chore: upgrade Node.js to 24 and update dependencies

- Upgrade Node.js from 20 to 24.15.0 across all CI jobs and workflows - Run npm audit fix to resolve CVEs in dependencies - Generate TLS certs dynamically via scripts/gen-tls-certs.sh instead of using static certs - Add Makefile targets for running each integration test suite locally
2026-05-22 16:55:54 +00:00 · 2026-05-06 20:26:22 +05:30 · 2026-05-06 20:26:22 +05:30 · 647e66c75f
commit 647e66c75f
parent 79632e33d6
15 changed files with 526 additions and 709 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,32 +5,54 @@
 version: "3.0"
 services:
  vault:
-    image: hashicorp/vault:latest
+    image: hashicorp/vault:2.0.0
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: testtoken
+      SKIP_SETCAP: "true"
+      VAULT_LOCAL_CONFIG: '{"disable_mlock": true}'
    ports:
      - 8200:8200
    privileged: true
+    healthcheck:
+      test: ["CMD-SHELL", "VAULT_ADDR=http://127.0.0.1:8200 vault status"]
+      interval: 1s
+      timeout: 5s
+      retries: 5
  vault-enterprise:
-    image: hashicorp/vault-enterprise:latest
+    image: hashicorp/vault-enterprise:2.0-ent
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: testtoken
      VAULT_LICENSE: ${VAULT_LICENSE_CI}
+      SKIP_SETCAP: "true"
+      VAULT_LOCAL_CONFIG: '{"disable_mlock": true}'
    ports:
      - 8200:8200
    privileged: true
+    healthcheck:
+      test: ["CMD-SHELL", "VAULT_ADDR=http://127.0.0.1:8200 vault status"]
+      interval: 1s
+      timeout: 5s
+      retries: 30
  vault-tls:
-    image: hashicorp/vault:latest
+    image: hashicorp/vault:2.0.0
    hostname: vault-tls
    environment:
+      # Used by the vault CLI in the healthcheck to trust the CA
      VAULT_CAPATH: /etc/vault/ca.crt
+      SKIP_SETCAP: "true"
+      VAULT_LOCAL_CONFIG: '{"disable_mlock": true}'
    ports:
    - 8200:8200
    privileged: true
+    healthcheck:
+      test: ["CMD-SHELL", "VAULT_ADDR=https://127.0.0.1:8200 VAULT_CACERT=/etc/vault/ca.crt VAULT_CLIENT_CERT=/etc/vault/client.crt VAULT_CLIENT_KEY=/etc/vault/client.key vault status; s=$$?; [ $$s -eq 0 ]"]
+      interval: 1s
+      timeout: 5s
+      retries: 30
    volumes:
-    - ${PWD}/integrationTests/e2e-tls/configs:/etc/vault
-    - vault-data:/var/lib/vault:rw
+    # Certs generated by scripts/gen-tls-certs.sh into .build/certs/
+    - ${PWD}/.build/certs:/etc/vault
+    # tmpfs gives the non-root vault user write access without chown tricks;
+    # ephemeral storage is fine since tests always reinitialize vault from scratch
+    tmpfs: /var/lib/vault
    entrypoint: vault server -config=/etc/vault/config.hcl
-
-volumes:
-  vault-data: