From 69b60c82dfd3e7c86a77e409d73273ba9c82331f Mon Sep 17 00:00:00 2001 From: "hashicorp-tsccr[bot]" <129506189+hashicorp-tsccr[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 15:09:24 -0500 Subject: [PATCH] Result of tsccr-helper -log-level=info gha update -latest .github/ (#5226) Co-authored-by: hashicorp-tsccr[bot] --- .github/workflows/actionlint.yml | 2 +- .github/workflows/backport.yml | 2 +- .github/workflows/build.yml | 38 +++++++++---------- .github/workflows/enos-fmt.yml | 2 +- .github/workflows/enos-run.yml | 26 ++++++------- .github/workflows/fuzz.yml | 6 +-- .github/workflows/linting.yml | 4 +- .github/workflows/make-gen-delta.yml | 4 +- .github/workflows/schema-diff.yml | 2 +- .github/workflows/security-scan.yml | 10 ++--- .github/workflows/test-ci-bootstrap-oss.yml | 2 +- .github/workflows/test-ci-cleanup-oss.yml | 2 +- .github/workflows/test-cli-ui_oss.yml | 8 ++-- .github/workflows/test-race.yml | 22 +++++------ .github/workflows/test-sql.yml | 2 +- .github/workflows/test.yml | 22 +++++------ .../workflows/trigger-merge-to-downstream.yml | 2 +- 17 files changed, 78 insertions(+), 78 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 2fe379b516..55020d89bf 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -11,7 +11,7 @@ jobs: actionlint: runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Check workflow files uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244 with: diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 02466877cd..660b46f70f 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -16,7 +16,7 @@ jobs: runs-on: ${{ fromJSON(vars.RUNNER) }} container: hashicorpdev/backport-assistant:0.5.1 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all branches and tags - name: Check if any migrations have changed diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d5efd1a8d1..fd8c3c97f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,7 +26,7 @@ jobs: base-product-version: $${{ steps.set-product-version.outputs.base-product-version }} prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set Product version id: set-product-version uses: hashicorp/actions-set-product-version@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed @@ -39,7 +39,7 @@ jobs: product-edition: ${{ steps.get-product-edition.outputs.product-edition }} go-version: ${{ steps.get-go-version.outputs.go-version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -48,7 +48,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -58,7 +58,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -86,7 +86,7 @@ jobs: runs-on: ${{ fromJSON(vars.BUILDER_LINUX) }} steps: - name: 'Checkout directory' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: | echo "Product Version - ${{ needs.set-product-version.outputs.product-version }}" echo "Product Prerelease - ${{ needs.set-product-version.outputs.prerelease-product-version }}" @@ -100,7 +100,7 @@ jobs: filepath: ${{ steps.generate-metadata-file.outputs.filepath }} steps: - name: 'Checkout directory' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Generate metadata file id: generate-metadata-file uses: hashicorp/actions-generate-metadata@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed @@ -108,7 +108,7 @@ jobs: repository: boundary version: ${{ needs.set-product-version.outputs.product-version }} product: ${{ env.PKG_NAME }} - - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: metadata.json path: ${{ steps.generate-metadata-file.outputs.filepath }} @@ -137,9 +137,9 @@ jobs: GOPRIVATE: "github.com/hashicorp" GO111MODULE: on steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ matrix.go }} cache: false @@ -149,7 +149,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -205,11 +205,11 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Git run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ matrix.go }} cache: false @@ -219,7 +219,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -279,12 +279,12 @@ jobs: echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV" echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV" - name: Upload RPM package - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }} - name: Upload DEB package - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }} @@ -307,9 +307,9 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ matrix.go }} cache: false @@ -319,7 +319,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -371,7 +371,7 @@ jobs: version: ${{ needs.set-product-version.outputs.product-version }} minor-version: ${{ needs.product-metadata.outputs.product-minor-version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Build (Action) uses: hashicorp/actions-docker-build@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: diff --git