scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

actions: pin to the latest approved workflows (#29321)

Browse Source 
The genesis of this PR is updating our cache action due to older actions
being shut down[0]. While not mentioned in the changelog, the migration
guide does call out versions <3.4.0 or <4.2.0 as too old.[1]

Since I was updating cache I went ahead and updated minor versions of
all our actions.

[0]: https://github.blog/changelog/2024-12-05-notice-of-upcoming-releases-and-breaking-changes-for-github-actions/#actions-cache-v1-v2-and-actions-toolkit-cache-package-closing-down
[1]: https://github.com/actions/cache/discussions/1510

Signed-off-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
Ryan Cragun
2025-01-24 13:08:01 -07:00
committed by GitHub
parent 28b2746545
commit b239a71934
30 changed files with 78 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/actions/build-vault/action.yml vendored
View File

@@ -92,7 +92,7 @@ runs:
shell: bash shell: bash
run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com"
- name: Restore UI from cache - name: Restore UI from cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with: with:
# Restore the UI asset from the UI build workflow. Never use a partial restore key. # Restore the UI asset from the UI build workflow. Never use a partial restore key.
enableCrossOsArchive: true enableCrossOsArchive: true
@@ -146,7 +146,7 @@ runs:
BUNDLE_PATH: out/${{ steps.metadata.outputs.artifact-basename }}.zip BUNDLE_PATH: out/${{ steps.metadata.outputs.artifact-basename }}.zip
shell: bash shell: bash
run: make ci-bundle run: make ci-bundle
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: ${{ steps.metadata.outputs.artifact-basename }}.zip name: ${{ steps.metadata.outputs.artifact-basename }}.zip
path: out/${{ steps.metadata.outputs.artifact-basename }}.zip path: out/${{ steps.metadata.outputs.artifact-basename }}.zip
@@ -178,13 +178,13 @@ runs:
echo "deb-files=$(basename out/*.deb)" echo "deb-files=$(basename out/*.deb)"
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
- if: inputs.create-packages == 'true' - if: inputs.create-packages == 'true'
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: ${{ steps.package-files.outputs.rpm-files }} name: ${{ steps.package-files.outputs.rpm-files }}
path: out/${{ steps.package-files.outputs.rpm-files }} path: out/${{ steps.package-files.outputs.rpm-files }}
if-no-files-found: error if-no-files-found: error
- if: inputs.create-packages == 'true' - if: inputs.create-packages == 'true'
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: ${{ steps.package-files.outputs.deb-files }} name: ${{ steps.package-files.outputs.deb-files }}
path: out/${{ steps.package-files.outputs.deb-files }} path: out/${{ steps.package-files.outputs.deb-files }}

2
.github/actions/changed-files/action.yml vendored
View File

@@ -56,7 +56,7 @@ runs:
checkout_ref='${{ github.ref }}' checkout_ref='${{ github.ref }}'
fi fi
echo "ref=${checkout_ref}" | tee -a "$GITHUB_OUTPUT" echo "ref=${checkout_ref}" | tee -a "$GITHUB_OUTPUT"
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: ${{ github.repository }} repository: ${{ github.repository }}
path: "changed-files" path: "changed-files"

2
.github/actions/checkout/action.yml vendored
View File

@@ -70,7 +70,7 @@ runs:
echo "ref=${checkout_ref}" echo "ref=${checkout_ref}"
echo "depth=${fetch_depth}" echo "depth=${fetch_depth}"
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
path: ${{ inputs.path }} path: ${{ inputs.path }}
fetch-depth: ${{ steps.ref.outputs.depth }} fetch-depth: ${{ steps.ref.outputs.depth }}

2
.github/actions/create-dynamic-config/action.yml vendored
View File

@@ -32,7 +32,7 @@ runs:
} | tee -a "$GITHUB_ENV" } | tee -a "$GITHUB_ENV"
- name: Try to restore dynamic config from cache - name: Try to restore dynamic config from cache
id: dyn-cfg-cache id: dyn-cfg-cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with: with:
path: ${{ env.DYNAMIC_CONFIG_PATH }} path: ${{ env.DYNAMIC_CONFIG_PATH }}
key: dyn-cfg-${{ env.DYNAMIC_CONFIG_KEY }} key: dyn-cfg-${{ env.DYNAMIC_CONFIG_KEY }}

