upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-03 20:40:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

actions: pin to latest actions (#12144) (#12146)

Browse source 
Update to the latest actions. The primary motivation here is to get the
latest action-setup-enos.

  - actions/cache => v5.0.3: security patches
  - actions/checkout => v6.0.2: small fixes to git user-agent and tag
    fetching
  - hashicorp/action-setup-enos => v1.50: security patches

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
Vault Automation 2026-02-03 17:39:49 -05:00 committed by GitHub
parent a728a665e1
commit b3f173756d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/actions/build-vault/action.yml vendored
View file

@ -69,7 +69,7 @@ runs:
shell: bash shell: bash
run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com"
- name: Restore UI from cache - name: Restore UI from cache
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
# Restore the UI asset from the UI build workflow. Never use a partial restore key. # Restore the UI asset from the UI build workflow. Never use a partial restore key.
enableCrossOsArchive: true enableCrossOsArchive: true

2
.github/actions/create-dynamic-config/action.yml vendored
View file

@ -39,7 +39,7 @@ runs:
} | tee -a "$GITHUB_ENV" } | tee -a "$GITHUB_ENV"
- name: Try to restore dynamic config from cache - name: Try to restore dynamic config from cache
id: dyn-cfg-cache id: dyn-cfg-cache
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
path: ${{ env.DYNAMIC_CONFIG_PATH }} path: ${{ env.DYNAMIC_CONFIG_PATH }}
key: dyn-cfg-${{ env.DYNAMIC_CONFIG_KEY }} key: dyn-cfg-${{ env.DYNAMIC_CONFIG_KEY }}

2
.github/actions/install-tools/action.yml vendored
View file

@ -69,7 +69,7 @@ runs:
echo "VAULT_TOOLS_CACHE_KEY=${cache_key}" echo "VAULT_TOOLS_CACHE_KEY=${cache_key}"
} | tee -a "$GITHUB_ENV" } | tee -a "$GITHUB_ENV"
- id: cache-tools - id: cache-tools
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
lookup-only: ${{ inputs.no-restore }} lookup-only: ${{ inputs.no-restore }}
path: ${{ env.VAULT_TOOLS_PATH }} path: ${{ env.VAULT_TOOLS_PATH }}

2
.github/actions/set-up-go/action.yml vendored
View file

@ -63,7 +63,7 @@ runs:
echo "cache-key=go-modules-${wd_hash}-${{ hashFiles('**/go.sum') }}" echo "cache-key=go-modules-${wd_hash}-${{ hashFiles('**/go.sum') }}"
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
- id: cache-modules - id: cache-modules
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
enableCrossOsArchive: true enableCrossOsArchive: true
lookup-only: ${{ inputs.no-restore }} lookup-only: ${{ inputs.no-restore }}

2
.github/actions/set-up-pipeline/action.yml vendored
View file

@ -33,7 +33,7 @@ runs:
} | tee -a "$GITHUB_ENV" } | tee -a "$GITHUB_ENV"
- name: Try to restore pipeline from cache - name: Try to restore pipeline from cache
id: pipeline-cache id: pipeline-cache
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
path: ${{ env.PIPELINE_PATH }} path: ${{ env.PIPELINE_PATH }}
key: pipeline-${{ env.PIPELINE_HASH }} key: pipeline-${{ env.PIPELINE_HASH }}

2
.github/workflows/build.yml vendored
View file

@ -303,7 +303,7 @@ jobs:
run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT" run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT"
- name: Set up UI asset cache - name: Set up UI asset cache
id: cache-ui-assets id: cache-ui-assets
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
enableCrossOsArchive: true enableCrossOsArchive: true
lookup-only: true lookup-only: true

2
.github/workflows/enos-lint.yml vendored
View file

@ -45,7 +45,7 @@ jobs:
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
with: with:
terraform_wrapper: false terraform_wrapper: false
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50
- name: Ensure shellcheck is available for linting - name: Ensure shellcheck is available for linting
run: which shellcheck || (sudo apt update && sudo apt install -y shellcheck) run: which shellcheck || (sudo apt update && sudo apt install -y shellcheck)
- name: lint - name: lint

