From a06e0dd5b634b2d43f5b89b2e3469877f86ddad5 Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Fri, 28 Jul 2023 17:08:42 -0700 Subject: [PATCH 1/2] Remove spec testing workflow --- .github/workflows/spectesting.yml | 136 ------------------------------ 1 file changed, 136 deletions(-) delete mode 100644 .github/workflows/spectesting.yml diff --git a/.github/workflows/spectesting.yml b/.github/workflows/spectesting.yml deleted file mode 100644 index 673bbd3e612..00000000000 --- a/.github/workflows/spectesting.yml +++ /dev/null @@ -1,136 +0,0 @@ -on: - # Allows manual trigger on arbitrary branches via GitHub UI/API - workflow_dispatch: - repository_dispatch: - types: [prerelease] - schedule: - # Run nightly on weekdays at 05:00 UTC or midnight-ish in US time zones - - cron: '0 5 * * 1-5' - -jobs: - setup-packet: - if: github.repository == 'hashicorp/vagrant-acceptance' - runs-on: ['self-hosted', 'ondemand', 'linux', 'type=t3.nano'] - name: Build Packet Instance - steps: - - name: Authentication - id: vault-auth - run: vault-auth - - name: Secrets - id: secrets - uses: hashicorp/vault-action@v2 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: - kv/data/teams/vagrant/slack webhook | slack_webhook; - kv/data/teams/vagrant/packet token | packet_token; - kv/data/teams/vagrant/packet project_id | packet_project_id; - kv/data/teams/vagrant/packet ssh_key_content | packet_ssh_key_content; - - name: Code Checkout - uses: actions/checkout@v3 - - name: Create packet instance - run: ./.ci/spec/create-packet.sh - working-directory: ${{github.workspace}} - env: - PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }} - PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }} - PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }} - SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }} - setup-hosts: - if: github.repository == 'hashicorp/vagrant-acceptance' - runs-on: ['self-hosted', 'ondemand', 'linux', 'type=t3.nano'] - name: Vagrant-Spec Start Hosts - needs: setup-packet - strategy: - matrix: - host_os: ['hashicorp/bionic64'] - guest_os: ['hashicorp-vagrant/ubuntu-16.04'] - providers: ['virtualbox', 'docker'] - steps: - - name: Code Checkout - uses: actions/checkout@v3 - with: - submodules: 'recursive' - - name: Create hosts for tests (provider ${{ matrix.providers }}) - run: ./.ci/spec/create-hosts.sh - working-directory: ${{github.workspace}} - env: - PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }} - PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }} - PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }} - SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }} - VAGRANT_HOST_BOXES: ${{matrix.host_os}} - VAGRANT_GUEST_BOXES: ${{matrix.guest_os}} - VAGRANT_PRERELEASE_VERSION: ${{ github.event.client_payload.prerelease_version }} - VAGRANT_SPEC_PROVIDERS: ${{matrix.providers}} - - spec-tests: - if: github.repository == 'hashicorp/vagrant-acceptance' - runs-on: ['self-hosted', 'ondemand', 'linux', 'type=t3.nano'] - name: Vagrant-Spec Tests - needs: setup-hosts - strategy: - matrix: - host_os: ['hashicorp/bionic64'] - guest_os: ['hashicorp-vagrant/ubuntu-16.04'] - docker_images: ['nginx'] - providers: ['virtualbox', 'docker'] - steps: - - name: Run Tests with host ${{ matrix.host_os }} using provider ${{ matrix.providers }} - run: ./.ci/spec/run-test.sh - working-directory: ${{github.workspace}} - env: - PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }} - PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }} - PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }} - SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }} - VAGRANT_HOST_BOXES: ${{matrix.host_os}} - VAGRANT_GUEST_BOXES: ${{matrix.guest_os}} - VAGRANT_SPEC_PROVIDERS: ${{matrix.providers}} - VAGRANT_DOCKER_IMAGES: ${{matrix.docker_images}} - - name: Pull log from guest - if: always() - run: ./.ci/spec/pull-log.sh - env: - PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }} - PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }} - PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }} - SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }} - VAGRANT_HOST_BOXES: ${{matrix.host_os}} - VAGRANT_GUEST_BOXES: ${{matrix.guest_os}} - VAGRANT_SPEC_PROVIDERS: ${{matrix.providers}} - VAGRANT_DOCKER_IMAGES: ${{matrix.docker_images}} - - name: Upload log - if: always() - uses: actions/upload-artifact@v3 - with: - name: vagrant-spec-${{matrix.providers}}.log - path: ${{ github.workspace }}/vagrant-spec.log - notify-on-success: - if: github.repository == 'hashicorp/vagrant-acceptance' && success() - runs-on: self-hosted - name: Notify on Success - needs: spec-tests - steps: - - name: Notify on Success - run: ./.ci/spec/notify-success.sh - env: - SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }} - - cleanup: - if: github.repository == 'hashicorp/vagrant-acceptance' - runs-on: self-hosted - name: Cleanup Post Vagrant-Spec Tests - needs: [spec-tests, notify-on-success] - steps: - - name: Clean Packet - run: ./.ci/spec/clean-packet.sh - env: - PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }} - PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }} - PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }} - SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }} - - name: Clean Workspace - run: rm -rf ${{ github.workspace }} From a8ce6783301cd0725514438f9f39c64f1d0cac18 Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Fri, 28 Jul 2023 17:09:01 -0700 Subject: [PATCH 2/2] Pin all foreign actions in workflows --- .github/workflows/code.yml | 2 +- .github/workflows/dev-appimage-build.yml | 2 +- .github/workflows/dev-arch-build.yml | 2 +- .github/workflows/dev-build.yml | 2 +- .github/workflows/dev-debs-build.yml | 2 +- .github/workflows/dev-macos-build.yml | 2 +- .github/workflows/dev-rpms-build.yml | 2 +- .github/workflows/dev-windows-build.yml | 2 +- .github/workflows/go-spectest.yml | 6 +++--- .github/workflows/go-testing.yml | 6 +++--- .github/workflows/lock.yml | 6 +++--- .github/workflows/nightlies.