6
.github/actions/run-apupgrade-tests/action.yml vendored
View File

@@ -52,7 +52,7 @@ runs:
run: | run: |
git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com
- name: Check out the .release/versions.hcl file from Vault Enterprise repository - name: Check out the .release/versions.hcl file from Vault Enterprise repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.checkout-ref }} ref: ${{ inputs.checkout-ref }}
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
@@ -61,14 +61,14 @@ runs:
- name: Build external tools - name: Build external tools
uses: ./.github/actions/install-external-tools uses: ./.github/actions/install-external-tools
- name: Checkout VCM repository - name: Checkout VCM repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: hashicorp/vcm repository: hashicorp/vcm
ref: 1fcab6591e3bdc81d2921ca77441bfcf913c6a57 ref: 1fcab6591e3bdc81d2921ca77441bfcf913c6a57
token: ${{ inputs.github-token }} token: ${{ inputs.github-token }}
path: vcm path: vcm
- name: Checkout Vault tools repository to get the Autopilot upgrade tool - name: Checkout Vault tools repository to get the Autopilot upgrade tool
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: hashicorp/vault-tools repository: hashicorp/vault-tools
token: ${{ inputs.github-token }} token: ${{ inputs.github-token }}

4
.github/actions/set-up-go/action.yml vendored
View File

@@ -37,7 +37,7 @@ runs:
else else
echo "go-version=${{ inputs.go-version }}" | tee -a "$GITHUB_OUTPUT" echo "go-version=${{ inputs.go-version }}" | tee -a "$GITHUB_OUTPUT"
fi fi
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with: with:
go-version: ${{ steps.go-version.outputs.go-version }} go-version: ${{ steps.go-version.outputs.go-version }}
cache: false # We use our own caching strategy cache: false # We use our own caching strategy
@@ -49,7 +49,7 @@ runs:
echo "cache-key=go-modules-${{ hashFiles('**/go.sum') }}" echo "cache-key=go-modules-${{ hashFiles('**/go.sum') }}"
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
- id: cache-modules - id: cache-modules
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with: with:
enableCrossOsArchive: true enableCrossOsArchive: true
lookup-only: ${{ inputs.no-restore }} lookup-only: ${{ inputs.no-restore }}

2
.github/actions/set-up-pipeline/action.yml vendored
View File

@@ -32,7 +32,7 @@ runs:
} | tee -a "$GITHUB_ENV" } | tee -a "$GITHUB_ENV"
- name: Try to restore pipeline from cache - name: Try to restore pipeline from cache
id: pipeline-cache id: pipeline-cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with: with:
path: ${{ env.PIPELINE_PATH }} path: ${{ env.PIPELINE_PATH }}
key: pipeline-${{ env.PIPELINE_HASH }} key: pipeline-${{ env.PIPELINE_HASH }}

2
.github/workflows/actionlint.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
actionlint: actionlint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Check workflow files" - name: "Check workflow files"
uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8 uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8
with: with:

2
.github/workflows/benchmark-prevent-performance-degradations.yml vendored
View File

@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
fetch-tags: false fetch-tags: false

6
.github/workflows/build-artifacts-ce.yml vendored
View File

@@ -105,7 +105,7 @@ jobs:
runs-on: ${{ fromJSON(inputs.compute-build) }} runs-on: ${{ fromJSON(inputs.compute-build) }}
name: (${{ matrix.goos }}, ${{ matrix.goarch }}) name: (${{ matrix.goos }}, ${{ matrix.goarch }})
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.checkout-ref }} ref: ${{ inputs.checkout-ref }}
- uses: ./.github/actions/build-vault - uses: ./.github/actions/build-vault
@@ -226,7 +226,7 @@ jobs:
name: (${{ matrix.goos }}, ${{ matrix.goarch }}${{ matrix.goarm && ' ' || '' }}${{ matrix.goarm }}) name: (${{ matrix.goos }}, ${{ matrix.goarch }}${{ matrix.goarm && ' ' || '' }}${{ matrix.goarm }})
runs-on: ${{ fromJSON(inputs.compute-build) }} runs-on: ${{ fromJSON(inputs.compute-build) }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.checkout-ref }} ref: ${{ inputs.checkout-ref }}
- uses: ./.github/actions/build-vault - uses: ./.github/actions/build-vault
@@ -254,7 +254,7 @@ jobs:
- core - core
- extended - extended
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.checkout-ref }} ref: ${{ inputs.checkout-ref }}
- name: Determine status - name: Determine status

