caching can significantly reduce run times and indirectly lower cost and carbon usage over many runs.

    • Example Addition:

      - name: Cache Python dependencies
  uses: actions/cache@v3
  with:
    path: ~/.cache/pip
    key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
    restore-keys: |
      ${{ runner.os }}-pip-

  2. Matrix Strategy for Multiple Versions: If you intend to support multiple Python versions, consider using a matrix strategy to test across those versions. This ensures compatibility and can catch version-specific issues early.

    • Example Addition:

      strategy:
  matrix:
    python-version: ['3.10', '3.12'] # Example set of versions

Security Considerations

  • Always ensure that the GitHub Actions and any other third-party actions you use are from trusted sources and routinely check for updates or reported vulnerabilities. Dependency review tools can automate some of this process.

By addressing these improvement points, your workflow will not only be more robust but also potentially more future-proof against new updates and versions of the tools and languages you rely on.

@renovate renovate bot force-pushed the renovate/python-3.x branch from 95519d9 to 09504b6 Compare March 17, 2025 15:09
@github-actions GitHub Actions
Copy link

Review of the .github/workflows/pre-commit.yml Changes

Specific Improvement Suggestions:

  1. Python Version Compatibility:

    • Ensure that all dependencies in your project are compatible with Python 3.13, as this version might introduce breaking changes or deprecations that could affect your project's functionality.
    • Example: Verify compatibility by checking each dependency's documentation or changelogs for Python 3.13 support.

  2. Locking yq Action Version:

    • Rather than using v4.44.2 which might auto-update to newer minor versions, consider pinning yq to a specific hash. This ensures that the exact version is used, enhancing stability and security.
    • Example:
      diff
      • uses: mikefarah/yq@sha256:
      Replace `<specific-hash>` with the actual commit hash available in the GitHub releases/tag section of the `yq` repository to pin the action securely.

  3. Review and Optimization of Workflow Triggers:

    • The diff provided does not include the triggers for this workflow. It's important to ensure that the workflow only runs on meaningful events to minimize unnecessary runs, which can save on costs and decrease carbon usage.
    • Example:
      If the workflow is triggered on every push, consider narrowing the scope to push events affecting specific paths or branches: 
      on:
  push:
    paths:
      - 'path/to/your/code/**'
      - 'another/path/**/*.py'
    branches:
      - main
      - develop

  4. Cache Dependency Installations:

    • To improve the speed of the workflow and reduce redundant computations (thereby saving costs and reducing carbon footprint), consider caching dependencies used in the workflow.
    • Example: 
      - name: Cache Python packages
  uses: actions/cache@v3
  with:
    path: ~/.cache/pip
    key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
    restore-keys: |
      ${{ runner.os }}-pip-

Cost and Carbon Usage Consideration:

  • Caching: Implementing caching for dependencies (as suggested above) can reduce the workflow execution time and, consequently, the resource consumption on GitHub's runners. This efficiency can contribute to lower costs (when using self-hosted runners with pricing based on execution minutes) and also reduce the carbon footprint.
  • Workflow Triggers: Optimizing workflow triggers can significantly decrease unnecessary runs. This is not only a good practice for resource utilization but also contributes to sustainability by minimizing energy consumption. In terms of costs, this could lead to savings in scenarios where GitHub Actions limits are a concern, especially in private repositories or in scenarios involving self-hosted runners.

@renovate renovate bot force-pushed the renovate/python-3.x branch from 09504b6 to a0bc1d8 Compare March 18, 2025 13:36
@github-actions GitHub Actions
Copy link

Code Review: .github/workflows/pre-commit.yml Changes

General Improvements

  1. Specify Exact Python Version: Instead of specifying Python 3.13, it's more stable and predictable to use a full version number, e.g., 3.13.0. This ensures the workflow is reproducible and not subject to unpredictable changes if a minor patch is released.

    diff
    -- python-version: '3.13'
    ++ python-version: '3.13.0'

  2. Use Fixed Version for Action mikefarah/yq: Using a fixed version for actions (like mikefarah/yq ) can prevent unexpected changes from affecting your workflow. If v4.44.2 is the latest stable version you've tested with, consider using a SHA-1 hash of the action’s commit that corresponds to this version. This guarantees that the exact version is always used, enhancing security and stability.

    -- uses: mikefarah/[email protected]
++ uses: mikefarah/yq@ecd557cd159f93e3050affb1c180b9a9bae24665 # Change to the commit SHA of v4.44.2

  3. Cache Dependencies: In this workflow snippet, there seems to be a step missing for caching dependencies. Caching can help speed up the pipeline by reducing download times for dependencies that don't change often. Add a step to cache Python packages installed during the workflow.

