aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: Update actions to use Node24 (#6523) (#6693)

Browse Source 
# Conflicts:
#	.github/workflows/enos-run.yml

(cherry picked from commit fbf16b26b6)

# Conflicts:
#	.github/workflows/actionlint.yml
#	.github/workflows/build-check.yml
#	.github/workflows/build.yml
#	.github/workflows/enos-fmt.yml
#	.github/workflows/enos-run.yml
#	.github/workflows/fuzz.yml
#	.github/workflows/linting.yml
#	.github/workflows/make-gen-delta.yml
#	.github/workflows/schema-diff.yml
#	.github/workflows/security-scan.yml
#	.github/workflows/test-ci-bootstrap-oss.yml
#	.github/workflows/test-ci-cleanup-oss.yml
#	.github/workflows/test-cli-ui_oss.yml
#	.github/workflows/test-race.yml
#	.github/workflows/test.yml
#	.github/workflows/trigger-merge-to-downstream.yml

Co-authored-by: Michael Li <michael.li@hashicorp.com>
pull/6704/head
hc-github-team-secure-boundary 3 days ago committed by GitHub
parent 47a57f1f23
commit ed68820353
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 99 additions and 98 deletions
Show Stats Download Patch File Download Diff File

2
.github/workflows/actionlint.yml vendored
Unescape View File

@ -11,7 +11,7 @@ jobs:
actionlint:
runs-on: ${{ fromJSON(vars.RUNNER) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Check workflow files
uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244
with:

58
.github/workflows/build.yml vendored
Unescape View File

@ -26,10 +26,10 @@ jobs:
base-product-version: $${{ steps.set-product-version.outputs.base-product-version }}
prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set Product version
id: set-product-version
uses: hashicorp/actions-set-product-version@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/actions-set-product-version@v2
product-metadata:
needs: set-product-version
@ -39,7 +39,7 @@ jobs:
product-edition: ${{ steps.get-product-edition.outputs.product-edition }}
go-version: ${{ steps.get-go-version.outputs.go-version }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Determine Go version
id: get-go-version
# We use .go-version as our source of truth for current Go
@ -48,7 +48,7 @@ jobs:
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
cache: false
@ -58,7 +58,7 @@ jobs:
echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT"
echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
@ -86,7 +86,7 @@ jobs:
runs-on: ${{ fromJSON(vars.BUILDER_LINUX) }}
steps:
- name: 'Checkout directory'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- run: |
echo "Product Version - ${{ needs.set-product-version.outputs.product-version }}"
echo "Product Prerelease - ${{ needs.set-product-version.outputs.prerelease-product-version }}"
@ -100,15 +100,15 @@ jobs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
steps:
- name: 'Checkout directory'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Generate metadata file
id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/actions-generate-metadata@v1
with:
repository: boundary
version: ${{ needs.set-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
@ -137,9 +137,9 @@ jobs:
GOPRIVATE: "github.com/hashicorp"
GO111MODULE: on
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ${{ matrix.go }}
cache: false
@ -149,7 +149,7 @@ jobs:
echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT"
echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
@ -163,7 +163,7 @@ jobs:
id: set-sha
run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT"
- name: Download UI artifact
uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19
with:
workflow: build-admin-ui.yaml
commit: ${{ steps.set-sha.outputs.sha }}
@ -175,7 +175,7 @@ jobs:
CGO_ENABLED: "0"
PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }}
METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }}
uses: hashicorp/actions-go-build@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/actions-go-build@v1
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version. outputs.product-version }}
@ -205,11 +205,11 @@ jobs:
GO111MODULE: on
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Git
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ${{ matrix.go }}
cache: false
@ -219,7 +219,7 @@ jobs:
echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT"
echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
@ -231,7 +231,7 @@ jobs:
id: set-sha
run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT"
- name: Download UI artifact
uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19
with:
workflow: build-admin-ui.yaml
commit: ${{ steps.set-sha.outputs.sha }}
@ -243,7 +243,7 @@ jobs:
CGO_ENABLED: "0"
PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }}
METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }}
uses: hashicorp/actions-go-build@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/actions-go-build@v1
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version. outputs.product-version }}
@ -259,7 +259,7 @@ jobs:
run: |
mkdir -p "$LICENSE_DIR" && cp LICENSE "$LICENSE_DIR/LICENSE.txt"
- name: Package
uses: hashicorp/actions-packaging-linux@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/actions-packaging-linux@v1
with:
name: ${{ github.event.repository.name }}
description: "HashiCorp Boundary - Identity-based access management for dynamic infrastructure"
@ -279,12 +279,12 @@ jobs:
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
- name: Upload RPM package
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }}
- name: Upload DEB package
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: ${{ env.DEB_PACKAGE }}
path: out/${{ env.DEB_PACKAGE }}
@ -307,9 +307,9 @@ jobs:
GO111MODULE: on
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ${{ matrix.go }}
cache: false
@ -319,7 +319,7 @@ jobs:
echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT"
echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
@ -331,7 +331,7 @@ jobs:
id: set-sha
run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT"
- name: Download UI artifact
uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19
with:
workflow: build-admin-ui.yaml
commit: ${{ steps.set-sha.outputs.sha }}
@ -343,7 +343,7 @@ jobs:
CGO_ENABLED: "0"
PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }}
METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }}
uses: hashicorp/actions-go-build@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/actions-go-build@v1
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version. outputs.product-version }}
@ -371,9 +371,9 @@ jobs:
outputs:
name: docker.io/hashicorp/${{ env.repo }}:${{ env.version }}_${{ github.sha }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Docker Build (Action)
uses: hashicorp/actions-docker-build@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/actions-docker-build@v2
with:
version: ${{ env.version }}
target: default

6
.github/workflows/enos-fmt.yml vendored
Unescape View File

@ -18,11 +18,11 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
with:
terraform_wrapper: false
- uses: hashicorp/action-setup-enos@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
- uses: hashicorp/action-setup-enos@v1
with:
github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}
- name: "check formatting"

31
.github/workflows/enos-run.yml vendored
Unescape View File

@ -31,11 +31,11 @@ jobs:
go-cache-key: ${{ steps.go-cache-key.outputs.key }}
runs-on: ${{ fromJSON(vars.RUNNER) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: '0'
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ${{ inputs.go-version }}
cache: false
@ -50,7 +50,7 @@ jobs:
echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT"
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
@ -105,15 +105,15 @@ jobs:
ENOS_VAR_gcp_private_key: ${{ secrets.GCP_PRIVATE_KEY_CI }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ${{ inputs.go-version }}
cache: false
- name: Set up Go modules cache
id: go-mod-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ needs.setup.outputs.cache-go-build }}
@ -128,14 +128,14 @@ jobs:
run: |
go mod download
- name: Set up Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
with:
# the terraform wrapper will break Terraform execution in enos because
# it changes the output to text when we expect it to be JSON.
terraform_wrapper: false
- name: Import GPG key for Boundary pass keystore
id: import_gpg
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
with:
gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }}
@ -146,7 +146,7 @@ jobs:
echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf
cat ~/.gnupg/gpg.conf
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
@ -166,7 +166,7 @@ jobs:
if: contains(matrix.filter, 'gcp')
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
- name: Set up Enos
uses: hashicorp/action-setup-enos@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/action-setup-enos@v1
with:
github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }}
- name: Prepare scenario dependencies
@ -178,7 +178,7 @@ jobs:
echo "debug_data_artifact_name=enos-debug-data_$(echo ${{ matrix.filter }} | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT"
- name: Set up dependency cache
id: dep-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: /tmp/test-deps
key: enos-test-deps-password-store-1.7.4-vault-1.12.2
@ -216,7 +216,7 @@ jobs:
ssh -V
- name: Download Boundary Linux AMD64 bundle
id: download
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1
with:
name: ${{ inputs.artifact-name }}
path: ./enos/support/downloads
@ -226,7 +226,7 @@ jobs:
mv ${{steps.download.outputs.download-path}}/*.zip enos/support/boundary.zip
- name: Download Boundary Linux AMD64 docker image
if: contains(matrix.filter, 'e2e_docker')
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1
id: download-docker
with:
name: ${{ inputs.docker-image-file }}
@ -266,11 +266,12 @@ jobs:
SCENARIO=$(echo "${{ matrix.filter }}" | cut -d' ' -f1,3 | sed 's/:/_/g')
echo fragment="${SCENARIO}" >> "$GITHUB_OUTPUT"
- name: Upload e2e tests output
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: test-${{ steps.split.outputs.fragment }}
path: enos/*.log
retention-days: 5
archive: false
- name: Get logs from postgres container
# Retrieve logs from the postgres container on a failed
# run to help diagnose a deadlock issue
@ -285,7 +286,7 @@ jobs:
enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.filter }}
- name: Upload Debug Data
if: ${{ always() && steps.run_retry.outcome == 'failure' }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
# The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals.
name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }}

