luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

ci: request vpc quota increase (#20360) 

* Fix regions on two service quotas
* Request an increase in VPCs per region
* Pin github actions workflows

Signed-off-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
Ryan Cragun 2023-05-22 11:18:06 -06:00 committed by GitHub
parent dc8d2af2d8
commit 1e752e0cba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 76 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/actionlint.yml vendored
View File

@ -10,6 +10,6 @@ jobs:
actionlint: actionlint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: "Check workflow files" - name: "Check workflow files"
uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8 uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8

12
.github/workflows/build-vault-oss.yml vendored
View File

@ -40,12 +40,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }} name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/setup-go@v3 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: ${{ inputs.go-version }} go-version: ${{ inputs.go-version }}
- name: Set up node and yarn - name: Set up node and yarn
uses: actions/setup-node@v3 uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with: with:
node-version-file: './ui/package.json' node-version-file: './ui/package.json'
cache: yarn cache: yarn
@ -68,7 +68,7 @@ jobs:
env: env:
BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip
run: make ci-bundle run: make ci-bundle
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: ${{ env.ARTIFACT_BASENAME }}.zip name: ${{ env.ARTIFACT_BASENAME }}.zip
path: out/${{ env.ARTIFACT_BASENAME }}.zip path: out/${{ env.ARTIFACT_BASENAME }}.zip
@ -96,13 +96,13 @@ jobs:
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV" echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV" echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
- if: ${{ inputs.create-packages }} - if: ${{ inputs.create-packages }}
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: ${{ env.RPM_PACKAGE }} name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }}
if-no-files-found: error if-no-files-found: error
- if: ${{ inputs.create-packages }} - if: ${{ inputs.create-packages }}
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: ${{ env.DEB_PACKAGE }} name: ${{ env.DEB_PACKAGE }}
path: out/${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }}

10
.github/workflows/build.yml vendored
View File

@ -22,7 +22,7 @@ jobs:
outputs: outputs:
is_docs_change: ${{ steps.get-changeddir.outputs.is_docs_change }} is_docs_change: ${{ steps.get-changeddir.outputs.is_docs_change }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # Use fetch depth 0 for comparing changes to base branch fetch-depth: 0 # Use fetch depth 0 for comparing changes to base branch
@ -51,7 +51,7 @@ jobs:
vault-version: ${{ steps.get-metadata.outputs.vault-version }} vault-version: ${{ steps.get-metadata.outputs.vault-version }}
vault-base-version: ${{ steps.get-metadata.outputs.vault-base-version }} vault-base-version: ${{ steps.get-metadata.outputs.vault-base-version }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Get metadata - name: Get metadata
id: get-metadata id: get-metadata
env: env:
@ -73,7 +73,7 @@ jobs:
with: with:
version: ${{ steps.get-metadata.outputs.vault-version }} version: ${{ steps.get-metadata.outputs.vault-version }}
product: ${{ steps.get-metadata.outputs.package-name }} product: ${{ steps.get-metadata.outputs.package-name }}
- uses: actions/upload-artifact@v3 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: metadata.json name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }} path: ${{ steps.generate-metadata-file.outputs.filepath }}
@ -152,7 +152,7 @@ jobs:
matrix: matrix:
arch: [arm, arm64, 386, amd64] arch: [arm, arm64, 386, amd64]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: hashicorp/actions-docker-build@v1 - uses: hashicorp/actions-docker-build@v1
with: with:
version: ${{ needs.product-metadata.outputs.vault-version }} version: ${{ needs.product-metadata.outputs.vault-version }}
@ -173,7 +173,7 @@ jobs:
matrix: matrix:
arch: [amd64] arch: [amd64]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: hashicorp/actions-docker-build@v1 - uses: hashicorp/actions-docker-build@v1
with: with:
version: ${{ needs.product-metadata.outputs.vault-version }} version: ${{ needs.product-metadata.outputs.vault-version }}

2
.github/workflows/changelog-checker.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # by default the checkout action doesn't checkout all branches fetch-depth: 0 # by default the checkout action doesn't checkout all branches