    Example:

    - name: Cache Python dependencies
  uses: actions/cache@v3
  with:
    path: ~/.cache/pip
    key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
    restore-keys: |
      ${{ runner.os }}-pip-

Cost and Carbon Usage Considerations

  • Workflow Optimization: Every CI/CD minute and resource usage counts towards GitHub Actions billing and indirectly affects carbon footprint. To reduce both cost and carbon usage:

    • Only run this workflow when necessary (e.g., on push/pull requests to specific branches or when specific files are changed).
    • Keeping your actions up-to-date and efficient can decrease run times, thus lower costs and carbon usage. Always balance with the need for stability as mentioned earlier.

  • Dependency Caching: Implementing caching, as mentioned above, not only speeds up the workflow but also reduces the number of downloads from package repositories. This reduces network traffic and the associated energy costs, contributing to lower carbon emissions.

Estimated Price Changes

Specific cost implications depend on GitHub's pricing model and the current usage volume. Implementing caching and specifying more precise versions likely won't change the nominal costs directly but would contribute to more efficient resource use and potentially lower overall costs by reducing build times (indirect saving).

Security Improvements

  • For security, always scrutinize third-party actions and consider using them by their commit SHA to avoid unintended changes through tags. This adds a layer of verification against potential malicious alterations of tags.

These improvements focus on enhancing the workflow's reliability, efficiency, and security. The direct cost implications may vary but better efficiency often aligns with cost-effectiveness over time.

@renovate renovate bot force-pushed the renovate/python-3.x branch from a0bc1d8 to ce930b3 Compare March 20, 2025 13:32
@github-actions GitHub Actions
Copy link

Review Summary

While the diff shows a concise change in the Python version used within the workflow, a few improvements and considerations could be added:

  1. Using the Latest Stable Python Version: At the time of this review, Python 3.13 is not a released version. Always verify the version number and ideally use the latest stable release for better stability and security. Python 3.10 currently is a stable version, but it would be more beneficial to use Python 3.12 if it's available and stable at the time of your change.

    yaml

    • python-version: '3.13' # Ensure this is a stable and released version.

  2. Version Pinning for GitHub Actions: You've pinned mikefarah/yq to v4.44.2, which is a good practice for ensuring consistent builds. However, consider using Dependabot to keep action versions up to date automatically. This ensures you get the latest features and security patches without manual updates.

    uses: mikefarah/[email protected] # Consider automating updates with Dependabot.

  3. Cost Implications: The changes proposed in this diff do not directly impact costs as they are related to the use of GitHub Actions and tool versions, which are included in GitHub's pricing tiers. However, ensuring your actions and tools are up to date can indirectly lead to cost savings by streamlining your CI/CD pipeline and reducing build times or spotting potential issues earlier.

  4. Carbon Usage: No direct impact on carbon usage based on the version change alone. However, using more efficient tools or newer versions that improve performance can lead to shorter CI/CD runtimes, indirectly reducing the energy consumption associated with computing resources.

Suggestions:

  • Ensure you're using a valid and stable Python version. If Python 3.12 is the latest stable at the time of this review, consider:

    - python-version: '3.13'
+ python-version: '3.12' # Replace with the latest stable version.

  • Integrate Dependabot for automatic updates of actions, ensuring you have minimal maintenance overhead and improved security:

    # Example for enabling Dependabot in your repository (not directly applied through this diff):
# Create a .github/dependabot.yml file with the following content:
version: 2
updates:
  - package-ecosystem: \"github-actions\"
    directory: \"/\"
    schedule:
      interval: \"weekly\"

  • Review and enforce best practices for sustainable software engineering, like optimizing workflows to reduce unnecessary runs which in turn, reduces computing resource consumption.

Applying these suggestions provides a more robust, secure, and efficient CI/CD setup with potentially lower costs and environmental impact.

@renovate renovate bot force-pushed the renovate/python-3.x branch from ce930b3 to e87c90e Compare March 21, 2025 09:35
@github-actions GitHub Actions
Copy link

GitHub Action Workflow Review: .github/workflows/pre-commit.yml

Python Version

  • The update to Python 3.13 is noted. Ensure that your project's dependencies are fully compatible with Python 3.13. Incompatibilities could lead to build or runtime failures.

yq Usage

  • The yq tool is being used at a specific version v4.44.2. Pinning to a specific version is good practice for ensuring reliability and consistency in your workflows. However, ensure that this version is kept up-to-date periodically to benefit from bug fixes and new features. Consider automating the update process for dependencies like yq to reduce maintenance overhead.