14
.github/workflows/build.yml vendored
View File

@@ -105,7 +105,7 @@ jobs:
workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }} workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }}
steps: steps:
# Run the changed-files action to determine what Git reference we should check out # Run the changed-files action to determine what Git reference we should check out
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/changed-files - uses: ./.github/actions/changed-files
id: changed-files id: changed-files
- uses: ./.github/actions/checkout - uses: ./.github/actions/checkout
@@ -159,7 +159,7 @@ jobs:
outputs: outputs:
cache-key: ui-${{ steps.ui-hash.outputs.ui-hash }} cache-key: ui-${{ steps.ui-hash.outputs.ui-hash }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ needs.setup.outputs.checkout-ref }} ref: ${{ needs.setup.outputs.checkout-ref }}
- name: Get UI hash - name: Get UI hash
@@ -167,7 +167,7 @@ jobs:
run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT" run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT"
- name: Set up UI asset cache - name: Set up UI asset cache
id: cache-ui-assets id: cache-ui-assets
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with: with:
enableCrossOsArchive: true enableCrossOsArchive: true
lookup-only: true lookup-only: true
@@ -177,7 +177,7 @@ jobs:
key: ui-${{ steps.ui-hash.outputs.ui-hash }} key: ui-${{ steps.ui-hash.outputs.ui-hash }}
- if: steps.cache-ui-assets.outputs.cache-hit != 'true' - if: steps.cache-ui-assets.outputs.cache-hit != 'true'
name: Set up node and yarn name: Set up node and yarn
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with: with:
node-version-file: ui/package.json node-version-file: ui/package.json
cache: yarn cache: yarn
@@ -294,7 +294,7 @@ jobs:
- test - test
- test-containers - test-containers
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: status - id: status
name: Determine status name: Determine status
run: | run: |
@@ -345,7 +345,7 @@ jobs:
always() && always() &&
steps.status.outputs.result != 'success' && steps.status.outputs.result != 'success' &&
(github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) (github.ref_name == 'main' || startsWith(github.ref_name, 'release/'))
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
env: env:
SLACK_BOT_TOKEN: ${{ steps.slackbot-token.outputs.slackbot-token }} SLACK_BOT_TOKEN: ${{ steps.slackbot-token.outputs.slackbot-token }}
with: with:
@@ -390,7 +390,7 @@ jobs:
with: with:
version: ${{ needs.setup.outputs.vault-version-metadata }} version: ${{ needs.setup.outputs.vault-version-metadata }}
product: ${{ needs.setup.outputs.vault-binary-name }} product: ${{ needs.setup.outputs.vault-binary-name }}
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: steps.generate-metadata-file.outcome == 'success' # upload our metadata if we created it if: steps.generate-metadata-file.outcome == 'success' # upload our metadata if we created it
with: with:
name: metadata.json name: metadata.json

2
.github/workflows/changelog-checker.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # by default the checkout action doesn't checkout all branches fetch-depth: 0 # by default the checkout action doesn't checkout all branches