22
.github/workflows/ci.yml vendored
View File

@ -54,7 +54,7 @@ jobs:
container: container:
image: returntocorp/semgrep@sha256:ffc6f3567654f9431456d49fd059dfe548f007c494a7eb6cd5a1a3e50d813fb3 image: returntocorp/semgrep@sha256:ffc6f3567654f9431456d49fd059dfe548f007c494a7eb6cd5a1a3e50d813fb3
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run Semgrep Rules - name: Run Semgrep Rules
id: semgrep id: semgrep
run: semgrep ci --include '*.go' --config 'tools/semgrep/ci' run: semgrep ci --include '*.go' --config 'tools/semgrep/ci'
@ -72,8 +72,8 @@ jobs:
- setup - setup
runs-on: ${{ fromJSON(needs.setup.outputs.compute-tiny) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-tiny) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version-file: ./.go-version go-version-file: ./.go-version
cache: true cache: true
@ -92,7 +92,7 @@ jobs:
if: ${{ needs.setup.outputs.enterprise != '' && github.base_ref != '' }} if: ${{ needs.setup.outputs.enterprise != '' && github.base_ref != '' }}
runs-on: ${{ fromJSON(needs.setup.outputs.compute-tiny) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-tiny) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
fetch-depth: 0 fetch-depth: 0
- id: determine-branch - id: determine-branch
@ -209,20 +209,20 @@ jobs:
contents: read contents: read
runs-on: ${{ fromJSON(needs.setup.outputs.compute-larger) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-larger) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version-file: ./.go-version go-version-file: ./.go-version
cache: true cache: true
# Setup node.js without caching to allow running npm install -g yarn (next step) # Setup node.js without caching to allow running npm install -g yarn (next step)
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with: with:
node-version-file: './ui/package.json' node-version-file: './ui/package.json'
- id: install-yarn - id: install-yarn
run: | run: |
npm install -g yarn npm install -g yarn
# Setup node.js with caching using the yarn.lock file # Setup node.js with caching using the yarn.lock file
- uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with: with:
node-version-file: './ui/package.json' node-version-file: './ui/package.json'
cache: yarn cache: yarn
@ -230,7 +230,7 @@ jobs:
- id: install-browser-libraries - id: install-browser-libraries
run: sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2 run: sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
- id: install-browser - id: install-browser
uses: browser-actions/setup-chrome@29abc1a83d1d71557708563b4bc962d0f983a376 uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0
- id: ui-dependencies - id: ui-dependencies
name: ui-dependencies name: ui-dependencies
working-directory: ./ui working-directory: ./ui
@ -281,12 +281,12 @@ jobs:
cd ui cd ui
mkdir -p test-results/qunit mkdir -p test-results/qunit
yarn test:oss yarn test:oss
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: test-results-ui name: test-results-ui
path: ui/test-results path: ui/test-results
if: always() if: always()
- uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # TSCCR: no entry for repository "test-summary/action"
with: with:
paths: "ui/test-results/qunit/results.xml" paths: "ui/test-results/qunit/results.xml"
show: "fail" show: "fail"

4
.github/workflows/drepecated-functions-checker.yml vendored
View File

@ -12,11 +12,11 @@ jobs:
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
fetch-depth: 0 # by default the checkout action doesn't checkout all branches fetch-depth: 0 # by default the checkout action doesn't checkout all branches
- name: Setup Go - name: Setup Go
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 #v4 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version-file: ./.go-version go-version-file: ./.go-version
cache: true cache: true

2
.github/workflows/enos-fmt.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
env: env:
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: hashicorp/setup-terraform@v2 - uses: hashicorp/setup-terraform@v2
with: with:
terraform_wrapper: false terraform_wrapper: false

2
.github/workflows/enos-release-testing-oss.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
vault-revision: ${{ steps.get-metadata.outputs.vault-revision }} vault-revision: ${{ steps.get-metadata.outputs.vault-revision }}
vault-version: ${{ steps.get-metadata.outputs.vault-version }} vault-version: ${{ steps.get-metadata.outputs.vault-version }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
# Check out the repository at the same Git SHA that was used to create # Check out the repository at the same Git SHA that was used to create
# the artifacts to get the correct metadata. # the artifacts to get the correct metadata.

4
.github/workflows/enos-run-k8s.yml vendored
View File

@ -31,7 +31,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Terraform - name: Set up Terraform
uses: hashicorp/setup-terraform@v2 uses: hashicorp/setup-terraform@v2
with: with:
@ -44,7 +44,7 @@ jobs:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- name: Download Docker Image - name: Download Docker Image
id: download id: download
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: ${{ inputs.artifact-name }} name: ${{ inputs.artifact-name }}
path: ./enos/support/downloads path: ./enos/support/downloads

4
.github/workflows/godoc-test-checker.yml vendored
View File

@ -11,11 +11,11 @@ jobs:
godoc-test-check: godoc-test-check:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set Up Go - name: Set Up Go
uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
cache: true cache: true
go-version-file: ./.go-version go-version-file: ./.go-version

2
.github/workflows/milestone-checker.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Actions - name: Checkout Actions
uses: actions/checkout@v3 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
repository: "grafana/grafana-github-actions" repository: "grafana/grafana-github-actions"
path: ./actions path: ./actions

6
.github/workflows/oss.yml vendored
View File

@ -19,9 +19,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- if: github.event.pull_request != null - if: github.event.pull_request != null
uses: actions/checkout@v3 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- if: github.event.pull_request != null - if: github.event.pull_request != null
uses: dorny/paths-filter@v2 uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes id: changes
with: with:
# derived from CODEOWNERS # derived from CODEOWNERS
@ -68,7 +68,7 @@ jobs:
- if: github.event.pull_request != null && steps.changes.outputs.ui == 'true' - if: github.event.pull_request != null && steps.changes.outputs.ui == 'true'
run: echo "PROJECT=171" >> "$GITHUB_ENV" run: echo "PROJECT=171" >> "$GITHUB_ENV"
- uses: actions/add-to-project@v0.3.0 - uses: actions/add-to-project@v0.3.0 # TSCCR: no entry for repository "actions/add-to-project"
with: with:
project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }} project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }}
github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }} github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }}

2
.github/workflows/remove-labels.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Remove triaging labels from closed issues and PRs - name: Remove triaging labels from closed issues and PRs
uses: actions-ecosystem/action-remove-labels@v1 uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
with: with:
labels: | labels: |
waiting-for-response waiting-for-response

10
.github/workflows/security-scan.yml vendored
View File

@ -13,20 +13,20 @@ jobs:
runs-on: ['linux', 'large'] runs-on: ['linux', 'large']
if: ${{ github.actor != 'dependabot[bot]' || github.actor != 'hc-github-team-secure-vault-core' }} if: ${{ github.actor != 'dependabot[bot]' || github.actor != 'hc-github-team-secure-vault-core' }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v3 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version: 1.18 go-version: 1.18
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v4 uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0
with: with:
python-version: 3.x python-version: 3.x
- name: Clone Security Scanner repo - name: Clone Security Scanner repo
uses: actions/checkout@v3 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
repository: hashicorp/security-scanner repository: hashicorp/security-scanner
token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }} token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }}
@ -77,6 +77,6 @@ jobs:
cat results.sarif cat results.sarif
- name: Upload SARIF file - name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@9a866ed4524fc3422c3af1e446dab8efa3503411 # codeql-bundle-20230418
with: with:
sarif_file: results.sarif sarif_file: results.sarif

4
.github/workflows/setup-go-cache.yml vendored
View File

@ -8,10 +8,10 @@ jobs:
setup-go-cache: setup-go-cache:
runs-on: ${{ fromJSON(inputs.runs-on) }} runs-on: ${{ fromJSON(inputs.runs-on) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c #v3.3.0 as of 2023-01-18 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- id: setup-go - id: setup-go
name: Setup go name: Setup go
uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 #v3.4.0 as of 2022-12-07 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version-file: ./.go-version go-version-file: ./.go-version
cache: true cache: true

2
.github/workflows/stable-website.yaml vendored
View File

@ -10,7 +10,7 @@ jobs:
name: Cherry pick to stable-website branch name: Cherry pick to stable-website branch
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
ref: stable-website ref: stable-website
- run: | - run: |

4
.github/workflows/test-ci-bootstrap.yml vendored
View File

@ -24,11 +24,11 @@ jobs:
TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }}
TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set up Terraform - name: Set up Terraform
uses: hashicorp/setup-terraform@v2 uses: hashicorp/setup-terraform@v2
- name: Configure AWS credentials - name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1 uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}

