Update actions/checkout to 4.1.7 (#27636)

2025-08-22 15:11:07 +02:00 · 2024-07-02 09:25:21 -04:00 · 2024-07-02 09:25:21 -04:00 · 64ce6e74da
commit 64ce6e74da
parent 4721c7b650
23 changed files with 39 additions and 39 deletions
--- a/.github/actions/changed-files/action.yml
+++ b/.github/actions/changed-files/action.yml
@ -53,7 +53,7 @@ runs:
          checkout_ref='${{ github.ref }}'
        fi
        echo "ref=${checkout_ref}" | tee -a "$GITHUB_OUTPUT"
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        repository: ${{ github.repository }}
        path: "changed-files"
--- a/.github/actions/checkout/action.yml
+++ b/.github/actions/checkout/action.yml
@ -70,7 +70,7 @@ runs:
          echo "ref=${checkout_ref}"
          echo "depth=${fetch_depth}"
        } | tee -a "$GITHUB_OUTPUT"
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        path: ${{ inputs.path }}
        fetch-depth: ${{ steps.ref.outputs.depth }}
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@ -14,7 +14,7 @@ jobs:
  actionlint:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: "Check workflow files"
        uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8
        with:
--- a/.github/workflows/build-artifacts-ce.yml
+++ b/.github/workflows/build-artifacts-ce.yml
@ -98,7 +98,7 @@ jobs:
    runs-on: ${{ fromJSON(inputs.compute-build) }}
    name: (${{ matrix.goos }}, ${{ matrix.goarch }})
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ inputs.checkout-ref }}
      - uses: ./.github/actions/build-vault
@ -200,7 +200,7 @@ jobs:
    name: (${{ matrix.goos }}, ${{ matrix.goarch }}${{ matrix.goarm && ' ' || '' }}${{ matrix.goarm }})
    runs-on: ${{ fromJSON(inputs.compute-build) }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ inputs.checkout-ref }}
      - uses: ./.github/actions/build-vault
@ -228,7 +228,7 @@ jobs:
      - core
      - extended
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ inputs.checkout-ref }}
      - name: Determine status
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -105,7 +105,7 @@ jobs:
      workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }}
    steps:
      # Run the changed-files action to determine what Git reference we should check out
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: ./.github/actions/changed-files
        id: changed-files
      - uses: ./.github/actions/checkout
@ -159,7 +159,7 @@ jobs:
    outputs:
      cache-key: ui-${{ steps.ui-hash.outputs.ui-hash }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ needs.setup.outputs.checkout-ref }}
      - name: Get UI hash
@ -291,7 +291,7 @@ jobs:
      - test
      - test-containers
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - id: status
        name: Determine status
        run: |
--- a/.github/workflows/changelog-checker.yml
+++ b/.github/workflows/changelog-checker.yml
@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0 # by default the checkout action doesn't checkout all branches
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -33,7 +33,7 @@ jobs:
      ui-changed: ${{ steps.changed-files.outputs.ui-changed }}
      workflow-trigger: ${{ steps.metadata.outputs.workflow-trigger }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: ./.github/actions/changed-files
        id: changed-files
      - uses: ./.github/actions/checkout
@ -146,7 +146,7 @@ jobs:
      contents: read
    runs-on: ${{ fromJSON(needs.setup.outputs.compute-test-ui) }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        name: status
        with:
          ref: ${{ needs.setup.outputs.checkout-ref }}
@ -229,7 +229,7 @@ jobs:
    runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","linux","small"]') }}
    permissions: write-all # Ensure we have id-token:write access for vault-auth.
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      # Determine the overall status of our required test jobs.
      - name: Determine status
        id: status
--- a/.github/workflows/code-checker.yml
+++ b/.github/workflows/code-checker.yml
@ -17,7 +17,7 @@ jobs:
    name: Setup
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Ensure Go modules are cached
        uses: ./.github/actions/set-up-go
        with:
@ -30,7 +30,7 @@ jobs:
    needs: setup
    if: github.base_ref == 'main'
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0
      - uses: ./.github/actions/set-up-go
@ -46,7 +46,7 @@ jobs:
    needs: setup
    if: github.base_ref == 'main'
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0
      - uses: ./.github/actions/set-up-go
@ -66,7 +66,7 @@ jobs:
    runs-on: ubuntu-latest
    needs: setup
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: ./.github/actions/set-up-go
        with:
          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@ -79,7 +79,7 @@ jobs:
    runs-on: ubuntu-latest
    needs: setup
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: ./.github/actions/install-external-tools # for buf and gofumpt
      - uses: ./.github/actions/set-up-go
        with:
@ -97,6 +97,6 @@ jobs:
    container:
      image: returntocorp/semgrep@sha256:cfad18cfb6536aa48ad5a71017207a10320b4e17e3b2bd7b7de27b42dc9651e7 #v1.58
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Run Semgrep Rules
        run: semgrep ci --include '*.go' --config 'tools/semgrep/ci'
--- a/.github/workflows/copywrite.yml
+++ b/.github/workflows/copywrite.yml
@ -12,7 +12,7 @@ jobs:
  copywrite:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3
        name: Setup Copywrite
        with:
--- a/.github/workflows/enos-lint.yml
+++ b/.github/workflows/enos-lint.yml
@ -17,7 +17,7 @@ jobs:
      runs-on: ${{ steps.metadata.outputs.runs-on }}
      version: ${{ steps.metadata.outputs.version }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - id: set-product-version
        uses: hashicorp/actions-set-product-version@v2
      - id: metadata
@ -37,7 +37,7 @@ jobs:
      GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
      ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: hashicorp/setup-terraform@v3
        with:
          terraform_wrapper: false
--- a/.github/workflows/enos-release-testing-oss.yml
+++ b/.github/workflows/enos-release-testing-oss.yml
@ -15,7 +15,7 @@ jobs:
      vault-version: ${{ github.event.client_payload.payload.version }}
      vault-version-package: ${{ steps.get-metadata.outputs.vault-version-package }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          # Check out the repository at the same Git SHA that was used to create
