From e4fbc0281af917de2c7c62e36fe9c6d5584fbdd4 Mon Sep 17 00:00:00 2001 From: Timothy Messier Date: Wed, 29 Mar 2023 05:29:35 +0000 Subject: [PATCH] chore(ci): Update and pin actions steps --- .github/workflows/build.yml | 64 ++++++++++----------- .github/workflows/enos-fmt.yml | 4 +- .github/workflows/enos-run.yml | 24 ++++---- .github/workflows/jira.yml | 12 ++-- .github/workflows/labeler.yml | 2 +- .github/workflows/linting.yml | 2 +- .github/workflows/make-gen-delta.yml | 2 +- .github/workflows/security-scan.yml | 4 +- .github/workflows/test-ci-bootstrap-oss.yml | 4 +- .github/workflows/test-ci-cleanup-oss.yml | 6 +- .github/workflows/test-cli-ui.yml | 12 ++-- .github/workflows/test.yml | 22 +++---- 12 files changed, 79 insertions(+), 79 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e1cf99f8ca..e90dd76c2c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,10 +16,10 @@ jobs: base-product-version: $${{ steps.set-product-version.outputs.base-product-version }} prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set Product version id: set-product-version - uses: hashicorp/actions-set-product-version@v1 + uses: hashicorp/actions-set-product-version@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed product-metadata: needs: set-product-version @@ -29,7 +29,7 @@ jobs: product-edition: ${{ steps.get-product-edition.outputs.product-edition }} go-version: ${{ steps.get-go-version.outputs.go-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -38,7 +38,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - name: Determine Go cache paths @@ -47,7 +47,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@v3 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -75,7 +75,7 @@ jobs: runs-on: ${{ fromJSON(vars.BUILDER_LINUX) }} steps: - name: 'Checkout directory' - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - run: | echo "Product Version - ${{ needs.set-product-version.outputs.product-version }}" echo "Product Prerelease - ${{ needs.set-product-version.outputs.prerelease-product-version }}" @@ -89,15 +89,15 @@ jobs: filepath: ${{ steps.generate-metadata-file.outputs.filepath }} steps: - name: 'Checkout directory' - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Generate metadata file id: generate-metadata-file - uses: hashicorp/actions-generate-metadata@v1 + uses: hashicorp/actions-generate-metadata@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: version: ${{ needs.set-product-version.outputs.product-version }} product: ${{ env.PKG_NAME }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: metadata.json path: ${{ steps.generate-metadata-file.outputs.filepath }} @@ -126,9 +126,9 @@ jobs: GOPRIVATE: "github.com/hashicorp" GO111MODULE: on steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ matrix.go }} - name: Determine Go cache paths @@ -137,7 +137,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@v3 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -151,7 +151,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@5e780fc7bbd0cac69fc73271ed86edf5dcb72d67 # v2.26.0 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -163,7 +163,7 @@ jobs: CGO_ENABLED: "0" PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }} METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }} - uses: hashicorp/actions-go-build@v0.1.9 + uses: hashicorp/actions-go-build@v0.1.9 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: product_name: ${{ env.PKG_NAME }} product_version: ${{ needs.set-product-version. outputs.product-version }} @@ -173,7 +173,7 @@ jobs: reproducible: report instructions: |- make build - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip path: out/${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip @@ -197,11 +197,11 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Git run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ matrix.go }} - name: Determine Go cache paths @@ -210,7 +210,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@v3 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -222,7 +222,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@5e780fc7bbd0cac69fc73271ed86edf5dcb72d67 # v2.26.0 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -234,7 +234,7 @@ jobs: CGO_ENABLED: "0" PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }} METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }} - uses: hashicorp/actions-go-build@v0.1.9 + uses: hashicorp/actions-go-build@v0.1.9 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: product_name: ${{ env.PKG_NAME }} product_version: ${{ needs.set-product-version. outputs.product-version }} @@ -244,12 +244,12 @@ jobs: reproducible: report instructions: |- make build - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip path: out/${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip - name: Package - uses: hashicorp/actions-packaging-linux@v1 + uses: hashicorp/actions-packaging-linux@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: name: ${{ github.event.repository.name }} description: "HashiCorp Boundary - Identity-based access management for dynamic infrastructure" @@ -269,12 +269,12 @@ jobs: echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV" echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV" - name: Upload RPM package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }} - name: Upload DEB package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }} @@ -297,9 +297,9 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ matrix.go }} - name: Determine Go cache paths @@ -308,7 +308,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@v3 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -320,7 +320,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@5e780fc7bbd0cac69fc73271ed86edf5dcb72d67 # v2.26.0 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -332,7 +332,7 @@ jobs: CGO_ENABLED: "0" PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }} METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }} - uses: hashicorp/actions-go-build@v0.1.9 + uses: hashicorp/actions-go-build@v0.1.9 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: product_name: ${{ env.PKG_NAME }} product_version: ${{ needs.set-product-version. outputs.product-version }} @@ -342,7 +342,7 @@ jobs: reproducible: report instructions: |- make build - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip path: out/${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip @@ -364,9 +364,9 @@ jobs: version: ${{ needs.set-product-version.outputs.product-version }} minor-version: ${{ needs.product-metadata.outputs.product-minor-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Docker Build (Action) - uses: hashicorp/actions-docker-build@v1 + uses: hashicorp/actions-docker-build@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: version: ${{ env.version }} target: default diff --git a/.github/workflows/enos-fmt.yml b/.github/workflows/enos-fmt.yml index 3dacb3ef39..327e693112 100644 --- a/.github/workflows/enos-fmt.yml +++ b/.github/workflows/enos-fmt.yml @@ -19,10 +19,10 @@ jobs: GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} steps: - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # TSCCR: could not find tsccr entry for hashicorp/setup-terraform + - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: terraform_wrapper: false - - uses: hashicorp/action-setup-enos@v1 # TSCCR: could not find tsccr entry for hashicorp/action-setup-enos + - uses: hashicorp/action-setup-enos@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} - name: "check formatting" diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml index 36aa3e8221..a6b7e9636b 100644 --- a/.github/workflows/enos-run.yml +++ b/.github/workflows/enos-run.yml @@ -35,7 +35,7 @@ jobs: with: fetch-depth: '0' - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ inputs.go-version }} - name: Determine go cache key @@ -49,7 +49,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -84,11 +84,11 @@ jobs: - name: Checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ inputs.go-version }} - name: Set up Go modules cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -99,14 +99,14 @@ jobs: ${{ runner.os }}-go fail-on-cache-miss: true - name: Set up Terraform - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # TSCCR: could not find tsccr entry for hashicorp/setup-terraform + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: # the terraform wrapper will break Terraform execution in enos because # it changes the output to text when we expect it to be JSON. terraform_wrapper: false - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # TSCCR: could not find tsccr entry for crazy-max/ghaction-import-gpg + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -117,7 +117,7 @@ jobs: echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf cat ~/.gnupg/gpg.conf - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # TSCCR: could not find tsccr entry for aws-actions/configure-aws-credentials + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -126,7 +126,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 - name: Set up Enos - uses: hashicorp/action-setup-enos@v1 # TSCCR: could not find tsccr entry for hashicorp/action-setup-enos + uses: hashicorp/action-setup-enos@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} - name: Set up AWS SSH private key @@ -136,7 +136,7 @@ jobs: chmod 600 ./enos/support/private_key.pem - name: Set up dependency cache id: dep-cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: /tmp/test-deps key: enos-test-deps-password-store-1.7.4-vault-1.12.2 @@ -192,12 +192,12 @@ jobs: run: | mv ${{ steps.download-docker.outputs.download-path }}/*.tar enos/support/boundary_docker_image.tar - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 if: matrix.filter == 'e2e_ui builder:crt' with: node-version: '16.x' - name: Checkout boundary-ui - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 if: matrix.filter == 'e2e_ui builder:crt' with: repository: hashicorp/boundary-ui @@ -254,7 +254,7 @@ jobs: retention-days: 5 - name: Upload e2e UI tests debug info if: matrix.filter == 'e2e_ui builder:crt' && steps.run.outcome == 'failure' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: test-e2e-ui-debug path: enos/support/boundary-ui/ui/admin/tests/e2e/artifacts/test-failures diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index 0a14c31ffe..3feef8bc00 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -33,7 +33,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.JIRA_SYNC_GITHUB_TOKEN }} - name: Login - uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # TSCCR: could not find tsccr entry for atlassian/gajira-login + uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # v3 env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} @@ -51,7 +51,7 @@ jobs: - name: Create ticket if: github.event.action == 'opened' && !steps.boundary-team-role.outputs.role - uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # TSCCR: could not find tsccr entry for tomhjp/gh-action-jira-create + uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1 with: project: ICU issuetype: "GH Issue" @@ -63,28 +63,28 @@ jobs: - name: Search if: github.event.action != 'opened' id: search - uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # TSCCR: could not find tsccr entry for tomhjp/gh-action-jira-search + uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2 with: # cf[10089] is Issue Link custom field jql: 'issuetype = "GH Issue" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - name: Sync comment if: github.event.action == 'created' && steps.search.outputs.issue - uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # TSCCR: could not find tsccr entry for tomhjp/gh-action-jira-comment + uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0 with: issue: ${{ steps.search.outputs.issue }} comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}" - name: Close ticket if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # TSCCR: could not find tsccr entry for atlassian/gajira-transition + uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3 with: issue: ${{ steps.search.outputs.issue }} transition: Done - name: Reopen ticket if: github.event.action == 'reopened' && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # TSCCR: could not find tsccr entry for atlassian/gajira-transition + uses: atlassian/gajira-transition@4749176faf14633954d72af7a44d7f2af01cc92b # v3 with: issue: ${{ steps.search.outputs.issue }} transition: "To Do" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index a7ccd200b6..c9314f1569 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -10,6 +10,6 @@ jobs: triage: runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # TSCCR: could not find tsccr entry for actions/labeler + - uses: actions/labeler@ba790c862c380240c6d5e7427be5ace9a05c754b # v4.0.3 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index ca2604e235..d65f1fd6f0 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -20,7 +20,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - name: Install Dependencies diff --git a/.github/workflows/make-gen-delta.yml b/.github/workflows/make-gen-delta.yml index ce40c2f61e..020c171a88 100644 --- a/.github/workflows/make-gen-delta.yml +++ b/.github/workflows/make-gen-delta.yml @@ -23,7 +23,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - name: Install Dependencies diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index ea2e30463c..eaafeada65 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -23,7 +23,7 @@ jobs: echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" @@ -73,7 +73,7 @@ jobs: repository: "$PWD" - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@e00cd12e3ee0ce24d476645336a315351be51d88 # TSCCR: actions in subdirectories not yet supported: upload-sarif + uses: github/codeql-action/upload-sarif@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2 with: sarif_file: results.sarif diff --git a/.github/workflows/test-ci-bootstrap-oss.yml b/.github/workflows/test-ci-bootstrap-oss.yml index b0967d8555..7e9ec39d9c 100644 --- a/.github/workflows/test-ci-bootstrap-oss.yml +++ b/.github/workflows/test-ci-bootstrap-oss.yml @@ -29,9 +29,9 @@ jobs: steps: - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Terraform - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # TSCCR: could not find tsccr entry for hashicorp/setup-terraform + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # TSCCR: could not find tsccr entry for aws-actions/configure-aws-credentials + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-ci-cleanup-oss.yml b/.github/workflows/test-ci-cleanup-oss.yml index 895571625e..bf5ef2486c 100644 --- a/.github/workflows/test-ci-cleanup-oss.yml +++ b/.github/workflows/test-ci-cleanup-oss.yml @@ -15,7 +15,7 @@ jobs: regions: ${{steps.regions.outputs.regions}} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # TSCCR: could not find tsccr entry for aws-actions/configure-aws-credentials + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -44,7 +44,7 @@ jobs: steps: - name: Configure AWS credentials id: aws-configure - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # TSCCR: could not find tsccr entry for aws-actions/configure-aws-credentials + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -80,7 +80,7 @@ jobs: region: ${{ fromJSON(needs.setup.outputs.regions) }} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # TSCCR: could not find tsccr entry for aws-actions/configure-aws-credentials + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-cli-ui.yml b/.github/workflows/test-cli-ui.yml index 53bd86d927..a369663a7c 100644 --- a/.github/workflows/test-cli-ui.yml +++ b/.github/workflows/test-cli-ui.yml @@ -19,10 +19,10 @@ jobs: base-product-version: $${{ steps.set-product-version.outputs.base-product-version }} prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set Product version id: set-product-version - uses: hashicorp/actions-set-product-version@v1 + uses: hashicorp/actions-set-product-version@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed bats: runs-on: ${{ fromJSON(vars.RUNNER) }} @@ -31,10 +31,10 @@ jobs: needs: - set-product-version steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@v5 + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5.2.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -46,12 +46,12 @@ jobs: cat ~/.gnupg/gpg.conf - name: Set up Bats CLI UI tests dependency cache id: dep-cache - uses: actions/cache@v3 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: /tmp/bats-cli-ui-deps key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 - name: Set up Node for Bats install - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 16 - name: Install Bats via NPM diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 634d2bce4c..dac3b201ee 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,7 +34,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - name: Determine go cache key @@ -48,7 +48,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -71,7 +71,7 @@ jobs: echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT" - name: Set up plugin cache id: plugin-cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ steps.plugin-cache-paths.outputs.path }} @@ -92,11 +92,11 @@ jobs: steps: - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ needs.setup.outputs.go-version }}" - name: Set up Go modules cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -119,11 +119,11 @@ jobs: steps: - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ needs.setup.outputs.go-version }}" - name: Set up Go modules cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -154,11 +154,11 @@ jobs: ulimit -Ha - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 # v3.4.0 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "${{ needs.setup.outputs.go-version }}" - name: Set up Go modules cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -170,7 +170,7 @@ jobs: fail-on-cache-miss: true - name: Set up plugin cache id: plugin-cache - uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4 + uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6 with: path: | ${{ needs.setup.outputs.plugin-cache-path }} @@ -184,7 +184,7 @@ jobs: until pg_isready -h 127.0.0.1; do docker container inspect boundary-sql-tests &> /dev/null || exit 255; sleep 1; done - name: Test - uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3 + uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # TSCCR: no entry for repository "nick-fields/retry" env: TEST_PACKAGE: "${{ matrix.package }}" GOMAXPROCS: ${{ vars.TEST_GOMAXPROCS }}