16
.github/workflows/ci.yml vendored
View File

@@ -34,7 +34,7 @@ jobs:
ui-changed: ${{ steps.changed-files.outputs.ui-changed }} ui-changed: ${{ steps.changed-files.outputs.ui-changed }}
workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }} workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/changed-files - uses: ./.github/actions/changed-files
id: changed-files id: changed-files
- uses: ./.github/actions/checkout - uses: ./.github/actions/checkout
@@ -70,7 +70,7 @@ jobs:
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
steps: steps:
- name: Check out the .release/versions.hcl file from Vault Enterprise repository - name: Check out the .release/versions.hcl file from Vault Enterprise repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ needs.setup.outputs.checkout-ref }} ref: ${{ needs.setup.outputs.checkout-ref }}
sparse-checkout: | sparse-checkout: |
@@ -220,7 +220,7 @@ jobs:
contents: read contents: read
runs-on: ${{ fromJSON(needs.setup.outputs.compute-test-ui) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-test-ui) }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
name: status name: status
with: with:
ref: ${{ needs.setup.outputs.checkout-ref }} ref: ${{ needs.setup.outputs.checkout-ref }}
@@ -228,12 +228,12 @@ jobs:
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
# Setup node.js without caching to allow running npm install -g yarn (next step) # Setup node.js without caching to allow running npm install -g yarn (next step)
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with: with:
node-version-file: './ui/package.json' node-version-file: './ui/package.json'
- run: npm install -g yarn - run: npm install -g yarn
# Setup node.js with caching using the yarn.lock file # Setup node.js with caching using the yarn.lock file
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with: with:
node-version-file: './ui/package.json' node-version-file: './ui/package.json'
cache: yarn cache: yarn
@@ -288,7 +288,7 @@ jobs:
mkdir -p test-results/qunit mkdir -p test-results/qunit
yarn ${{ needs.setup.outputs.is-enterprise == 'true' && 'test' || 'test:oss' }} yarn ${{ needs.setup.outputs.is-enterprise == 'true' && 'test' || 'test:oss' }}
- if: always() - if: always()
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: test-results-ui name: test-results-ui
path: ui/test-results path: ui/test-results
@@ -337,7 +337,7 @@ jobs:
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","linux","small"]') }} runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","linux","small"]') }}
permissions: write-all # Ensure we have id-token:write access for vault-auth. permissions: write-all # Ensure we have id-token:write access for vault-auth.
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Determine the overall status of our required test jobs. # Determine the overall status of our required test jobs.
- name: Determine status - name: Determine status
id: status id: status
@@ -400,7 +400,7 @@ jobs:
needs.test-ui.result == 'failure' needs.test-ui.result == 'failure'
) )
name: Notify build failures in Slack name: Notify build failures in Slack
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
env: env:
SLACK_BOT_TOKEN: ${{ steps.slackbot-token.outputs.slackbot-token }} SLACK_BOT_TOKEN: ${{ steps.slackbot-token.outputs.slackbot-token }}
with: with:

12
.github/workflows/code-checker.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Setup name: Setup
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Ensure Go modules are cached - name: Ensure Go modules are cached
uses: ./.github/actions/set-up-go uses: ./.github/actions/set-up-go
with: with:
@@ -30,7 +30,7 @@ jobs:
needs: setup needs: setup
if: github.base_ref == 'main' if: github.base_ref == 'main'
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
@@ -46,7 +46,7 @@ jobs:
needs: setup needs: setup
if: github.base_ref == 'main' if: github.base_ref == 'main'
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
@@ -66,7 +66,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: setup needs: setup
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -79,7 +79,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: setup needs: setup
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -97,6 +97,6 @@ jobs:
container: container:
image: returntocorp/semgrep@sha256:cfad18cfb6536aa48ad5a71017207a10320b4e17e3b2bd7b7de27b42dc9651e7 #v1.58 image: returntocorp/semgrep@sha256:cfad18cfb6536aa48ad5a71017207a10320b4e17e3b2bd7b7de27b42dc9651e7 #v1.58
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Semgrep Rules - name: Run Semgrep Rules
run: semgrep ci --include '*.go' --config 'tools/semgrep/ci' run: semgrep ci --include '*.go' --config 'tools/semgrep/ci'

2
.github/workflows/copywrite.yml vendored
View File

@@ -12,7 +12,7 @@ jobs:
copywrite: copywrite:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3 - uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3
name: Setup Copywrite name: Setup Copywrite
with: with:

6
.github/workflows/enos-lint.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
runs-on: ${{ steps.metadata.outputs.runs-on }} runs-on: ${{ steps.metadata.outputs.runs-on }}
version: ${{ steps.metadata.outputs.version }} version: ${{ steps.metadata.outputs.version }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: set-product-version - id: set-product-version
uses: hashicorp/actions-set-product-version@v2 uses: hashicorp/actions-set-product-version@v2
- id: metadata - id: metadata
@@ -37,8 +37,8 @@ jobs:
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }} ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with: with:
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
go-version-file: .go-version go-version-file: .go-version

2
.github/workflows/enos-release-testing-oss.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
vault-version: ${{ github.event.client_payload.payload.version }} vault-version: ${{ github.event.client_payload.payload.version }}
vault-version-package: ${{ steps.get-metadata.outputs.vault-version-package }} vault-version-package: ${{ steps.get-metadata.outputs.vault-version-package }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
# Check out the repository at the same Git SHA that was used to create # Check out the repository at the same Git SHA that was used to create
# the artifacts to get the correct metadata. # the artifacts to get the correct metadata.

