From b3f173756d12ee9cb7df2b4feb3ecdfafac59f25 Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Tue, 3 Feb 2026 17:39:49 -0500 Subject: [PATCH] actions: pin to latest actions (#12144) (#12146) Update to the latest actions. The primary motivation here is to get the latest action-setup-enos. - actions/cache => v5.0.3: security patches - actions/checkout => v6.0.2: small fixes to git user-agent and tag fetching - hashicorp/action-setup-enos => v1.50: security patches Signed-off-by: Ryan Cragun Co-authored-by: Ryan Cragun --- .github/actions/build-vault/action.yml | 2 +- .github/actions/create-dynamic-config/action.yml | 2 +- .github/actions/install-tools/action.yml | 2 +- .github/actions/set-up-go/action.yml | 2 +- .github/actions/set-up-pipeline/action.yml | 2 +- .github/workflows/build.yml | 2 +- .github/workflows/enos-lint.yml | 2 +- .github/workflows/test-enos-scenario-ui.yml | 2 +- .github/workflows/test-go.yml | 4 ++-- .github/workflows/test-run-enos-scenario-containers.yml | 4 ++-- .github/workflows/test-run-enos-scenario-matrix.yml | 4 ++-- .github/workflows/test-run-enos-scenario.yml | 2 +- 12 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/actions/build-vault/action.yml b/.github/actions/build-vault/action.yml index 7184931297..616631b282 100644 --- a/.github/actions/build-vault/action.yml +++ b/.github/actions/build-vault/action.yml @@ -69,7 +69,7 @@ runs: shell: bash run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com" - name: Restore UI from cache - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: # Restore the UI asset from the UI build workflow. Never use a partial restore key. enableCrossOsArchive: true diff --git a/.github/actions/create-dynamic-config/action.yml b/.github/actions/create-dynamic-config/action.yml index 7c71a915f1..8a7999f895 100644 --- a/.github/actions/create-dynamic-config/action.yml +++ b/.github/actions/create-dynamic-config/action.yml @@ -39,7 +39,7 @@ runs: } | tee -a "$GITHUB_ENV" - name: Try to restore dynamic config from cache id: dyn-cfg-cache - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ env.DYNAMIC_CONFIG_PATH }} key: dyn-cfg-${{ env.DYNAMIC_CONFIG_KEY }} diff --git a/.github/actions/install-tools/action.yml b/.github/actions/install-tools/action.yml index 0b786060a7..7274562fa2 100644 --- a/.github/actions/install-tools/action.yml +++ b/.github/actions/install-tools/action.yml @@ -69,7 +69,7 @@ runs: echo "VAULT_TOOLS_CACHE_KEY=${cache_key}" } | tee -a "$GITHUB_ENV" - id: cache-tools - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: lookup-only: ${{ inputs.no-restore }} path: ${{ env.VAULT_TOOLS_PATH }} diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml index f0d2be66a6..f30bc3ea7c 100644 --- a/.github/actions/set-up-go/action.yml +++ b/.github/actions/set-up-go/action.yml @@ -63,7 +63,7 @@ runs: echo "cache-key=go-modules-${wd_hash}-${{ hashFiles('**/go.sum') }}" } | tee -a "$GITHUB_OUTPUT" - id: cache-modules - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: enableCrossOsArchive: true lookup-only: ${{ inputs.no-restore }} diff --git a/.github/actions/set-up-pipeline/action.yml b/.github/actions/set-up-pipeline/action.yml index 9ece8f1f61..2206fc7d75 100644 --- a/.github/actions/set-up-pipeline/action.yml +++ b/.github/actions/set-up-pipeline/action.yml @@ -33,7 +33,7 @@ runs: } | tee -a "$GITHUB_ENV" - name: Try to restore pipeline from cache id: pipeline-cache - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ env.PIPELINE_PATH }} key: pipeline-${{ env.PIPELINE_HASH }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 61db9c7a78..6808cbc484 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -303,7 +303,7 @@ jobs: run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT" - name: Set up UI asset cache id: cache-ui-assets - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: enableCrossOsArchive: true lookup-only: true diff --git a/.github/workflows/enos-lint.yml b/.github/workflows/enos-lint.yml index ea44e07d0f..4dad11e45d 100644 --- a/.github/workflows/enos-lint.yml +++ b/.github/workflows/enos-lint.yml @@ -45,7 +45,7 @@ jobs: - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_wrapper: false - - uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 + - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50 - name: Ensure shellcheck is available for linting run: which shellcheck || (sudo apt update && sudo apt install -y shellcheck) - name: lint diff --git a/.github/workflows/test-enos-scenario-ui.yml b/.github/workflows/test-enos-scenario-ui.yml index 53312b8c65..a43b20d1fb 100644 --- a/.github/workflows/test-enos-scenario-ui.yml +++ b/.github/workflows/test-enos-scenario-ui.yml @@ -82,7 +82,7 @@ jobs: - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 + - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Set Up Git diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index 687ba95c4f..4b51d22a10 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -145,7 +145,7 @@ jobs: - uses: ./.github/actions/install-tools # for gotestsum - run: mkdir -p ${{ steps.local-metadata.outputs.go-test-dir }} - if: inputs.test-timing-cache-restore || inputs.test-timing-cache-save - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ steps.local-metadata.outputs.go-test-dir }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} @@ -647,7 +647,7 @@ jobs: } | tee -a "$GITHUB_OUTPUT" # Aggregate, prune, and cache our timing data - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-save }} - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ needs.test-matrix.outputs.go-test-dir }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} diff --git a/.github/workflows/test-run-enos-scenario-containers.yml b/.github/workflows/test-run-enos-scenario-containers.yml index 16d7f866af..4e8dd5fc21 100644 --- a/.github/workflows/test-run-enos-scenario-containers.yml +++ b/.github/workflows/test-run-enos-scenario-containers.yml @@ -44,7 +44,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.vault-revision }} - - uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 + - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - uses: ./.github/actions/metadata @@ -87,7 +87,7 @@ jobs: # the Terraform wrapper will break Terraform execution in Enos because # it changes the output to text when we expect it to be JSON. terraform_wrapper: false - - uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 + - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Download Docker Image diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index 47df34a0ef..f3ebc3517b 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -70,7 +70,7 @@ jobs: token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/github-token token | ELEVATED_GITHUB_TOKEN; - - uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 + - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50 with: github-token: ${{ github.repository == 'hashicorp/vault' && secrets.ELEVATED_GITHUB_TOKEN || steps.vault-secrets.outputs.ELEVATED_GITHUB_TOKEN }} - uses: ./.github/actions/create-dynamic-config @@ -214,7 +214,7 @@ jobs: role-to-assume: ${{ steps.secrets.outputs.aws-role-arn }} role-skip-session-tagging: true role-duration-seconds: 3600 - - uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 + - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50 with: github-token: ${{ steps.secrets.outputs.github-token }} - uses: ./.github/actions/create-dynamic-config diff --git a/.github/workflows/test-run-enos-scenario.yml b/.github/workflows/test-run-enos-scenario.yml index efa70493a3..5d8949d5bc 100644 --- a/.github/workflows/test-run-enos-scenario.yml +++ b/.github/workflows/test-run-enos-scenario.yml @@ -91,7 +91,7 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} role-skip-session-tagging: true role-duration-seconds: 3600 - - uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 + - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Prepare scenario dependencies