8
.github/workflows/fuzz.yml vendored
Unescape View File

@ -33,8 +33,8 @@ jobs:
fuzz-grants-parse:
name: Fuzz grants.Parse
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Determine Go version
id: get-go-version
# We use .go-version as our source of truth for current Go
@ -42,14 +42,14 @@ jobs:
run: |
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
- shell: bash
run: go test ./internal/perms -fuzz=FuzzParse -fuzztime=30s
- name: Upload fuzz failure seed corpus as run artifact
if: failure()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: fuzz-corpus
path: ./internal/perms/testdata/fuzz

4
.github/workflows/linting.yml vendored
Unescape View File

@ -13,7 +13,7 @@ jobs:
name: "Run Linter"
runs-on: ${{ fromJSON(vars.RUNNER) }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: '0'
- name: Determine Go version
@ -24,7 +24,7 @@ jobs:
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- name: Set up Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
- name: Install Dependencies

4
.github/workflows/make-gen-delta.yml vendored
Unescape View File

@ -12,7 +12,7 @@ jobs:
name: "Check for uncommitted changes from make gen"
runs-on: ${{ fromJSON(vars.RUNNER) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: '0'
- name: Determine Go version
@ -23,7 +23,7 @@ jobs:
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
- name: Running go mod tidy

2
.github/workflows/schema-diff.yml vendored
Unescape View File

@ -30,7 +30,7 @@ jobs:
if: '! github.event.pull_request.draft'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: '0'
- name: Generate Schema Diff

8
.github/workflows/security-scan.yml vendored
Unescape View File

@ -8,7 +8,7 @@ on:
- 'main'
paths-ignore:
- 'website/**'
jobs:
scan:
runs-on: ${{ fromJSON(vars.RUNNER_LARGE) }}
@ -17,7 +17,7 @@ jobs:
github.actor != 'dependabot[bot]' &&
github.actor != 'hc-github-team-secure-boundary'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Determine Go version
id: get-go-version
@ -28,7 +28,7 @@ jobs:
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
cache: false
@ -39,7 +39,7 @@ jobs:
python-version: 3.x
- name: Clone Security Scanner repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: hashicorp/security-scanner
token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }}

6
.github/workflows/test-ci-bootstrap-oss.yml vendored
Unescape View File

@ -27,11 +27,11 @@ jobs:
TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
runs-on: ${{ fromJSON(vars.RUNNER) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}

8
.github/workflows/test-ci-cleanup-oss.yml vendored
Unescape View File

@ -15,7 +15,7 @@ jobs:
regions: ${{steps.regions.outputs.regions}}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
@ -44,7 +44,7 @@ jobs:
steps:
- name: Configure AWS credentials
id: aws-configure
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
@ -53,7 +53,7 @@ jobs:
role-skip-session-tagging: true
role-duration-seconds: 3600
mask-aws-account-id: false
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Configure
run: |
cp enos/ci/aws-nuke.yml .
@ -80,7 +80,7 @@ jobs:
region: ${{ fromJSON(needs.setup.outputs.regions) }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}

8
.github/workflows/test-cli-ui_oss.yml vendored
Unescape View File

@ -16,10 +16,10 @@ jobs:
runs-on: ${{ fromJSON(vars.RUNNER) }}
name: CLI tests
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Import GPG key for Boundary pass keystore
id: import_gpg
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
with:
gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }}
@ -31,7 +31,7 @@ jobs:
cat ~/.gnupg/gpg.conf
- name: Set up Bats CLI UI tests dependency cache
id: dep-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: /tmp/bats-cli-ui-deps
key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2
@ -73,7 +73,7 @@ jobs:
run: |
unzip /tmp/bats-cli-ui-deps/vault.zip -d /usr/local/bin
- name: Download Linux AMD64 Boundary bundle
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1
with:
name: ${{ inputs.artifact-name }}
path: /tmp

