From f666016862a3e5b3eba60562cb4465833bd0029a Mon Sep 17 00:00:00 2001 From: Vault Automation Date: Thu, 19 Mar 2026 11:51:50 -0400 Subject: [PATCH] actions: update actions to the latest versions (#13056) (#13143) - actions/cache => v5.0.4 Dep updates - actions/download-artifact => v8.0.1 Support for CJK characters - dorny/paths-filter => v4.0.1 Node 24, support for merge queues - hashicorp/action-setup-enos => v1.52 Security release for downstream vuln - pnpm/action-setup => v5.0.0 Node 24, support for native caching - slackapi/slack-github-action => v3.0.1 Node 24, lots of internal dep updates, ability to run Slack commands Signed-off-by: Ryan Cragun Co-authored-by: Ryan Cragun --- .github/actions/build-vault/action.yml | 2 +- .github/actions/create-dynamic-config/action.yml | 2 +- .github/actions/install-tools/action.yml | 2 +- .github/actions/set-up-go/action.yml | 2 +- .github/actions/set-up-pipeline/action.yml | 2 +- .github/actions/setup-pnpm/action.yml | 2 +- .github/workflows/build.yml | 6 +++--- .github/workflows/ci.yml | 4 ++-- .github/workflows/enos-lint.yml | 2 +- .github/workflows/oss.yml | 2 +- .github/workflows/test-enos-scenario-ui.yml | 4 ++-- .github/workflows/test-go.yml | 8 ++++---- .github/workflows/test-run-enos-scenario-containers.yml | 6 +++--- .github/workflows/test-run-enos-scenario-matrix.yml | 6 +++--- .github/workflows/test-run-enos-scenario.yml | 4 ++-- .github/workflows/test-ui.yml | 4 ++-- 16 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/actions/build-vault/action.yml b/.github/actions/build-vault/action.yml index ee4acfa4e9..215ad37415 100644 --- a/.github/actions/build-vault/action.yml +++ b/.github/actions/build-vault/action.yml @@ -69,7 +69,7 @@ runs: shell: bash run: git config --global url."https://${{ inputs.github-token }}:@github.com".insteadOf "https://github.com" - name: Restore UI from cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: # Restore the UI asset from the UI build workflow. Never use a partial restore key. enableCrossOsArchive: true diff --git a/.github/actions/create-dynamic-config/action.yml b/.github/actions/create-dynamic-config/action.yml index 4cf11c190e..33ac208a03 100644 --- a/.github/actions/create-dynamic-config/action.yml +++ b/.github/actions/create-dynamic-config/action.yml @@ -39,7 +39,7 @@ runs: } | tee -a "$GITHUB_ENV" - name: Try to restore dynamic config from cache id: dyn-cfg-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ env.DYNAMIC_CONFIG_PATH }} key: dyn-cfg-${{ env.DYNAMIC_CONFIG_KEY }} diff --git a/.github/actions/install-tools/action.yml b/.github/actions/install-tools/action.yml index 7274562fa2..3b33e7c716 100644 --- a/.github/actions/install-tools/action.yml +++ b/.github/actions/install-tools/action.yml @@ -69,7 +69,7 @@ runs: echo "VAULT_TOOLS_CACHE_KEY=${cache_key}" } | tee -a "$GITHUB_ENV" - id: cache-tools - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: lookup-only: ${{ inputs.no-restore }} path: ${{ env.VAULT_TOOLS_PATH }} diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml index 323ca16427..89d7e95cbb 100644 --- a/.github/actions/set-up-go/action.yml +++ b/.github/actions/set-up-go/action.yml @@ -63,7 +63,7 @@ runs: echo "cache-key=go-modules-${wd_hash}-${{ hashFiles('**/go.sum') }}" } | tee -a "$GITHUB_OUTPUT" - id: cache-modules - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: enableCrossOsArchive: true lookup-only: ${{ inputs.no-restore }} diff --git a/.github/actions/set-up-pipeline/action.yml b/.github/actions/set-up-pipeline/action.yml index 2206fc7d75..b73804e7b7 100644 --- a/.github/actions/set-up-pipeline/action.yml +++ b/.github/actions/set-up-pipeline/action.yml @@ -33,7 +33,7 @@ runs: } | tee -a "$GITHUB_ENV" - name: Try to restore pipeline from cache id: pipeline-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ env.PIPELINE_PATH }} key: pipeline-${{ env.PIPELINE_HASH }} diff --git a/.github/actions/setup-pnpm/action.yml b/.github/actions/setup-pnpm/action.yml index 6e9ef8fe73..1027261f13 100644 --- a/.github/actions/setup-pnpm/action.yml +++ b/.github/actions/setup-pnpm/action.yml @@ -12,7 +12,7 @@ runs: steps: - name: Install PNPM - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: run_install: false package_json_file: './ui/package.json' diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d0bd2b5c1..b5609350c0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -303,7 +303,7 @@ jobs: run: echo "ui-hash=$(git ls-tree HEAD ui --object-only)" | tee -a "$GITHUB_OUTPUT" - name: Set up UI asset cache id: cache-ui-assets - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: enableCrossOsArchive: true lookup-only: true @@ -313,7 +313,7 @@ jobs: key: ui-${{ steps.ui-hash.outputs.ui-hash }} - if: steps.cache-ui-assets.outputs.cache-hit != 'true' name: Install PNPM - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: run_install: false package_json_file: './ui/package.json' @@ -636,7 +636,7 @@ jobs: always() && steps.status.outputs.result != 'success' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: errors: true # exit with an error if the payload is invalid retries: rapid # retry if we're being rated limited diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 31f64c2432..bca7c815e1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -348,7 +348,7 @@ jobs: needs.test-ui.result == 'failure' ) name: Notify build failures in Slack - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: errors: true # exit with an error if the payload is invalid retries: rapid # retry if we're being rated limited @@ -390,7 +390,7 @@ jobs: # to secrets. - if: ${{ needs.setup.outputs.is-fork == 'false' }} name: Download failure summaries - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: failure-summary-*.md path: failure-summaries diff --git a/.github/workflows/enos-lint.yml b/.github/workflows/enos-lint.yml index e0aff92a41..fd653bc3ed 100644 --- a/.github/workflows/enos-lint.yml +++ b/.github/workflows/enos-lint.yml @@ -45,7 +45,7 @@ jobs: - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_wrapper: false - - uses: hashicorp/action-setup-enos@3a9f736b68564c957cefbfcfb3d16b68e581a5b2 # v1.51 + - uses: hashicorp/action-setup-enos@6ec106c8f809fe645162d73bea565c65f3269907 # v1.52 - name: Ensure shellcheck is available for linting run: which shellcheck || (sudo apt update && sudo apt install -y shellcheck) - name: lint diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml index 3f290a265a..9410363322 100644 --- a/.github/workflows/oss.yml +++ b/.github/workflows/oss.yml @@ -21,7 +21,7 @@ jobs: - if: github.event.pull_request != null uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - if: github.event.pull_request != null - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes with: # derived from CODEOWNERS diff --git a/.github/workflows/test-enos-scenario-ui.yml b/.github/workflows/test-enos-scenario-ui.yml index effe98f58b..05e0325d7e 100644 --- a/.github/workflows/test-enos-scenario-ui.yml +++ b/.github/workflows/test-enos-scenario-ui.yml @@ -82,7 +82,7 @@ jobs: - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - uses: hashicorp/action-setup-enos@3a9f736b68564c957cefbfcfb3d16b68e581a5b2 # v1.51 + - uses: hashicorp/action-setup-enos@6ec106c8f809fe645162d73bea565c65f3269907 # v1.52 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Set Up Git @@ -94,7 +94,7 @@ jobs: cache: pnpm cache-dependency-path: ui/pnpm-lock.yaml - name: Install PNPM - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: package_json_file: './ui/package.json' - name: Set Up Terraform diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index f69b163562..77b43223f0 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -147,7 +147,7 @@ jobs: - uses: ./.github/actions/install-tools # for gotestsum - run: mkdir -p ${{ steps.local-metadata.outputs.go-test-dir }} - if: inputs.test-timing-cache-restore || inputs.test-timing-cache-save - uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ steps.local-metadata.outputs.go-test-dir }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} @@ -609,7 +609,7 @@ jobs: data-race-output: ${{ steps.status.outputs.data-race-output }} data-race-result: ${{ steps.status.outputs.data-race-result }} steps: - - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: ${{ needs.test-go.outputs.data-race-log-download-pattern }} path: data-race-logs @@ -651,7 +651,7 @@ jobs: } | tee -a "$GITHUB_OUTPUT" # Aggregate, prune, and cache our timing data - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-save }} - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ needs.test-matrix.outputs.go-test-dir }} key: ${{ inputs.test-timing-cache-key }}-${{ github.run_number }} @@ -659,7 +659,7 @@ jobs: ${{ inputs.test-timing-cache-key }}- go-test-timing- - if: ${{ ! cancelled() && needs.test-go.result == 'success' && inputs.test-timing-cache-save }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ needs.test-matrix.outputs.go-test-dir }} pattern: ${{ needs.test-go.outputs.go-test-results-download-pattern }} diff --git a/.github/workflows/test-run-enos-scenario-containers.yml b/.github/workflows/test-run-enos-scenario-containers.yml index bfef3bde0f..5e67246acb 100644 --- a/.github/workflows/test-run-enos-scenario-containers.yml +++ b/.github/workflows/test-run-enos-scenario-containers.yml @@ -44,7 +44,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.vault-revision }} - - uses: hashicorp/action-setup-enos@3a9f736b68564c957cefbfcfb3d16b68e581a5b2 # v1.51 + - uses: hashicorp/action-setup-enos@6ec106c8f809fe645162d73bea565c65f3269907 # v1.52 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - uses: ./.github/actions/metadata @@ -87,12 +87,12 @@ jobs: # the Terraform wrapper will break Terraform execution in Enos because # it changes the output to text when we expect it to be JSON. terraform_wrapper: false - - uses: hashicorp/action-setup-enos@3a9f736b68564c957cefbfcfb3d16b68e581a5b2 # v1.51 + - uses: hashicorp/action-setup-enos@6ec106c8f809fe645162d73bea565c65f3269907 # v1.52 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Download Docker Image id: download - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.build-artifact-name }} path: ./enos/support/downloads diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index 153988e389..12e0796c51 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -70,7 +70,7 @@ jobs: token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/github-token token | ELEVATED_GITHUB_TOKEN; - - uses: hashicorp/action-setup-enos@3a9f736b68564c957cefbfcfb3d16b68e581a5b2 # v1.51 + - uses: hashicorp/action-setup-enos@6ec106c8f809fe645162d73bea565c65f3269907 # v1.52 with: github-token: ${{ github.repository == 'hashicorp/vault' && secrets.ELEVATED_GITHUB_TOKEN || steps.vault-secrets.outputs.ELEVATED_GITHUB_TOKEN }} - uses: ./.github/actions/create-dynamic-config @@ -218,7 +218,7 @@ jobs: role-to-assume: ${{ steps.secrets.outputs.aws-role-arn }} role-skip-session-tagging: true role-duration-seconds: 3600 - - uses: hashicorp/action-setup-enos@3a9f736b68564c957cefbfcfb3d16b68e581a5b2 # v1.51 + - uses: hashicorp/action-setup-enos@6ec106c8f809fe645162d73bea565c65f3269907 # v1.52 with: github-token: ${{ steps.secrets.outputs.github-token }} - uses: ./.github/actions/create-dynamic-config @@ -236,7 +236,7 @@ jobs: du -h "./enos/support/private_key.pem" echo "debug_data_artifact_name=enos-debug-data_$(echo "${{ matrix.scenario }}" | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT" - if: contains(inputs.sample-name, 'build') - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.build-artifact-name }} path: ./enos/support/downloads diff --git a/.github/workflows/test-run-enos-scenario.yml b/.github/workflows/test-run-enos-scenario.yml index 37a8861925..088154065b 100644 --- a/.github/workflows/test-run-enos-scenario.yml +++ b/.github/workflows/test-run-enos-scenario.yml @@ -76,7 +76,7 @@ jobs: cache-dependency-path: ui/pnpm-lock.yaml - name: Install PNPM - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 with: package_json_file: './ui/package.json' - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 @@ -93,7 +93,7 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} role-skip-session-tagging: true role-duration-seconds: 3600 - - uses: hashicorp/action-setup-enos@3a9f736b68564c957cefbfcfb3d16b68e581a5b2 # v1.51 + - uses: hashicorp/action-setup-enos@6ec106c8f809fe645162d73bea565c65f3269907 # v1.52 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Prepare scenario dependencies diff --git a/.github/workflows/test-ui.yml b/.github/workflows/test-ui.yml index f68e647e28..d0ce513890 100644 --- a/.github/workflows/test-ui.yml +++ b/.github/workflows/test-ui.yml @@ -141,12 +141,12 @@ jobs: - name: Setup pnpm uses: ./.github/actions/setup-pnpm - name: Download Ember Test Bundle - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./ui/dist artifact-ids: ${{ needs.test-ui-build-js.outputs.ui-js-bundle-artifact-id }} - name: Download Vault Binary - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ./bin artifact-ids: ${{ needs.test-ui-build-go.outputs.ui-go-binary-artifact-id }}