8
.github/workflows/test-ci-cleanup.yml vendored
View File

@ -11,7 +11,7 @@ jobs:
regions: ${{steps.setup.outputs.regions}} regions: ${{steps.setup.outputs.regions}}
steps: steps:
- name: Configure AWS credentials - name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16 uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
@ -40,7 +40,7 @@ jobs:
steps: steps:
- name: Configure AWS credentials - name: Configure AWS credentials
id: aws-configure id: aws-configure
uses: aws-actions/configure-aws-credentials@v1-node16 uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
@ -49,7 +49,7 @@ jobs:
role-skip-session-tagging: true role-skip-session-tagging: true
role-duration-seconds: 3600 role-duration-seconds: 3600
mask-aws-account-id: false mask-aws-account-id: false
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Configure - name: Configure
run: | run: |
cp enos/ci/aws-nuke.yml . cp enos/ci/aws-nuke.yml .
@ -75,7 +75,7 @@ jobs:
region: ${{ fromJSON(needs.setup.outputs.regions) }} region: ${{ fromJSON(needs.setup.outputs.regions) }}
steps: steps:
- name: Configure AWS credentials - name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16 uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}

12
.github/workflows/test-enos-scenario-ui.yml vendored
View File

@ -35,7 +35,7 @@ jobs:
runs-on: ${{ steps.get-metadata.outputs.runs-on }} runs-on: ${{ steps.get-metadata.outputs.runs-on }}
vault_edition: ${{ steps.get-metadata.outputs.vault_edition }} vault_edition: ${{ steps.get-metadata.outputs.vault_edition }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- id: get-metadata - id: get-metadata
env: env:
IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }} IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }}
@ -67,9 +67,9 @@ jobs:
GOPRIVATE: github.com/hashicorp GOPRIVATE: github.com/hashicorp
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set Up Go - name: Set Up Go
uses: actions/setup-go@v3 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version-file: ./.go-version go-version-file: ./.go-version
- uses: hashicorp/action-setup-enos@v1 - uses: hashicorp/action-setup-enos@v1
@ -78,7 +78,7 @@ jobs:
- name: Set Up Git - name: Set Up Git
run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.elevated_github_token }}:@github.com".insteadOf "https://github.com"
- name: Set Up Node - name: Set Up Node
uses: actions/setup-node@v3 uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with: with:
node-version-file: './ui/package.json' node-version-file: './ui/package.json'
- name: Set Up Terraform - name: Set Up Terraform
@ -104,12 +104,12 @@ jobs:
sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2 sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
- name: Install Chrome - name: Install Chrome
if: steps.chrome-check.outputs.chrome-version == 'not-installed' if: steps.chrome-check.outputs.chrome-version == 'not-installed'
uses: browser-actions/setup-chrome@v1 uses: browser-actions/setup-chrome@c485fa3bab6be59dce18dbc18ef6ab7cbc8ff5f1 # v1.2.0
- name: Installed Chrome Version - name: Installed Chrome Version
run: | run: |
echo "Installed Chrome Version = [$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null)]" echo "Installed Chrome Version = [$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null)]"
- name: Configure AWS credentials from Test account - name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1-node16 uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}

10
.github/workflows/test-go.yml vendored
View File

@ -40,7 +40,7 @@ jobs:
runs-on: ${{ fromJSON(inputs.runs-on) }} runs-on: ${{ fromJSON(inputs.runs-on) }}
name: Verify Test Package Distribution name: Verify Test Package Distribution
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- id: test - id: test
working-directory: .github/scripts working-directory: .github/scripts
run: | run: |
@ -80,8 +80,8 @@ jobs:
GOPRIVATE: github.com/hashicorp/* GOPRIVATE: github.com/hashicorp/*
TIMEOUT_IN_MINUTES: 60 TIMEOUT_IN_MINUTES: 60
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version-file: ./.go-version go-version-file: ./.go-version
cache: true cache: true
@ -205,13 +205,13 @@ jobs:
datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results.xml datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results.xml
if: always() if: always()
- name: Archive test results - name: Archive test results
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: test-results-${{ matrix.runner-index }} name: test-results-${{ matrix.runner-index }}
path: test-results/ path: test-results/
if: always() if: always()
- name: Create a summary of tests - name: Create a summary of tests
uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # TSCCR: no entry for repository "test-summary/action"
with: with:
paths: "test-results/go-test/results.xml" paths: "test-results/go-test/results.xml"
show: "fail" show: "fail"

6
.github/workflows/test-run-acc-tests-for-path.yml vendored
View File

@ -20,13 +20,13 @@ jobs:
go-test: go-test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set Up Go - name: Set Up Go
uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613 uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with: with:
go-version-file: ./.go-version go-version-file: ./.go-version
- run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt - run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt
- uses: actions/upload-artifact@b7f8abb1508181956e8e162db84b466c27e18ce - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: ${{ inputs.name }}-output name: ${{ inputs.name }}-output
path: ${{ inputs.name }}.txt path: ${{ inputs.name }}.txt

