Upgrade: [dependabot] - bump NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml from 5.5.0 to 5.6.3 (#2060)

Bumps
[NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml](https://github.com/nhsdigital/eps-common-workflows)
from 5.5.0 to 5.6.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nhsdigital/eps-common-workflows/releases">NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml's
releases</a>.</em></p>
<blockquote>
<h2>v5.6.3</h2>
<h2><a
href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.6.2...v5.6.3">5.6.3</a>
(2026-03-06)</h2>
<h3>Chore</h3>
<ul>
<li>[AEA-5986] - Allow semantic release to handle python build (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/83">#83</a>)
(<a
href="https://github.com/NHSDigital/eps-common-workflows/commit/141907b215220e95e3ed3811d0fe8fa18675dbed">141907b</a>)</li>
</ul>
<h2>Info</h2>
<p><a
href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/22773044980">Release
workflow run</a> - Workflow ID: 22773044980</p>
<p>It was initialized by <a
href="https://github.com/originalphil">originalphil</a></p>
<h2>v5.6.2</h2>
<h2><a
href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.6.1...v5.6.2">5.6.2</a>
(2026-03-05)</h2>
<h3>Upgrade</h3>
<ul>
<li>[dependabot] - bump conventional-changelog-eslint from 6.0.0 to
6.1.0 (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/82">#82</a>)
(<a
href="https://github.com/NHSDigital/eps-common-workflows/commit/91d5906640395bcda81360fb4b78adaf2f09fd2e">91d5906</a>)</li>
</ul>
<h2>Info</h2>
<p><a
href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/22730971742">Release
workflow run</a> - Workflow ID: 22730971742</p>
<p>It was initialized by <a
href="https://github.com/apps/eps-autoapprove-dependabot">eps-autoapprove-dependabot[bot]</a></p>
<h2>v5.6.1</h2>
<h2><a
href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.6.0...v5.6.1">5.6.1</a>
(2026-03-05)</h2>
<h3>Fix</h3>
<ul>
<li>[AEA-0000] - Always run valid trivy scans even if a previous scan
failed, so that all vulnerabilities are identified at once. Shorten
feedback cycle for vulnerabilities across multiple scans. (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/78">#78</a>)
(<a
href="https://github.com/NHSDigital/eps-common-workflows/commit/d116ba935f2a9544c7bcc6dc37ea997fada6e780">d116ba9</a>)</li>
</ul>
<h2>Info</h2>
<p><a
href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/22727356777">Release
workflow run</a> - Workflow ID: 22727356777</p>
<p>It was initialized by <a
href="https://github.com/connoravo-nhs">connoravo-nhs</a></p>
<h2>v5.6.0</h2>
<h1><a
href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.5.3...v5.6.0">5.6.0</a>
(2026-03-05)</h1>
<h3>Fix</h3>
<ul>
<li>[AEA-5986] - Fix publish fame library (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/77">#77</a>)
(<a
href="https://github.com/NHSDigital/eps-common-workflows/commit/aac5b797ee198b8bd260d618cf7cbdf723860033">aac5b79</a>)</li>
</ul>
<h3>New</h3>
<ul>
<li>[AEA-5986] - Publish to PyPI (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/76">#76</a>)
(<a
href="https://github.com/NHSDigital/eps-common-workflows/commit/de2118390681f2e1701dddcaa463dcea743a6e92">de21183</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/141907b215220e95e3ed3811d0fe8fa18675dbed"><code>141907b</code></a>
Chore: [AEA-5986] - Allow semantic release to handle python build (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/83">#83</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/91d5906640395bcda81360fb4b78adaf2f09fd2e"><code>91d5906</code></a>
Upgrade: [dependabot] - bump conventional-changelog-eslint from 6.0.0 to
6.1....</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/d116ba935f2a9544c7bcc6dc37ea997fada6e780"><code>d116ba9</code></a>
Fix: [AEA-0000] - Always run valid trivy scans even if a previous scan
failed...</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/aac5b797ee198b8bd260d618cf7cbdf723860033"><code>aac5b79</code></a>
Fix: [AEA-5986] - Fix publish fame library (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/77">#77</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/d5222938de3b91e0fe94db73d61eb9e0f781b1ed"><code>d522293</code></a>
Upgrade: [dependabot] - bump aquasecurity/trivy-action from 0.34.0 to
0.34.1 ...</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/de2118390681f2e1701dddcaa463dcea743a6e92"><code>de21183</code></a>
New: [AEA-5986] - Publish to PyPI (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/76">#76</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/8404cf6e3a61ac8de4d1644e175e288aa4965815"><code>8404cf6</code></a>
Chore: [AEA-0000] - Removes unused inputs and updates readme (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/74">#74</a>)</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/2a083514efbae0b9ddacfcc87b9d285767b686b8"><code>2a08351</code></a>
Chore: [AEA-0000] - Combines get_config_values and verify_attestation
into a ...</li>
<li><a
href="https://github.com/NHSDigital/eps-common-workflows/commit/d215f841eb18b803e339e4ed597ed1f30e086e17"><code>d215f84</code></a>
Fix: [AEA-0000] - add back in .tool-versions (<a
href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/72">#72</a>)</li>
<li>See full diff in <a
href="https://github.com/nhsdigital/eps-common-workflows/compare/36677e1d6bfaa010d7b78942a1ade12fbefecb80...141907b215220e95e3ed3811d0fe8fa18675dbed">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml&package-manager=github_actions&previous-version=5.5.0&new-version=5.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anthony Brown <anthony.brown8@nhs.net>

