Skip to content

Commit 35ab1d2

Browse files
hc-github-team-secure-vault-corehc-github-team-secure-vault-core
committed
Merge remote-tracking branch 'remotes/from/ce/main'
2 parents c1bdf56 + c2034cb commit 35ab1d2

40 files changed

+322
-151
lines changed

.github/actions/checkout/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ runs:
7070
echo "ref=${checkout_ref}"
7171
echo "depth=${fetch_depth}"
7272
} | tee -a "$GITHUB_OUTPUT"
73-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
73+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7474
with:
7575
path: ${{ inputs.path }}
7676
fetch-depth: ${{ steps.ref.outputs.depth }}

.github/actions/run-apupgrade-tests/action.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ runs:
4949
run: |
5050
git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com
5151
- name: Check out the .release/versions.hcl file from Vault Enterprise repository
52-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
52+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5353
with:
5454
ref: ${{ inputs.checkout-ref }}
5555
- uses: ./.github/actions/set-up-go
@@ -58,14 +58,14 @@ runs:
5858
- name: Build external tools
5959
uses: ./.github/actions/install-tools
6060
- name: Checkout VCM repository
61-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
61+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6262
with:
6363
repository: hashicorp/vcm
6464
ref: 1fcab6591e3bdc81d2921ca77441bfcf913c6a57
6565
token: ${{ inputs.github-token }}
6666
path: vcm
6767
- name: Checkout Vault tools repository to get the Autopilot upgrade tool
68-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
68+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6969
with:
7070
repository: hashicorp/vault-tools
7171
token: ${{ inputs.github-token }}

.github/workflows/actionlint.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414
actionlint:
1515
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
1616
steps:
17-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
17+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1818
- name: "Run actionlint"
1919
run: |
2020
docker run --rm -v "$(pwd):/repo" --workdir /repo docker.mirror.hashicorp.services/rhysd/actionlint@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9 -color -verbose

.github/workflows/add-hashicorp-contributed-label.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
2121
steps:
2222
# gh pr edit needs a .git directory so we'll do a shallow checkout
23-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
23+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2424
- name: "Add label to PR"
2525
env:
2626
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/benchmark-prevent-performance-degradations.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
1717
steps:
1818
- name: Check out code into the Go module directory
19-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
19+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020
with:
2121
fetch-depth: 0
2222
fetch-tags: false

.github/workflows/build-artifacts-ce.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ jobs:
9797
runs-on: ${{ fromJSON(inputs.compute-build) }}
9898
name: (${{ matrix.goos }}, ${{ matrix.goarch }})
9999
steps:
100-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
100+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
101101
with:
102102
ref: ${{ inputs.checkout-ref }}
103103
- uses: ./.github/actions/build-vault
@@ -209,7 +209,7 @@ jobs:
209209
name: (${{ matrix.goos }}, ${{ matrix.goarch }})
210210
runs-on: ${{ fromJSON(inputs.compute-build) }}
211211
steps:
212-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
212+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
213213
with:
214214
ref: ${{ inputs.checkout-ref }}
215215
- uses: ./.github/actions/build-vault
@@ -236,7 +236,7 @@ jobs:
236236
- core
237237
- extended
238238
steps:
239-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
239+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
240240
with:
241241
ref: ${{ inputs.checkout-ref }}
242242
- name: Determine status

.github/workflows/build.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ jobs:
104104
vault-version-package: ${{ steps.metadata.outputs.vault-version-package }}
105105
workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }}
106106
steps:
107-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
107+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
108108
# Make sure we check out correct ref based on PR labels and such
109109
- uses: ./.github/actions/checkout
110110
id: checkout
@@ -191,7 +191,7 @@ jobs:
191191
needs:
192192
- setup
193193
steps:
194-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
194+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
195195
# Get the elevated github token
196196
- id: vault-auth
197197
name: Vault Authenticate
@@ -295,7 +295,7 @@ jobs:
295295
outputs:
296296
cache-key: ui-${{ steps.ui-hash.outputs.ui-hash }}
297297
steps:
298-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
298+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
299299
with:
300300
ref: ${{ needs.setup.outputs.checkout-ref }}
301301
- name: Get UI hash
@@ -514,7 +514,7 @@ jobs:
514514
- test-containers
515515
- test-hcp-image
516516
steps:
517-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
517+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
518518
- id: disallow-merge-on-ce
519519
if: |
520520
needs.setup.outputs.workflow-trigger == 'pull_request' &&

.github/workflows/changelog-checker.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
if: "!contains(github.event.pull_request.labels.*.name, 'pr/no-changelog')"
1818
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
1919
steps:
20-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
20+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121
with:
2222
ref: ${{ github.event.pull_request.head.sha }}
2323
fetch-depth: 0 # by default the checkout action doesn't checkout all branches

.github/workflows/ci.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
labels: ${{ steps.metadata.outputs.labels }}
4040
workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }}
4141
steps:
42-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
42+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4343
# Make sure we check out correct ref based on PR labels and such
4444
- uses: ./.github/actions/checkout
4545
id: checkout
@@ -101,7 +101,7 @@ jobs:
101101
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
102102
steps:
103103
- name: Check out the .release/versions.hcl file from Vault Enterprise repository
104-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
104+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
105105
with:
106106
ref: ${{ needs.setup.outputs.checkout-ref }}
107107
sparse-checkout: |
@@ -264,7 +264,7 @@ jobs:
264264
contents: read
265265
runs-on: ${{ fromJSON(needs.setup.outputs.compute-test-ui) }}
266266
steps:
267-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
267+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
268268
name: status
269269
with:
270270
ref: ${{ needs.setup.outputs.checkout-ref }}
@@ -380,7 +380,7 @@ jobs:
380380
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
381381
permissions: write-all # Ensure we have id-token:write access for vault-auth.
382382
steps:
383-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
383+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
384384
# Determine the overall status of our required test jobs.
385385
- name: Determine status
386386
id: status

.github/workflows/code-checker.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
name: Setup
1818
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
1919
steps:
20-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
20+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121
- name: Ensure Go modules are cached
2222
uses: ./.github/actions/set-up-go
2323
with:
@@ -34,7 +34,7 @@ jobs:
3434
needs: setup
3535
if: github.base_ref == 'main'
3636
steps:
37-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
37+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3838
with:
3939
fetch-depth: 0
4040
- uses: ./.github/actions/set-up-go
@@ -51,7 +51,7 @@ jobs:
5151
needs: setup
5252
if: github.base_ref == 'main'
5353
steps:
54-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
54+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5555
with:
5656
fetch-depth: 0
5757
- uses: ./.github/actions/set-up-go
@@ -72,7 +72,7 @@ jobs:
7272
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
7373
needs: setup
7474
steps:
75-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
75+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7676
- uses: ./.github/actions/set-up-go
7777
with:
7878
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -86,7 +86,7 @@ jobs:
8686
runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ubuntu-latest-x64"]') }}
8787
needs: setup
8888
steps:
89-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
89+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
9090
- uses: ./.github/actions/set-up-go
9191
with:
9292
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -105,6 +105,6 @@ jobs:
105105
container:
106106
image: returntocorp/semgrep@sha256:cfad18cfb6536aa48ad5a71017207a10320b4e17e3b2bd7b7de27b42dc9651e7 #v1.58
107107
steps:
108-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
108+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
109109
- name: Run Semgrep Rules
110110
run: semgrep ci --include '*.go' --config 'tools/semgrep/ci'

0 commit comments

Comments
 (0)