update gha workflows (#102)

.github/workflows/actionlint.yaml

@@ -0,0 +1,9 @@
+name: Lint GitHub Actions Workflows
+on:
+  push:
+    paths:
+    - '.github/workflows/**'
+jobs:
+  actionlint:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main

.github/workflows/go-checks.yaml

@@ -0,0 +1,7 @@
+name: Go checks
+on:
+  push:
+jobs:
+  go-checks:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/go-checks.yaml@main

.github/workflows/jira.yaml

@@ -1,72 +1,19 @@
+name: Jira Sync
 on:
   issues:
     types: [opened, closed, deleted, reopened]
   pull_request_target:
     types: [opened, closed, reopened]
   issue_comment: # Also triggers when commenting on a PR from the conversation view
     types: [created]
-
-name: Jira Sync
-
 jobs:
   sync:
-    runs-on: ubuntu-latest
-    name: Jira sync
-    steps:
-    - name: Login
-      uses: atlassian/[email protected]
-      env:
-        JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
-        JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
-        JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
-
-    - name: Preprocess
-      if: github.event.action == 'opened' || github.event.action == 'created'
-      id: preprocess
-      run: |
-        if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
-          echo "::set-output name=type::PR"
-        else
-          echo "::set-output name=type::ISS"
-        fi
-
-    - name: Create ticket
-      if: github.event.action == 'opened'
-      uses: tomhjp/[email protected]
-      with:
-        project: VAULT
-        issuetype: "GH Issue"
-        summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}"
-        description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_"
-        # customfield_10089 is Issue Link custom field
-        # customfield_10091 is team custom field
-        extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "applications"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
-
-    - name: Search
-      if: github.event.action != 'opened'
-      id: search
-      uses: tomhjp/[email protected]
-      with:
-        # cf[10089] is Issue Link custom field
-        jql: 'project = "VAULT" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
-
-    - name: Sync comment
-      if: github.event.action == 'created' && steps.search.outputs.issue
-      uses: tomhjp/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
-
-    - name: Close ticket
-      if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: Closed
-
-    - name: Reopen ticket
-      if: github.event.action == 'reopened' && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: "Pending Triage"
+    uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main
+    # assuming you use Vault to get secrets
+    # if you use GitHub secrets, use secrets.XYZ instead of steps.secrets.outputs.XYZ
+    secrets:
+      JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
+      JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
+      JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
+    with:
+      teams-array: '["ecosystem", "applications"]'

.github/workflows/tests.yaml

@@ -0,0 +1,7 @@
+name: Run Tests
+on:
+  push:
+jobs:
+  run-tests:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/tests.yaml@main

README.md

@@ -9,27 +9,27 @@ This plugin allows for Azure Managed Service Identities to authenticate with Vau
 
 - [Vault Website](https://www.vaultproject.io)
 - [Vault Project Github](https://www.github.com/hashicorp/vault)
-- [Azure Auth Docs](https://www.vaultproject.io/docs/auth/azure.html)
-- [Azure Auth API Docs](https://www.vaultproject.io/api-docs/auth/azure.html)
+- [Azure Auth Docs](https://developer.hashicorp.com/vault/docs/auth/azure)
+- [Azure Auth API Docs](https://developer.hashicorp.com/vault/api-docs/auth/azure)
 
 ## Getting Started
 
-This is a [Vault plugin](https://www.vaultproject.io/docs/internals/plugins.html)
+This is a [Vault plugin](https://developer.hashicorp.com/vault/docs/plugins)
 and is meant to work with Vault. This guide assumes you have already installed Vault
 and have a basic understanding of how Vault works.
 
 Otherwise, first read this guide on how to [get started with
-Vault](https://www.vaultproject.io/intro/getting-started/install.html).
+Vault](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install).
 
-To learn specifically about how plugins work, see documentation on [Vault plugins](https://www.vaultproject.io/docs/internals/plugins.html).
+To learn specifically about how plugins work, see documentation on [Vault plugins](https://developer.hashicorp.com/vault/docs/plugins).
 
 ## Security Model
 
 The current authentication model requires providing Vault with a token generated using Azure's Managed Service Identity, which can be used to make authenticated calls to Azure. This token should not typically be shared, but in order for Azure to be treated as a trusted third party, Vault must validate something that Azure has cryptographically signed and that conveys the identity of the token holder.
 
 ## Usage
 
-Please see [documentation for the plugin](https://www.vaultproject.io/docs/auth/azure.html)
+Please see [documentation for the plugin](https://developer.hashicorp.com/vault/docs/auth/azure)
 on the Vault website.
 
 This plugin is currently built into Vault and by default is accessed
@@ -40,7 +40,7 @@ $ vault auth enable azure
 Successfully enabled 'azure' at 'azure'!
 ```
 
-To see all the supported paths, see the [Azure auth backend docs](https://www.vaultproject.io/docs/auth/azure.html).
+To see all the supported paths, see the [Azure auth backend docs](https://developer.hashicorp.com/vault/docs/auth/azure).
 
 ## Developing
 
@@ -66,7 +66,7 @@ $ make dev
 ```
 
 Put the plugin binary into a location of your choice. This directory
-will be specified as the [`plugin_directory`](https://www.vaultproject.io/docs/configuration#plugin_directory)
+will be specified as the [`plugin_directory`](https://developer.hashicorp.com/vault/docs/configuration#plugin_directory)
 in the Vault config used to start the server. It may also be specified
 via [`-dev-plugin-dir`](https://developer.hashicorp.com/vault/docs/commands/server#dev-plugin-dir)
 if running Vault in dev mode.
@@ -92,7 +92,7 @@ Or start a Vault server in dev mode:
 $ vault server -dev -dev-root-token-id=root -dev-plugin-dir="path/to/plugin/directory"
 ```
 
-Once the server is started, register the plugin in the Vault server's [plugin catalog](https://www.vaultproject.io/docs/plugins/plugin-architecture#plugin-catalog):
+Once the server is started, register the plugin in the Vault server's [plugin catalog](https://developer.hashicorp.com/vault/docs/plugins/plugin-architecture#plugin-catalog):
 
 ```sh
 $ SHA256=$(openssl dgst -sha256 bin/vault-plugin-auth-azure | cut -d ' ' -f2)