2
.github/workflows/oss.yml vendored
View File

@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- if: github.event.pull_request != null - if: github.event.pull_request != null
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- if: github.event.pull_request != null - if: github.event.pull_request != null
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: changes id: changes

4
.github/workflows/plugin-update-check.yml vendored
View File

@@ -23,13 +23,13 @@ jobs:
RUN_ID: "${{github.run_id}}" RUN_ID: "${{github.run_id}}"
steps: steps:
- run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO" - run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO"
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
# We don't use the default token so that checks are executed on the resulting PR # We don't use the default token so that checks are executed on the resulting PR
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with: with:
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
go-version-file: .go-version go-version-file: .go-version

4
.github/workflows/plugin-update.yml vendored
View File

@@ -28,13 +28,13 @@ jobs:
VAULT_BRANCH: ${{ inputs.branch }} VAULT_BRANCH: ${{ inputs.branch }}
REVIEWER: ${{ inputs.reviewer || github.actor }} REVIEWER: ${{ inputs.reviewer || github.actor }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
# We don't use the default token so that checks are executed on the resulting PR # We don't use the default token so that checks are executed on the resulting PR
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with: with:
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
go-version-file: .go-version go-version-file: .go-version

10
.github/workflows/security-scan.yml vendored
View File

@@ -23,21 +23,21 @@ jobs:
github.actor != 'dependabot[bot]' && github.actor != 'dependabot[bot]' &&
github.actor != 'hc-github-team-secure-vault-core' github.actor != 'hc-github-team-secure-vault-core'
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go - name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with: with:
cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
go-version-file: .go-version go-version-file: .go-version
- name: Set up Python - name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with: with:
python-version: 3.x python-version: 3.x
- name: Clone Security Scanner repo - name: Clone Security Scanner repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: hashicorp/security-scanner repository: hashicorp/security-scanner
token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }}
@@ -88,6 +88,6 @@ jobs:
cat results.sarif cat results.sarif
- name: Upload SARIF file - name: Upload SARIF file
uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1 uses: github/codeql-action/upload-sarif@3096afedf9873361b2b2f65e1445b13272c83eb8 # TSCCR: could not find entry for github/codeql-action/upload-sarif
with: with:
sarif_file: results.sarif sarif_file: results.sarif

2
.github/workflows/stable-website.yaml vendored
View File

@@ -15,7 +15,7 @@ jobs:
name: Cherry pick to stable-website branch name: Cherry pick to stable-website branch
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: stable-website ref: stable-website
- run: | - run: |

2
.github/workflows/test-ci-bootstrap.yml vendored
View File

@@ -29,7 +29,7 @@ jobs:
TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }}
TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Terraform - name: Set up Terraform
uses: hashicorp/setup-terraform@v3 uses: hashicorp/setup-terraform@v3
- name: Configure AWS credentials - name: Configure AWS credentials

2
.github/workflows/test-ci-cleanup.yml vendored
View File

@@ -49,7 +49,7 @@ jobs:
role-skip-session-tagging: true role-skip-session-tagging: true
role-duration-seconds: 3600 role-duration-seconds: 3600
mask-aws-account-id: false mask-aws-account-id: false
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Configure - name: Configure
run: | run: |
cp enos/ci/aws-nuke.yml . cp enos/ci/aws-nuke.yml .