a/.github/workflows/enos-fmt.yml b/.github/workflows/enos-fmt.yml index 154f73fe82..b8f46f3720 100644 --- a/.github/workflows/enos-fmt.yml +++ b/.github/workflows/enos-fmt.yml @@ -18,7 +18,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: terraform_wrapper: false diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml index 4428ef96a7..17193c4096 100644 --- a/.github/workflows/enos-run.yml +++ b/.github/workflows/enos-run.yml @@ -34,11 +34,11 @@ jobs: go-cache-key: ${{ steps.go-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: '0' - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ inputs.go-version }} cache: false @@ -53,7 +53,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -103,14 +103,14 @@ jobs: ENOS_VAR_go_version: ${{ inputs.go-version }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ inputs.go-version }} cache: false - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -128,7 +128,7 @@ jobs: terraform_wrapper: false - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 + uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -160,7 +160,7 @@ jobs: echo "debug_data_artifact_name=enos-debug-data_$(echo ${{ matrix.filter }} | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT" - name: Set up dependency cache id: dep-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: /tmp/test-deps key: enos-test-deps-password-store-1.7.4-vault-1.12.2 @@ -218,12 +218,12 @@ jobs: run: | mv ${{ steps.download-docker.outputs.download-path }}/*.tar enos/support/boundary_docker_image.tar - name: Set up Node.js - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 if: contains(matrix.filter, 'e2e_ui') with: node-version: '16.x' - name: Checkout boundary-ui - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: contains(matrix.filter, 'e2e_ui') with: repository: hashicorp/boundary-ui @@ -266,7 +266,7 @@ jobs: SCENARIO=$(echo "${{ matrix.filter }}" | cut -d' ' -f1) echo fragment="${SCENARIO}" >> "$GITHUB_OUTPUT" - name: Upload e2e tests output - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: test-${{ steps.split.outputs.fragment }} path: enos/*.log @@ -279,7 +279,7 @@ jobs: docker logs database - name: Upload e2e UI tests debug info if: contains(matrix.filter, 'e2e_ui') && steps.run.outcome == 'failure' - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: test-e2e-ui-debug path: enos/support/src/boundary-ui/ui/admin/tests/e2e/artifacts/test-failures @@ -292,7 +292,7 @@ jobs: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.filter }} - name: Upload Debug Data if: ${{ always() && steps.run_retry.outcome == 'failure' }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index ad74a3d2cc..6ff1baf925 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -34,7 +34,7 @@ jobs: name: Fuzz grants.Parse runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -42,14 +42,14 @@ jobs: run: | echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - shell: bash run: go test ./internal/perms -fuzz=FuzzParse -fuzztime=30s - name: Upload fuzz failure seed corpus as run artifact if: failure() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: fuzz-corpus path: ./internal/perms/testdata/fuzz diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index c2a5d3601b..23e48b4162 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -13,7 +13,7 @@ jobs: name: "Run Linter" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: '0' - name: Determine Go version @@ -24,7 +24,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - name: Install Dependencies diff --git a/.github/workflows/make-gen-delta.yml b/.github/workflows/make-gen-delta.yml index 19476c0289..cf604780b2 100644 --- a/.github/workflows/make-gen-delta.yml +++ b/.github/workflows/make-gen-delta.yml @@ -12,7 +12,7 @@ jobs: name: "Check for uncommitted changes from make gen" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: '0' - name: Determine Go version @@ -23,7 +23,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - name: Running go mod tidy diff --git a/.github/workflows/schema-diff.yml b/.github/workflows/schema-diff.yml index a5ea449b01..6dbecb7068 100644 --- a/.github/workflows/schema-diff.yml +++ b/.github/workflows/schema-diff.yml @@ -30,7 +30,7 @@ jobs: if: '! github.event.pull_request.draft' runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: '0' - name: Generate Schema Diff diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index d2d485ef13..a64eec6922 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -17,7 +17,7 @@ jobs: github.actor != 'dependabot[bot]' && github.actor != 'hc-github-team-secure-boundary' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Determine Go version id: get-go-version @@ -28,18 +28,18 @@ jobs: echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false - name: