diff --git a/.github/actions/build-vault/action.yml b/.github/actions/build-vault/action.yml index 5e2641344208..8836821a6f16 100644 --- a/.github/actions/build-vault/action.yml +++ b/.github/actions/build-vault/action.yml @@ -92,7 +92,7 @@ runs: shell: bash run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com" - name: Restore UI from cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: # Restore the UI asset from the UI build workflow. Never use a partial restore key. enableCrossOsArchive: true @@ -146,7 +146,7 @@ runs: BUNDLE_PATH: out/${{ steps.metadata.outputs.artifact-basename }}.zip shell: bash run: make ci-bundle - - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.metadata.outputs.artifact-basename }}.zip path: out/${{ steps.metadata.outputs.artifact-basename }}.zip @@ -178,13 +178,13 @@ runs: echo "deb-files=$(basename out/*.deb)" } | tee -a "$GITHUB_OUTPUT" - if: inputs.create-packages == 'true' - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.package-files.outputs.rpm-files }} path: out/${{ steps.package-files.outputs.rpm-files }} if-no-files-found: error - if: inputs.create-packages == 'true' - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.package-files.outputs.deb-files }} path: out/${{ steps.package-files.outputs.deb-files }} diff --git a/.github/actions/changed-files/action.yml b/.github/actions/changed-files/action.yml index 92e6638dfe28..466864839dd4 100644 --- a/.github/actions/changed-files/action.yml +++ b/.github/actions/changed-files/action.yml @@ -56,7 +56,7 @@ runs: checkout_ref='${{ github.ref }}' fi echo "ref=${checkout_ref}" | tee -a "$GITHUB_OUTPUT" - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ github.repository }} path: "changed-files" diff --git a/.github/actions/checkout/action.yml b/.github/actions/checkout/action.yml index 8b92628f9ba2..7a3097a83115 100644 --- a/.github/actions/checkout/action.yml +++ b/.github/actions/checkout/action.yml @@ -70,7 +70,7 @@ runs: echo "ref=${checkout_ref}" echo "depth=${fetch_depth}" } | tee -a "$GITHUB_OUTPUT" - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: ${{ inputs.path }} fetch-depth: ${{ steps.ref.outputs.depth }} diff --git a/.github/actions/create-dynamic-config/action.yml b/.github/actions/create-dynamic-config/action.yml index 1292b0a3f7f1..89956eefd4f2 100644 --- a/.github/actions/create-dynamic-config/action.yml +++ b/.github/actions/create-dynamic-config/action.yml @@ -32,7 +32,7 @@ runs: } | tee -a "$GITHUB_ENV" - name: Try to restore dynamic config from cache id: dyn-cfg-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ env.DYNAMIC_CONFIG_PATH }} key: dyn-cfg-${{ env.DYNAMIC_CONFIG_KEY }} diff --git a/.github/actions/run-apupgrade-tests/action.yml b/.github/actions/run-apupgrade-tests/action.yml index 960682d6709d..679bf0b93209 100644 --- a/.github/actions/run-apupgrade-tests/action.yml +++ b/.github/actions/run-apupgrade-tests/action.yml @@ -52,7 +52,7 @@ runs: run: | git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com - name: Check out the .release/versions.hcl file from Vault Enterprise repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/set-up-go @@ -61,14 +61,14 @@ runs: - name: Build external tools uses: ./.github/actions/install-external-tools - name: Checkout VCM repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: hashicorp/vcm ref: 1fcab6591e3bdc81d2921ca77441bfcf913c6a57 token: ${{ inputs.github-token }} path: vcm - name: Checkout Vault tools repository to get the Autopilot upgrade tool - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: hashicorp/vault-tools token: ${{ inputs.github-token }} diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml index f0f848a62dd8..af3fa74060ab 100644 --- a/.github/actions/set-up-go/action.yml +++ b/.github/actions/set-up-go/action.yml @@ -37,7 +37,7 @@ runs: else echo "go-version=${{ inputs.go-version }}" | tee -a "$GITHUB_OUTPUT" fi - - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ steps.go-version.outputs.go-version }} cache: false # We use our own caching strategy @@ -49,7 +49,7 @@ runs: echo "cache-key=go-modules-${{ hashFiles('**/go.sum') }}" } | tee -a "$GITHUB_OUTPUT" - id: cache-modules - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: enableCrossOsArchive: true lookup-only: ${{ inputs.no-restore }} diff --git a/.github/actions/set-up-pipeline/action.yml b/.github/actions/set-up-pipeline/action.yml index 536964ffc6c1..df19b8a5ee8b 100644 --- a/.github/actions/set-up-pipeline/action.yml +++ b/.github/actions/set-up-pipeline/action.yml @@ -32,7 +32,7 @@ runs: } | tee -a "$GITHUB_ENV" - name: Try to