6
.github/workflows/test-enos-scenario-ui.yml vendored
View File

@@ -40,7 +40,7 @@ jobs:
runs-on: ${{ steps.get-metadata.outputs.runs-on }} runs-on: ${{ steps.get-metadata.outputs.runs-on }}
vault_edition: ${{ steps.get-metadata.outputs.vault_edition }} vault_edition: ${{ steps.get-metadata.outputs.vault_edition }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: get-metadata - id: get-metadata
env: env:
IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }} IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }}
@@ -72,7 +72,7 @@ jobs:
GOPRIVATE: github.com/hashicorp GOPRIVATE: github.com/hashicorp
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -82,7 +82,7 @@ jobs:
- name: Set Up Git - name: Set Up Git
run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com"
- name: Set Up Node - name: Set Up Node
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with: with:
node-version-file: './ui/package.json' node-version-file: './ui/package.json'
- name: Set Up Terraform - name: Set Up Terraform

16
.github/workflows/test-go.yml vendored
View File

@@ -100,7 +100,7 @@ jobs:
matrix: ${{ steps.build.outputs.matrix }} matrix: ${{ steps.build.outputs.matrix }}
matrix_ids: ${{ steps.build.outputs.matrix_ids }} matrix_ids: ${{ steps.build.outputs.matrix_ids }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.checkout-ref }} ref: ${{ inputs.checkout-ref }}
- name: Authenticate to Vault - name: Authenticate to Vault
@@ -138,7 +138,7 @@ jobs:
run: echo "go-test-dir=test-results/go-test" | tee -a "$GITHUB_OUTPUT" run: echo "go-test-dir=test-results/go-test" | tee -a "$GITHUB_OUTPUT"
- uses: ./.github/actions/set-up-gotestsum - uses: ./.github/actions/set-up-gotestsum
- run: mkdir -p ${{ steps.metadata.outputs.go-test-dir }} - run: mkdir -p ${{ steps.metadata.outputs.go-test-dir }}
- uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
if: inputs.test-timing-cache-enabled if: inputs.test-timing-cache-enabled
with: with:
path: ${{ steps.metadata.outputs.go-test-dir }} path: ${{ steps.metadata.outputs.go-test-dir }}
@@ -235,7 +235,7 @@ jobs:
go-test-results-download-pattern: ${{ steps.metadata.outputs.go-test-results-download-pattern }} go-test-results-download-pattern: ${{ steps.metadata.outputs.go-test-results-download-pattern }}
data-race-log-download-pattern: ${{ steps.metadata.outputs.data-race-log-download-pattern }} data-race-log-download-pattern: ${{ steps.metadata.outputs.data-race-log-download-pattern }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.checkout-ref }} ref: ${{ inputs.checkout-ref }}
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
@@ -461,7 +461,7 @@ jobs:
run: | run: |
tar -cvf '${{ steps.metadata.outputs.go-test-log-archive-name }}' -C "${{ steps.metadata.outputs.go-test-log-dir }}" . tar -cvf '${{ steps.metadata.outputs.go-test-log-archive-name }}' -C "${{ steps.metadata.outputs.go-test-log-dir }}" .
- name: Upload test logs archives - name: Upload test logs archives
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: ${{ steps.metadata.outputs.go-test-log-archive-name }} name: ${{ steps.metadata.outputs.go-test-log-archive-name }}
path: ${{ steps.metadata.outputs.go-test-log-archive-name }} path: ${{ steps.metadata.outputs.go-test-log-archive-name }}
@@ -469,7 +469,7 @@ jobs:
if: success() || failure() if: success() || failure()
- name: Upload test results - name: Upload test results
if: success() || failure() if: success() || failure()
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: ${{ steps.metadata.outputs.go-test-results-upload-key }} name: ${{ steps.metadata.outputs.go-test-results-upload-key }}
path: | path: |
@@ -509,7 +509,7 @@ jobs:
if: | if: |
(success() || failure()) && (success() || failure()) &&
steps.data-race-check.outputs.data-race-result == 'failure' steps.data-race-check.outputs.data-race-result == 'failure'
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: ${{ steps.metadata.outputs.data-race-log-upload-key }} name: ${{ steps.metadata.outputs.data-race-log-upload-key }}
path: ${{ steps.metadata.outputs.go-test-dir }}/${{ steps.metadata.outputs.data-race-log-file }} path: ${{ steps.metadata.outputs.go-test-dir }}/${{ steps.metadata.outputs.data-race-log-file }}
@@ -582,7 +582,7 @@ jobs:
'${{ steps.metadata.outputs.gotestsum-timing-events }}' \ '${{ steps.metadata.outputs.gotestsum-timing-events }}' \
>> '${{ steps.metadata.outputs.failure-summary-file-name }}' >> '${{ steps.metadata.outputs.failure-summary-file-name }}'
- name: Upload failure summary - name: Upload failure summary
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: success() || failure() if: success() || failure()
with: with:
name: ${{ steps.metadata.outputs.failure-summary-file-name }} name: ${{ steps.metadata.outputs.failure-summary-file-name }}
@@ -642,7 +642,7 @@ jobs:
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
# Aggregate, prune, and cache our timing data # Aggregate, prune, and cache our timing data
- if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-enabled }} - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-enabled }}
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with: with:
path: ${{ needs.test-matrix.outputs.go-test-dir }} path: ${{ needs.test-matrix.outputs.go-test-dir }}
key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }}

4
.github/workflows/test-run-acc-tests-for-path.yml vendored
View File

@@ -20,12 +20,12 @@ jobs:
go-test: go-test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt - run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
name: ${{ inputs.name }}-output name: ${{ inputs.name }}-output
path: ${{ inputs.name }}.txt path: ${{ inputs.name }}.txt

4
.github/workflows/test-run-enos-scenario-containers.yml vendored
View File

@@ -40,7 +40,7 @@ jobs:
sample: ${{ steps.metadata.outputs.sample }} sample: ${{ steps.metadata.outputs.sample }}
vault-version: ${{ steps.metadata.outputs.vault-version }} vault-version: ${{ steps.metadata.outputs.vault-version }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.vault-revision }} ref: ${{ inputs.vault-revision }}
- uses: hashicorp/action-setup-enos@v1 - uses: hashicorp/action-setup-enos@v1
@@ -78,7 +78,7 @@ jobs:
env: env:
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: hashicorp/setup-terraform@v3 - uses: hashicorp/setup-terraform@v3
with: with:
# the Terraform wrapper will break Terraform execution in Enos because # the Terraform wrapper will break Terraform execution in Enos because

2
.github/workflows/test-run-enos-scenario-matrix.yml vendored
View File

@@ -260,7 +260,7 @@ jobs:
run: enos scenario launch --timeout 45m0s --chdir ./enos ${{ matrix.scenario.id.filter }} run: enos scenario launch --timeout 45m0s --chdir ./enos ${{ matrix.scenario.id.filter }}
- name: Upload Debug Data - name: Upload Debug Data
if: failure() if: failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with: with:
# The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals.
name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }}

8
.github/workflows/test-run-enos-scenario.yml vendored
View File

@@ -51,7 +51,7 @@ jobs:
ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data
VAULT_METADATA: ent VAULT_METADATA: ent
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set product version and revision - name: Set product version and revision
# If the Vault version and revision are not provided as workflow inputs, incase of # If the Vault version and revision are not provided as workflow inputs, incase of
# testing local artifact, the environment variables ENOS_VAR_vault_product_version # testing local artifact, the environment variables ENOS_VAR_vault_product_version
@@ -66,7 +66,7 @@ jobs:
- name: Configure Git - name: Configure Git
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- name: Set up node - name: Set up node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with: with:
node-version: 14 node-version: 14
cache-dependency-path: ui/yarn.lock cache-dependency-path: ui/yarn.lock
@@ -106,13 +106,13 @@ jobs:
run: | run: |
bash -x ./scripts/gha_enos_logs.sh "${{ steps.scenario-deps.outputs.logsdir }}" "${{ inputs.scenario }}" "${{ inputs.distro }}" "${{ inputs.artifact-type }}" 2>/dev/null bash -x ./scripts/gha_enos_logs.sh "${{ steps.scenario-deps.outputs.logsdir }}" "${{ inputs.scenario }}" "${{ inputs.distro }}" "${{ inputs.artifact-type }}" 2>/dev/null
find "${{ steps.scenario-deps.outputs.logsdir }}" -maxdepth 0 -empty -exec rmdir {} \; find "${{ steps.scenario-deps.outputs.logsdir }}" -maxdepth 0 -empty -exec rmdir {} \;
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ always() }} if: ${{ always() }}
with: with:
name: enos-scenario-logs name: enos-scenario-logs
path: ${{ steps.scenario-deps.outputs.logsdir }} path: ${{ steps.scenario-deps.outputs.logsdir }}
retention-days: 1 retention-days: 1
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ always() }} if: ${{ always() }}
with: with:
name: enos-debug-data-logs name: enos-debug-data-logs