10
.github/workflows/test-run-enos-scenario-matrix.yml vendored
View File

@ -72,7 +72,7 @@ jobs:
MATRIX_FILE: ./.github/enos-run-matrices/${{ inputs.matrix-file-name }}.json MATRIX_FILE: ./.github/enos-run-matrices/${{ inputs.matrix-file-name }}.json
MATRIX_TEST_GROUP: ${{ inputs.matrix-test-group }} MATRIX_TEST_GROUP: ${{ inputs.matrix-test-group }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with: with:
ref: ${{ inputs.vault-revision }} ref: ${{ inputs.vault-revision }}
- id: metadata - id: metadata
@ -106,13 +106,13 @@ jobs:
ENOS_VAR_vault_license_path: ./support/vault.hclic ENOS_VAR_vault_license_path: ./support/vault.hclic
ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: hashicorp/setup-terraform@v2 - uses: hashicorp/setup-terraform@v2
with: with:
# the Terraform wrapper will break Terraform execution in Enos because # the Terraform wrapper will break Terraform execution in Enos because
# it changes the output to text when we expect it to be JSON. # it changes the output to text when we expect it to be JSON.
terraform_wrapper: false terraform_wrapper: false
- uses: aws-actions/configure-aws-credentials@v1-node16 - uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with: with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}
@ -131,7 +131,7 @@ jobs:
chmod 600 "./enos/support/private_key.pem" chmod 600 "./enos/support/private_key.pem"
echo "debug_data_artifact_name=enos-debug-data_$(echo "${{ matrix.scenario }}" | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT" echo "debug_data_artifact_name=enos-debug-data_$(echo "${{ matrix.scenario }}" | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT"
- if: contains(inputs.matrix-file-name, 'github') - if: contains(inputs.matrix-file-name, 'github')
uses: actions/download-artifact@v3 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: ${{ inputs.build-artifact-name }} name: ${{ inputs.build-artifact-name }}
path: ./enos/support/downloads path: ./enos/support/downloads
@ -150,7 +150,7 @@ jobs:
run: enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }} run: enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
- name: Upload Debug Data - name: Upload Debug Data
if: failure() if: failure()
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
# The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals.
name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }}

12
enos/ci/service-user-iam/service-quotas.tf
View File

@ -9,35 +9,35 @@ locals {
} }
resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_1" { resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_1" {
provider = aws.us_east_2 provider = aws.us_east_1
quota_code = local.subnets_per_vpcs_quota quota_code = local.subnets_per_vpcs_quota
service_code = "vpc" service_code = "vpc"
value = 50 value = 100
} }
resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_2" { resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_2" {
provider = aws.us_east_2 provider = aws.us_east_2
quota_code = local.subnets_per_vpcs_quota quota_code = local.subnets_per_vpcs_quota
service_code = "vpc" service_code = "vpc"
value = 50 value = 100
} }
resource "aws_servicequotas_service_quota" "vpcs_per_region_us_west_1" { resource "aws_servicequotas_service_quota" "vpcs_per_region_us_west_1" {
provider = aws.us_west_1 provider = aws.us_west_1
quota_code = local.subnets_per_vpcs_quota quota_code = local.subnets_per_vpcs_quota
service_code = "vpc" service_code = "vpc"
value = 50 value = 100
} }
resource "aws_servicequotas_service_quota" "vpcs_per_region_us_west_2" { resource "aws_servicequotas_service_quota" "vpcs_per_region_us_west_2" {
provider = aws.us_west_2 provider = aws.us_west_2
quota_code = local.subnets_per_vpcs_quota quota_code = local.subnets_per_vpcs_quota
service_code = "vpc" service_code = "vpc"
value = 50 value = 100
} }
resource "aws_servicequotas_service_quota" "spot_requests_per_region_us_east_1" { resource "aws_servicequotas_service_quota" "spot_requests_per_region_us_east_1" {
provider = aws.us_east_2 provider = aws.us_east_1
quota_code = local.standard_spot_instance_requests_quota quota_code = local.standard_spot_instance_requests_quota
service_code = "ec2" service_code = "ec2"
value = 640 value = 640