Set up Python - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.x - name: Clone Security Scanner repo - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: hashicorp/security-scanner token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} @@ -79,7 +79,7 @@ jobs: repository: "$PWD" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0 + uses: github/codeql-action/upload-sarif@af56b044b5d41c317aef5d19920b3183cb4fbbec # codeql-bundle-v2.19.2 with: sarif_file: results.sarif diff --git a/.github/workflows/test-ci-bootstrap-oss.yml b/.github/workflows/test-ci-bootstrap-oss.yml index d89734dc0d..54984daa9d 100644 --- a/.github/workflows/test-ci-bootstrap-oss.yml +++ b/.github/workflows/test-ci-bootstrap-oss.yml @@ -27,7 +27,7 @@ jobs: TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Terraform uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed - name: Configure AWS credentials diff --git a/.github/workflows/test-ci-cleanup-oss.yml b/.github/workflows/test-ci-cleanup-oss.yml index 985ea52a53..ac792bae4c 100644 --- a/.github/workflows/test-ci-cleanup-oss.yml +++ b/.github/workflows/test-ci-cleanup-oss.yml @@ -53,7 +53,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 mask-aws-account-id: false - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure run: | cp enos/ci/aws-nuke.yml . diff --git a/.github/workflows/test-cli-ui_oss.yml b/.github/workflows/test-cli-ui_oss.yml index de52043355..87914611aa 100644 --- a/.github/workflows/test-cli-ui_oss.yml +++ b/.github/workflows/test-cli-ui_oss.yml @@ -16,10 +16,10 @@ jobs: runs-on: ${{ fromJSON(vars.RUNNER) }} name: CLI tests steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 + uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -31,12 +31,12 @@ jobs: cat ~/.gnupg/gpg.conf - name: Set up Bats CLI UI tests dependency cache id: dep-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: /tmp/bats-cli-ui-deps key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 - name: Set up Node for Bats install - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: 16 - name: Install Bats via NPM diff --git a/.github/workflows/test-race.yml b/.github/workflows/test-race.yml index 3ca39bcc52..127e63bf47 100644 --- a/.github/workflows/test-race.yml +++ b/.github/workflows/test-race.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: '0' - name: Determine Go version @@ -36,7 +36,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -51,7 +51,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -74,7 +74,7 @@ jobs: echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT" - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.plugin-cache-paths.outputs.path }} @@ -93,14 +93,14 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -125,14 +125,14 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -144,7 +144,7 @@ jobs: fail-on-cache-miss: false - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ needs.setup.outputs.plugin-cache-path }} diff --git a/.github/workflows/test-sql.yml b/.github/workflows/test-sql.yml index 3d97446457..27007ebe27 100644 --- a/.github/workflows/test-sql.yml +++ b/.github/workflows/test-sql.yml @@ -18,7 +18,7 @@ jobs: postgres-version: [ latest, 12-alpine, 13-alpine, 14-alpine, 15-alpine ] name: SQL Tests ${{ matrix.postgres-version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run SQL PgTap Tests run: | make test-sql POSTGRES_DOCKER_IMAGE_BASE=docker.mirror.hashicorp.services/postgres PG_DOCKER_TAG=${{ matrix.postgres-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 41b4bedbae..5b7cc89c54 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: '0' - name: Determine Go version @@ -36,7 +36,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -51,7 +51,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -74,7 +74,7 @@ jobs: echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT" - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ steps.plugin-cache-paths.outputs.path }} @@ -93,14 +93,14 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -125,14 +125,14 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -144,7 +144,7 @@ jobs: fail-on-cache-miss: false - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: | ${{ needs.setup.outputs.plugin-cache-path }} diff --git a/.github/workflows/trigger-merge-to-downstream.yml b/.github/workflows/trigger-merge-to-downstream.yml index 000dcc043f..aec3f938f3 100644 --- a/.github/workflows/trigger-merge-to-downstream.yml +++ b/.github/workflows/trigger-merge-to-downstream.yml @@ -18,7 +18,7 @@ jobs: DOWNSTREAM_TOK: ${{ secrets.DOWNSTREAM_TOK }} DOWNSTREAM_WORKFLOW: ${{ vars.DOWNSTREAM_WORKFLOW }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Trigger Merge run: | ./scripts/trigger-merge-to-downstream-gha ${{ github.ref_name }}