From f4802e3d7968a99d567603bf751b5e25967562eb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Jun 2026 10:46:57 +0000 Subject: [PATCH] Update GitHub actions --- .github/workflows/PullRequestClosed.yml | 2 +- .github/workflows/PullRequestCreated.yml | 2 +- .github/workflows/RequestReview.yml | 2 +- .github/workflows/SubmitReview.yml | 2 +- .github/workflows/check-sca.yml | 4 ++-- .github/workflows/pr-cleanup.yml | 2 +- .github/workflows/pre-commit.yml | 2 +- .github/workflows/test-build-number.yml | 10 +++++----- .github/workflows/test-pr-cleanup.yml | 4 ++-- .github/workflows/test-shell-scripts.yml | 4 ++-- .github/workflows/test-update-release-channel.yml | 8 ++++---- .github/workflows/unified-dogfooding.yml | 2 +- build-gradle/action.yml | 4 ++-- build-maven/action.yml | 4 ++-- build-npm/action.yml | 4 ++-- build-poetry/action.yml | 4 ++-- build-yarn/action.yml | 4 ++-- check-sca/action.yml | 2 +- code-signing/action.yml | 2 +- config-gradle/action.yml | 4 ++-- config-maven/action.yml | 4 ++-- config-npm/action.yml | 2 +- config-pip/action.yml | 2 +- get-build-number/action.yml | 2 +- promote/action.yml | 4 ++-- update-release-channel/action.yml | 2 +- 26 files changed, 44 insertions(+), 44 deletions(-) diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index be4dd132..fe62afb4 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -18,7 +18,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/kv/data/jira user | JIRA_USER; diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index 0f72790d..c7334bd2 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 96a0cc3e..9a045de2 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index 69a0373e..497679a6 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -20,7 +20,7 @@ jobs: || github.event.review.state == 'approved') steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/check-sca.yml b/.github/workflows/check-sca.yml index f26a9f23..d58f51b4 100644 --- a/.github/workflows/check-sca.yml +++ b/.github/workflows/check-sca.yml @@ -22,5 +22,5 @@ jobs: # will not be triggered on dev deploys. environment: sca-checking steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: SonarSource/ci-github-actions/check-sca@fdeb37e59320b102baec4c58662355e715b1c092 # master + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: SonarSource/ci-github-actions/check-sca@a782f63421b479b5aaa93eb9ad032b48a64b4649 # master diff --git a/.github/workflows/pr-cleanup.yml b/.github/workflows/pr-cleanup.yml index f37e65d7..20f69422 100644 --- a/.github/workflows/pr-cleanup.yml +++ b/.github/workflows/pr-cleanup.yml @@ -10,7 +10,7 @@ jobs: permissions: actions: write # Required for deleting caches and artifacts steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: pr_cleanup - uses: ./pr_cleanup diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index a5d92cf7..af65eafd 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -8,7 +8,7 @@ jobs: pre-commit: runs-on: warp-custom-ubuntu-24-04 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - uses: ./config-npm - uses: SonarSource/gh-action_pre-commit@2ddc0c7fdabce0adfaaa4075a17690972ed9961a # 1.2.0 with: diff --git a/.github/workflows/test-build-number.yml b/.github/workflows/test-build-number.yml index c8aee27d..087f1cf4 100644 --- a/.github/workflows/test-build-number.yml +++ b/.github/workflows/test-build-number.yml @@ -18,7 +18,7 @@ jobs: outputs: BUILD_NUMBER: ${{ steps.get_build_number.outputs.BUILD_NUMBER }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: get-build-number - uses: ./get-build-number @@ -48,7 +48,7 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: get-build-number - uses: ./get-build-number @@ -68,7 +68,7 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: get-build-number - uses: ./get-build-number @@ -91,7 +91,7 @@ jobs: env: BUILD_NUMBER: ${{ needs.test-build-number-generation.outputs.BUILD_NUMBER }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: sparse-checkout: get-build-number - uses: ./get-build-number @@ -120,7 +120,7 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - uses: ./config-npm - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 with: diff --git a/.github/workflows/test-pr-cleanup.yml b/.github/workflows/test-pr-cleanup.yml index cdbf25da..042b7a84 100644 --- a/.github/workflows/test-pr-cleanup.yml +++ b/.github/workflows/test-pr-cleanup.yml @@ -8,7 +8,7 @@ jobs: test-resources: runs-on: warp-custom-ubuntu-24-04 