diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index 1f3a005e..9efebded 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -18,7 +18,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 with: secrets: | development/kv/data/jira user | JIRA_USER; diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index 54f63736..581b0eca 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 3f8b728f..74ac40c8 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index bd08402e..6a666fa8 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -20,7 +20,7 @@ jobs: || github.event.review.state == 'approved') steps: - id: secrets - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/test-shell-scripts.yml b/.github/workflows/test-shell-scripts.yml index 0d4d27f4..8fc36922 100644 --- a/.github/workflows/test-shell-scripts.yml +++ b/.github/workflows/test-shell-scripts.yml @@ -20,7 +20,7 @@ jobs: with: fetch-depth: 0 - uses: ./config-npm - - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3 with: version: 2026.1.0 - name: Run ShellSpec tests @@ -33,7 +33,7 @@ jobs: ./run_shell_tests.sh - name: Vault id: secrets - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 with: secrets: | development/kv/data/sonarcloud url | SONAR_URL; diff --git a/build-gradle/action.yml b/build-gradle/action.yml index 4e389896..1f29e639 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -121,7 +121,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-deployer' || 'qa-deployer') }} run: | echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets with: # yamllint disable rule:line-length diff --git a/build-maven/action.yml b/build-maven/action.yml index 0c626d60..ad139116 100644 --- a/build-maven/action.yml +++ b/build-maven/action.yml @@ -150,7 +150,7 @@ runs: echo "SONARSOURCE_REPOSITORY_URL=${ARTIFACTORY_URL}/sonarsource" >> "$GITHUB_ENV" # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets with: # yamllint disable rule:line-length diff --git a/build-npm/action.yml b/build-npm/action.yml index 376bcb1d..7effdf0d 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -103,7 +103,7 @@ runs: echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" cp "$ACTION_PATH_BUILD_NPM/mise.local.toml" mise.local.toml - - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3 with: version: 2026.1.0 @@ -117,7 +117,7 @@ runs: working-directory: ${{ inputs.working-directory }} cache-npm: ${{ inputs.cache-npm }} - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets # yamllint disable rule:line-length with: diff --git a/build-poetry/action.yml b/build-poetry/action.yml index eacc2c26..60dada5f 100644 --- a/build-poetry/action.yml +++ b/build-poetry/action.yml @@ -107,16 +107,16 @@ runs: with: host-actions-root: ${{ steps.set-path.outputs.host_actions_root }} - name: Cache local Poetry cache - uses: SonarSource/gh-action_cache@v1 + uses: SonarSource/gh-action_cache@v1.2.3 if: inputs.disable-caching == 'false' with: path: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }} key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} restore-keys: poetry-${{ runner.os }}- - - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3 with: version: 2026.1.0 - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets # yamllint disable rule:line-length with: diff --git a/build-yarn/action.yml b/build-yarn/action.yml index 44debebe..9ce1b129 100644 --- a/build-yarn/action.yml +++ b/build-yarn/action.yml @@ -105,13 +105,13 @@ runs: echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" cp "$ACTION_PATH_BUILD_YARN/mise.local.toml" mise.local.toml - - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3 with: version: 2026.1.0 working_directory: ${{ inputs.working-directory }} - name: Cache Yarn dependencies - uses: SonarSource/gh-action_cache@v1 + uses: SonarSource/gh-action_cache@v1.2.3 if: ${{ inputs.cache-yarn == 'true' }} with: path: | @@ -119,7 +119,7 @@ runs: key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} restore-keys: yarn-${{ runner.os }}- - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets # yamllint disable rule:line-length with: diff --git a/cache/action.yml b/cache/action.yml index 760a6190..c11fff2b 100644 --- a/cache/action.yml +++ b/cache/action.yml @@ -36,7 +36,7 @@ runs: echo "::warning:: This action is deprecated and will be removed in future releases. " \ "Please