actions/vault-action
2
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-05-13 21:35:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Upgrade Node.js to 24 and update dependencies (#604)
Some checks failed
/ build (push) Waiting to run
Details
/ integrationOSS (push) Waiting to run
Details
/ integrationEnterprise (push) Waiting to run
Details
/ e2e (push) Waiting to run
Details
/ e2e-tls (push) Waiting to run
Details
Lint GitHub Actions Workflows / actionlint (push) Has been cancelled
Details

Browse source 
* chore: upgrade Node.js to 24 and update dependencies

- Upgrade Node.js from 20 to 24.15.0 across all CI jobs and workflows
- Run npm audit fix to resolve CVEs in dependencies
- Generate TLS certs dynamically via scripts/gen-tls-certs.sh instead of using static certs
- Add Makefile targets for running each integration test suite locally

* add GOPATH/bin to PATH before running gen-tls-certs.sh

* Add changelog entry

* refactor makefile

* Refine e2e-enterprise pipeline and scripts
This commit is contained in:
Srikrishna Iyer 2026-05-12 10:21:00 +05:30 committed by GitHub
parent 79632e33d6
commit 7e48e563b6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 589 additions and 709 deletions
Download patch file Download diff file Expand all files Collapse all files

67
.github/workflows/build.yml vendored
View file

@ -10,7 +10,7 @@ jobs:
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -36,11 +36,11 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run docker compose
run: docker compose up -d vault
run: docker compose up -d --wait vault
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -59,7 +59,7 @@ jobs:
- name: NPM Run test;integration:basic
run: npm run test:integration:basic
env:
VAULT_HOST: localhost
VAULT_HOST: 127.0.0.1
VAULT_PORT: 8200
CI: true
@ -70,13 +70,14 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run docker compose
run: docker compose up -d vault-enterprise
if: ${{ !env.ACT }}
run: docker compose up -d --wait vault-enterprise
env:
VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -95,7 +96,7 @@ jobs:
- name: NPM Run test:integration:enterprise
run: npm run test:integration:enterprise
env:
VAULT_HOST: localhost
VAULT_HOST: 127.0.0.1
VAULT_PORT: 8200
CI: true
@ -106,11 +107,12 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run docker compose
run: docker compose up -d vault
if: ${{ !env.ACT }}
run: docker compose up -d --wait vault
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -201,12 +203,27 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Generate TLS Certificates
if: ${{ !env.ACT }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_GET_RETRIES: 3
run: |
# Source the getGH function for authenticated GitHub downloads with retries
source ./scripts/.functions
getGH https://github.com/cloudflare/cfssl/releases/download/v1.6.5/cfssl_1.6.5_linux_amd64 /usr/local/bin/cfssl
getGH https://github.com/cloudflare/cfssl/releases/download/v1.6.5/cfssljson_1.6.5_linux_amd64 /usr/local/bin/cfssljson
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson
./scripts/gen-tls-certs.sh
cat .build/e2e-tls.env >> "$GITHUB_ENV"
- name: Run docker compose
run: docker compose up -d vault-tls
if: ${{ !env.ACT }}
run: docker compose up -d --wait vault-tls
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -227,9 +244,9 @@ jobs:
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
VAULTCA: ${{ secrets.VAULTCA }}
VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
VAULTCA: ${{ env.VAULTCA }}
VAULT_CLIENT_CERT: ${{ env.VAULT_CLIENT_CERT }}
VAULT_CLIENT_KEY: ${{ env.VAULT_CLIENT_KEY }}
- name: Test Vault Action (default KV V2)
uses: ./
@ -237,9 +254,9 @@ jobs:
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
caCertificate: ${{ env.VAULTCA }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
secrets: |
secret/data/test secret ;
secret/data/test secret | NAMED_SECRET ;
@ -251,8 +268,8 @@ jobs:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
tlsSkipVerify: true
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
secrets: |
secret/data/tlsSkipVerify skip ;
@ -261,9 +278,9 @@ jobs:
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
caCertificate: ${{ env.VAULTCA }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
secrets: |
my-secret/test altSecret ;
my-secret/test altSecret | NAMED_ALTSECRET ;
@ -277,9 +294,9 @@ jobs:
secrets: |
/cubbyhole/test foo ;
/cubbyhole/test zip | NAMED_CUBBYSECRET ;
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
caCertificate: ${{ env.VAULTCA }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
- name: Verify Vault Action Outputs
run: npm run test:integration:e2e-tls

6
.github/workflows/local-test.yaml vendored
View file

@ -22,7 +22,7 @@ jobs:
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: '20.9.0'
node-version: '24.15.0'
- name: NPM Install
run: npm ci
@ -33,7 +33,7 @@ jobs:
- name: Setup Vault
run: node ./integrationTests/e2e/setup.js
env:
VAULT_HOST: localhost
VAULT_HOST: 127.0.0.1
VAULT_PORT: 8200
- name: Import Secrets
@ -43,7 +43,7 @@ jobs:
# run against a specific version of vault-action
# uses: hashicorp/vault-action@v2.1.2
with:
url: http://localhost:8200
url: http://127.0.0.1:8200
method: token
token: testtoken
secrets: |