restore pipeline from cache id: pipeline-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ env.PIPELINE_PATH }} key: pipeline-${{ env.PIPELINE_HASH }} diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 1b8dcd89af04..c0088cfd52eb 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -14,7 +14,7 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Check workflow files" uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8 with: diff --git a/.github/workflows/benchmark-prevent-performance-degradations.yml b/.github/workflows/benchmark-prevent-performance-degradations.yml index 7c3ac5f888e9..43739669f2ea 100644 --- a/.github/workflows/benchmark-prevent-performance-degradations.yml +++ b/.github/workflows/benchmark-prevent-performance-degradations.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code into the Go module directory - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 fetch-tags: false diff --git a/.github/workflows/build-artifacts-ce.yml b/.github/workflows/build-artifacts-ce.yml index 0d0a0731bc50..821516ec8ebd 100644 --- a/.github/workflows/build-artifacts-ce.yml +++ b/.github/workflows/build-artifacts-ce.yml @@ -105,7 +105,7 @@ jobs: runs-on: ${{ fromJSON(inputs.compute-build) }} name: (${{ matrix.goos }}, ${{ matrix.goarch }}) steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/build-vault @@ -226,7 +226,7 @@ jobs: name: (${{ matrix.goos }}, ${{ matrix.goarch }}${{ matrix.goarm && ' ' || '' }}${{ matrix.goarm }}) runs-on: ${{ fromJSON(inputs.compute-build) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/build-vault @@ -254,7 +254,7 @@ jobs: - core - extended steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout-ref }} - name: Determine status diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index eddc9a9f5627..26f05d8dcf9c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -105,7 +105,7 @@ jobs: workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }} steps: # Run the changed-files action to determine what Git reference we should check out - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/changed-files id: changed-files - uses: ./.github/actions/checkout @@ -159,7 +159,7 @@ jobs: outputs: cache-key: ui-${{ steps.ui-hash.outputs.ui-hash }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.setup.outputs.checkout-ref }} - name: Get UI hash @@ -167,7 +167,7 @@ jobs: run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT" - name: Set up UI asset cache id: cache-ui-assets - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: enableCrossOsArchive: true lookup-only: true @@ -177,7 +177,7 @@ jobs: key: ui-${{ steps.ui-hash.outputs.ui-hash }} - if: steps.cache-ui-assets.outputs.cache-hit != 'true' name: Set up node and yarn - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version-file: ui/package.json cache: yarn @@ -294,7 +294,7 @@ jobs: - test - test-containers steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: status name: Determine status run: | @@ -345,7 +345,7 @@ jobs: always() && steps.status.outputs.result != 'success' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0 env: SLACK_BOT_TOKEN: ${{ steps.slackbot-token.outputs.slackbot-token }} with: @@ -390,7 +390,7 @@ jobs: with: version: ${{ needs.setup.outputs.vault-version-metadata }} product: ${{ needs.setup.outputs.vault-binary-name }} - - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: steps.generate-metadata-file.outcome == 'success' # upload our metadata if we created it with: name: metadata.json diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml index 23ab8246a710..cd88fbae5622 100644 --- a/.github/workflows/changelog-checker.yml +++ b/.github/workflows/changelog-checker.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 # by default the checkout action doesn't checkout all branches diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2b5fc4acda63..7710c3d41dd0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,7 +34,7 @@ jobs: ui-changed: ${{ steps.changed-files.outputs.ui-changed }} workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/changed-files id: changed-files - uses: ./.github/actions/checkout @@ -70,7 +70,7 @@ jobs: runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} steps: - name: Check out the .release/versions.hcl file from Vault Enterprise repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.setup.outputs.checkout-ref }} sparse-checkout: | @@ -220,7 +220,7 @@ jobs: contents: read runs-on: ${{ fromJSON(needs.setup.outputs.compute-test-ui) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 name: status with: ref: ${{ needs.setup.outputs.checkout-ref }} @@ -228,12 +228,12 @@ jobs: with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} # Setup node.js without caching to allow running npm install -g yarn (next step) - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version-file: './ui/package.json' - run: npm install -g yarn # Setup node.js with caching using the yarn.lock file - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version-file: './ui/package.json' cache: yarn @@ -288,7 +288,7 @@ jobs: mkdir -p test-results/qunit yarn ${{ needs.setup.outputs.is-enterprise == 'true' && 'test' || 'test:oss' }} - if: always() - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: test-results-ui path: ui/test-results @@ -337,7 +337,7 @@ jobs: runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","linux","small"]') }} permissions: write-all # Ensure we have id-token:write access for vault-auth. steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Determine the overall status of our required test jobs. - name: Determine status id: status @@ -400,7 +400,7 @@ jobs: needs.test-ui.result == 'failure' ) name: Notify build failures in Slack - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 + uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0 env: SLACK_BOT_TOKEN: ${{ steps.slackbot-token.outputs.slackbot-token }} with: diff --git a/.github/workflows/code-checker.yml b/.github/workflows/code-checker.yml index 0b3bf049c695..fc1073061a11 100644 --- a/.github/workflows/code-checker.yml +++ b/.github/workflows/code-checker.yml @@ -17,7 +17,7 @@ jobs: name: Setup runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Ensure Go modules are cached uses: ./.github/actions/set-up-go with: @@ -30,7 +30,7 @@ jobs: needs: setup if: github.base_ref == 'main' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - uses: ./.github/actions/set-up-go @@ -46,7 +46,7 @@ jobs: needs: setup if: github.base_ref == 'main' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - uses: ./.github/actions/set-up-go @@ -66,7 +66,7 @@ jobs: runs-on: ubuntu-latest needs: setup steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} @@ -79,7 +79,7 @@ jobs: runs-on: ubuntu-latest needs: setup steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} @@ -97,6 +97,6 @@ jobs: container: image: returntocorp/semgrep@sha256:cfad18cfb6536aa48ad5a71017207a10320b4e17e3b2bd7b7de27b42dc9651e7 #v1.58 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Semgrep Rules run: semgrep ci --include '*.go' --config 'tools/semgrep/ci' diff --git a/.github/workflows/copywrite.yml b/.github/workflows/copywrite.yml index da5f251d10ad..33bbcb313ba7 100644 --- a/.github/workflows/copywrite.yml +++ b/.github/workflows/copywrite.yml @@ -12,7 +12,7 @@ jobs: copywrite: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3 name: Setup Copywrite with: diff --git a/.github/workflows/enos-lint.yml b/.github/workflows/enos-lint.yml index 3bb6855dbe37..78a58067bfd2 100644 --- a/.github/workflows/enos-lint.yml +++ b/.github/workflows/enos-lint.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ steps.metadata.outputs.runs-on }} version: ${{ steps.metadata.outputs.version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: set-product-version uses: hashicorp/actions-set-product-version@v2 - id: metadata @@ -37,8 +37,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 go-version-file: .go-version diff --git a/.github/workflows/enos-release-testing-oss.yml b/.github/workflows/enos-release-testing-oss.yml index c648d5d2a9e3..bd845374fe50 100644 --- a/.github/workflows/enos-release-testing-oss.yml +++ b/.github/workflows/enos-release-testing-oss.yml @@ -15,7 +15,7 @@ jobs: vault-version: ${{ github.event.client_payload.payload.version }} vault-version-package: ${{ steps.get-metadata.outputs.vault-version-package }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Check out the repository at the same Git SHA that was used to create # the artifacts to get the correct metadata. diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml index ae7c5c750d87..9c9086f1ada3 100644 --- a/.github/workflows/oss.yml +++ b/.github/workflows/oss.