Additional Recommendations:

  1. Cache Dependencies:

    • Consider caching your project's dependencies to speed up build times and reduce cost when using GitHub Actions. This is especially relevant if your project has a significant number of dependencies that don't change often.

      Example:
      yaml

      • name: Cache Python Dependencies
        uses: actions/cache@v3
        with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
        restore-keys: |
        ${{ runner.os }}-pip-

  2. Optimize Workflow Triggers:

    • If not done, ensure the workflow triggers are optimized to prevent unnecessary runs, which in turn reduces costs and carbon footprint. For instance, limiting push and pull_request events to specific branches or paths.

      Example:

      on:
  push:
    branches:
      - main
    paths:
      - 'src/**'
      - 'requirements.txt'
  pull_request:
    branches:
      - main
    paths:
      - 'src/**'
      - 'requirements.txt'

  3. Security Best Practices:

    • Regularly update both the action versions (actions/setup-python, mikefarah/yq) and your dependencies to their latest versions to patch known vulnerabilities.
    • Ensure that any secrets or sensitive data are stored securely using GitHub Secrets and not hardcoded into your workflow files.

  4. Monitoring and Notifications:

    • Implement monitoring or notification mechanisms to alert you of failed runs, ensuring quick reactions to potential issues. GitHub Actions supports sending notifications on workflow failures out of the box.

      Example:

      - name: Notify on Failure
  if: failure()
  uses: some/notification-action@v1
  with:
    message: \"Pre-commit workflow failed.\"

Cost and Carbon Usage

  • The proposed changes (caching dependencies and optimizing workflow triggers) can contribute to reducing the overall runtime of your GitHub Actions, which in turn could lower both the costs associated with GitHub Actions minutes and its carbon footprint. GitHub charges based on the total minutes actions run, and optimizing workflow efficiency will reduce these minutes. As of my last update, GitHub's pricing structure offers a certain number of free minutes based on the type of repository (public or private), with additional minutes billed at varying rates. Implementing the above suggestions could limit the amount of billable minutes used.

  • While I cannot provide an exact financial saving without specific details about the current costs and GitHub's pricing plan at the time of reading, optimizing CI/CD workflows generally leads to direct cost savings over time, especially for projects with frequent integration and deployment cycles. Reducing compute resource usage also contributes to environmental sustainability by decreasing energy consumption and carbon emissions associated with server workloads.

@renovate renovate bot force-pushed the renovate/python-3.x branch from e87c90e to 0e3d69f Compare March 21, 2025 10:15
@github-actions GitHub Actions
Copy link

Code Review on Git Diff for .github/workflows/pre-commit.yml

Python Version Update

  • Updating Python to 3.13 from 3.10 is a proactive approach, ensuring the latest security patches and features.
    • Improvement: Consider specifying the exact minor version (e.g., 3.13.x) to avoid unexpected breaking changes while still benefiting from patch updates.
    • Example: Replace with python-version: '3.13.x' for stability.

yq Usage

  • You're using mikefarah/[email protected] for YAML processing.
    • Improvement: Ensure compatibility with updated Python version. Newer versions might introduce optimizations or necessary patches.
    • Example: Check for a more recent yq version compatible with Python 3.13 (post-review update suggested to keep dependencies aligned).

Workflow Efficiencies

  • While not directly implicated in the diff, consider the overall workflow efficiency.
    • Improvement: Introduce caching for Python packages. This reduces run times and potential costs associated with setup times.
    • Example:
      yaml
      • name: Cache Python packages
        uses: actions/cache@v3
        with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
        restore-keys: |
        ${{ runner.os }}-pip-

Security Best Practice

  • Regular dependency updates ensure security; however, audit these changes.
    • Improvement: Incorporate a step to check for vulnerabilities in dependencies.
    • Example: 
      - name: Check for vulnerabilities
  run: |
    pip install safety
    safety check

Cost and Carbon Usage

  • Updating Python and introducing caching could have indirect cost and environmental impacts.
    • Caching could reduce execution time and, thus, CPU time - saving energy and potentially reducing costs. Depending on the size of your dependencies, a rough estimate might be a few pence saved per run.
    • Transitioning to Python 3.13 should not inherently increase costs. However, be mindful of any new dependencies or increased resource usage brought about by new features.

Summary

The proposed changes aim at enhancing security, maintainability, and efficiency of the CI/CD pipeline. While cost and carbon usage impacts are minimal and potentially positive over time through reduced compute use, keeping dependencies up-to-date and employing best practices ensures a robust development lifecycle.