2
.github/workflows/test-enos-scenario-ui.yml vendored
View file

@ -82,7 +82,7 @@ jobs:
- uses: ./.github/actions/set-up-go - uses: ./.github/actions/set-up-go
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- name: Set Up Git - name: Set Up Git

4
.github/workflows/test-go.yml vendored
View file

@ -145,7 +145,7 @@ jobs:
- uses: ./.github/actions/install-tools # for gotestsum - uses: ./.github/actions/install-tools # for gotestsum
- run: mkdir -p ${{ steps.local-metadata.outputs.go-test-dir }} - run: mkdir -p ${{ steps.local-metadata.outputs.go-test-dir }}
- if: inputs.test-timing-cache-restore || inputs.test-timing-cache-save - if: inputs.test-timing-cache-restore || inputs.test-timing-cache-save
uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
path: ${{ steps.local-metadata.outputs.go-test-dir }} path: ${{ steps.local-metadata.outputs.go-test-dir }}
key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }}
@ -647,7 +647,7 @@ jobs:
} | tee -a "$GITHUB_OUTPUT" } | tee -a "$GITHUB_OUTPUT"
# Aggregate, prune, and cache our timing data # Aggregate, prune, and cache our timing data
- if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-save }} - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-save }}
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with: with:
path: ${{ needs.test-matrix.outputs.go-test-dir }} path: ${{ needs.test-matrix.outputs.go-test-dir }}
key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }}

4
.github/workflows/test-run-enos-scenario-containers.yml vendored
View file

@ -44,7 +44,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
ref: ${{ inputs.vault-revision }} ref: ${{ inputs.vault-revision }}
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- uses: ./.github/actions/metadata - uses: ./.github/actions/metadata
@ -87,7 +87,7 @@ jobs:
# the Terraform wrapper will break Terraform execution in Enos because # the Terraform wrapper will break Terraform execution in Enos because
# it changes the output to text when we expect it to be JSON. # it changes the output to text when we expect it to be JSON.
terraform_wrapper: false terraform_wrapper: false
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- name: Download Docker Image - name: Download Docker Image

4
.github/workflows/test-run-enos-scenario-matrix.yml vendored
View file

@ -70,7 +70,7 @@ jobs:
token: ${{ steps.vault-auth.outputs.token }} token: ${{ steps.vault-auth.outputs.token }}
secrets: | secrets: |
kv/data/github/${{ github.repository }}/github-token token | ELEVATED_GITHUB_TOKEN; kv/data/github/${{ github.repository }}/github-token token | ELEVATED_GITHUB_TOKEN;
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50
with: with:
github-token: ${{ github.repository == 'hashicorp/vault' && secrets.ELEVATED_GITHUB_TOKEN || steps.vault-secrets.outputs.ELEVATED_GITHUB_TOKEN }} github-token: ${{ github.repository == 'hashicorp/vault' && secrets.ELEVATED_GITHUB_TOKEN || steps.vault-secrets.outputs.ELEVATED_GITHUB_TOKEN }}
- uses: ./.github/actions/create-dynamic-config - uses: ./.github/actions/create-dynamic-config
@ -214,7 +214,7 @@ jobs:
role-to-assume: ${{ steps.secrets.outputs.aws-role-arn }} role-to-assume: ${{ steps.secrets.outputs.aws-role-arn }}
role-skip-session-tagging: true role-skip-session-tagging: true
role-duration-seconds: 3600 role-duration-seconds: 3600
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50
with: with:
github-token: ${{ steps.secrets.outputs.github-token }} github-token: ${{ steps.secrets.outputs.github-token }}
- uses: ./.github/actions/create-dynamic-config - uses: ./.github/actions/create-dynamic-config

2
.github/workflows/test-run-enos-scenario.yml vendored
View file

@ -91,7 +91,7 @@ jobs:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }}
role-skip-session-tagging: true role-skip-session-tagging: true
role-duration-seconds: 3600 role-duration-seconds: 3600
- uses: hashicorp/action-setup-enos@80a17fa25605989a7a53199137dae1244e32353f # v1.40 - uses: hashicorp/action-setup-enos@17b90fcf9591275b468a94aefb9dc6a93017de8a # v1.50
with: with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- name: Prepare scenario dependencies - name: Prepare scenario dependencies