backport of commit e7e16fd

hashicorp · Oct 1, 2024 · 04ef871 · 04ef871
1 parent 32d09a7
commit 04ef871
Show file tree

Hide file tree

Showing 1,041 changed files with 16,319 additions and 36,872 deletions.
diff --git a/.github/docs/pull_request_template.md b/.github/docs/pull_request_template.md
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
diff --git a/.github/workflows/backport-ce.yml b/.github/workflows/backport-ce.yml
@@ -13,7 +13,7 @@ jobs:
   backport-targeted-release-branch:
     if: github.event.pull_request.merged && github.repository == 'hashicorp/vault'
     runs-on: ubuntu-latest
-    container: hashicorpdev/backport-assistant:0.4.3
+    container: hashicorpdev/backport-assistant:0.4.1
     steps:
       - name: Backport changes to targeted release branch
         run: |

diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml
@@ -48,8 +48,8 @@ jobs:
               echo "Not found."
               echo ""
               echo "Did not find a changelog entry named ${expected_changelog_file}"
-              echo "If your changelog file is correct, or this change does not need a changelog, skip this check with the 'pr/no-changelog' label"
-              echo "Reference - https://github.com/hashicorp/vault/blob/main/CONTRIBUTING.md#changelog-entries"
+              echo "If your changelog file is correct, skip this check with the 'pr/no-changelog' label"
+              echo "Reference - https://github.com/hashicorp/vault/pull/10363 and https://github.com/hashicorp/vault/pull/11894"
               exit 1
             fi
 
@@ -76,12 +76,6 @@ jobs:
           elif grep -q ':fix$' "$changelog_files"; then
             echo "Found invalid type (fix) in changelog - did you mean bug?"
             exit 1
-          elif grep -q ':feature$' "$changelog_files"; then
-            if ! grep -q '^\*\*' "$changelog_files"; then
-              echo "Feature changelogs must be formatted like the following:"
-              echo "**Feature Name**: Feature description"
-              exit 1
-            fi
           elif ! grep -q '```release-note:' "$changelog_files"; then
             # People often make changelog files like ```changelog:, which is incorrect.
             echo "Changelog file did not contain 'release-note' heading - check formatting."

diff --git a/.github/workflows/do-not-merge-checker.yml b/.github/workflows/do-not-merge-checker.yml
diff --git a/.github/workflows/enos-release-testing-oss.yml b/.github/workflows/enos-release-testing-oss.yml
@@ -64,7 +64,7 @@ jobs:
     secrets: inherit
 
   save-metadata:
-    runs-on: ubuntu-latest
+    runs-on: linux
     if: always()
     needs: test
     steps:

diff --git a/.github/workflows/plugin-update.yml b/.github/workflows/plugin-update.yml
@@ -8,10 +8,6 @@ on:
         description: 'Full name of the plugin, e.g., vault-plugin-auth-kubernetes'
         required: true
         type: string
-      branch:
-        description: 'Git branch name to use'
-        required: true
-        type: string
       version:
         description: 'Version of the plugin with *NO* "v", e.g., 1.2.3'
         required: true
@@ -25,7 +21,7 @@ jobs:
   plugin-update:
     runs-on: ubuntu-latest
     env:
-      VAULT_BRANCH: ${{ inputs.branch }}
+      VAULT_BRANCH: "update/${{ inputs.plugin }}/v${{ inputs.version }}"
       REVIEWER: ${{ inputs.reviewer || github.actor }}
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -39,27 +35,20 @@ jobs:
           cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764
           go-version-file: .go-version
 
-      - name: Update plugin
-        if: github.repository == 'hashicorp/vault'
+      - name: update plugin
         run: |
           go get "github.com/hashicorp/${{ inputs.plugin }}@v${{ inputs.version }}"
           go mod tidy
 
-      - name: Update Enterprise-only plugin
-        if: github.repository == 'hashicorp/vault-enterprise'
-        run: |
-          (cd vault_ent && go get "github.com/hashicorp/${{ inputs.plugin }}@v${{ inputs.version }}" && go mod tidy)
-          go mod tidy
-
-      - name: Detect changes
+      - name: detect changes
         run: |
           count=$(git status --porcelain=v1 2>/dev/null | wc -l)
           if [ "$count" -eq 0 ]; then
             echo "::error::no updates were made for ${{ inputs.plugin }} with tag v${{ inputs.version }}"
             exit 1
           fi
 
-      - name: Commit and push
+      - name: commit/push
         run: |
           git config user.name hc-github-team-secure-vault-ecosystem
           git config user.email [email protected]
@@ -79,9 +68,8 @@ jobs:
             gh pr create \
             --head "$VAULT_BRANCH" \
             --reviewer "$REVIEWER" \
-            --assignee "$REVIEWER" \
             --title "Update ${{ inputs.plugin }} to v${{ inputs.version }}" \
-            --body "This PR was generated by a GitHub Action. Full log: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+            --body "This PR was generated by a GitHub Action. Full log: https://github.com/hashicorp/vault/actions/runs/${{ github.run_id }}"
 
             echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
             echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json url -q '.[0].url')" >> "$GITHUB_OUTPUT"

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -16,10 +16,10 @@ on:
 jobs:
   scan:
     runs-on: ${{ github.repository == 'hashicorp/vault' && 'ubuntu-latest' || fromJSON('["self-hosted","ondemand","os=linux","type=c6a.4xlarge"]') }}
-    # The first check ensures this doesn't run on community-contributed PRs, who won't have the
-    # permissions to run this job.
+    # The first check ensures this doesn't run on community-contributed PRs, who
+    # won't have the permissions to run this job.
     if: |
-      ! github.event.pull_request.head.repo.fork &&
+      (startsWith(github.repository, 'hashicorp/vault') || (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)) &&
       github.actor != 'dependabot[bot]' &&
       github.actor != 'hc-github-team-secure-vault-core'
     steps:

diff --git a/.github/workflows/test-enos-scenario-ui.yml b/.github/workflows/test-enos-scenario-ui.yml
@@ -108,7 +108,7 @@ jobs:
           sudo apt install -y libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev libasound2
       - name: Install Chrome
         if: steps.chrome-check.outputs.chrome-version == 'not-installed'
-        uses: browser-actions/setup-chrome@facf10a55b9caf92e0cc749b4f82bf8220989148 # v1.7.2
+        uses: browser-actions/setup-chrome@db1b524c26f20a8d1a10f7fc385c92387e2d0477 # v1.7.1
       - name: Installed Chrome Version
         run: |
           echo "Installed Chrome Version = [$(chrome --version 2> /dev/null || google-chrome --version 2> /dev/null || google-chrome-stable --version 2> /dev/null)]"

diff --git a/.release/versions.hcl b/.release/versions.hcl
@@ -5,17 +5,15 @@
 
 schema = 1
 active_versions {
-  version "1.18.x" {
-    ce_active = true
-  }
-  version "1.17.x" {
-    ce_active = true
-  }
   version "1.16.x" {
-    ce_active = false
+    ce_active = true
     lts       = true
   }
   version "1.15.x" {
-    ce_active = false
+    ce_active = true
+  }
+  version "1.14.x" {
+    ce_active = true
   }
+
 }