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # Create test file and directory for cache - name: Create test file for cache run: | @@ -34,7 +34,7 @@ jobs: permissions: actions: write # Required for cache/artifact operations steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Run PR cleanup uses: ./pr_cleanup diff --git a/.github/workflows/test-shell-scripts.yml b/.github/workflows/test-shell-scripts.yml index f1c25ca9..63bc53da 100644 --- a/.github/workflows/test-shell-scripts.yml +++ b/.github/workflows/test-shell-scripts.yml @@ -16,7 +16,7 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 - uses: ./config-npm @@ -36,7 +36,7 @@ jobs: ./run_shell_tests.sh - name: Vault id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/kv/data/sonarcloud url | SONAR_URL; diff --git a/.github/workflows/test-update-release-channel.yml b/.github/workflows/test-update-release-channel.yml index 3a23f1f3..ab382859 100644 --- a/.github/workflows/test-update-release-channel.yml +++ b/.github/workflows/test-update-release-channel.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Update release channel (dry-run, happy path) id: urc uses: ./update-release-channel @@ -42,7 +42,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Update release channel (invalid product) id: urc continue-on-error: true @@ -61,7 +61,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Update release channel (invalid channel) id: urc continue-on-error: true @@ -80,7 +80,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Update release channel (custom prefix, warns but succeeds) id: urc uses: ./update-release-channel diff --git a/.github/workflows/unified-dogfooding.yml b/.github/workflows/unified-dogfooding.yml index 93eab435..d5014291 100644 --- a/.github/workflows/unified-dogfooding.yml +++ b/.github/workflows/unified-dogfooding.yml @@ -12,7 +12,7 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Run IRIS Analysis uses: SonarSource/unified-dogfooding-actions/run-iris@54cee68ff08f10645c757675c59d232063e0b947 # 1.0.0 with: diff --git a/build-gradle/action.yml b/build-gradle/action.yml index c67efc3b..f2b13844 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -125,7 +125,7 @@ runs: run: | echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' id: artifactory with: @@ -135,7 +135,7 @@ runs: ${{ format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} username | ARTIFACTORY_DEPLOY_USERNAME;', env.ARTIFACTORY_DEPLOYER_ROLE) }} ${{ format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: # yamllint disable rule:line-length diff --git a/build-maven/action.yml b/build-maven/action.yml index fb2f13ff..2c7ed1ce 100644 --- a/build-maven/action.yml +++ b/build-maven/action.yml @@ -147,7 +147,7 @@ runs: echo "SONARSOURCE_REPOSITORY_URL=${ARTIFACTORY_URL}/sonarsource" >> "$GITHUB_ENV" # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: inputs.deploy != 'false' id: artifactory with: @@ -158,7 +158,7 @@ runs: ${{ inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' && steps.params.outputs.ARTIFACTORY_DEPLOY_ACCESS_TOKEN_VAULT || '' }} ${{ inputs.deploy != 'false' && inputs.mixed-privacy == 'true' && steps.params.outputs.ARTIFACTORY_PRIVATE_DEPLOY_ACCESS_TOKEN_VAULT || '' }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: # yamllint disable rule:line-length diff --git a/build-npm/action.yml b/build-npm/action.yml index 9578e3e1..bae613d1 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -131,7 +131,7 @@ runs: working-directory: ${{ inputs.working-directory }} disable-caching: ${{ inputs.cache-npm != 'true' && 'true' || inputs.disable-caching }} - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' id: artifactory with: @@ -140,7 +140,7 @@ runs: secrets: | ${{ format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets # yamllint disable rule:line-length with: diff --git a/build-poetry/action.yml b/build-poetry/action.yml index 11295471..10e0fd61 100644 --- a/build-poetry/action.yml +++ b/build-poetry/action.yml @@ -117,7 +117,7 @@ runs: - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 with: version: 2026.5.9 - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: artifactory with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} @@ -127,7 +127,7 @@ runs: development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME; ${{ inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' && format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) || '' }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets # yamllint disable rule:line-length with: diff --git a/build-yarn/action.yml b/build-yarn/action.yml index 06b4caed..785e449b 100644 --- a/build-yarn/action.yml +++ b/build-yarn/action.yml @@ -127,7 +127,7 @@ runs: key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} restore-keys: yarn-${{ runner.os }}- - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: artifactory with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} @@ -137,7 +137,7 @@ runs: development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; ${{ inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' && format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) || '' }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets # yamllint disable rule:line-length with: diff --git a/check-sca/action.yml b/check-sca/action.yml index 4a64bc21..4307398e 100644 --- a/check-sca/action.yml +++ b/check-sca/action.yml @@ -43,7 +43,7 @@ runs: ACTION_PATH_CHECK_SCA="${{ github.action_path }}" echo "ACTION_PATH_CHECK_SCA=$ACTION_PATH_CHECK_SCA" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets continue-on-error: true with: diff --git a/code-signing/action.yml b/code-signing/action.yml index eb6a64e2..1068af9f 100644 --- a/code-signing/action.yml +++ b/code-signing/action.yml @@ -34,7 +34,7 @@ runs: - name: Get DigiCert secrets from Vault id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/kv/data/sign/digicert apikey | SM_API_KEY; diff --git a/config-gradle/action.yml b/config-gradle/action.yml index a918dc67..7cfbfcb9 100644 --- a/config-gradle/action.yml +++ b/config-gradle/action.yml @@ -88,7 +88,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-gradle-completed.outputs.skip != 'true' id: artifactory with: @@ -96,7 +96,7 @@ runs: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME; development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-gradle-completed.outputs.skip != 'true' && inputs.use-develocity == 'true' id: secrets with: diff --git a/config-maven/action.yml b/config-maven/action.yml index 9f2f7c04..bdbd2053 100644 --- a/config-maven/action.yml +++ b/config-maven/action.yml @@ -89,7 +89,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-maven-completed.outputs.skip != 'true' id: artifactory with: @@ -97,7 +97,7 @@ runs: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME; development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-maven-completed.outputs.skip != 'true' && inputs.use-develocity == 'true' id: secrets with: diff --git a/config-npm/action.yml b/config-npm/action.yml index e223cac9..f1a87a09 100644 --- a/config-npm/action.yml +++ b/config-npm/action.yml @@ -89,7 +89,7 @@ runs: with: version: 2026.3.7 - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-npm-completed.outputs.skip != 'true' id: secrets with: diff --git a/config-pip/action.yml b/config-pip/action.yml index b601313b..b396687f 100644 --- a/config-pip/action.yml +++ b/config-pip/action.yml @@ -70,7 +70,7 @@ runs: run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} diff --git a/get-build-number/action.yml b/get-build-number/action.yml index 33dffded..b391f5f1 100644 --- a/get-build-number/action.yml +++ b/get-build-number/action.yml @@ -52,7 +52,7 @@ runs: enableCrossOsArchive: true # Otherwise, increment the build number - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets if: steps.from-env.outputs.skip != 'true' && steps.current-build-number.outputs.cache-hit != 'true' with: diff --git a/promote/action.yml b/promote/action.yml index cfaa90c1..74b038c6 100644 --- a/promote/action.yml +++ b/promote/action.yml @@ -48,13 +48,13 @@ runs: - uses: ./.actions/get-build-number with: host-actions-root: ${{ steps.set-path.outputs.host_actions_root }} - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: artifactory with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-promoter access_token | ARTIFACTORY_PROMOTE_ACCESS_TOKEN; - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: secrets: | diff --git a/update-release-channel/action.yml b/update-release-channel/action.yml index 1ee88c62..fbf99db8 100644 --- a/update-release-channel/action.yml +++ b/update-release-channel/action.yml @@ -58,7 +58,7 @@ runs: - name: Fetch AWS credentials from Vault id: secrets if: inputs.dryRun != 'true' - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/aws/sts/downloads access_key | AWS_ACCESS_KEY_ID;