Merge branch 'refs/heads/main' into mac

# Conflicts:
#	.github/workflows/testing-linux.yml

.github/dependabot.yml

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+      time: '04:00'
+    open-pull-requests-limit: 100
+    labels:
+      - "dependencies"
+      - "auto-merge"
+  - package-ecosystem: docker
+    directory: "/vault-docker"
+    schedule:
+      interval: "daily"
+      time: "04:00"
+    labels:
+      - "docker"
+      - "auto-merge"

.github/workflows/auto-merge-dependencies.yml

@@ -0,0 +1,48 @@
+name: Enables auto-merge on dependency pull requests
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch: {}
+
+jobs:
+  enable-automerge:
+    if: |
+      contains(github.event.pull_request.labels.*.name, 'auto-merge')
+      && (
+        contains(github.event.pull_request.labels.*.name, 'minor')
+        || contains(github.event.pull_request.labels.*.name, 'patch')
+      )
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: find_branch_name
+        id: find_branch_name
+        run: |
+          gh repo view --json nameWithOwner,defaultBranchRef | jq -r '.defaultBranchRef.name'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Find Pull Request
+        uses: juliangruber/find-pull-request-action@48b6133aa6c826f267ebd33aa2d29470f9d9e7d0 # v1
+        id: find-pull-request
+        with:
+          branch: ${{ steps.find_branch_name.outputs.text }}
+
+      - name: Auto approve
+        id: autoApprove
+        uses: juliangruber/approve-pull-request-action@b71c44ff142895ba07fad34389f1938a4e8ee7b0 # v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ steps.find-pull-request.outputs.number }}
+
+      - name: Enable auto-merge
+        run: |
+          gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/testing-linux.yml

@@ -1,14 +1,14 @@
 name: Linux - Read secrets from vault
 on:
   push:
-    branches: [ main, mac ]
+    branches: [ main ]
   workflow_dispatch: {}
 
 jobs:
-  testing_superexport_on_bash-linux:
+  read-secrets-from-vault-bash-linux:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - name: install vault-cli
         run: |
           sudo apt-get update && sudo apt-get install gpg wget gnome-keyring dbus-x11 libsecret-tools
@@ -39,7 +39,7 @@ jobs:
           chmod +x $HOME/.superexport/.exported.sh
           chmod +x superexport.sh
           ./superexport.sh MYKEY password /my-secrets/dev foo
-
+         
           echo "reading secrets from from secret tools"
           source $HOME/.superexport/.secretreader.sh
           echo "mykey is $MYKEY"
@@ -55,3 +55,4 @@ jobs:
             echo "password should be \"test_password\" but was $CHECKVAR"
             exit 1
           fi
+          

vault-docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu:24.04
 RUN apt-get update && apt-get install -y software-properties-common curl gnupg2 && \
   curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \
   apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \

vault-docker/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   vault-server:
-    image: hashicorp/vault:latest
+    image: index.docker.io/hashicorp/vault@sha256:678025b44c518590d149e14af4ae337d6e0567c16cb4f3bfd5bf4e67e381f327 # 1.12.7
     ports:
       - "8200:8200"
     environment:
@@ -26,4 +26,4 @@ networks:
   vault-network:
     ipam:
       config:
-        - subnet: 172.21.0.0/24
+        - subnet: 172.21.0.0/24