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/testing.yml | 4 ++-- 14 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml index 135c3711e00..51539e67b67 100644 --- a/.github/workflows/code.yml +++ b/.github/workflows/code.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/dev-appimage-build.yml b/.github/workflows/dev-appimage-build.yml index 036aec1108c..a3fdf5ee5e1 100644 --- a/.github/workflows/dev-appimage-build.yml +++ b/.github/workflows/dev-appimage-build.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Development Build run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-appimage env: diff --git a/.github/workflows/dev-arch-build.yml b/.github/workflows/dev-arch-build.yml index 0e53815df60..36918ebfc6f 100644 --- a/.github/workflows/dev-arch-build.yml +++ b/.github/workflows/dev-arch-build.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Development Build run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-arch env: diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml index 83694a2fed1..72295048f22 100644 --- a/.github/workflows/dev-build.yml +++ b/.github/workflows/dev-build.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Development Build run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build env: diff --git a/.github/workflows/dev-debs-build.yml b/.github/workflows/dev-debs-build.yml index 94fe2d04614..21384e513b9 100644 --- a/.github/workflows/dev-debs-build.yml +++ b/.github/workflows/dev-debs-build.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Development Build run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-debs env: diff --git a/.github/workflows/dev-macos-build.yml b/.github/workflows/dev-macos-build.yml index 18f129a6a48..fbea1e91650 100644 --- a/.github/workflows/dev-macos-build.yml +++ b/.github/workflows/dev-macos-build.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Development Build run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-macos env: diff --git a/.github/workflows/dev-rpms-build.yml b/.github/workflows/dev-rpms-build.yml index dd56b02d858..10002acbc75 100644 --- a/.github/workflows/dev-rpms-build.yml +++ b/.github/workflows/dev-rpms-build.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Development Build run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-rpms env: diff --git a/.github/workflows/dev-windows-build.yml b/.github/workflows/dev-windows-build.yml index d21d99f7b2d..593a8ead46a 100644 --- a/.github/workflows/dev-windows-build.yml +++ b/.github/workflows/dev-windows-build.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Development Build run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-windows env: diff --git a/.github/workflows/go-spectest.yml b/.github/workflows/go-spectest.yml index a14fb273112..7bca7d9d413 100644 --- a/.github/workflows/go-spectest.yml +++ b/.github/workflows/go-spectest.yml @@ -23,18 +23,18 @@ jobs: name: Vagrant acceptance tests (Ruby ${{ matrix.ruby }}) steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: submodules: 'recursive' # Also fetch all tags, since we need our version number in the build # to be based off a tag fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version-file: go.mod - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0 with: ruby-version: ${{matrix.ruby}} bundler-cache: true diff --git a/.github/workflows/go-testing.yml b/.github/workflows/go-testing.yml index efde38c3d01..f70d4e4c2c2 100644 --- a/.github/workflows/go-testing.yml +++ b/.github/workflows/go-testing.yml @@ -30,13 +30,13 @@ jobs: name: Vagrant unit tests on Go (Ruby ${{ matrix.ruby }}) steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version-file: go.mod - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0 with: ruby-version: ${{matrix.ruby}} bundler-cache: true diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 00e28e06664..4df3b4802b3 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -11,8 +11,8 @@ jobs: issues: write pull-requests: write steps: - - uses: dessant/lock-threads@v2 + - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4.0.1 with: github-token: ${{ github.token }} - issue-lock-inactive-days: '30' - pr-lock-inactive-days: '30' + issue-inactive-days: '30' + pr-inactive-days: '30' diff --git a/.github/workflows/nightlies.yml b/.github/workflows/nightlies.yml index d07e091e932..6c12c0fbfac 100644 --- a/.github/workflows/nightlies.yml +++ b/.github/workflows/nightlies.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Nightly Build run: ./.ci/nightly-build "${COMMIT_ID}" env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f8c50693e35..5cb1ef1d9f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Trigger Build run: ./.ci/release "${TAG}" "${COMMIT_ID}" env: diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index bf22c0e3143..102174b8e3a 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -36,9 +36,9 @@ jobs: name: Vagrant unit tests on Ruby ${{ matrix.ruby }} steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0 with: ruby-version: ${{matrix.ruby}} bundler-cache: true