aws-powertools
diff --git a/‎.github/actionlint.yaml
Lines changed: 0 additions & 1 deletion b/‎.github/actionlint.yaml
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/actions/download-artifact/action.yml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/download-artifact/action.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/seal-restore/action.yml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/seal-restore/action.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/seal/action.yml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/seal/action.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/upload-artifact/action.yml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/upload-artifact/action.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/upload-release-provenance/action.yml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/upload-release-provenance/action.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/build_changelog.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build_changelog.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/codeql-analysis.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/codeql-analysis.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dependency-review.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/dependency-review.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/label_pr_on_title.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/label_pr_on_title.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/on_label_added.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/on_label_added.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/on_merged_pr.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/on_merged_pr.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/on_opened_pr.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/on_opened_pr.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/on_schedule_monthly_roadmap_reminder.yml
Lines changed: 22 additions & 0 deletions b/‎.github/workflows/on_schedule_monthly_roadmap_reminder.yml
Lines changed: 22 additions & 0 deletions
diff --git a/‎.github/workflows/ossf_scorecard.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/ossf_scorecard.yml
Lines changed: 3 additions & 3 deletions
@@ -1,4 +1,3 @@
 self-hosted-runner:
   labels:
-    - aws-powertools_ubuntu-latest_4-core 
     - aws-powertools_ubuntu-latest_8-core
@@ -38,7 +38,7 @@ runs:
   using: composite
   steps:
     - name: Download artifacts
-      uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
       with:
         name: ${{ inputs.name }}
         path: ${{ inputs.path }}
 
@@ -43,7 +43,7 @@ runs:
       shell: bash
 
     - name: Download artifacts
-      uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
       with:
         name: ${{ inputs.artifact_name }}
         path: .
 
@@ -79,7 +79,7 @@ runs:
       shell: bash
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with:
         if-no-files-found: error
         name: ${{ steps.export_artifact_name.outputs.artifact_name }}
 
@@ -68,7 +68,7 @@ runs:
       shell: bash
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with:
         if-no-files-found: ${{ inputs.if-no-files-found }}
         name: ${{ inputs.name }}
 
@@ -42,7 +42,7 @@ runs:
 
     - id: download-provenance
       name: Download newly generated provenance
-      uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
       with:
         name: ${{ inputs.provenance_name }}
 
 
@@ -17,8 +17,8 @@ on:
 #    branches:
 #      - develop
   schedule:
-    # Note: run daily at 7am UTC time until upstream git-chlog uses stable sorting
-    - cron: "0 7 * * *"
+    # Note: run daily at 10am UTC time until upstream git-chlog uses stable sorting
+    - cron: "0 10 * * *"
 
 permissions:
   contents: read
 
@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633  # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
 
@@ -17,6 +17,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
+        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
@@ -50,7 +50,7 @@ jobs:
       pull-requests: write  # label respective PR
     steps:
       - name: Checkout repository
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633  # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       - name: "Label PR based on title"
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
 
@@ -47,7 +47,7 @@ jobs:
     permissions:
       pull-requests: write  # comment on PR
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633  # v4.1.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       # Maintenance: Persist state per PR as an artifact to avoid spam on label add
       - name: "Suggest split large Pull Request"
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
 
@@ -49,7 +49,7 @@ jobs:
       issues: write         # label issue with pending-release
     if: needs.get_pr_details.outputs.prIsMerged == 'true'
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633  # v4.1.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       - name: "Label PR related issue for release"
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
 
@@ -47,7 +47,7 @@ jobs:
     needs: get_pr_details
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633  # v4.1.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       - name: "Ensure related issue is present"
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
@@ -66,7 +66,7 @@ jobs:
     permissions:
       pull-requests: write  # label and comment on PR if missing acknowledge section (requirement)
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633  # v4.1.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332  # v4.1.7
       - name: "Ensure acknowledgement section is present"
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
 
@@ -0,0 +1,22 @@
+name: Monthly roadmap reminder
+
+on:
+    workflow_dispatch: {}
+    schedule:
+      - cron: '0 0 1 * *'  # runs first day of the month
+
+permissions:
+    contents: read
+
+
+jobs:
+    call-workflow-passing-data:
+        permissions:
+            contents: read
+            pull-requests: read
+            issues: write  # create monthly roadmap report
+
+        # setting to `@main` until we have releases and governance installed
+        uses: aws-powertools/actions/.github/workflows/monthly_roadmap_reminder.yml@main
+        secrets:
+            token: ${{ secrets.GITHUB_TOKEN }}
@@ -22,20 +22,20 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true  # publish to OSSF Scorecard REST API
           repo_token: ${{ secrets.SCORECARD_TOKEN }}  # read-only fine-grained token to read branch protection settings
 
       - name: "Upload results"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif