diff --git a/.github/actions/build-vault/action.yml b/.github/actions/build-vault/action.yml index a4ae210bbbbf..cbe2303fb91c 100644 --- a/.github/actions/build-vault/action.yml +++ b/.github/actions/build-vault/action.yml @@ -91,7 +91,7 @@ runs: shell: bash run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com" - name: Restore UI from cache - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: # Restore the UI asset from the UI build workflow. Never use a partial restore key. enableCrossOsArchive: true diff --git a/.github/actions/changed-files/action.yml b/.github/actions/changed-files/action.yml index cde4feee0c24..3d0a1efacfc7 100644 --- a/.github/actions/changed-files/action.yml +++ b/.github/actions/changed-files/action.yml @@ -53,7 +53,7 @@ runs: checkout_ref='${{ github.ref }}' fi echo "ref=${checkout_ref}" | tee -a "$GITHUB_OUTPUT" - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: ${{ github.repository }} path: "changed-files" diff --git a/.github/actions/checkout/action.yml b/.github/actions/checkout/action.yml index 35cc1fd4cee1..312763f5c141 100644 --- a/.github/actions/checkout/action.yml +++ b/.github/actions/checkout/action.yml @@ -70,7 +70,7 @@ runs: echo "ref=${checkout_ref}" echo "depth=${fetch_depth}" } | tee -a "$GITHUB_OUTPUT" - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: path: ${{ inputs.path }} fetch-depth: ${{ steps.ref.outputs.depth }} diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml index 74a46f06f9d6..1fde1ec50f49 100644 --- a/.github/actions/set-up-go/action.yml +++ b/.github/actions/set-up-go/action.yml @@ -52,7 +52,7 @@ runs: echo "cache-key=go-modules-${{ hashFiles('**/go.sum') }}" } | tee -a "$GITHUB_OUTPUT" - id: cache-modules - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: enableCrossOsArchive: true lookup-only: ${{ inputs.no-restore }} diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 488ce6b770d5..b8dcf33c4ca0 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -14,7 +14,7 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: "Check workflow files" uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8 with: diff --git a/.github/workflows/build-artifacts-ce.yml b/.github/workflows/build-artifacts-ce.yml index 8b235904604a..5421cffc05ca 100644 --- a/.github/workflows/build-artifacts-ce.yml +++ b/.github/workflows/build-artifacts-ce.yml @@ -98,7 +98,7 @@ jobs: runs-on: ${{ fromJSON(inputs.compute-build) }} name: (${{ matrix.goos }}, ${{ matrix.goarch }}) steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/build-vault @@ -200,7 +200,7 @@ jobs: name: (${{ matrix.goos }}, ${{ matrix.goarch }}${{ matrix.goarm && ' ' || '' }}${{ matrix.goarm }}) runs-on: ${{ fromJSON(inputs.compute-build) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/build-vault @@ -228,7 +228,7 @@ jobs: - core - extended steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.checkout-ref }} - name: Determine status diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b37756e05530..b876f2fa62fe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -105,7 +105,7 @@ jobs: workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }} steps: # Run the changed-files action to determine what Git reference we should check out - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: ./.github/actions/changed-files id: changed-files - uses: ./.github/actions/checkout @@ -159,7 +159,7 @@ jobs: outputs: cache-key: ui-${{ steps.ui-hash.outputs.ui-hash }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ needs.setup.outputs.checkout-ref }} - name: Get UI hash @@ -167,7 +167,7 @@ jobs: run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT" - name: Set up UI asset cache id: cache-ui-assets - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: enableCrossOsArchive: true lookup-only: true @@ -291,7 +291,7 @@ jobs: - test - test-containers steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - id: status name: Determine status run: | @@ -322,9 +322,9 @@ jobs: - id: slackbot-token run: echo "slackbot-token=${{ needs.setup.outputs.is-enterprise != 'true' && secrets.SLACK_BOT_TOKEN || steps.secrets.outputs.SLACK_BOT_TOKEN }}" >> "$GITHUB_OUTPUT" - - if: | - needs.setup.outputs.workflow-trigger == 'pull_request' && - github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && + - if: | + needs.setup.outputs.workflow-trigger == 'pull_request' && + github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && (github.repository == 'hashicorp/vault' || github.repository == 'hashicorp/vault-enterprise') name: Create or update a build status comment on the pull request env: @@ -342,7 +342,7 @@ jobs: always() && steps.status.outputs.result != 'success' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 + uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 # We intentionally aren't using the following here since it's from an internal repo # uses: hashicorp/cloud-gha-slack-notifier@730a033037b8e603adf99ebd3085f0fdfe75e2f4 #v1 env: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 83aa3c9bfb53..8645909dffbd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,7 +33,7 @@ jobs: ui-changed: ${{ steps.changed-files.outputs.ui-changed }} workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: ./.github/actions/changed-files id: changed-files - uses: ./.github/actions/checkout @@ -146,7 +146,7 @@ jobs: contents: read runs-on: ${{ fromJSON(needs.setup.outputs.compute-test-ui) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 name: status with: ref: ${{ needs.setup.outputs.checkout-ref }} @@ -164,7 +164,7 @@ jobs: node-version-file: './ui/package.json' cache: yarn cache-dependency-path: ui/yarn.lock - - uses: browser-actions/setup-chrome@97349de5c98094d4fc9412f31c524d7697115ad8 # v1.5.0 + - uses: browser-actions/setup-chrome@82b9ce628cc5595478a9ebadc480958a36457dc2 # v1.6.0 - name: ui-dependencies working-directory: ./ui run: | @@ -203,7 +203,7 @@ jobs: mkdir -p test-results/qunit yarn ${{ needs.setup.outputs.is-enterprise == 'true' && 'test' || 'test:oss' }} - if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: test-results-ui path: ui/test-results @@ -225,7 +225,7 @@ jobs: runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","linux","small"]') }} permissions: write-all # Ensure we have id-token:write access for vault-auth. steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 # Determine the overall status of our required test jobs. - name: Determine status id: status @@ -288,7 +288,7 @@ jobs: needs.test-ui.result == 'failure' ) name: Notify build failures in Slack - uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 + uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 # We intentionally aren't using the following here since it's from an internal repo # uses: hashicorp/cloud-gha-slack-notifier@730a033037b8e603adf99ebd3085f0fdfe75e2f4 #v1 env: @@ -333,7 +333,7 @@ jobs: # to secrets. - if: ${{ needs.setup.outputs.is-fork == 'false' }} name: Download failure summaries - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: pattern: failure-summary-*.md path: failure-summaries diff --git a/.github/workflows/code-checker.yml b/.github/workflows/code-checker.yml index 218dce323e14..923fee1911db 100644 --- a/.github/workflows/code-checker.yml +++ b/.github/workflows/code-checker.yml @@ -17,7 +17,7 @@ jobs: name: Setup runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Ensure Go modules are cached uses: ./.github/actions/set-up-go with: @@ -30,7 +30,7 @@ jobs: needs: setup if: github.base_ref == 'main' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 - uses: ./.github/actions/set-up-go @@ -46,7 +46,7 @@ jobs: needs: setup if: github.base_ref == 'main' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 - uses: ./.github/actions/set-up-go @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest needs: setup steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: ./.github/actions/install-external-tools # for buf and gofumpt - uses: ./.github/actions/set-up-go with: @@ -78,6 +78,6 @@ jobs: container: image: returntocorp/semgrep@sha256:cfad18cfb6536aa48ad5a71017207a10320b4e17e3b2bd7b7de27b42dc9651e7 #v1.58 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Run Semgrep Rules run: semgrep ci --include '*.go' --config 'tools/semgrep/ci' diff --git a/.github/workflows/copywrite.yml b/.github/workflows/copywrite.yml index 40212435e64d..6b5fe2bf3daf 100644 --- a/.github/workflows/copywrite.yml +++ b/.github/workflows/copywrite.yml @@ -12,7 +12,7 @@ jobs: copywrite: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e # v1.1.2 name: Setup Copywrite with: diff --git a/.github/workflows/enos-lint.yml b/.github/workflows/enos-lint.yml index b6760572f0aa..509ebe3cdce1 100644 --- a/.github/workflows/enos-lint.yml +++ b/.github/workflows/enos-lint.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ steps.metadata.outputs.runs-on }} version: ${{ steps.metadata.outputs.version }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - id: set-product-version uses: hashicorp/actions-set-product-version@v1 - id: metadata @@ -37,7 +37,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false diff --git a/.github/workflows/enos-release-testing-oss.yml b/.github/workflows/enos-release-testing-oss.yml index e939d01c103c..31c3ad8d15ec 100644 --- a/.github/workflows/enos-release-testing-oss.yml +++ b/.github/workflows/enos-release-testing-oss.yml @@ -15,7 +15,7 @@ jobs: vault-version: ${{ github.event.client_payload.payload.version }} vault-version-package: ${{ steps.get-metadata.outputs.vault-version-package }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: # Check out the repository at the same Git SHA that was used to create # the artifacts to get the correct metadata. diff --git a/.github/workflows/enos-run-k8s.yml b/.github/workflows/enos-run-k8s.yml index 2ab945183982..8322c76ceba5 100644 --- a/.github/workflows/enos-run-k8s.yml +++ b/.github/workflows/enos-run-k8s.yml @@ -31,7 +31,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Set up Terraform uses: hashicorp/setup-terraform@v3 with: diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml index 4e1dbdba3b40..01a61cf5f315 100644 --- a/.github/workflows/oss.yml +++ b/.github/workflows/oss.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - if: github.event.pull_request != null - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - if: github.event.pull_request != null uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: changes @@ -68,7 +68,7 @@ jobs: - if: github.event.pull_request != null && steps.changes.outputs.ui == 'true' run: echo "PROJECT=171" >> "$GITHUB_ENV" - - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0 + - uses: actions/add-to-project@9bfe908f2eaa7ba10340b31e314148fcfe6a2458 # v1.0.1 with: project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }} github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }} diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 498e7cbe3069..ace28d466844 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -22,7 +22,7 @@ jobs: && (github.actor != 'dependabot[bot]') && ( github.actor != 'hc-github-team-secure-vault-core') }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -31,12 +31,12 @@ jobs: go-version-file: .go-version - name: Set up Python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: 3.x - name: Clone Security Scanner repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: hashicorp/security-scanner token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }} @@ -87,6 +87,6 @@ jobs: cat results.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # TSCCR: could not find entry for github/codeql-action/upload-sarif + uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1 with: sarif_file: results.sarif diff --git a/.github/workflows/stable-website.yaml b/.github/workflows/stable-website.yaml index 55357686906d..838d82e88852 100644 --- a/.github/workflows/stable-website.yaml +++ b/.github/workflows/stable-website.yaml @@ -15,7 +15,7 @@ jobs: name: Cherry pick to stable-website branch steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: stable-website - run: | diff --git a/.github/workflows/test-ci-bootstrap.yml b/.github/workflows/test-ci-bootstrap.yml index 8856eb88001a..932cb9aa52fb 100644 --- a/.github/workflows/test-ci-bootstrap.yml +++ b/.github/workflows/test-ci-bootstrap.yml @@ -29,7 +29,7 @@ jobs: TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Set up Terraform uses: hashicorp/setup-terraform@v3 with: diff --git a/.github/workflows/test-ci-cleanup.yml b/.github/workflows/test-ci-cleanup.yml index 3e41c7a9a11b..03289222d23a 100644 --- a/.github/workflows/test-ci-cleanup.yml +++ b/.github/workflows/test-ci-cleanup.yml @@ -49,7 +49,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 mask-aws-account-id: false - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Configure run: | cp enos/ci/aws-nuke.yml . diff --git a/.github/workflows/test-enos-scenario-ui.yml b/.github/workflows/test-enos-scenario-ui.yml index 6419b6acf9cc..db0465da5750 100644 --- a/.github/workflows/test-enos-scenario-ui.yml +++ b/.github/workflows/test-enos-scenario-ui.yml @@ -40,7 +40,7 @@ jobs: runs-on: ${{ steps.get-metadata.outputs.runs-on }} vault_edition: ${{ steps.get-metadata.outputs.vault_edition }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - id: get-metadata env: IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }} @@ -72,7 +72,7 @@ jobs: GOPRIVATE: github.com/hashicorp steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} @@ -109,7 +109,7 @@ jobs: sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2 - name: Install Chrome if: steps.chrome-check.outputs.chrome-version == 'not-installed' - uses: browser-actions/setup-chrome@97349de5c98094d4fc9412f31c524d7697115ad8 # v1.5.0 + uses: browser-actions/setup-chrome@82b9ce628cc5595478a9ebadc480958a36457dc2 # v1.6.0 - name: Installed Chrome Version run: | echo "Installed Chrome Version = [$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null)]" diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index e25788c297f3..5f74f42b3e56 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -95,7 +95,7 @@ jobs: matrix: ${{ steps.build.outputs.matrix }} matrix_ids: ${{ steps.build.outputs.matrix_ids }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/set-up-go @@ -133,7 +133,7 @@ jobs: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com - uses: ./.github/actions/set-up-gotestsum - run: mkdir -p ${{ steps.metadata.outputs.go-test-dir }} - - uses: actions/cache/restore@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 if: inputs.test-timing-cache-enabled with: path: ${{ steps.metadata.outputs.go-test-dir }} @@ -230,7 +230,7 @@ jobs: go-test-results-download-pattern: ${{ steps.metadata.outputs.go-test-results-download-pattern }} data-race-log-download-pattern: ${{ steps.metadata.outputs.data-race-log-download-pattern }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/set-up-go @@ -457,7 +457,7 @@ jobs: run: | tar -cvf '${{ steps.metadata.outputs.go-test-log-archive-name }}' -C "${{ steps.metadata.outputs.go-test-log-dir }}" . - name: Upload test logs archives - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: ${{ steps.metadata.outputs.go-test-log-archive-name }} path: ${{ steps.metadata.outputs.go-test-log-archive-name }} @@ -465,7 +465,7 @@ jobs: if: success() || failure() - name: Upload test results if: success() || failure() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: ${{ steps.metadata.outputs.go-test-results-upload-key }} path: | @@ -505,7 +505,7 @@ jobs: if: | (success() || failure()) && steps.data-race-check.outputs.data-race-result == 'failure' - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: ${{ steps.metadata.outputs.data-race-log-upload-key }} path: ${{ steps.metadata.outputs.go-test-dir }}/${{ steps.metadata.outputs.data-race-log-file }} @@ -578,7 +578,7 @@ jobs: '${{ steps.metadata.outputs.gotestsum-timing-events }}' \ >> '${{ steps.metadata.outputs.failure-summary-file-name }}' - name: Upload failure summary - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 if: success() || failure() with: name: ${{ steps.metadata.outputs.failure-summary-file-name }} @@ -596,7 +596,7 @@ jobs: data-race-output: ${{ steps.status.outputs.data-race-output }} data-race-result: ${{ steps.status.outputs.data-race-result }} steps: - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: pattern: ${{ needs.test-go.outputs.data-race-log-download-pattern }} path: data-race-logs @@ -638,14 +638,14 @@ jobs: } | tee -a "$GITHUB_OUTPUT" # Aggregate, prune, and cache our timing data - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-enabled }} - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ${{ needs.test-matrix.outputs.go-test-dir }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} restore-keys: | ${{ inputs.test-timing-cache-key }}- - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-enabled }} - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: path: ${{ needs.test-matrix.outputs.go-test-dir }} pattern: ${{ needs.test-go.outputs.go-test-results-download-pattern }} diff --git a/.github/workflows/test-run-acc-tests-for-path.yml b/.github/workflows/test-run-acc-tests-for-path.yml index 51039f0d41da..6c57d2a4627e 100644 --- a/.github/workflows/test-run-acc-tests-for-path.yml +++ b/.github/workflows/test-run-acc-tests-for-path.yml @@ -20,12 +20,12 @@ jobs: go-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: ${{ inputs.name }}-output path: ${{ inputs.name }}.txt diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index f354233faf26..2954083080b3 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -49,7 +49,7 @@ jobs: sample: ${{ steps.metadata.outputs.sample }} vault-version: ${{ steps.metadata.outputs.vault-version }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.vault-revision }} - uses: hashicorp/action-setup-enos@v1 @@ -99,7 +99,7 @@ jobs: ENOS_VAR_vault_license_path: ./support/vault.hclic ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.vault-revision }} - uses: hashicorp/setup-terraform@v3 @@ -146,7 +146,7 @@ jobs: run: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }} - name: Upload Debug Data if: failure() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }}