diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index abe7e7237..817de2d37 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -10,6 +10,6 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: "Check workflow files" uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8 diff --git a/.github/workflows/build-vault-oss.yml b/.github/workflows/build-vault-oss.yml index eba7457c5..60480d53a 100644 --- a/.github/workflows/build-vault-oss.yml +++ b/.github/workflows/build-vault-oss.yml @@ -40,12 +40,12 @@ jobs: runs-on: ubuntu-latest name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }} steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version: ${{ inputs.go-version }} - name: Set up node and yarn - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version-file: './ui/package.json' cache: yarn @@ -68,7 +68,7 @@ jobs: env: BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip run: make ci-bundle - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.ARTIFACT_BASENAME }}.zip path: out/${{ env.ARTIFACT_BASENAME }}.zip @@ -96,13 +96,13 @@ jobs: echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV" echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV" - if: ${{ inputs.create-packages }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }} if-no-files-found: error - if: ${{ inputs.create-packages }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 59df8b239..ccf4a3519 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: outputs: is_docs_change: ${{ steps.get-changeddir.outputs.is_docs_change }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 # Use fetch depth 0 for comparing changes to base branch @@ -51,7 +51,7 @@ jobs: vault-version: ${{ steps.get-metadata.outputs.vault-version }} vault-base-version: ${{ steps.get-metadata.outputs.vault-base-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Get metadata id: get-metadata env: @@ -73,7 +73,7 @@ jobs: with: version: ${{ steps.get-metadata.outputs.vault-version }} product: ${{ steps.get-metadata.outputs.package-name }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: metadata.json path: ${{ steps.generate-metadata-file.outputs.filepath }} @@ -152,7 +152,7 @@ jobs: matrix: arch: [arm, arm64, 386, amd64] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: hashicorp/actions-docker-build@v1 with: version: ${{ needs.product-metadata.outputs.vault-version }} @@ -173,7 +173,7 @@ jobs: matrix: arch: [amd64] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: hashicorp/actions-docker-build@v1 with: version: ${{ needs.product-metadata.outputs.vault-version }} diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml index 285145ad3..155cc8eff 100644 --- a/.github/workflows/changelog-checker.yml +++ b/.github/workflows/changelog-checker.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 # by default the checkout action doesn't checkout all branches diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5e635bcb9..670a935f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,7 +54,7 @@ jobs: container: image: returntocorp/semgrep@sha256:ffc6f3567654f9431456d49fd059dfe548f007c494a7eb6cd5a1a3e50d813fb3 steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Run Semgrep Rules id: semgrep run: semgrep ci --include '*.go' --config 'tools/semgrep/ci' @@ -72,8 +72,8 @@ jobs: - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-tiny) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version cache: true @@ -92,7 +92,7 @@ jobs: if: ${{ needs.setup.outputs.enterprise != '' && github.base_ref != '' }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-tiny) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 - id: determine-branch @@ -209,20 +209,20 @@ jobs: contents: read runs-on: ${{ fromJSON(needs.setup.outputs.compute-larger) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version cache: true # Setup node.js without caching to allow running npm install -g yarn (next step) - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version-file: './ui/package.json' - id: install-yarn run: | npm install -g yarn # Setup node.js with caching using the yarn.lock file - - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version-file: './ui/package.json' cache: yarn @@ -230,7 +230,7 @@ jobs: - id: install-browser-libraries run: sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2 - id: install-browser - uses: browser-actions/setup-chrome@29abc1a83d1d71557708563b4bc962d0f983a376 + uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0 - id: ui-dependencies name: ui-dependencies working-directory: ./ui @@ -281,12 +281,12 @@ jobs: cd ui mkdir -p test-results/qunit yarn test:oss - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: test-results-ui path: ui/test-results if: always() - - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f + - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # TSCCR: no entry for repository "test-summary/action" with: paths: "ui/test-results/qunit/results.xml" show: "fail" diff --git a/.github/workflows/drepecated-functions-checker.yml b/.github/workflows/drepecated-functions-checker.yml index 72743a12e..853681b34 100644 --- a/.github/workflows/drepecated-functions-checker.yml +++ b/.github/workflows/drepecated-functions-checker.yml @@ -12,11 +12,11 @@ jobs: timeout-minutes: 30 steps: - name: Checkout code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 # by default the checkout action doesn't checkout all branches - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version cache: true diff --git a/.github/workflows/enos-fmt.yml b/.github/workflows/enos-fmt.yml index 298b2dc18..d3d5ade0d 100644 --- a/.github/workflows/enos-fmt.yml +++ b/.github/workflows/enos-fmt.yml @@ -15,7 +15,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: hashicorp/setup-terraform@v2 with: terraform_wrapper: false diff --git a/.github/workflows/enos-release-testing-oss.yml b/.github/workflows/enos-release-testing-oss.yml index cf2997bd0..a39bab7aa 100644 --- a/.github/workflows/enos-release-testing-oss.yml +++ b/.github/workflows/enos-release-testing-oss.yml @@ -15,7 +15,7 @@ jobs: vault-revision: ${{ steps.get-metadata.outputs.vault-revision }} vault-version: ${{ steps.get-metadata.outputs.vault-version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: # Check out the repository at the same Git SHA that was used to create # the artifacts to get the correct metadata. diff --git a/.github/workflows/enos-run-k8s.yml b/.github/workflows/enos-run-k8s.yml index e5200d025..6af4d0393 100644 --- a/.github/workflows/enos-run-k8s.yml +++ b/.github/workflows/enos-run-k8s.yml @@ -31,7 +31,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up Terraform uses: hashicorp/setup-terraform@v2 with: @@ -44,7 +44,7 @@ jobs: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Download Docker Image id: download - uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ inputs.artifact-name }} path: ./enos/support/downloads diff --git a/.github/workflows/godoc-test-checker.yml b/.github/workflows/godoc-test-checker.yml index c23f46b3f..e56ebda42 100644 --- a/.github/workflows/godoc-test-checker.yml +++ b/.github/workflows/godoc-test-checker.yml @@ -11,11 +11,11 @@ jobs: godoc-test-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 - name: Set Up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: cache: true go-version-file: ./.go-version diff --git a/.github/workflows/milestone-checker.yml b/.github/workflows/milestone-checker.yml index d3d9b48ab..b23ce6081 100644 --- a/.github/workflows/milestone-checker.yml +++ b/.github/workflows/milestone-checker.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Actions - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: repository: "grafana/grafana-github-actions" path: ./actions diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml index d49550ff5..dd6f3392f 100644 --- a/.github/workflows/oss.yml +++ b/.github/workflows/oss.yml @@ -19,9 +19,9 @@ jobs: runs-on: ubuntu-latest steps: - if: github.event.pull_request != null - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - if: github.event.pull_request != null - uses: dorny/paths-filter@v2 + uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: changes with: # derived from CODEOWNERS @@ -68,7 +68,7 @@ jobs: - if: github.event.pull_request != null && steps.changes.outputs.ui == 'true' run: echo "PROJECT=171" >> "$GITHUB_ENV" - - uses: actions/add-to-project@v0.3.0 + - uses: actions/add-to-project@v0.3.0 # TSCCR: no entry for repository "actions/add-to-project" with: project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }} github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }} diff --git a/.github/workflows/remove-labels.yml b/.github/workflows/remove-labels.yml index 7531e9fda..014b6752a 100644 --- a/.github/workflows/remove-labels.yml +++ b/.github/workflows/remove-labels.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Remove triaging labels from closed issues and PRs - uses: actions-ecosystem/action-remove-labels@v1 + uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0 with: labels: | waiting-for-response \ No newline at end of file diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index b00c84cfc..a3eb065cf 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -13,20 +13,20 @@ jobs: runs-on: ['linux', 'large'] if: ${{ github.actor != 'dependabot[bot]' || github.actor != 'hc-github-team-secure-vault-core' }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version: 1.18 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0 with: python-version: 3.x - name: Clone Security Scanner repo - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: repository: hashicorp/security-scanner token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }} @@ -77,6 +77,6 @@ jobs: cat results.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@9a866ed4524fc3422c3af1e446dab8efa3503411 # codeql-bundle-20230418 with: sarif_file: results.sarif diff --git a/.github/workflows/setup-go-cache.yml b/.github/workflows/setup-go-cache.yml index 3b8040a20..6d8096c5d 100644 --- a/.github/workflows/setup-go-cache.yml +++ b/.github/workflows/setup-go-cache.yml @@ -8,10 +8,10 @@ jobs: setup-go-cache: runs-on: ${{ fromJSON(inputs.runs-on) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c #v3.3.0 as of 2023-01-18 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - id: setup-go name: Setup go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 #v3.4.0 as of 2022-12-07 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version cache: true diff --git a/.github/workflows/stable-website.yaml b/.github/workflows/stable-website.yaml index 914e814f2..1447151d7 100644 --- a/.github/workflows/stable-website.yaml +++ b/.github/workflows/stable-website.yaml @@ -10,7 +10,7 @@ jobs: name: Cherry pick to stable-website branch steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: ref: stable-website - run: | diff --git a/.github/workflows/test-ci-bootstrap.yml b/.github/workflows/test-ci-bootstrap.yml index ec3f2c934..a0efa8ddf 100644 --- a/.github/workflows/test-ci-bootstrap.yml +++ b/.github/workflows/test-ci-bootstrap.yml @@ -24,11 +24,11 @@ jobs: TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up Terraform uses: hashicorp/setup-terraform@v2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-ci-cleanup.yml b/.github/workflows/test-ci-cleanup.yml index 3afdb7229..0e3c90dd3 100644 --- a/.github/workflows/test-ci-cleanup.yml +++ b/.github/workflows/test-ci-cleanup.yml @@ -11,7 +11,7 @@ jobs: regions: ${{steps.setup.outputs.regions}} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -40,7 +40,7 @@ jobs: steps: - name: Configure AWS credentials id: aws-configure - uses: aws-actions/configure-aws-credentials@v1-node16 + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -49,7 +49,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 mask-aws-account-id: false - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Configure run: | cp enos/ci/aws-nuke.yml . @@ -75,7 +75,7 @@ jobs: region: ${{ fromJSON(needs.setup.outputs.regions) }} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-enos-scenario-ui.yml b/.github/workflows/test-enos-scenario-ui.yml index 035d20957..53ae5f9c9 100644 --- a/.github/workflows/test-enos-scenario-ui.yml +++ b/.github/workflows/test-enos-scenario-ui.yml @@ -35,7 +35,7 @@ jobs: runs-on: ${{ steps.get-metadata.outputs.runs-on }} vault_edition: ${{ steps.get-metadata.outputs.vault_edition }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - id: get-metadata env: IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }} @@ -67,9 +67,9 @@ jobs: GOPRIVATE: github.com/hashicorp steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set Up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version - uses: hashicorp/action-setup-enos@v1 @@ -78,7 +78,7 @@ jobs: - name: Set Up Git run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com" - name: Set Up Node - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version-file: './ui/package.json' - name: Set Up Terraform @@ -104,12 +104,12 @@ jobs: sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2 - name: Install Chrome if: steps.chrome-check.outputs.chrome-version == 'not-installed' - uses: browser-actions/setup-chrome@v1 + uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0 - name: Installed Chrome Version run: | echo "Installed Chrome Version = [$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null)]" - name: Configure AWS credentials from Test account - uses: aws-actions/configure-aws-credentials@v1-node16 + uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index e98bd1d35..53490bdac 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -40,7 +40,7 @@ jobs: runs-on: ${{ fromJSON(inputs.runs-on) }} name: Verify Test Package Distribution steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - id: test working-directory: .github/scripts run: | @@ -80,8 +80,8 @@ jobs: GOPRIVATE: github.com/hashicorp/* TIMEOUT_IN_MINUTES: 60 steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version cache: true @@ -205,13 +205,13 @@ jobs: datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results.xml if: always() - name: Archive test results - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: test-results-${{ matrix.runner-index }} path: test-results/ if: always() - name: Create a summary of tests - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f + uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # TSCCR: no entry for repository "test-summary/action" with: paths: "test-results/go-test/results.xml" show: "fail" diff --git a/.github/workflows/test-run-acc-tests-for-path.yml b/.github/workflows/test-run-acc-tests-for-path.yml index f82b32c56..10d539e7d 100644 --- a/.github/workflows/test-run-acc-tests-for-path.yml +++ b/.github/workflows/test-run-acc-tests-for-path.yml @@ -20,13 +20,13 @@ jobs: go-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set Up Go - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version - run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt - - uses: actions/upload-artifact@b7f8abb1508181956e8e162db84b466c27e18ce + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ inputs.name }}-output path: ${{ inputs.name }}.txt diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index b40b6b50b..7a1abd7bc 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -72,7 +72,7 @@ jobs: MATRIX_FILE: ./.github/enos-run-matrices/${{ inputs.matrix-file-name }}.json MATRIX_TEST_GROUP: ${{ inputs.matrix-test-group }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: ref: ${{ inputs.vault-revision }} - id: metadata @@ -106,13 +106,13 @@ jobs: ENOS_VAR_vault_license_path: ./support/vault.hclic ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: hashicorp/setup-terraform@v2 with: # the Terraform wrapper will break Terraform execution in Enos because # it changes the output to text when we expect it to be JSON. terraform_wrapper: false - - uses: aws-actions/configure-aws-credentials@v1-node16 + - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -131,7 +131,7 @@ jobs: chmod 600 "./enos/support/private_key.pem" echo "debug_data_artifact_name=enos-debug-data_$(echo "${{ matrix.scenario }}" | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT" - if: contains(inputs.matrix-file-name, 'github') - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ inputs.build-artifact-name }} path: ./enos/support/downloads @@ -150,7 +150,7 @@ jobs: run: enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }} - name: Upload Debug Data if: failure() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} diff --git a/enos/ci/service-user-iam/service-quotas.tf b/enos/ci/service-user-iam/service-quotas.tf index 656e38e2c..3044d4177 100644 --- a/enos/ci/service-user-iam/service-quotas.tf +++ b/enos/ci/service-user-iam/service-quotas.tf @@ -9,35 +9,35 @@ locals { } resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_1" { - provider = aws.us_east_2 + provider = aws.us_east_1 quota_code = local.subnets_per_vpcs_quota service_code = "vpc" - value = 50 + value = 100 } resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_2" { provider = aws.us_east_2 quota_code = local.subnets_per_vpcs_quota service_code = "vpc" - value = 50 + value = 100 } resource "aws_servicequotas_service_quota" "vpcs_per_region_us_west_1" { provider = aws.us_west_1 quota_code = local.subnets_per_vpcs_quota service_code = "vpc" - value = 50 + value = 100 } resource "aws_servicequotas_service_quota" "vpcs_per_region_us_west_2" { provider = aws.us_west_2 quota_code = local.subnets_per_vpcs_quota service_code = "vpc" - value = 50 + value = 100 } resource "aws_servicequotas_service_quota" "spot_requests_per_region_us_east_1" { - provider = aws.us_east_2 + provider = aws.us_east_1 quota_code = local.standard_spot_instance_requests_quota service_code = "ec2" value = 640