diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index f26b2b6486..36363e0389 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -11,7 +11,7 @@ jobs: actionlint: runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check workflow files uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244 with: diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index e4c8d050c8..b99da5cef9 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -17,7 +17,7 @@ jobs: container: hashicorpdev/backport-assistant:0.5.1 steps: # Note: actions/checkout v5 breaks the backport assistant, so we pin to v4.2.2 for now. - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Fetch all branches and tags - name: Check if any migrations have changed diff --git a/.github/workflows/build-check.yml b/.github/workflows/build-check.yml index 4d4e0c5eb1..86ef253472 100644 --- a/.github/workflows/build-check.yml +++ b/.github/workflows/build-check.yml @@ -18,7 +18,7 @@ jobs: build: runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -29,7 +29,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -38,7 +38,7 @@ jobs: run: | echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6e7604b462..f784619e91 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,7 +30,7 @@ jobs: base-product-version: $${{ steps.set-product-version.outputs.base-product-version }} prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set Product version id: set-product-version uses: hashicorp/actions-set-product-version@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed @@ -43,7 +43,7 @@ jobs: product-edition: ${{ steps.get-product-edition.outputs.product-edition }} go-version: ${{ steps.get-go-version.outputs.go-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -52,7 +52,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -61,7 +61,7 @@ jobs: run: | echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -89,7 +89,7 @@ jobs: runs-on: ${{ fromJSON(vars.BUILDER_LINUX) }} steps: - name: 'Checkout directory' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - run: | echo "Product Version - ${{ needs.set-product-version.outputs.product-version }}" echo "Product Prerelease - ${{ needs.set-product-version.outputs.prerelease-product-version }}" @@ -103,7 +103,7 @@ jobs: filepath: ${{ steps.generate-metadata-file.outputs.filepath }} steps: - name: 'Checkout directory' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Generate metadata file id: generate-metadata-file uses: hashicorp/actions-generate-metadata@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed @@ -111,7 +111,7 @@ jobs: repository: boundary version: ${{ needs.set-product-version.outputs.product-version }} product: ${{ env.PKG_NAME }} - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: metadata.json path: ${{ steps.generate-metadata-file.outputs.filepath }} @@ -140,9 +140,9 @@ jobs: GOPRIVATE: "github.com/hashicorp" GO111MODULE: on steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ matrix.go }} cache: false @@ -151,7 +151,7 @@ jobs: run: | echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -164,7 +164,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -206,11 +206,11 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Git run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ matrix.go }} cache: false @@ -220,7 +220,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -229,7 +229,7 @@ jobs: go-mod # Adding go build cache here since this build is used for tests - name: Set up Go build cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -240,7 +240,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -288,12 +288,12 @@ jobs: echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV" echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV" - name: Upload RPM package - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }} - name: Upload DEB package - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }} @@ -316,9 +316,9 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ matrix.go }} cache: false @@ -327,7 +327,7 @@ jobs: run: | echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -338,7 +338,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -376,7 +376,7 @@ jobs: version: ${{ needs.set-product-version.outputs.product-version }} minor-version: ${{ needs.product-metadata.outputs.product-minor-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Docker Build (Action) uses: hashicorp/actions-docker-build@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: diff --git a/.github/workflows/enos-fmt.yml b/.github/workflows/enos-fmt.yml index 392a8965f1..05b5239812 100644 --- a/.github/workflows/enos-fmt.yml +++ b/.github/workflows/enos-fmt.yml @@ -18,8 +18,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: terraform_wrapper: false - uses: hashicorp/action-setup-enos@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml index 491572a051..8fd3ccf012 100644 --- a/.github/workflows/enos-run.yml +++ b/.github/workflows/enos-run.yml @@ -23,7 +23,7 @@ jobs: go-mod-cache-key: ${{ steps.go-mod-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -34,7 +34,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -47,7 +47,7 @@ jobs: run: | echo "key=go-mod-${{ hashFiles('**/go.sum') }}" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -97,7 +97,7 @@ jobs: ENOS_VAR_is_ci: true steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: ${{ contains(matrix.filter, 'e2e_docker_base_with_worker_version') && '0' || '1' }} fetch-tags: ${{ contains(matrix.filter, 'e2e_docker_base_with_worker_version') && 'true' || 'false' }} @@ -109,13 +109,13 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false - name: Set up Go modules cache id: go-mod-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.cache-go-mod }} @@ -127,14 +127,14 @@ jobs: run: | go mod download - name: Set up Terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed with: # the terraform wrapper will break Terraform execution in enos because # it changes the output to text when we expect it to be JSON. terraform_wrapper: false - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -145,7 +145,7 @@ jobs: echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf cat ~/.gnupg/gpg.conf - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -177,7 +177,7 @@ jobs: echo "debug_data_artifact_name=enos-debug-data_$(echo ${{ matrix.filter }} | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT" - name: Set up dependency cache id: dep-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/test-deps key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 @@ -225,7 +225,7 @@ jobs: ssh -V - name: Download Boundary Linux AMD64 bundle id: download - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.artifact-name }} path: ./enos/support/downloads @@ -235,7 +235,7 @@ jobs: mv ${{steps.download.outputs.download-path}}/*.zip enos/support/boundary.zip - name: Download Boundary Linux AMD64 docker image if: contains(matrix.filter, 'e2e_docker') - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 id: download-docker with: name: ${{ inputs.docker-image-file }} @@ -322,7 +322,7 @@ jobs: SCENARIO=$(echo "${{ matrix.filter }}" | cut -d' ' -f1,3 | sed 's/:/_/g') echo fragment="${SCENARIO}" >> "$GITHUB_OUTPUT" - name: Upload e2e tests output - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-${{ steps.split.outputs.fragment }} path: enos/*.log @@ -353,7 +353,7 @@ jobs: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.filter }} - name: Upload Debug Data if: ${{ always() && steps.run_retry.outcome == 'failure' }} - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} @@ -388,7 +388,7 @@ jobs: env find ./enos -name "scenario.tf" -exec cat {} \; - name: Send Slack message if Run and Retry fails (or if something else went wrong) - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 # steps.run.outcome reports as failure when there is an error in `Run Enos scenario` # failure() captures errors before `Run Enos scenario` # failure() does not capture errors in `Run Enos scenario` due to continue-on-error @@ -400,7 +400,7 @@ jobs: channel: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }} text: ":x: e2e tests failed (${{ matrix.filter }}): ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n*Branch:* ${{ github.repository }}:${{ github.head_ref || github.ref_name }}" - name: Send Slack message if Run but Retry passes - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 if: ${{ steps.run.outcome == 'failure' && steps.run_retry.outcome != 'failure' }} with: method: chat.postMessage diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index f005c3d907..1dae903565 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -34,7 +34,7 @@ jobs: name: Fuzz grants.Parse runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -42,7 +42,7 @@ jobs: run: | echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -50,7 +50,7 @@ jobs: run: go test ./internal/perms -fuzz=FuzzParse -fuzztime=30s - name: Upload fuzz failure seed corpus as run artifact if: failure() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: fuzz-corpus path: ./internal/perms/testdata/fuzz diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 8c5f3a6866..1113db5479 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -13,7 +13,7 @@ jobs: name: "Run Linter" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -24,7 +24,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -33,7 +33,7 @@ jobs: run: | echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} diff --git a/.github/workflows/make-gen-delta.yml b/.github/workflows/make-gen-delta.yml index 5ad7128862..5e59097379 100644 --- a/.github/workflows/make-gen-delta.yml +++ b/.github/workflows/make-gen-delta.yml @@ -12,7 +12,7 @@ jobs: name: "Check for uncommitted changes from make gen" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -23,7 +23,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -33,7 +33,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -42,7 +42,7 @@ jobs: go-mod - name: Set up Go tools cache id: go-tools-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-bin }} diff --git a/.github/workflows/schema-diff.yml b/.github/workflows/schema-diff.yml index a3952af066..240640d791 100644 --- a/.github/workflows/schema-diff.yml +++ b/.github/workflows/schema-diff.yml @@ -30,7 +30,7 @@ jobs: if: '! github.event.pull_request.draft' runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Generate Schema Diff diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 01ac62fc67..6ded929e68 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -17,7 +17,7 @@ jobs: github.actor != 'dependabot[bot]' && github.actor != 'hc-github-team-secure-boundary' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Determine Go version id: get-go-version @@ -28,18 +28,18 @@ jobs: echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.x - name: Clone Security Scanner repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: hashicorp/security-scanner token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} diff --git a/.github/workflows/test-ci-bootstrap-oss.yml b/.github/workflows/test-ci-bootstrap-oss.yml index 19e1664682..59adccb2d2 100644 --- a/.github/workflows/test-ci-bootstrap-oss.yml +++ b/.github/workflows/test-ci-bootstrap-oss.yml @@ -27,11 +27,11 @@ jobs: TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-ci-cleanup-oss.yml b/.github/workflows/test-ci-cleanup-oss.yml index d0f87c5951..2a6a6a695b 100644 --- a/.github/workflows/test-ci-cleanup-oss.yml +++ b/.github/workflows/test-ci-cleanup-oss.yml @@ -16,7 +16,7 @@ jobs: regions: ${{steps.regions.outputs.regions}} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -43,7 +43,7 @@ jobs: steps: - name: Configure AWS credentials id: aws-configure - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -52,7 +52,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 mask-aws-account-id: false - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Configure run: | cp enos/ci/aws-nuke.yml . @@ -79,7 +79,7 @@ jobs: region: ${{ fromJSON(needs.setup.outputs.regions) }} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-cli-ui_oss.yml b/.github/workflows/test-cli-ui_oss.yml index 26911eda38..f092043a84 100644 --- a/.github/workflows/test-cli-ui_oss.yml +++ b/.github/workflows/test-cli-ui_oss.yml @@ -16,10 +16,10 @@ jobs: runs-on: ${{ fromJSON(vars.RUNNER) }} name: CLI tests steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -31,12 +31,12 @@ jobs: cat ~/.gnupg/gpg.conf - name: Set up Bats CLI UI tests dependency cache id: dep-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/test-deps key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 - name: Set up Node for Bats install - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 16 - name: Install Bats via NPM @@ -73,7 +73,7 @@ jobs: run: | unzip /tmp/test-deps/vault.zip -d /usr/local/bin - name: Download Linux AMD64 Boundary bundle - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.artifact-name }} path: /tmp @@ -111,7 +111,7 @@ jobs: make -C internal/tests/cli test-vault-down - name: Send Slack message if: ${{ failure() }} - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 with: method: chat.postMessage token: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }} diff --git a/.github/workflows/test-race.yml b/.github/workflows/test-race.yml index 15fafe9366..7b37065192 100644 --- a/.github/workflows/test-race.yml +++ b/.github/workflows/test-race.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -36,7 +36,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -50,7 +50,7 @@ jobs: run: | echo "key=go-mod-${{ hashFiles('**/go.sum') }}" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -63,7 +63,7 @@ jobs: echo "key=go-tools-${{ steps.get-go-version.outputs.go-version }}-${{ hashFiles('**/go.sum', './Makefile', './tools/tools.go') }}" >> "$GITHUB_OUTPUT" - name: Set up Go tools cache id: go-tools-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-bin }} @@ -87,7 +87,7 @@ jobs: echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT" - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.plugin-cache-paths.outputs.path }} @@ -106,14 +106,14 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.cache-go-mod }} @@ -136,14 +136,14 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.cache-go-mod }} @@ -153,7 +153,7 @@ jobs: fail-on-cache-miss: false - name: Set up Go tools cache id: go-tools-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.cache-go-bin }} @@ -169,7 +169,7 @@ jobs: make tools - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.plugin-cache-path }} @@ -189,7 +189,7 @@ jobs: until pg_isready -h 127.0.0.1; do docker container inspect boundary-sql-tests &> /dev/null || exit 255; sleep 1; done - name: Test - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 env: TEST_TIMEOUT: 120m TESTARGS: -race -v diff --git a/.github/workflows/test-sql.yml b/.github/workflows/test-sql.yml index b439c984cc..7983aba31c 100644 --- a/.github/workflows/test-sql.yml +++ b/.github/workflows/test-sql.yml @@ -18,7 +18,7 @@ jobs: postgres-version: [ alpine,15-alpine, 16-alpine, 17-alpine ] name: SQL Tests ${{ matrix.postgres-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run SQL PgTap Tests run: | make test-sql POSTGRES_DOCKER_IMAGE_BASE=docker.mirror.hashicorp.services/postgres PG_DOCKER_TAG=${{ matrix.postgres-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 34b8737380..527e570d2a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -36,7 +36,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -50,7 +50,7 @@ jobs: run: | echo "key=go-mod-${{ hashFiles('**/go.sum') }}" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-mod }} @@ -63,7 +63,7 @@ jobs: echo "key=go-tools-${{ steps.get-go-version.outputs.go-version }}-${{ hashFiles('**/go.sum', './Makefile', './tools/tools.go') }}" >> "$GITHUB_OUTPUT" - name: Set up Go tools cache id: go-tools-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.go-cache-paths.outputs.go-bin }} @@ -87,7 +87,7 @@ jobs: echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT" - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ steps.plugin-cache-paths.outputs.path }} @@ -106,14 +106,14 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.cache-go-mod }} @@ -136,14 +136,14 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.cache-go-mod }} @@ -153,7 +153,7 @@ jobs: fail-on-cache-miss: false - name: Set up Go tools cache id: go-tools-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.cache-go-bin }} @@ -167,7 +167,7 @@ jobs: make tools - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ${{ needs.setup.outputs.plugin-cache-path }} @@ -187,7 +187,7 @@ jobs: until pg_isready -h 127.0.0.1; do docker container inspect boundary-sql-tests &> /dev/null || exit 255; sleep 1; done - name: Test - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 env: TESTARGS: -v TEST_TIMEOUT: 40m diff --git a/.github/workflows/trigger-merge-to-downstream.yml b/.github/workflows/trigger-merge-to-downstream.yml index 0f86d3de80..19657a9c8e 100644 --- a/.github/workflows/trigger-merge-to-downstream.yml +++ b/.github/workflows/trigger-merge-to-downstream.yml @@ -18,7 +18,7 @@ jobs: DOWNSTREAM_TOK: ${{ secrets.DOWNSTREAM_TOK }} DOWNSTREAM_WORKFLOW: ${{ vars.DOWNSTREAM_WORKFLOW }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Trigger Merge run: | ./scripts/trigger-merge-to-downstream-gha ${{ github.ref_name }}