migrate to using the SonarSource/gh-action_cache action directly." >&2 - - uses: SonarSource/gh-action_cache@v1 + - uses: SonarSource/gh-action_cache@v1.2.3 id: cache with: path: ${{ inputs.path }} diff --git a/code-signing/action.yml b/code-signing/action.yml index cbbb9c17..c20d8f4b 100644 --- a/code-signing/action.yml +++ b/code-signing/action.yml @@ -22,7 +22,7 @@ runs: echo "JSIGN_CACHE_PATH=/tmp/jsign-cache" >> "$GITHUB_ENV" - name: Cache code signing tools - uses: SonarSource/gh-action_cache@v1 + uses: SonarSource/gh-action_cache@v1.2.3 id: tools-cache with: path: | @@ -32,7 +32,7 @@ runs: - name: Get DigiCert secrets from Vault id: secrets - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 with: secrets: | development/kv/data/sign/digicert apikey | SM_API_KEY; diff --git a/config-gradle/action.yml b/config-gradle/action.yml index af583e47..f0db6b48 100644 --- a/config-gradle/action.yml +++ b/config-gradle/action.yml @@ -91,7 +91,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 if: steps.config-gradle-completed.outputs.skip != 'true' id: secrets with: @@ -167,7 +167,7 @@ runs: run: echo "workflow_name=${WORKFLOW_NAME// /-}" >> "$GITHUB_OUTPUT" - name: Gradle Cache - uses: SonarSource/gh-action_cache@v1 + uses: SonarSource/gh-action_cache@v1.2.3 if: steps.config-gradle-completed.outputs.skip != 'true' && inputs.disable-caching == 'false' with: path: ${{ inputs.cache-paths }} diff --git a/config-maven/action.yml b/config-maven/action.yml index 62aa06e9..9a1755b6 100644 --- a/config-maven/action.yml +++ b/config-maven/action.yml @@ -92,7 +92,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 if: steps.config-maven-completed.outputs.skip != 'true' id: secrets with: @@ -178,7 +178,7 @@ runs: run: echo "workflow_name=${WORKFLOW_NAME// /-}" >> "$GITHUB_OUTPUT" - name: Cache local Maven repository - uses: SonarSource/gh-action_cache@v1 + uses: SonarSource/gh-action_cache@v1.2.3 if: steps.config-maven-completed.outputs.skip != 'true' && inputs.disable-caching == 'false' with: path: ${{ inputs.cache-paths }} diff --git a/config-npm/action.yml b/config-npm/action.yml index 9d4c7f99..a09b3597 100644 --- a/config-npm/action.yml +++ b/config-npm/action.yml @@ -71,11 +71,11 @@ runs: echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3 with: version: 2026.1.0 - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets with: secrets: | @@ -106,7 +106,7 @@ runs: run: echo "workflow_name=${WORKFLOW_NAME// /-}" >> "$GITHUB_OUTPUT" - name: Cache NPM dependencies - uses: SonarSource/gh-action_cache@v1 + uses: SonarSource/gh-action_cache@v1.2.3 if: ${{ inputs.cache-npm == 'true' }} with: path: ~/.npm diff --git a/config-pip/action.yml b/config-pip/action.yml index edbe936e..8534ff11 100644 --- a/config-pip/action.yml +++ b/config-pip/action.yml @@ -73,7 +73,7 @@ runs: run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets with: secrets: | @@ -100,7 +100,7 @@ runs: run: echo "workflow_name=${WORKFLOW_NAME// /-}" >> "$GITHUB_OUTPUT" - name: Cache pip dependencies - uses: SonarSource/gh-action_cache@v1 + uses: SonarSource/gh-action_cache@v1.2.3 if: inputs.disable-caching == 'false' with: path: ${{ inputs.cache-paths }} diff --git a/get-build-number/action.yml b/get-build-number/action.yml index c3245ef3..e3ed27ce 100644 --- a/get-build-number/action.yml +++ b/get-build-number/action.yml @@ -52,7 +52,7 @@ runs: enableCrossOsArchive: true # Otherwise, increment the build number - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets if: steps.from-env.outputs.skip != 'true' && steps.current-build-number.outputs.cache-hit != 'true' with: diff --git a/promote/action.yml b/promote/action.yml index 2ad8eeb5..48bc8f63 100644 --- a/promote/action.yml +++ b/promote/action.yml @@ -44,13 +44,13 @@ runs: - uses: ./.actions/get-build-number with: host-actions-root: ${{ steps.set-path.outputs.host_actions_root }} - - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0 + - uses: SonarSource/vault-action-wrapper@3d5c87cb535e4a2c7a09adcbcfdefa751854dee3 # 3.3.0 id: secrets with: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-promoter access_token | ARTIFACTORY_PROMOTE_ACCESS_TOKEN; development/github/token/{REPO_OWNER_NAME_DASH}-promotion token | GITHUB_TOKEN; - - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3 with: version: 2026.1.0 - name: Promote artifacts