Skip to content

sec: suppress osv alert in CRT #15574

sec: suppress osv alert in CRT

sec: suppress osv alert in CRT #15574

Workflow file for this run

---
name: Backport Assistant Runner
on:
pull_request_target:
types:
- closed
- labeled
jobs:
backport:
if: github.event.pull_request.merged
runs-on: ubuntu-latest
container: hashicorpdev/backport-assistant:0.4.1
steps:
- name: Backport changes to stable-website
run: |
backport-assistant backport -merge-method=squash
env:
BACKPORT_LABEL_REGEXP: "backport/(?P<target>website)"
BACKPORT_TARGET_TEMPLATE: "stable-{{.target}}"
# Enabling this option increased the number of backport failures.
BACKPORT_MERGE_COMMIT: false
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- name: Backport changes to targeted release branch
run: |
backport-assistant backport -merge-method=squash
env:
BACKPORT_LABEL_REGEXP: "backport/(?P<target>\\d+\\.\\d+\\.[+\\w]+)"
BACKPORT_TARGET_TEMPLATE: "release/{{.target}}"
# Enabling this option increased the number of backport failures.
BACKPORT_MERGE_COMMIT: false
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
ENABLE_VERSION_MANIFESTS: true
backport-ent:
if: github.event.pull_request.merged && contains(join(github.event.pull_request.labels.*.name), 'backport/ent')
runs-on: ubuntu-latest
steps:
- name: Trigger backport for Enterprise
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
with:
token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
repository: hashicorp/nomad-enterprise
event-type: ent-backport
client-payload: ${{ toJson(github.event) }}
handle-failure:
needs:
- backport
- backport-ent
if: always() && (needs.backport.result == 'failure' || needs.backport-ent.result == 'failure')
runs-on: ${{ endsWith(github.repository, '-enterprise') && fromJSON('["self-hosted", "ondemand", "linux", "type=m7a.2xlarge;m6a.2xlarge"]') || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Retrieve Vault-hosted Secrets
if: endsWith(github.repository, '-enterprise')
id: vault
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
with:
url: ${{ vars.CI_VAULT_URL }}
method: ${{ vars.CI_VAULT_METHOD }}
path: ${{ vars.CI_VAULT_PATH }}
jwtGithubAudience: ${{ vars.CI_VAULT_AUD }}
secrets: |-
kv/data/teams/nomad/slack-webhooks feed-nomad | SLACK_FEED_NOMAD ;
- name: Send slack notification on failure
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
payload: |
{
"text": ":x::arrow_right_hook::nomad-sob: Backport run *FAILED*",
"attachments": [
{
"color": "#C41E3A",
"blocks": [
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Pull Request:*\n<${{ github.event.pull_request.html_url}}|${{ github.repository }}#${{ github.event.pull_request.number}}>"
},
{
"type": "mrkdwn",
"text": "*From:*\n@${{ github.event.sender.login }}"
},
{
"type": "mrkdwn",
"text": "*Run:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.run_id }}>"
}
]
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ env.SLACK_FEED_NOMAD || secrets.BACKPORT_ASSISTANT_FAILURE_SLACK }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
permissions:
contents: read
id-token: write