Author: dependabot[bot]

.github/workflows/cdk_diff_code.yml

@@ -31,27 +31,18 @@ on:
         required: false
         type: string
         default: eu-west-2
-      runtime_docker_image:
+      pinned_image:
         type: string
         required: true
-      verify_published_from_main_image:
-        type: boolean
-        required: true
     secrets:
       CLOUD_FORMATION_DIFF_ROLE:
         required: true
 
 jobs:
-  verify_attestation:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/verify-attestation.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
-    with:
-      runtime_docker_image: "${{ inputs.runtime_docker_image }}"
-      verify_published_from_main_image: ${{ inputs.verify_published_from_main_image }}
   deploy_cdk_code:
     runs-on: ubuntu-22.04
-    needs: verify_attestation
     container:
-      image: ${{ needs.verify_attestation.outputs.pinned_image }}
+      image: ${{ inputs.pinned_image }}
       options: --user 1001:1001 --group-add 128
     defaults:
       run:

.github/workflows/cdk_package_code.yml

@@ -3,24 +3,15 @@ name: cdk package code
 on:
   workflow_call:
     inputs:
-      runtime_docker_image:
+      pinned_image:
         type: string
         required: true
-      verify_published_from_main_image:
-        type: boolean
-        required: true
 
 jobs:
-  verify_attestation:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/verify-attestation.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
-    with:
-      runtime_docker_image: "${{ inputs.runtime_docker_image }}"
-      verify_published_from_main_image: ${{ inputs.verify_published_from_main_image }}
   package_cdk_code:
     runs-on: ubuntu-22.04
-    needs: verify_attestation
     container:
-      image: ${{ needs.verify_attestation.outputs.pinned_image }}
+      image: ${{ inputs.pinned_image }}
       options: --user 1001:1001 --group-add 128
     defaults:
       run:

.github/workflows/cdk_release_code.yml

@@ -28,27 +28,18 @@ on:
         required: false
         type: string
         default: eu-west-2
-      runtime_docker_image:
+      pinned_image:
         type: string
         required: true
-      verify_published_from_main_image:
-        type: boolean
-        required: true
     secrets:
       CLOUD_FORMATION_DEPLOY_ROLE:
         required: true
 
 jobs:
-  verify_attestation:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/verify-attestation.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
-    with:
-      runtime_docker_image: "${{ inputs.runtime_docker_image }}"
-      verify_published_from_main_image: ${{ inputs.verify_published_from_main_image }}
   deploy_cdk_code:
     runs-on: ubuntu-22.04
-    needs: verify_attestation
     container:
-      image: ${{ needs.verify_attestation.outputs.pinned_image }}
+      image: ${{ inputs.pinned_image }}
       options: --user 1001:1001 --group-add 128
     defaults:
       run:

.github/workflows/ci.yml

@@ -9,48 +9,29 @@ env:
 
 jobs:
   get_config_values:
-    runs-on: ubuntu-22.04
-    outputs:
-      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
-      devcontainer_version: ${{ steps.load-config.outputs.DEVCONTAINER_VERSION }}
-      devcontainer_image: ${{ steps.load-config.outputs.DEVCONTAINER_IMAGE }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - name: Load config value
-        id: load-config
-        run: |
-          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
-          DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME' .devcontainer/devcontainer.json)
-          DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION' .devcontainer/devcontainer.json)
-          {
-            echo "TAG_FORMAT=$TAG_FORMAT" 
-            echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE"
-            echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION"
-          } >> "$GITHUB_OUTPUT"
+    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
+    with:
+      verify_published_from_main_image: true
 
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
     needs: [get_config_values]
     with:
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   package_code:
     uses: ./.github/workflows/sam_package_code.yml
     needs: get_config_values
     with:
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   package_cdk_code:
     uses: ./.github/workflows/cdk_package_code.yml
     needs: get_config_values
     with:
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   get_commit_id:
     runs-on: ubuntu-22.04
@@ -67,10 +48,9 @@ jobs:
     uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@aac5b797ee198b8bd260d618cf7cbdf723860033
     with:
       dry_run: true
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       branch_name: main
       tag_format: ${{ needs.get_config_values.outputs.tag_format }}
-      verify_published_from_main_image: true
     secrets: inherit
 
