diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index d6ebb01bda..2fe379b516 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -11,7 +11,7 @@ jobs: actionlint: runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Check workflow files uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244 with: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c2126500fc..bf4e49df5e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,7 +26,7 @@ jobs: base-product-version: $${{ steps.set-product-version.outputs.base-product-version }} prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set Product version id: set-product-version uses: hashicorp/actions-set-product-version@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed @@ -39,7 +39,7 @@ jobs: product-edition: ${{ steps.get-product-edition.outputs.product-edition }} go-version: ${{ steps.get-go-version.outputs.go-version }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -86,7 +86,7 @@ jobs: runs-on: ${{ fromJSON(vars.BUILDER_LINUX) }} steps: - name: 'Checkout directory' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - run: | echo "Product Version - ${{ needs.set-product-version.outputs.product-version }}" echo "Product Prerelease - ${{ needs.set-product-version.outputs.prerelease-product-version }}" @@ -100,7 +100,7 @@ jobs: filepath: ${{ steps.generate-metadata-file.outputs.filepath }} steps: - name: 'Checkout directory' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Generate metadata file id: generate-metadata-file uses: hashicorp/actions-generate-metadata@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed @@ -137,7 +137,7 @@ jobs: GOPRIVATE: "github.com/hashicorp" GO111MODULE: on steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -163,7 +163,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4 + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -205,7 +205,7 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Git run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - name: Set up Go @@ -231,7 +231,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4 + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -307,7 +307,7 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -331,7 +331,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4 + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -371,7 +371,7 @@ jobs: version: ${{ needs.set-product-version.outputs.product-version }} minor-version: ${{ needs.product-metadata.outputs.product-minor-version }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Docker Build (Action) uses: hashicorp/actions-docker-build@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: diff --git a/.github/workflows/enos-fmt.yml b/.github/workflows/enos-fmt.yml index 32916e9c48..154f73fe82 100644 --- a/.github/workflows/enos-fmt.yml +++ b/.github/workflows/enos-fmt.yml @@ -18,7 +18,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: terraform_wrapper: false diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml index 99b0d42076..6dd35e3472 100644 --- a/.github/workflows/enos-run.yml +++ b/.github/workflows/enos-run.yml @@ -34,7 +34,7 @@ jobs: go-cache-key: ${{ steps.go-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: '0' - name: Set up Go @@ -103,7 +103,7 @@ jobs: ENOS_VAR_go_version: ${{ inputs.go-version }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -223,7 +223,7 @@ jobs: with: node-version: '16.x' - name: Checkout boundary-ui - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 if: contains(matrix.filter, 'e2e_ui') with: repository: hashicorp/boundary-ui diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index fc8d5fc5db..c8df691c74 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -34,7 +34,7 @@ jobs: name: Fuzz grants.Parse runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 0022b2aee2..880e6ee3e3 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -13,7 +13,7 @@ jobs: name: "Run Linter" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: '0' - name: Determine Go version diff --git a/.github/workflows/make-gen-delta.yml b/.github/workflows/make-gen-delta.yml index 867d953dbb..7be3675758 100644 --- a/.github/workflows/make-gen-delta.yml +++ b/.github/workflows/make-gen-delta.yml @@ -12,7 +12,7 @@ jobs: name: "Check for uncommitted changes from make gen" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: '0' - name: Determine Go version diff --git a/.github/workflows/schema-diff.yml b/.github/workflows/schema-diff.yml index f8c808ce86..a5ea449b01 100644 --- a/.github/workflows/schema-diff.yml +++ b/.github/workflows/schema-diff.yml @@ -30,7 +30,7 @@ jobs: if: '! github.event.pull_request.draft' runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: '0' - name: Generate Schema Diff diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 10dc13b265..d5edd96380 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -14,7 +14,7 @@ jobs: runs-on: ${{ fromJSON(vars.RUNNER_LARGE) }} if: ${{ github.actor != 'dependabot[bot]' || github.actor != 'hc-github-team-secure-boundary' }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Determine Go version id: get-go-version @@ -36,7 +36,7 @@ jobs: python-version: 3.x - name: Clone Security Scanner repo - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: hashicorp/security-scanner token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }} @@ -76,7 +76,7 @@ jobs: repository: "$PWD" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@a57c67b89589d2d13d5ac85a9fc4679c7539f94c # codeql-bundle-v2.17.3 + uses: github/codeql-action/upload-sarif@8f1a6fed33af5212fab8a999d004627ae8901d1b # codeql-bundle-v2.17.5 with: sarif_file: results.sarif diff --git a/.github/workflows/test-ci-bootstrap-oss.yml b/.github/workflows/test-ci-bootstrap-oss.yml index ae137e34cc..d89734dc0d 100644 --- a/.github/workflows/test-ci-bootstrap-oss.yml +++ b/.github/workflows/test-ci-bootstrap-oss.yml @@ -27,7 +27,7 @@ jobs: TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Terraform uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed - name: Configure AWS credentials diff --git a/.github/workflows/test-ci-cleanup-oss.yml b/.github/workflows/test-ci-cleanup-oss.yml index 1da85756f3..985ea52a53 100644 --- a/.github/workflows/test-ci-cleanup-oss.yml +++ b/.github/workflows/test-ci-cleanup-oss.yml @@ -53,7 +53,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 mask-aws-account-id: false - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Configure run: | cp enos/ci/aws-nuke.yml . diff --git a/.github/workflows/test-cli-ui_oss.yml b/.github/workflows/test-cli-ui_oss.yml index d41bbab8e6..7926e694a9 100644 --- a/.github/workflows/test-cli-ui_oss.yml +++ b/.github/workflows/test-cli-ui_oss.yml @@ -16,7 +16,7 @@ jobs: runs-on: ${{ fromJSON(vars.RUNNER) }} name: CLI tests steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Import GPG key for Boundary pass keystore id: import_gpg uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 diff --git a/.github/workflows/test-race.yml b/.github/workflows/test-race.yml index 19d4571bb5..ced1770c7e 100644 --- a/.github/workflows/test-race.yml +++ b/.github/workflows/test-race.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: '0' - name: Determine Go version @@ -93,7 +93,7 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -125,7 +125,7 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/test-sql.yml b/.github/workflows/test-sql.yml index fc715246aa..3d97446457 100644 --- a/.github/workflows/test-sql.yml +++ b/.github/workflows/test-sql.yml @@ -18,7 +18,7 @@ jobs: postgres-version: [ latest, 12-alpine, 13-alpine, 14-alpine, 15-alpine ] name: SQL Tests ${{ matrix.postgres-version }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run SQL PgTap Tests run: | make test-sql POSTGRES_DOCKER_IMAGE_BASE=docker.mirror.hashicorp.services/postgres PG_DOCKER_TAG=${{ matrix.postgres-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7f21550766..8be6bedfd2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: '0' - name: Determine Go version @@ -93,7 +93,7 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -125,7 +125,7 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/trigger-merge-to-downstream.yml b/.github/workflows/trigger-merge-to-downstream.yml index 49db3e9911..000dcc043f 100644 --- a/.github/workflows/trigger-merge-to-downstream.yml +++ b/.github/workflows/trigger-merge-to-downstream.yml @@ -18,7 +18,7 @@ jobs: DOWNSTREAM_TOK: ${{ secrets.DOWNSTREAM_TOK }} DOWNSTREAM_WORKFLOW: ${{ vars.DOWNSTREAM_WORKFLOW }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Trigger Merge run: | ./scripts/trigger-merge-to-downstream-gha ${{ github.ref_name }}