diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c3e7935160c..8a525528c03 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -107,7 +107,7 @@ jobs: - uses: ./.github/actions/checkout id: checkout # Get the vault version metadata - - uses: hashicorp/actions-set-product-version@v2 + - uses: hashicorp/actions-set-product-version@2ec1b51402b3070bccf7ca95306afbd039e574ff # v2.0.1 id: set-product-version with: checkout: false # don't override the reference we've checked out @@ -352,7 +352,7 @@ jobs: - if: needs.setup.outputs.is-enterprise == 'true' id: secrets name: Fetch Vault Secrets - uses: hashicorp/vault-action@v3 + uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3.4.0 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} @@ -421,7 +421,7 @@ jobs: } ] } - - uses: hashicorp/actions-generate-metadata@v1 + - uses: hashicorp/actions-generate-metadata@f1d852525201cb7bbbf031dd2e985fb4c22307fc # v1.1.3 if: needs.artifacts.result == 'success' # create build metadata if we successfully created artifacts id: generate-metadata-file with: diff --git a/.github/workflows/enos-lint.yml b/.github/workflows/enos-lint.yml index 78a58067bfd..84d6e98809c 100644 --- a/.github/workflows/enos-lint.yml +++ b/.github/workflows/enos-lint.yml @@ -19,7 +19,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: set-product-version - uses: hashicorp/actions-set-product-version@v2 + uses: hashicorp/actions-set-product-version@2ec1b51402b3070bccf7ca95306afbd039e574ff # v2.0.1 - id: metadata run: | echo "version=${{ steps.set-product-version.outputs.product-version }}" >> "$GITHUB_OUTPUT" @@ -43,10 +43,10 @@ jobs: cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 go-version-file: .go-version - uses: ./.github/actions/install-external-tools - - uses: hashicorp/setup-terraform@v3 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_wrapper: false - - uses: hashicorp/action-setup-enos@v1 + - uses: hashicorp/action-setup-enos@b9fa53484a1e8fdcc7b02a118bcf01d65b9414c9 # v1.37.0 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Ensure shellcheck is available for linting diff --git a/.github/workflows/enos-release-testing-oss.yml b/.github/workflows/enos-release-testing-oss.yml index bd845374fe5..419b021b55e 100644 --- a/.github/workflows/enos-release-testing-oss.yml +++ b/.github/workflows/enos-release-testing-oss.yml @@ -69,4 +69,4 @@ jobs: needs: test steps: - name: Persist metadata - uses: hashicorp/actions-persist-metadata@v2 + uses: hashicorp/actions-persist-metadata@e13fbbb09a867e1274210306a1fd53e1d1fda9c3 # v2.0.0 diff --git a/.github/workflows/test-ci-bootstrap.yml b/.github/workflows/test-ci-bootstrap.yml index 5481e4f7281..94a60e5d2c1 100644 --- a/.github/workflows/test-ci-bootstrap.yml +++ b/.github/workflows/test-ci-bootstrap.yml @@ -31,7 +31,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: diff --git a/.github/workflows/test-enos-scenario-ui.yml b/.github/workflows/test-enos-scenario-ui.yml index a606d1bc5bd..b7ba67e5cc8 100644 --- a/.github/workflows/test-enos-scenario-ui.yml +++ b/.github/workflows/test-enos-scenario-ui.yml @@ -76,7 +76,7 @@ jobs: - uses: ./.github/actions/set-up-go with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - uses: hashicorp/action-setup-enos@v1 + - uses: hashicorp/action-setup-enos@b9fa53484a1e8fdcc7b02a118bcf01d65b9414c9 # v1.37.0 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Set Up Git @@ -86,7 +86,7 @@ jobs: with: node-version-file: './ui/package.json' - name: Set Up Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} terraform_wrapper: false diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index ce9db9ee7f2..5270290e136 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -110,7 +110,7 @@ jobs: - name: Fetch Secrets id: secrets if: github.repository == 'hashicorp/vault-enterprise' - uses: hashicorp/vault-action@v3 + uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3.4.0 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} @@ -292,7 +292,7 @@ jobs: - name: Fetch Secrets id: secrets if: github.repository == 'hashicorp/vault-enterprise' - uses: hashicorp/vault-action@v3 + uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3.4.0 with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} diff --git a/.github/workflows/test-run-enos-scenario-containers.yml b/.github/workflows/test-run-enos-scenario-containers.yml index 6b6819003b9..2ad8cacd41a 100644 --- a/.github/workflows/test-run-enos-scenario-containers.yml +++ b/.github/workflows/test-run-enos-scenario-containers.yml @@ -43,7 +43,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.vault-revision }} - - uses: hashicorp/action-setup-enos@v1 + - uses: hashicorp/action-setup-enos@b9fa53484a1e8fdcc7b02a118bcf01d65b9414c9 # v1.37.0 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - id: metadata @@ -79,12 +79,12 @@ jobs: GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: hashicorp/setup-terraform@v3 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: # the Terraform wrapper will break Terraform execution in Enos because # it changes the output to text when we expect it to be JSON. terraform_wrapper: false - - uses: hashicorp/action-setup-enos@v1 + - uses: hashicorp/action-setup-enos@b9fa53484a1e8fdcc7b02a118bcf01d65b9414c9 # v1.37.0 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Download Docker Image diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index fd1b38ec2d3..ac28d979999 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -70,7 +70,7 @@ jobs: token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/github-token token | ELEVATED_GITHUB_TOKEN; - - uses: hashicorp/action-setup-enos@v1 + - uses: hashicorp/action-setup-enos@b9fa53484a1e8fdcc7b02a118bcf01d65b9414c9 # v1.37.0 with: github-token: ${{ inputs.vault-edition == 'ce' && secrets.ELEVATED_GITHUB_TOKEN || steps.vault-secrets.outputs.ELEVATED_GITHUB_TOKEN }} - uses: ./.github/actions/create-dynamic-config @@ -205,7 +205,7 @@ jobs: echo "ENOS_VAR_verify_aws_secrets_engine=false" echo "ENOS_VAR_verify_log_secrets=true" } | tee -a "$GITHUB_ENV" - - uses: hashicorp/setup-terraform@v3 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: # the Terraform wrapper will break Terraform execution in Enos because # it changes the output to text when we expect it to be JSON. @@ -218,7 +218,7 @@ jobs: role-to-assume: ${{ steps.secrets.outputs.aws-role-arn }} role-skip-session-tagging: true role-duration-seconds: 3600 - - uses: hashicorp/action-setup-enos@v1 + - uses: hashicorp/action-setup-enos@b9fa53484a1e8fdcc7b02a118bcf01d65b9414c9 # v1.37.0 with: github-token: ${{ steps.secrets.outputs.github-token }} - uses: ./.github/actions/create-dynamic-config @@ -291,28 +291,28 @@ jobs: # https://api.slack.com/apps/A05E31CH1LG/incoming-webhooks - if: ${{ always() && ! cancelled() }} name: Notify launch failed - uses: hashicorp/actions-slack-status@v2.0.1 + uses: hashicorp/actions-slack-status@1a3f63b30bd476aee1f3bd6f9d8f2aacc4f14d81 # v2.0.1 with: failure-message: "enos scenario launch ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.launch.outcome }} slack-webhook-url: ${{ steps.secrets.outputs.slack-webhook-url }} - if: ${{ always() && ! cancelled() }} name: Notify retry launch failed - uses: hashicorp/actions-slack-status@v2.0.1 + uses: hashicorp/actions-slack-status@1a3f63b30bd476aee1f3bd6f9d8f2aacc4f14d81 # v2.0.1 with: failure-message: "retry enos scenario launch ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.launch_retry.outcome }} slack-webhook-url: ${{ steps.secrets.outputs.slack-webhook-url }} - if: ${{ always() && ! cancelled() }} name: Notify destroy failed - uses: hashicorp/actions-slack-status@v2.0.1 + uses: hashicorp/actions-slack-status@1a3f63b30bd476aee1f3bd6f9d8f2aacc4f14d81 # v2.0.1 with: failure-message: "enos scenario destroy ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.destroy.outcome }} slack-webhook-url: ${{ steps.secrets.outputs.slack-webhook-url }} - if: ${{ always() && ! cancelled() }} name: Notify retry destroy failed - uses: hashicorp/actions-slack-status@v2.0.1 + uses: hashicorp/actions-slack-status@1a3f63b30bd476aee1f3bd6f9d8f2aacc4f14d81 # v2.0.1 with: failure-message: "retry enos scenario destroy ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.destroy_retry.outcome }} diff --git a/.github/workflows/test-run-enos-scenario.yml b/.github/workflows/test-run-enos-scenario.yml index 3a541704b38..992b966957f 100644 --- a/.github/workflows/test-run-enos-scenario.yml +++ b/.github/workflows/test-run-enos-scenario.yml @@ -70,7 +70,7 @@ jobs: with: node-version: 14 cache-dependency-path: ui/yarn.lock - - uses: hashicorp/setup-terraform@v2 + - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 with: # the Terraform wrapper will break Terraform execution in Enos because # it changes the output to text when we expect it to be JSON. @@ -83,7 +83,7 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} role-skip-session-tagging: true role-duration-seconds: 3600 - - uses: hashicorp/action-setup-enos@v1 + - uses: hashicorp/action-setup-enos@b9fa53484a1e8fdcc7b02a118bcf01d65b9414c9 # v1.37.0 with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Prepare scenario dependencies