24
.github/workflows/test-race.yml vendored
Unescape View File

@ -25,7 +25,7 @@ jobs:
plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }}
runs-on: ${{ fromJSON(vars.RUNNER) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: '0'
- name: Determine Go version
@ -36,7 +36,7 @@ jobs:
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
cache: false
@ -51,7 +51,7 @@ jobs:
echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT"
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
@ -74,7 +74,7 @@ jobs:
echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT"
- name: Set up plugin cache
id: plugin-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.plugin-cache-paths.outputs.path }}
@ -93,14 +93,14 @@ jobs:
matrix:
module: ["api", "sdk"]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ needs.setup.outputs.go-version }}"
cache: false
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ needs.setup.outputs.cache-go-build }}
@ -125,15 +125,15 @@ jobs:
ulimit -Sa
echo "Hard limits"
ulimit -Ha
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ needs.setup.outputs.go-version }}"
cache: false
- name: Set up Go modules cache
id: go-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ needs.setup.outputs.cache-go-build }}
@ -154,7 +154,7 @@ jobs:
fi
- name: Set up plugin cache
id: plugin-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ needs.setup.outputs.plugin-cache-path }}
@ -174,7 +174,7 @@ jobs:
until pg_isready -h 127.0.0.1; do docker container inspect boundary-sql-tests &> /dev/null || exit 255; sleep 1; done
- name: Test
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
env:
TEST_PACKAGE: "./..."
TEST_TIMEOUT: 120m

2
.github/workflows/test-sql.yml vendored
Unescape View File

@ -18,7 +18,7 @@ jobs:
postgres-version: [ alpine, 15-alpine, 16-alpine, 17-alpine ]
name: SQL Tests ${{ matrix.postgres-version }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run SQL PgTap Tests
run: |
make test-sql POSTGRES_DOCKER_IMAGE_BASE=docker.mirror.hashicorp.services/postgres PG_DOCKER_TAG=${{ matrix.postgres-version }}

24
.github/workflows/test.yml vendored
Unescape View File

@ -25,7 +25,7 @@ jobs:
plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }}
runs-on: ${{ fromJSON(vars.RUNNER) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: '0'
- name: Determine Go version
@ -36,7 +36,7 @@ jobs:
echo "Building with Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ steps.get-go-version.outputs.go-version }}"
cache: false
@ -51,7 +51,7 @@ jobs:
echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT"
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
@ -74,7 +74,7 @@ jobs:
echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT"
- name: Set up plugin cache
id: plugin-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ steps.plugin-cache-paths.outputs.path }}
@ -93,14 +93,14 @@ jobs:
matrix:
module: ["api", "sdk"]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ needs.setup.outputs.go-version }}"
cache: false
- name: Set up Go modules cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ needs.setup.outputs.cache-go-build }}
@ -125,15 +125,15 @@ jobs:
ulimit -Sa
echo "Hard limits"
ulimit -Ha
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "${{ needs.setup.outputs.go-version }}"
cache: false
- name: Set up Go modules cache
id: go-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ needs.setup.outputs.cache-go-build }}
@ -154,7 +154,7 @@ jobs:
fi
- name: Set up plugin cache
id: plugin-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3
with:
path: |
${{ needs.setup.outputs.plugin-cache-path }}
@ -174,7 +174,7 @@ jobs:
until pg_isready -h 127.0.0.1; do docker container inspect boundary-sql-tests &> /dev/null || exit 255; sleep 1; done
- name: Test
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
env:
TEST_PACKAGE: "./..."
TESTARGS: -v

2
.github/workflows/trigger-merge-to-downstream.yml vendored
Unescape View File

@ -18,7 +18,7 @@ jobs:
DOWNSTREAM_TOK: ${{ secrets.DOWNSTREAM_TOK }}
DOWNSTREAM_WORKFLOW: ${{ vars.DOWNSTREAM_WORKFLOW }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Trigger Merge
run: |
./scripts/trigger-merge-to-downstream-gha ${{ github.ref_name }}

Write Preview
Loading…
Cancel
Save