@renovate renovate bot force-pushed the renovate/python-3.x branch from 0e3d69f to 2c442cb Compare March 25, 2025 14:14
@github-actions GitHub Actions
Copy link

Review Summary:

The change to the Python version in the workflow seems to address keeping the project's dependencies up to date, which is a good practice. However, there are a few more improvements that could further enhance the code quality, security, and possibly even cost and carbon usage, depending on the workflow's execution frequency and runtime duration. Below are some specific recommendations:

Python Version Precision

Specifying Python 3.13 might introduce issues if 3.13.1 or another minor version is released with critical fixes or security patches. It's a good practice to allow minor version updates for better security and compatibility.

Suggestion:
yaml
python-version: '3.13.x'


### yq Action Versioning

Using `mikefarah/[email protected]` pins the workflow to a specific version of the `yq` action. While pinning dependencies can improve reliability by avoiding unexpected breaking changes, it also means you won't benefit from automatic patches for security vulnerabilities or performance improvements in newer versions.

**Suggestion:**
Use a version range or update regularly to protect against vulnerabilities and enjoy performance enhancements.
```yaml
uses: mikefarah/yq@v4

Or, for a more cautious approach that still allows automatic patch updates:

uses: mikefarah/[email protected]

Check for Redundancies and Optimizations

  • Cache Dependencies: If your workflow installs Python packages or has other dependencies, using caching can significantly reduce run times and associated costs, especially for frequent or complex workflows. Caching can also indirectly reduce carbon usage by minimizing the compute resources required for each run.

Example:

- name: Cache Python packages
  uses: actions/cache@v3
  with:
    path: ~/.cache/pip
    key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
    restore-keys: |
      ${{ runner.os }}-pip-
  • Conditional Executions: Ensure workflows are only triggered when necessary. For instance, this pre-commit workflow could ignore changes to markdown files or documentation folders if those aren't relevant to what the pre-commit checks are validating.

Example:

on:
  push:
    paths-ignore:
      - '**.md'

Financial, Security, and Environmental Impact:

  • Using version ranges for actions (yq) where feasible might slightly increase risk if not managed properly but generally reduces the need for manual updates and potential vulnerabilities from outdated software. Financial and environmental impacts are minor but positive, due to reduced need for manual intervention and potentially fewer runs from broken builds.
  • Implementing caching can reduce the cost and environmental impact by lowering the total runtime of GitHub Actions, especially for projects with frequent integrations or long-running jobs. While GitHub does not directly charge for runner minutes on public repositories, optimizing usage contributes to overall resource efficiency and sustainability.

Estimated Price Changes: Direct cost changes in GBP are minimal to none for public repositories, but for private repositories, optimizing workflow execution times can lead to reduced GitHub Actions costs. The actual savings depend on the current usage patterns and GitHub's pricing model at the time of implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

@willwatters willwatters Awaiting requested review from willwatters willwatters is a code owner automatically assigned from hmcts/platform-operations

@kenwan-cpp kenwan-cpp Awaiting requested review from kenwan-cpp kenwan-cpp is a code owner automatically assigned from hmcts/platform-operations

@ashleighB31 ashleighB31 Awaiting requested review from ashleighB31 ashleighB31 is a code owner automatically assigned from hmcts/platform-operations

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
aat_global - TerraformPlanApply/add-or-update demo_apim - TerraformPlanApply/no-changes demo_apim_appgw - TerraformPlanApply/add-or-update demo_global - TerraformPlanApply/add-or-update demo_private_dns - TerraformPlanApply/no-changes dependencies Pull requests that update a dependency file dev_global - TerraformPlanApply/add-or-update ithc_apim - TerraformPlanApply/no-changes ithc_global - TerraformPlanApply/add-or-update ithc_private_dns - TerraformPlanApply/no-changes perftest_global - TerraformPlanApply/add-or-update prod_apim_appgw - TerraformPlanApply/add-or-update prod_global - TerraformPlanApply/add-or-update prod_private_dns - TerraformPlanApply/no-changes sbox_apim - TerraformPlanApply/no-changes sbox_apim_appgw - TerraformPlanApply/add-or-update sbox_global - TerraformPlanApply/add-or-update sbox_private_dns - TerraformPlanApply/no-changes stg_apim - TerraformPlanApply/no-changes stg_apim_appgw - TerraformPlanApply/add-or-update stg_private_dns - TerraformPlanApply/no-changes test_apim - TerraformPlanApply/no-changes test_apim_appgw - TerraformPlanApply/add-or-update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hmcts-platform-operations