actions/vault-action
12
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-05-14 20:40:32 +00:00
Code Activity Actions

chore: upgrade Node.js to 24 and update dependencies

Browse source 
- Upgrade Node.js from 20 to 24.15.0 across all CI jobs and workflows
- Run npm audit fix to resolve CVEs in dependencies
- Generate TLS certs dynamically via scripts/gen-tls-certs.sh instead of using static certs
- Add Makefile targets for running each integration test suite locally
This commit is contained in:
Srikrishna Iyer 2026-05-06 20:26:22 +05:30
parent 79632e33d6
commit 647e66c75f
No known key found for this signature in database
GPG key ID: 212F890C328D4059
15 changed files with 526 additions and 709 deletions
Download patch file Download diff file Expand all files Collapse all files

61
.github/workflows/build.yml vendored
View file

@ -10,7 +10,7 @@ jobs:
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -36,11 +36,11 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run docker compose
run: docker compose up -d vault
run: docker compose up -d --wait vault
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -59,7 +59,7 @@ jobs:
- name: NPM Run test;integration:basic
run: npm run test:integration:basic
env:
VAULT_HOST: localhost
VAULT_HOST: 127.0.0.1
VAULT_PORT: 8200
CI: true
@ -70,13 +70,14 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run docker compose
run: docker compose up -d vault-enterprise
if: ${{ !env.ACT }}
run: docker compose up -d --wait vault-enterprise
env:
VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -95,7 +96,7 @@ jobs:
- name: NPM Run test:integration:enterprise
run: npm run test:integration:enterprise
env:
VAULT_HOST: localhost
VAULT_HOST: 127.0.0.1
VAULT_PORT: 8200
CI: true
@ -106,11 +107,12 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run docker compose
run: docker compose up -d vault
if: ${{ !env.ACT }}
run: docker compose up -d --wait vault
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -201,12 +203,21 @@ jobs:
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Generate TLS certs
if: ${{ !env.ACT }}
run: |
go install github.com/cloudflare/cfssl/cmd/cfssl@v1.6.5
go install github.com/cloudflare/cfssl/cmd/cfssljson@v1.6.5
./scripts/gen-tls-certs.sh
cat .build/e2e-tls.env >> "$GITHUB_ENV"
- name: Run docker compose
run: docker compose up -d vault-tls
if: ${{ !env.ACT }}
run: docker compose up -d --wait vault-tls
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: "20.9.0"
node-version: "24.15.0"
- name: Setup NPM Cache
uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
@ -227,9 +238,9 @@ jobs:
env:
VAULT_HOST: localhost
VAULT_PORT: 8200
VAULTCA: ${{ secrets.VAULTCA }}
VAULT_CLIENT_CERT: ${{ secrets.VAULT_CLIENT_CERT }}
VAULT_CLIENT_KEY: ${{ secrets.VAULT_CLIENT_KEY }}
VAULTCA: ${{ env.VAULTCA }}
VAULT_CLIENT_CERT: ${{ env.VAULT_CLIENT_CERT }}
VAULT_CLIENT_KEY: ${{ env.VAULT_CLIENT_KEY }}
- name: Test Vault Action (default KV V2)
uses: ./
@ -237,9 +248,9 @@ jobs:
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
caCertificate: ${{ env.VAULTCA }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
secrets: |
secret/data/test secret ;
secret/data/test secret | NAMED_SECRET ;
@ -251,8 +262,8 @@ jobs:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
tlsSkipVerify: true
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
secrets: |
secret/data/tlsSkipVerify skip ;
@ -261,9 +272,9 @@ jobs:
with:
url: https://localhost:8200
token: ${{ env.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
caCertificate: ${{ env.VAULTCA }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
secrets: |
my-secret/test altSecret ;
my-secret/test altSecret | NAMED_ALTSECRET ;
@ -277,9 +288,9 @@ jobs:
secrets: |
/cubbyhole/test foo ;
/cubbyhole/test zip | NAMED_CUBBYSECRET ;
caCertificate: ${{ secrets.VAULTCA }}
clientCertificate: ${{ secrets.VAULT_CLIENT_CERT }}
clientKey: ${{ secrets.VAULT_CLIENT_KEY }}
caCertificate: ${{ env.VAULTCA }}
clientCertificate: ${{ env.VAULT_CLIENT_CERT }}
clientKey: ${{ env.VAULT_CLIENT_KEY }}
- name: Verify Vault Action Outputs
run: npm run test:integration:e2e-tls

6
.github/workflows/local-test.yaml vendored
View file

@ -22,7 +22,7 @@ jobs:
- uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version: '20.9.0'
node-version: '24.15.0'
- name: NPM Install
run: npm ci
@ -33,7 +33,7 @@ jobs:
- name: Setup Vault
run: node ./integrationTests/e2e/setup.js
env:
VAULT_HOST: localhost
VAULT_HOST: 127.0.0.1
VAULT_PORT: 8200
- name: Import Secrets
@ -43,7 +43,7 @@ jobs:
# run against a specific version of vault-action
# uses: hashicorp/vault-action@v2.1.2
with:
url: http://localhost:8200
url: http://127.0.0.1:8200
method: token
token: testtoken
secrets: |