   deploy_dev_stacks:
@@ -89,8 +69,7 @@ jobs:
       deploy_artillery: true
       deploy_drift_detection: true
       is_pull_request: false
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       cf_create_changeset_role: ${{ secrets.DEV_CLOUD_FORMATION_CREATE_CHANGESET_ROLE }}
       cf_deploy_role: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -134,8 +113,7 @@ jobs:
       deploy_artillery: false
       deploy_drift_detection: true
       is_pull_request: false
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       cf_create_changeset_role: ${{ secrets.QA_CLOUD_FORMATION_CREATE_CHANGESET_ROLE }}
       cf_deploy_role: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }}
@@ -164,8 +142,7 @@ jobs:
       deploy_artillery: true
       deploy_drift_detection: true
       is_pull_request: false
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: true
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       cf_create_changeset_role: ${{ secrets.REF_CLOUD_FORMATION_CREATE_CHANGESET_ROLE }}
       cf_deploy_role: ${{ secrets.REF_CLOUD_FORMATION_DEPLOY_ROLE }}

.github/workflows/cloudformation.yml

@@ -31,12 +31,9 @@ on:
         required: false
         type: string
         default: "{}"
-      runtime_docker_image:
+      pinned_image:
         type: string
         required: true
-      verify_published_from_main_image:
-        type: boolean
-        required: true
     secrets:
       cf_deploy_role:
         required: false
@@ -46,17 +43,11 @@ on:
         required: true
 
 jobs:
-  verify_attestation:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/verify-attestation.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
-    with:
-      runtime_docker_image: "${{ inputs.runtime_docker_image }}"
-      verify_published_from_main_image: ${{ inputs.verify_published_from_main_image }}
   create_change_set:
-    needs: verify_attestation
     name: Create ${{ inputs.stack_name }} change set
     runs-on: ubuntu-22.04
     container:
-      image: ${{ needs.verify_attestation.outputs.pinned_image }}
+      image: ${{ inputs.pinned_image }}
       options: --user 1001:1001 --group-add 128
     defaults:
       run:
@@ -189,10 +180,10 @@ jobs:
   execute_change_set:
     name: Execute ${{ inputs.stack_name }} change Set
     if: ${{ inputs.execute_change_set == true }}
-    needs: [create_change_set, verify_attestation]
+    needs: [create_change_set]
     runs-on: ubuntu-22.04
     container:
-      image: ${{ needs.verify_attestation.outputs.pinned_image }}
+      image: ${{ inputs.pinned_image }}
       options: --user 1001:1001 --group-add 128
     defaults:
       run:

.github/workflows/pull_request.yml

@@ -15,32 +15,15 @@ jobs:
       AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
       AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
   get_config_values:
-    runs-on: ubuntu-22.04
-    outputs:
-      tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }}
-      devcontainer_version: ${{ steps.load-config.outputs.DEVCONTAINER_VERSION }}
-      devcontainer_image: ${{ steps.load-config.outputs.DEVCONTAINER_IMAGE }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - name: Load config value
-        id: load-config
-        run: |
-          TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml)
-          DEVCONTAINER_IMAGE=$(jq -r '.build.args.IMAGE_NAME' .devcontainer/devcontainer.json)
-          DEVCONTAINER_VERSION=$(jq -r '.build.args.IMAGE_VERSION' .devcontainer/devcontainer.json)
-          {
-            echo "TAG_FORMAT=$TAG_FORMAT" 
-            echo "DEVCONTAINER_IMAGE=$DEVCONTAINER_IMAGE"
-            echo "DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION"
-          } >> "$GITHUB_OUTPUT"
+    uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8404cf6e3a61ac8de4d1644e175e288aa4965815
+    with:
+      verify_published_from_main_image: false
 
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
     needs: [get_config_values]
     with:
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
@@ -51,15 +34,13 @@ jobs:
     uses: ./.github/workflows/sam_package_code.yml
     needs: get_config_values
     with:
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: false
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   package_cdk_code:
     uses: ./.github/workflows/cdk_package_code.yml
     needs: get_config_values
     with:
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: false
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
 
   get_issue_number:
     runs-on: ubuntu-22.04
@@ -89,13 +70,12 @@ jobs:
 
   tag_release:
     needs: [get_config_values]
-    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@36677e1d6bfaa010d7b78942a1ade12fbefecb80
+    uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
     with:
       dry_run: true
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
       branch_name: ${{ github.event.pull_request.head.ref }}
       tag_format: ${{ needs.get_config_values.outputs.TAG_FORMAT }}
-      verify_published_from_main_image: false
     secrets: inherit
   get_commit_id:
     runs-on: ubuntu-22.04
@@ -123,8 +103,7 @@ jobs:
       deploy_artillery: true
       deploy_drift_detection: false
       is_pull_request: true
-      runtime_docker_image: "${{ needs.get_config_values.outputs.devcontainer_image }}:githubactions-${{ needs.get_config_values.outputs.devcontainer_version }}"
-      verify_published_from_main_image: false
+      pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
     secrets:
       cf_create_changeset_role: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
       cf_deploy_role: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}