diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index be4dd132..fe62afb4 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -18,7 +18,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/kv/data/jira user | JIRA_USER; diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index 0f72790d..c7334bd2 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 96a0cc3e..9a045de2 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index 69a0373e..497679a6 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -20,7 +20,7 @@ jobs: || github.event.review.state == 'approved') steps: - id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/check-sca.yml b/.github/workflows/check-sca.yml index f26a9f23..962b484b 100644 --- a/.github/workflows/check-sca.yml +++ b/.github/workflows/check-sca.yml @@ -23,4 +23,4 @@ jobs: environment: sca-checking steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: SonarSource/ci-github-actions/check-sca@fdeb37e59320b102baec4c58662355e715b1c092 # master + - uses: SonarSource/ci-github-actions/check-sca@2059a80dec14cfc480e7b9f776a2c385c14a5abe # master diff --git a/.github/workflows/test-shell-scripts.yml b/.github/workflows/test-shell-scripts.yml index f1c25ca9..c2b65666 100644 --- a/.github/workflows/test-shell-scripts.yml +++ b/.github/workflows/test-shell-scripts.yml @@ -36,7 +36,7 @@ jobs: ./run_shell_tests.sh - name: Vault id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/kv/data/sonarcloud url | SONAR_URL; diff --git a/build-gradle/action.yml b/build-gradle/action.yml index c67efc3b..f2b13844 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -125,7 +125,7 @@ runs: run: | echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' id: artifactory with: @@ -135,7 +135,7 @@ runs: ${{ format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} username | ARTIFACTORY_DEPLOY_USERNAME;', env.ARTIFACTORY_DEPLOYER_ROLE) }} ${{ format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: # yamllint disable rule:line-length diff --git a/build-maven/action.yml b/build-maven/action.yml index fb2f13ff..2c7ed1ce 100644 --- a/build-maven/action.yml +++ b/build-maven/action.yml @@ -147,7 +147,7 @@ runs: echo "SONARSOURCE_REPOSITORY_URL=${ARTIFACTORY_URL}/sonarsource" >> "$GITHUB_ENV" # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: inputs.deploy != 'false' id: artifactory with: @@ -158,7 +158,7 @@ runs: ${{ inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' && steps.params.outputs.ARTIFACTORY_DEPLOY_ACCESS_TOKEN_VAULT || '' }} ${{ inputs.deploy != 'false' && inputs.mixed-privacy == 'true' && steps.params.outputs.ARTIFACTORY_PRIVATE_DEPLOY_ACCESS_TOKEN_VAULT || '' }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: # yamllint disable rule:line-length diff --git a/build-npm/action.yml b/build-npm/action.yml index 9578e3e1..bae613d1 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -131,7 +131,7 @@ runs: working-directory: ${{ inputs.working-directory }} disable-caching: ${{ inputs.cache-npm != 'true' && 'true' || inputs.disable-caching }} - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' id: artifactory with: @@ -140,7 +140,7 @@ runs: secrets: | ${{ format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets # yamllint disable rule:line-length with: diff --git a/build-poetry/action.yml b/build-poetry/action.yml index 11295471..10e0fd61 100644 --- a/build-poetry/action.yml +++ b/build-poetry/action.yml @@ -117,7 +117,7 @@ runs: - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 with: version: 2026.5.9 - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: artifactory with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} @@ -127,7 +127,7 @@ runs: development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME; ${{ inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' && format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) || '' }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets # yamllint disable rule:line-length with: diff --git a/build-yarn/action.yml b/build-yarn/action.yml index 06b4caed..785e449b 100644 --- a/build-yarn/action.yml +++ b/build-yarn/action.yml @@ -127,7 +127,7 @@ runs: key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} restore-keys: yarn-${{ runner.os }}- - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: artifactory with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} @@ -137,7 +137,7 @@ runs: development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; ${{ inputs.deploy != 'false' && inputs.run-shadow-scans != 'true' && format('development/artifactory/token/{{REPO_OWNER_NAME_DASH}}-{0} access_token | ARTIFACTORY_DEPLOY_ACCESS_TOKEN;', env.ARTIFACTORY_DEPLOYER_ROLE) || '' }} # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets # yamllint disable rule:line-length with: diff --git a/check-sca/action.yml b/check-sca/action.yml index 4a64bc21..4307398e 100644 --- a/check-sca/action.yml +++ b/check-sca/action.yml @@ -43,7 +43,7 @@ runs: ACTION_PATH_CHECK_SCA="${{ github.action_path }}" echo "ACTION_PATH_CHECK_SCA=$ACTION_PATH_CHECK_SCA" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets continue-on-error: true with: diff --git a/code-signing/action.yml b/code-signing/action.yml index eb6a64e2..1068af9f 100644 --- a/code-signing/action.yml +++ b/code-signing/action.yml @@ -34,7 +34,7 @@ runs: - name: Get DigiCert secrets from Vault id: secrets - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/kv/data/sign/digicert apikey | SM_API_KEY; diff --git a/config-gradle/action.yml b/config-gradle/action.yml index a918dc67..7cfbfcb9 100644 --- a/config-gradle/action.yml +++ b/config-gradle/action.yml @@ -88,7 +88,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-gradle-completed.outputs.skip != 'true' id: artifactory with: @@ -96,7 +96,7 @@ runs: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME; development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-gradle-completed.outputs.skip != 'true' && inputs.use-develocity == 'true' id: secrets with: diff --git a/config-maven/action.yml b/config-maven/action.yml index 9f2f7c04..bdbd2053 100644 --- a/config-maven/action.yml +++ b/config-maven/action.yml @@ -89,7 +89,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-maven-completed.outputs.skip != 'true' id: artifactory with: @@ -97,7 +97,7 @@ runs: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME; development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN; - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-maven-completed.outputs.skip != 'true' && inputs.use-develocity == 'true' id: secrets with: diff --git a/config-npm/action.yml b/config-npm/action.yml index e223cac9..f1a87a09 100644 --- a/config-npm/action.yml +++ b/config-npm/action.yml @@ -89,7 +89,7 @@ runs: with: version: 2026.3.7 - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 if: steps.config-npm-completed.outputs.skip != 'true' id: secrets with: diff --git a/config-pip/action.yml b/config-pip/action.yml index b601313b..b396687f 100644 --- a/config-pip/action.yml +++ b/config-pip/action.yml @@ -70,7 +70,7 @@ runs: run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} diff --git a/get-build-number/action.yml b/get-build-number/action.yml index 33dffded..b391f5f1 100644 --- a/get-build-number/action.yml +++ b/get-build-number/action.yml @@ -52,7 +52,7 @@ runs: enableCrossOsArchive: true # Otherwise, increment the build number - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets if: steps.from-env.outputs.skip != 'true' && steps.current-build-number.outputs.cache-hit != 'true' with: diff --git a/promote/action.yml b/promote/action.yml index cfaa90c1..74b038c6 100644 --- a/promote/action.yml +++ b/promote/action.yml @@ -48,13 +48,13 @@ runs: - uses: ./.actions/get-build-number with: host-actions-root: ${{ steps.set-path.outputs.host_actions_root }} - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: artifactory with: url: ${{ contains(inputs.repox-url, 'dev.sonar.build') && 'https://vault.dev.sonar.build' || 'https://vault.sonar.build' }} secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-promoter access_token | ARTIFACTORY_PROMOTE_ACCESS_TOKEN; - - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + - uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 id: secrets with: secrets: | diff --git a/update-release-channel/action.yml b/update-release-channel/action.yml index 1ee88c62..fbf99db8 100644 --- a/update-release-channel/action.yml +++ b/update-release-channel/action.yml @@ -58,7 +58,7 @@ runs: - name: Fetch AWS credentials from Vault id: secrets if: inputs.dryRun != 'true' - uses: SonarSource/vault-action-wrapper@0a3114fe1230b784c35b53b099f9ab1f1e538cc7 # 3.5.0 + uses: SonarSource/vault-action-wrapper@881045d830534a70ec3c7c275fa3714412c8ff6e # 3.6.1 with: secrets: | development/aws/sts/downloads access_key | AWS_ACCESS_KEY_ID;