          # the artifacts to get the correct metadata.
--- a/.github/workflows/enos-run-k8s.yml
+++ b/.github/workflows/enos-run-k8s.yml
@ -31,7 +31,7 @@ jobs:
      GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
    steps:
      - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v3
        with:
--- a/.github/workflows/oss.yml
+++ b/.github/workflows/oss.yml
@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - if: github.event.pull_request != null
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - if: github.event.pull_request != null
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: changes
--- a/.github/workflows/plugin-update-check.yml
+++ b/.github/workflows/plugin-update-check.yml
@ -23,7 +23,7 @@ jobs:
      RUN_ID: "${{github.run_id}}"
    steps:
      - run: echo "Branch $PLUGIN_BRANCH of $PLUGIN_REPO"
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          # We don't use the default token so that checks are executed on the resulting PR
          # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
--- a/.github/workflows/plugin-update.yml
+++ b/.github/workflows/plugin-update.yml
@ -28,7 +28,7 @@ jobs:
      VAULT_BRANCH: ${{ inputs.branch }}
      REVIEWER: ${{ inputs.reviewer || github.actor }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          # We don't use the default token so that checks are executed on the resulting PR
          # https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@ -22,7 +22,7 @@ jobs:
          && (github.actor != 'dependabot[bot]') && ( github.actor != 'hc-github-team-secure-vault-core') }}
    steps:
-    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
    - name: Set up Go
      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
@ -36,7 +36,7 @@ jobs:
        python-version: 3.x
    - name: Clone Security Scanner repo
-      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        repository: hashicorp/security-scanner
        token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }}
--- a/.github/workflows/stable-website.yaml
+++ b/.github/workflows/stable-website.yaml
@ -15,7 +15,7 @@ jobs:
    name: Cherry pick to stable-website branch
    steps:
    - name: Checkout
-      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        ref: stable-website
    - run: |
--- a/.github/workflows/test-ci-bootstrap.yml
+++ b/.github/workflows/test-ci-bootstrap.yml
@ -29,7 +29,7 @@ jobs:
      TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }}
      TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v3
      - name: Configure AWS credentials
--- a/.github/workflows/test-ci-cleanup.yml
+++ b/.github/workflows/test-ci-cleanup.yml
@ -49,7 +49,7 @@ jobs:
          role-skip-session-tagging: true
          role-duration-seconds: 3600
          mask-aws-account-id: false
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Configure
        run: |
          cp enos/ci/aws-nuke.yml .
--- a/.github/workflows/test-enos-scenario-ui.yml
+++ b/.github/workflows/test-enos-scenario-ui.yml
@ -40,7 +40,7 @@ jobs:
      runs-on: ${{ steps.get-metadata.outputs.runs-on }}
      vault_edition: ${{ steps.get-metadata.outputs.vault_edition }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - id: get-metadata
        env:
          IS_ENT: ${{ startsWith(github.event.repository.name, 'vault-enterprise' ) }}
@ -72,7 +72,7 @@ jobs:
      GOPRIVATE: github.com/hashicorp
    steps:
      - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: ./.github/actions/set-up-go
        with:
          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
--- a/.github/workflows/test-go.yml
+++ b/.github/workflows/test-go.yml
@ -95,7 +95,7 @@ jobs:
      matrix: ${{ steps.build.outputs.matrix }}
      matrix_ids: ${{ steps.build.outputs.matrix_ids }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ inputs.checkout-ref }}
      - uses: ./.github/actions/set-up-go
@ -230,7 +230,7 @@ jobs:
      go-test-results-download-pattern: ${{ steps.metadata.outputs.go-test-results-download-pattern }}
      data-race-log-download-pattern: ${{ steps.metadata.outputs.data-race-log-download-pattern }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ inputs.checkout-ref }}
      - uses: ./.github/actions/set-up-go
--- a/.github/workflows/test-run-acc-tests-for-path.yml
+++ b/.github/workflows/test-run-acc-tests-for-path.yml
@ -20,7 +20,7 @@ jobs:
  go-test:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - uses: ./.github/actions/set-up-go
        with:
          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
--- a/.github/workflows/test-run-enos-scenario-matrix.yml
+++ b/.github/workflows/test-run-enos-scenario-matrix.yml
@ -49,7 +49,7 @@ jobs:
      sample: ${{ steps.metadata.outputs.sample }}
      vault-version: ${{ steps.metadata.outputs.vault-version }}
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ inputs.vault-revision }}
      - uses: hashicorp/action-setup-enos@v1
@ -105,7 +105,7 @@ jobs:
      ENOS_VAR_distro_version_ubuntu: ${{ matrix.attributes.distro_version_ubuntu }}
      ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data
    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ inputs.vault-revision }}
      - uses: hashicorp/setup-terraform@v3