8000 Backport of [VAULT-34829] pipeline(backport): add `github create backport` command into release/1.19.x by hc-github-team-secure-vault-core · Pull Request #30749 · hashicorp/vault · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Backport of [VAULT-34829] pipeline(backport): add github create backport command into release/1.19.x #30749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 23, 2025
Merged

Backport of [VAULT-34829] pipeline(backport): add github create backport command into release/1.19.x #30749

merged 1 commit into from
May 23, 2025

Conversation

hc-github-team-secure-vault-core
Copy link
Collaborator

Backport

This PR is auto-generated from #30713 to be assessed for backporting due to the inclusion of the label backport/1.19.x.

The below text is copied from the body of the original PR.

Description

Add a new github create backport sub-command that can create a backport of a given pull request. The command has been designed around a Github Actions workflow where it is triggered on a closed pull request event with a guard that checks for merges:

pull_request_target:
  types: closed

jobs:
  backport:
    if: github.even.pull_request.merged
    runs-on: "..."

Eventually this sub-command (or another similar one) can be used to implemente backporting a CE pull request to the corresponding ce/* branch in vault-enterprise. This functionality will be implemented in VAULT-34827.

This backport runner has several new behaviors not present in the existing backport assistant:

  • If the source PR was made against an enterprise branch we'll assume that we want create a CE backport.
  • Enterprise only files will be automatically removed from the CE backport for you. This will not guarantee a working CE pull request but does quite a bit of the heavy lifting for you.
  • If the change only contains enterprise files we'll skip creating a CE backport.
  • If the corresponding CE branch is inactive (as defined in .release/versions.hcl) then we will skip creating a backport in most cases. The exceptions are changes that include docs, README, or pipeline changes as we assume that even inactive branches will want those changes.
  • Backport labels still work but only to corresponding editions. If the source PR is to an enterprise branch all backport refs will be to enterprise equivalents. The same is true of CE. To backport a change to both enterprise and CE you first backport to Enterprise (using labels) and then merge the CE backports that will be automatically created for you when you merge the enterprise backport.
  • Backport labels no longer include editions. They will now use the same schema as active versions defined .release/verions.hcl. E.g. backport/1.19.x. main is always assumed to be active.
  • The runner will always try and update the source PR with a Github comment regarding the status of each individual backport. Even if one attempt at backporting fails we'll continue until we've attempted all backports.

TODO only if you're a HashiCorp employee

  • Backport Labels: If this fix needs to be backported, use the appropriate backport/ label that matches the desired release branch. Note that in the CE repo, the latest release branch will look like backport/x.x.x, but older release branches will be backport/ent/x.x.x+ent.
    • LTS: If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
  • ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
    of a public function, even if that change is in a CE file, double check that
    applying the patch for this PR to the ENT repo and running tests doesn't
    break any tests. Sometimes ENT only tests rely on public functions in CE
    files.
  • Jira: If this change has an associated Jira, it's referenced either
    in the PR description, commit message, or branch name.
  • RFC: If this change has an associated RFC, please link it in the description.
  • ENT PR: If this change has an associated ENT PR, please link it in the
    description. Also, make sure the changelog is in this PR, not in your ENT PR.
Overview of commits

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core requested a review from a team as a code owner May 23, 2025 20:02
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label May 23, 2025
@ryancragun ryancragun enabled auto-merge (squash) May 23, 2025 20:04
@github-actions GitHub Actions
Copy link

CI Results:
All Go tests succeeded! ✅

@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

@ryancragun ryancragun merged commit df76736 into release/1.19.x May 23, 2025
107 of 108 checks passed
@ryancragun ryancragun deleted the backport/ryan/VAULT-34829/friendly-regular-octopus branch May 23, 2025 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryancragun ryancragun ryancragun approved these changes

@rodrigo-hcp rodrigo-hcp Awaiting requested review from rodrigo-hcp rodrigo-hcp is a code owner automatically assigned from hashicorp/vault

Assignees

@ryancragun ryancragun

Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed pr/no-changelog pr/no-milestone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hc-github-team-secure-vault-core @ryancragun
0