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - if: github.event.pull_request != null - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - if: github.event.pull_request != null uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: changes diff --git a/.github/workflows/plugin-update-check.yml b/.github/workflows/plugin-update-check.yml index 36bc0d27e7df..a5c548ee96c7 100644 --- a/.github/workflows/plugin-update-check.yml +++ b/.github/workflows/plugin-update-check.yml @@ -23,13 +23,13 @@ jobs: RUN_ID: "${{github.run_id}}" steps: - run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO" - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # We don't use the default token so that checks are executed on the resulting PR # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 go-version-file: .go-version diff --git a/.github/workflows/plugin-update.yml b/.github/workflows/plugin-update.yml index 0e3f2551a9f7..894cacf6f4a9 100644 --- a/.github/workflows/plugin-update.yml +++ b/.github/workflows/plugin-update.yml @@ -28,13 +28,13 @@ jobs: VAULT_BRANCH: ${{ inputs.branch }} REVIEWER: ${{ inputs.reviewer || github.actor }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # We don't use the default token so that checks are executed on the resulting PR # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 go-version-file: .go-version diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 5c91ad07c322..4a1c24266fcf 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -23,21 +23,21 @@ jobs: github.actor != 'dependabot[bot]' && github.actor != 'hc-github-team-secure-vault-core' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 go-version-file: .go-version - name: Set up Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.x - name: Clone Security Scanner repo - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: hashicorp/security-scanner token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} @@ -88,6 +88,6 @@ jobs: cat results.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1 + uses: github/codeql-action/upload-sarif@3096afedf9873361b2b2f65e1445b13272c83eb8 # TSCCR: could not find entry for github/codeql-action/upload-sarif with: sarif_file: results.sarif diff --git a/.github/workflows/stable-website.yaml b/.github/workflows/stable-website.yaml index 89a468bad3fe..705ec009f3a9 100644 --- a/.github/workflows/stable-website.yaml +++ b/.github/workflows/stable-website.yaml @@ -15,7 +15,7 @@ jobs: name: Cherry pick to stable-website branch steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: stable-website - run: | diff --git a/.github/workflows/test-ci-bootstrap.yml b/.github/workflows/test-ci-bootstrap.yml index 9d030408cb2f..5481e4f7281c 100644 --- a/.github/workflows/test-ci-bootstrap.yml +++ b/.github/workflows/test-ci-bootstrap.yml @@ -29,7 +29,7 @@ jobs: TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Terraform uses: hashicorp/setup-terraform@v3 - name: Configure AWS credentials diff --git a/.github/workflows/test-ci-cleanup.yml b/.github/workflows/test-ci-cleanup.yml index 697ad2cca6ed..26350583764e 100644 --- a/.github/workflows/test-ci-cleanup.yml +++ b/.github/workflows/test-ci-cleanup.yml @@ -49,7 +49,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 mask-aws-account-id: false - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure run: | cp enos/ci/aws-nuke.yml . diff --git a/.github/workflows/test-enos-scenario-ui.yml b/.github/workflows/test-enos-scenario-ui.yml index 017d62640751..5e510f11468b 100644 --- a/.github/workflows/test-enos-scenario-ui.yml +++ b/.github/workflows/test-enos-scenario-ui.yml @@ -40,7 +40,7 @@ jobs: runs-on: ${{ steps.get-metadata.outputs.runs-on }} vault_edition: ${{ steps.get-metadata.outputs.vault_edition }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: get-metadata env: IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }} @@ -72,7 +72,7 @@ jobs: GOPRIVATE: github.com/hashicorp steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} @@ -82,7 +82,7 @@ jobs: - name: Set Up Git run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com" - name: Set Up Node - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version-file: './ui/package.json' - name: Set Up Terraform diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index 9bb61654037a..f3c1b3469527 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -100,7 +100,7 @@ jobs: matrix: ${{ steps.build.outputs.matrix }} matrix_ids: ${{ steps.build.outputs.matrix_ids }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout-ref }} - name: Authenticate to Vault @@ -138,7 +138,7 @@ jobs: run: echo "go-test-dir=test-results/go-test" | tee -a "$GITHUB_OUTPUT" - uses: ./.github/actions/set-up-gotestsum - run: mkdir -p ${{ steps.metadata.outputs.go-test-dir }} - - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + - uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 if: inputs.test-timing-cache-enabled with: path: ${{ steps.metadata.outputs.go-test-dir }} @@ -235,7 +235,7 @@ jobs: go-test-results-download-pattern: ${{ steps.metadata.outputs.go-test-results-download-pattern }} data-race-log-download-pattern: ${{ steps.metadata.outputs.data-race-log-download-pattern }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/set-up-go @@ -485,7 +485,7 @@ jobs: run: | tar -cvf '${{ steps.metadata.outputs.go-test-log-archive-name }}' -C "${{ steps.metadata.outputs.go-test-log-dir }}" . - name: Upload test logs archives - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.metadata.outputs.go-test-log-archive-name }} path: ${{ steps.metadata.outputs.go-test-log-archive-name }} @@ -493,7 +493,7 @@ jobs: if: success() || failure() - name: Upload test results if: success() || failure() - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.metadata.outputs.go-test-results-upload-key }} path: | @@ -533,7 +533,7 @@ jobs: if: | (success() || failure()) && steps.data-race-check.outputs.data-race-result == 'failure' - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.metadata.outputs.data-race-log-upload-key }} path: ${{ steps.metadata.outputs.go-test-dir }}/${{ steps.metadata.outputs.data-race-log-file }} @@ -606,7 +606,7 @@ jobs: '${{ steps.metadata.outputs.gotestsum-timing-events }}' \ >> '${{ steps.metadata.outputs.failure-summary-file-name }}' - name: Upload failure summary - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: success() || failure() with: name: ${{ steps.metadata.outputs.failure-summary-file-name }} @@ -666,7 +666,7 @@ jobs: } | tee -a "$GITHUB_OUTPUT" # Aggregate, prune, and cache our timing data - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-enabled }} - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ needs.test-matrix.outputs.go-test-dir }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} diff --git a/.github/workflows/test-run-acc-tests-for-path.yml b/.github/workflows/test-run-acc-tests-for-path.yml index 7385905a2670..0a4dcb94f8df 100644 --- a/.github/workflows/test-run-acc-tests-for-path.yml +++ b/.github/workflows/test-run-acc-tests-for-path.yml @@ -20,12 +20,12 @@ jobs: go-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt - - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ inputs.name }}-output path: ${{ inputs.name }}.txt diff --git a/.github/workflows/test-run-enos-scenario-containers.yml b/.github/workflows/test-run-enos-scenario-containers.yml index bb3e146888cb..dbf7d0b1dd11 100644 --- a/.github/workflows/test-run-enos-scenario-containers.yml +++ b/.github/workflows/test-run-enos-scenario-containers.yml @@ -40,7 +40,7 @@ jobs: sample: ${{ steps.metadata.outputs.sample }} vault-version: ${{ steps.metadata.outputs.vault-version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.vault-revision }} - uses: hashicorp/action-setup-enos@v1 @@ -78,7 +78,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: hashicorp/setup-terraform@v3 with: # the Terraform wrapper will break Terraform execution in Enos because diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index ca5f71e0e71b..fcd0b14b1b36 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -260,7 +260,7 @@ jobs: run: enos scenario launch --timeout 45m0s --chdir ./enos ${{ matrix.scenario.id.filter }} - name: Upload Debug Data if: failure() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} diff --git a/.github/workflows/test-run-enos-scenario.yml b/.github/workflows/test-run-enos-scenario.yml index b8f1a5c0ca65..0956cac94348 100644 --- a/.github/workflows/test-run-enos-scenario.yml +++ b/.github/workflows/test-run-enos-scenario.yml @@ -51,7 +51,7 @@ jobs: ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data VAULT_METADATA: ent steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set product version and revision # If the Vault version and revision are not provided as workflow inputs, incase of # testing local artifact, the environment variables ENOS_VAR_vault_product_version @@ -66,7 +66,7 @@ jobs: - name: Configure Git run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - name: Set up node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: 14 cache-dependency-path: ui/yarn.lock @@ -106,13 +106,13 @@ jobs: run: | bash -x ./scripts/gha_enos_logs.sh "${{ steps.scenario-deps.outputs.logsdir }}" "${{ inputs.scenario }}" "${{ inputs.distro }}" "${{ inputs.artifact-type }}" 2>/dev/null find "${{ steps.scenario-deps.outputs.logsdir }}" -maxdepth 0 -empty -exec rmdir {} \; - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: ${{ always() }} with: name: enos-scenario-logs path: ${{ steps.scenario-deps.outputs.logsdir }} retention-days: 1 - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: ${{ always() }} with: name: enos-debug-data-logs