From d2d0fdca5639ca81696415d451e3ffdc45da4668 Mon Sep 17 00:00:00 2001
From: Eric Le Lay <eric@stackhpc.com>
Date: Thu, 21 May 2026 16:11:50 +0200
Subject: [PATCH 1/3] Use approved github action pins

---
 .github/workflows/multinode.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/multinode.yml b/.github/workflows/multinode.yml
index 0380fa2..a6134ac 100644
--- a/.github/workflows/multinode.yml
+++ b/.github/workflows/multinode.yml
@@ -132,7 +132,7 @@ jobs:
           echo "ssh_keys=${ssh_keys}" >> "$GITHUB_OUTPUT"
 
       - name: Install Package
-        uses: ConorMacBride/install-package@main
+        uses: ConorMacBride/install-package@3e7ad059e07782ee54fa35f827df52aae0626f30  # v1.1.0
         with:
           apt: git unzip nodejs python3-pip python3-venv rsync openssh-client
 
@@ -170,7 +170,7 @@ jobs:
           fi
 
       - name: Install terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
         with:
           terraform_wrapper: false
 
@@ -455,7 +455,7 @@ jobs:
         if: ${{ always() && steps.config_ach.outcome == 'success' }}
 
       - name: Send message to Slack via Workflow Builder
-        uses: slackapi/slack-github-action@v1.26.0
+        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95  # v3.0.1
         with:
           payload: |
             {

From 1fbef0336797dae1687288246c15f39e91c7579d Mon Sep 17 00:00:00 2001
From: Eric Le Lay <eric@stackhpc.com>
Date: Fri, 22 May 2026 10:55:55 +0200
Subject: [PATCH 2/3] Fix minor linting errors

---
 .github/workflows/multinode.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/multinode.yml b/.github/workflows/multinode.yml
index a6134ac..05a6268 100644
--- a/.github/workflows/multinode.yml
+++ b/.github/workflows/multinode.yml
@@ -4,7 +4,7 @@
 # the cloud.
 
 name: Multinode
-on:
+"on":
   workflow_call:
     inputs:
       multinode_name:
@@ -97,7 +97,7 @@ jobs:
     permissions: {}
     timeout-minutes: 2880
     env:
-      ANSIBLE_FORCE_COLOR: True
+      ANSIBLE_FORCE_COLOR: "True"
       KAYOBE_ENVIRONMENT: ci-multinode
       KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD_CI_MULTINODE }}
     steps:
@@ -142,6 +142,7 @@ jobs:
         with:
           repository: stackhpc/stackhpc-kayobe-config
           ref: ${{ (inputs.upgrade != 'none') && inputs.stackhpc_kayobe_config_previous_version || inputs.stackhpc_kayobe_config_version }}
+          persist-credentials: false
 
       - name: Checkout ${{ (inputs.upgrade == 'major') && 'previous release' || 'current' }} terraform-kayobe-multinode
         uses: actions/checkout@v4
@@ -149,6 +150,7 @@ jobs:
           repository: stackhpc/terraform-kayobe-multinode
           ref: ${{ (inputs.upgrade == 'major') && inputs.terraform_kayobe_multinode_previous_version || inputs.terraform_kayobe_multinode_version }}
           path: terraform-kayobe-multinode
+          persist-credentials: false
 
       - name: Make sure dockerd is running and test Docker
         run: |
@@ -372,6 +374,7 @@ jobs:
           repository: stackhpc/terraform-kayobe-multinode
           ref: ${{ inputs.terraform_kayobe_multinode_version }}
           path: terraform-kayobe-multinode
+          persist-credentials: false
         if: inputs.upgrade == 'major'
 
       - name: Pop stashed terraform-kayobe-multinode changes

From 02e73d85ec65a45941264f83ba5af15d1e5cd90a Mon Sep 17 00:00:00 2001
From: Eric Le Lay <eric@stackhpc.com>
Date: Fri, 22 May 2026 10:56:58 +0200
Subject: [PATCH 3/3] Fix slack action for v3

---
 .github/workflows/multinode.yml | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/multinode.yml b/.github/workflows/multinode.yml
index 05a6268..c6d2ad9 100644
--- a/.github/workflows/multinode.yml
+++ b/.github/workflows/multinode.yml
@@ -460,18 +460,16 @@ jobs:
       - name: Send message to Slack via Workflow Builder
         uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95  # v3.0.1
         with:
+          errors: true
           payload: |
-            {
-              "channel-id": "${{ env.SLACK_CHANNEL_ID }}",
-              "inputs": "${{ env.INPUTS }}",
-              "message": "${{ env.MESSAGE }}",
-              "results-url": "${{ env.RESULTS_URL }}",
-              "workflow-url": "${{ env.WORKFLOW_URL }}"
-            }
+            channel: C03B28HRP53  # #release-train-alerts
+            inputs: "${{ env.INPUTS }}"
+            message: "${{ env.MESSAGE }}"
+            results-url: "${{ env.RESULTS_URL }}"
+            workflow-url: "${{ env.WORKFLOW_URL }}"
+          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
         env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-          # #release-train-alerts
-          SLACK_CHANNEL_ID: C03B28HRP53
           INPUTS: >-
             name: ${{ inputs.multinode_name }}\n
             controllers: ${{ inputs.multinode_controller_count }}\n